Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Inksdata browser infection


  • This topic is locked This topic is locked
22 replies to this topic

#1 MASTAVASE

MASTAVASE

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 11 June 2013 - 02:24 PM

Had something similar on my laptop before this desktop

 

followed instructions from here: Google Chrome keeps redirecting to inksdata - Virus, Trojan, Spyware, and Malware Removal Logs

 

(Note: using FireFox)

 

After I ran the what I was reading up to OTL, I am still receiving the issue of Inksdata.

 

logs: (Also in zip file)

 

19:17:21.0127 3812  TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
19:17:21.0221 3812  ============================================================
19:17:21.0221 3812  Current date / time: 2013/06/11 19:17:21.0221
19:17:21.0221 3812  SystemInfo:
19:17:21.0221 3812  
19:17:21.0221 3812  OS Version: 6.1.7601 ServicePack: 1.0
19:17:21.0221 3812  Product type: Workstation
19:17:21.0221 3812  ComputerName: NATHANSPC
19:17:21.0221 3812  UserName: MASTAVASE
19:17:21.0221 3812  Windows directory: C:\Windows
19:17:21.0221 3812  System windows directory: C:\Windows
19:17:21.0221 3812  Running under WOW64
19:17:21.0221 3812  Processor architecture: Intel x64
19:17:21.0221 3812  Number of processors: 4
19:17:21.0221 3812  Page size: 0x1000
19:17:21.0221 3812  Boot type: Normal boot
19:17:21.0221 3812  ============================================================
19:17:22.0327 3812  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:17:22.0333 3812  ============================================================
19:17:22.0333 3812  \Device\Harddisk0\DR0:
19:17:22.0333 3812  MBR partitions:
19:17:22.0333 3812  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:17:22.0333 3812  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
19:17:22.0333 3812  ============================================================
19:17:22.0347 3812  C: <-> \Device\Harddisk0\DR0\Partition2
19:17:22.0347 3812  ============================================================
19:17:22.0347 3812  Initialize success
19:17:22.0347 3812  ============================================================
19:17:23.0033 5332  ============================================================
19:17:23.0033 5332  Scan started
19:17:23.0033 5332  Mode: Manual;
19:17:23.0033 5332  ============================================================
19:17:23.0750 5332  ================ Scan system memory ========================
19:17:23.0750 5332  System memory - ok
19:17:23.0751 5332  ================ Scan services =============================
19:17:23.0815 5332  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:17:23.0817 5332  1394ohci - ok
19:17:23.0846 5332  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:17:23.0848 5332  ACPI - ok
19:17:23.0859 5332  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:17:23.0860 5332  AcpiPmi - ok
19:17:23.0897 5332  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:17:23.0898 5332  AdobeARMservice - ok
19:17:23.0961 5332  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:17:23.0964 5332  AdobeFlashPlayerUpdateSvc - ok
19:17:23.0994 5332  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:17:23.0998 5332  adp94xx - ok
19:17:24.0005 5332  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:17:24.0007 5332  adpahci - ok
19:17:24.0022 5332  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:17:24.0024 5332  adpu320 - ok
19:17:24.0049 5332  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:17:24.0050 5332  AeLookupSvc - ok
19:17:24.0074 5332  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
19:17:24.0078 5332  AFD - ok
19:17:24.0088 5332  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:17:24.0089 5332  agp440 - ok
19:17:24.0100 5332  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
19:17:24.0101 5332  ALG - ok
19:17:24.0114 5332  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:17:24.0115 5332  aliide - ok
19:17:24.0129 5332  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:17:24.0129 5332  amdide - ok
19:17:24.0142 5332  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
19:17:24.0143 5332  AmdK8 - ok
19:17:24.0154 5332  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
19:17:24.0155 5332  AmdPPM - ok
19:17:24.0175 5332  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:17:24.0176 5332  amdsata - ok
19:17:24.0189 5332  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
19:17:24.0190 5332  amdsbs - ok
19:17:24.0203 5332  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:17:24.0204 5332  amdxata - ok
19:17:24.0225 5332  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
19:17:24.0226 5332  AppID - ok
19:17:24.0238 5332  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:17:24.0239 5332  AppIDSvc - ok
19:17:24.0267 5332  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
19:17:24.0268 5332  Appinfo - ok
19:17:24.0303 5332  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:17:24.0304 5332  Apple Mobile Device - ok
19:17:24.0317 5332  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
19:17:24.0318 5332  arc - ok
19:17:24.0328 5332  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:17:24.0329 5332  arcsas - ok
19:17:24.0354 5332  [ 4DFF4312661F54EE87DC9A13CAEE60E0 ] asahci64        C:\Windows\system32\DRIVERS\asahci64.sys
19:17:24.0355 5332  asahci64 - ok
19:17:24.0369 5332  [ 6FE3237C1177E66437E7AD0E8AC1A6E5 ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
19:17:24.0371 5332  asmthub3 - ok
19:17:24.0385 5332  [ C4043E39A2ABBC56581CA25DF161E9F7 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
19:17:24.0388 5332  asmtxhci - ok
19:17:24.0452 5332  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:17:24.0453 5332  aspnet_state - ok
19:17:24.0469 5332  [ 0C3F9E39C0B10D351026D580D9FF6F86 ] AsrRamDisk      C:\Windows\system32\DRIVERS\AsrRamDisk.sys
19:17:24.0470 5332  AsrRamDisk - ok
19:17:24.0500 5332  [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
19:17:24.0501 5332  aswFsBlk - ok
19:17:24.0530 5332  [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
19:17:24.0531 5332  aswMonFlt - ok
19:17:24.0538 5332  [ 64E2BAB4096C13D2342BC4661C967E07 ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
19:17:24.0539 5332  aswRdr - ok
19:17:24.0577 5332  [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
19:17:24.0578 5332  aswRvrt - ok
19:17:24.0604 5332  [ 10ED1CAB84AA65983C41A11F60294C9B ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
19:17:24.0611 5332  aswSnx - ok
19:17:24.0625 5332  [ 00E5253353717D3CA12A0F5A6F9991EC ] aswSP           C:\Windows\system32\drivers\aswSP.sys
19:17:24.0628 5332  aswSP - ok
19:17:24.0632 5332  [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
19:17:24.0633 5332  aswTdi - ok
19:17:24.0654 5332  [ 6359B99C955DB9F40B653159A0EED261 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
19:17:24.0655 5332  aswVmm - ok
19:17:24.0662 5332  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:17:24.0663 5332  AsyncMac - ok
19:17:24.0676 5332  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
19:17:24.0676 5332  atapi - ok
19:17:24.0710 5332  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:17:24.0713 5332  AudioEndpointBuilder - ok
19:17:24.0718 5332  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:17:24.0721 5332  AudioSrv - ok
19:17:24.0787 5332  [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:17:24.0788 5332  avast! Antivirus - ok
19:17:24.0811 5332  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:17:24.0813 5332  AxInstSV - ok
19:17:24.0834 5332  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
19:17:24.0838 5332  b06bdrv - ok
19:17:24.0854 5332  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:17:24.0856 5332  b57nd60a - ok
19:17:24.0868 5332  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:17:24.0870 5332  BDESVC - ok
19:17:24.0884 5332  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:17:24.0885 5332  Beep - ok
19:17:24.0919 5332  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
19:17:24.0925 5332  BFE - ok
19:17:24.0956 5332  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
19:17:24.0966 5332  BITS - ok
19:17:24.0975 5332  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:17:24.0976 5332  blbdrive - ok
19:17:25.0010 5332  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:17:25.0014 5332  Bonjour Service - ok
19:17:25.0035 5332  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:17:25.0036 5332  bowser - ok
19:17:25.0062 5332  BRDriver64 - ok
19:17:25.0068 5332  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
19:17:25.0069 5332  BrFiltLo - ok
19:17:25.0075 5332  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
19:17:25.0076 5332  BrFiltUp - ok
19:17:25.0090 5332  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
19:17:25.0092 5332  Browser - ok
19:17:25.0098 5332  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:17:25.0100 5332  Brserid - ok
19:17:25.0114 5332  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:17:25.0115 5332  BrSerWdm - ok
19:17:25.0149 5332  [ D9A3918D76AE893D885F556DA9F58977 ] BRSptSvc        C:\programdata\bitraider\BRSptSvc.exe
19:17:25.0154 5332  BRSptSvc - ok
19:17:25.0166 5332  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:17:25.0166 5332  BrUsbMdm - ok
19:17:25.0173 5332  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:17:25.0174 5332  BrUsbSer - ok
19:17:25.0193 5332  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:17:25.0193 5332  BTHMODEM - ok
19:17:25.0209 5332  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
19:17:25.0210 5332  bthserv - ok
19:17:25.0212 5332  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:17:25.0213 5332  cdfs - ok
19:17:25.0228 5332  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:17:25.0228 5332  cdrom - ok
19:17:25.0246 5332  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
19:17:25.0248 5332  CertPropSvc - ok
19:17:25.0289 5332  [ 33B82CF69E41B38A2EC0C3CABDE80D6E ] cFosSpeed       C:\Windows\system32\DRIVERS\cfosspeed6.sys
19:17:25.0301 5332  cFosSpeed - ok
19:17:25.0339 5332  [ A469854CD303A39162931FA770EA45A2 ] cFosSpeedS      C:\Program Files\ASRock\XFast LAN\spd.exe
19:17:25.0342 5332  cFosSpeedS - ok
19:17:25.0358 5332  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
19:17:25.0359 5332  circlass - ok
19:17:25.0375 5332  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:17:25.0378 5332  CLFS - ok
19:17:25.0436 5332  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:17:25.0438 5332  clr_optimization_v2.0.50727_32 - ok
19:17:25.0456 5332  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:17:25.0458 5332  clr_optimization_v2.0.50727_64 - ok
19:17:25.0501 5332  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:17:25.0502 5332  clr_optimization_v4.0.30319_32 - ok
19:17:25.0515 5332  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:17:25.0517 5332  clr_optimization_v4.0.30319_64 - ok
19:17:25.0528 5332  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
19:17:25.0529 5332  CmBatt - ok
19:17:25.0538 5332  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:17:25.0539 5332  cmdide - ok
19:17:25.0589 5332  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
19:17:25.0593 5332  CNG - ok
19:17:25.0604 5332  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
19:17:25.0605 5332  Compbatt - ok
19:17:25.0615 5332  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
19:17:25.0615 5332  CompositeBus - ok
19:17:25.0619 5332  COMSysApp - ok
19:17:25.0670 5332  [ 815F3180B5117E42E422188E9CCC89C6 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
19:17:25.0672 5332  cphs - ok
19:17:25.0682 5332  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
19:17:25.0682 5332  crcdisk - ok
19:17:25.0705 5332  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:17:25.0706 5332  CryptSvc - ok
19:17:25.0723 5332  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:17:25.0729 5332  DcomLaunch - ok
19:17:25.0747 5332  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
19:17:25.0750 5332  defragsvc - ok
19:17:25.0762 5332  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:17:25.0763 5332  DfsC - ok
19:17:25.0782 5332  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:17:25.0785 5332  Dhcp - ok
19:17:25.0797 5332  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:17:25.0798 5332  discache - ok
19:17:25.0805 5332  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
19:17:25.0806 5332  Disk - ok
19:17:25.0825 5332  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:17:25.0827 5332  Dnscache - ok
19:17:25.0836 5332  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:17:25.0838 5332  dot3svc - ok
19:17:25.0849 5332  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
19:17:25.0851 5332  DPS - ok
19:17:25.0866 5332  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:17:25.0866 5332  drmkaud - ok
19:17:25.0889 5332  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:17:25.0895 5332  DXGKrnl - ok
19:17:25.0906 5332  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
19:17:25.0908 5332  EapHost - ok
19:17:25.0956 5332  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
19:17:25.0971 5332  ebdrv - ok
19:17:25.0996 5332  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
19:17:25.0998 5332  EFS - ok
19:17:26.0040 5332  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:17:26.0046 5332  ehRecvr - ok
19:17:26.0060 5332  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
19:17:26.0061 5332  ehSched - ok
19:17:26.0077 5332  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
19:17:26.0079 5332  elxstor - ok
19:17:26.0089 5332  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:17:26.0089 5332  ErrDev - ok
19:17:26.0106 5332  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
19:17:26.0109 5332  EventSystem - ok
19:17:26.0119 5332  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
19:17:26.0120 5332  exfat - ok
19:17:26.0130 5332  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:17:26.0131 5332  fastfat - ok
19:17:26.0147 5332  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
19:17:26.0151 5332  Fax - ok
19:17:26.0158 5332  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
19:17:26.0158 5332  fdc - ok
19:17:26.0168 5332  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:17:26.0169 5332  fdPHost - ok
19:17:26.0179 5332  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:17:26.0180 5332  FDResPub - ok
19:17:26.0191 5332  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:17:26.0191 5332  FileInfo - ok
19:17:26.0200 5332  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:17:26.0200 5332  Filetrace - ok
19:17:26.0212 5332  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
19:17:26.0212 5332  flpydisk - ok
19:17:26.0221 5332  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:17:26.0223 5332  FltMgr - ok
19:17:26.0244 5332  [ 508401A63E6B1CBF0B9C9A011498731F ] FNETTBOH_305    C:\Windows\system32\drivers\FNETTBOH_305.SYS
19:17:26.0245 5332  FNETTBOH_305 - ok
19:17:26.0275 5332  [ E341178C116DAC6A3A764587E68DFA7B ] FNETURPX        C:\Windows\system32\drivers\FNETURPX.SYS
19:17:26.0276 5332  FNETURPX - ok
19:17:26.0322 5332  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
19:17:26.0330 5332  FontCache - ok
19:17:26.0350 5332  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:17:26.0351 5332  FontCache3.0.0.0 - ok
19:17:26.0359 5332  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:17:26.0359 5332  FsDepends - ok
19:17:26.0374 5332  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:17:26.0375 5332  Fs_Rec - ok
19:17:26.0413 5332  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:17:26.0415 5332  fvevol - ok
19:17:26.0431 5332  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:17:26.0432 5332  gagp30kx - ok
19:17:26.0469 5332  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:17:26.0469 5332  GEARAspiWDM - ok
19:17:26.0484 5332  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
19:17:26.0491 5332  gpsvc - ok
19:17:26.0547 5332  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:17:26.0549 5332  gupdate - ok
19:17:26.0561 5332  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:17:26.0562 5332  gupdatem - ok
19:17:26.0578 5332  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:17:26.0578 5332  hcw85cir - ok
19:17:26.0611 5332  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:17:26.0614 5332  HdAudAddService - ok
19:17:26.0626 5332  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:17:26.0628 5332  HDAudBus - ok
19:17:26.0640 5332  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
19:17:26.0641 5332  HidBatt - ok
19:17:26.0655 5332  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:17:26.0656 5332  HidBth - ok
19:17:26.0669 5332  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
19:17:26.0670 5332  HidIr - ok
19:17:26.0673 5332  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
19:17:26.0674 5332  hidserv - ok
19:17:26.0688 5332  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:17:26.0689 5332  HidUsb - ok
19:17:26.0708 5332  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:17:26.0709 5332  hkmsvc - ok
19:17:26.0723 5332  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:17:26.0725 5332  HomeGroupListener - ok
19:17:26.0746 5332  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:17:26.0750 5332  HomeGroupProvider - ok
19:17:26.0762 5332  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:17:26.0763 5332  HpSAMD - ok
19:17:26.0779 5332  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:17:26.0782 5332  HTTP - ok
19:17:26.0787 5332  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:17:26.0788 5332  hwpolicy - ok
19:17:26.0801 5332  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
19:17:26.0802 5332  i8042prt - ok
19:17:26.0828 5332  [ AE0C5DF7E7DA3E7AC29B64CFA8C4F044 ] iaStorA         C:\Windows\system32\DRIVERS\iaStorA.sys
19:17:26.0831 5332  iaStorA - ok
19:17:26.0850 5332  [ 777788D9B63CCEEEF2DB353BA4EDD454 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
19:17:26.0851 5332  IAStorDataMgrSvc - ok
19:17:26.0858 5332  [ 711241EA1BA9DB44F34D03D2AD00ED08 ] iaStorF         C:\Windows\system32\DRIVERS\iaStorF.sys
19:17:26.0858 5332  iaStorF - ok
19:17:26.0876 5332  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:17:26.0878 5332  iaStorV - ok
19:17:26.0907 5332  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:17:26.0914 5332  idsvc - ok
19:17:26.0993 5332  [ 348214F96642FD4FEF630DE021BA3540 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
19:17:27.0027 5332  igfx - ok
19:17:27.0042 5332  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:17:27.0043 5332  iirsp - ok
19:17:27.0077 5332  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
19:17:27.0085 5332  IKEEXT - ok
19:17:27.0104 5332  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
19:17:27.0104 5332  intelide - ok
19:17:27.0123 5332  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:17:27.0124 5332  intelppm - ok
19:17:27.0132 5332  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:17:27.0135 5332  IPBusEnum - ok
19:17:27.0148 5332  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:17:27.0149 5332  IpFilterDriver - ok
19:17:27.0178 5332  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:17:27.0184 5332  iphlpsvc - ok
19:17:27.0200 5332  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:17:27.0201 5332  IPMIDRV - ok
19:17:27.0205 5332  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:17:27.0207 5332  IPNAT - ok
19:17:27.0236 5332  [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:17:27.0241 5332  iPod Service - ok
19:17:27.0248 5332  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:17:27.0249 5332  IRENUM - ok
19:17:27.0268 5332  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:17:27.0269 5332  isapnp - ok
19:17:27.0275 5332  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:17:27.0278 5332  iScsiPrt - ok
19:17:27.0297 5332  [ 846354992EBB373F452EB9182D501B08 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
19:17:27.0298 5332  iusb3hcs - ok
19:17:27.0321 5332  [ 1D88A23853387D34D52CC8F9DDBFC56C ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
19:17:27.0324 5332  iusb3hub - ok
19:17:27.0359 5332  [ FC5EFD7C797DF19DFB999F0605A7924E ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
19:17:27.0365 5332  iusb3xhc - ok
19:17:27.0391 5332  [ 455B75C19BF3F1F2EE3AC10E1169826C ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
19:17:27.0395 5332  k57nd60a - ok
19:17:27.0400 5332  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:17:27.0401 5332  kbdclass - ok
19:17:27.0411 5332  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:17:27.0412 5332  kbdhid - ok
19:17:27.0421 5332  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
19:17:27.0424 5332  KeyIso - ok
19:17:27.0444 5332  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:17:27.0445 5332  KSecDD - ok
19:17:27.0476 5332  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:17:27.0478 5332  KSecPkg - ok
19:17:27.0482 5332  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:17:27.0483 5332  ksthunk - ok
19:17:27.0508 5332  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:17:27.0513 5332  KtmRm - ok
19:17:27.0535 5332  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:17:27.0540 5332  LanmanServer - ok
19:17:27.0557 5332  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:17:27.0562 5332  LanmanWorkstation - ok
19:17:27.0580 5332  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:17:27.0581 5332  lltdio - ok
19:17:27.0597 5332  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:17:27.0601 5332  lltdsvc - ok
19:17:27.0615 5332  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:17:27.0618 5332  lmhosts - ok
19:17:27.0640 5332  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:17:27.0641 5332  LSI_FC - ok
19:17:27.0649 5332  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:17:27.0650 5332  LSI_SAS - ok
19:17:27.0660 5332  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
19:17:27.0661 5332  LSI_SAS2 - ok
19:17:27.0676 5332  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:17:27.0677 5332  LSI_SCSI - ok
19:17:27.0691 5332  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
19:17:27.0692 5332  luafv - ok
19:17:27.0707 5332  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:17:27.0709 5332  Mcx2Svc - ok
19:17:27.0714 5332  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
19:17:27.0715 5332  megasas - ok
19:17:27.0727 5332  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
19:17:27.0728 5332  MegaSR - ok
19:17:27.0767 5332  [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
19:17:27.0769 5332  MEIx64 - ok
19:17:27.0801 5332  Microsoft SharePoint Workspace Audit Service - ok
19:17:27.0809 5332  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
19:17:27.0812 5332  MMCSS - ok
19:17:27.0827 5332  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
19:17:27.0828 5332  Modem - ok
19:17:27.0832 5332  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:17:27.0833 5332  monitor - ok
19:17:27.0845 5332  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:17:27.0846 5332  mouclass - ok
19:17:27.0855 5332  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:17:27.0856 5332  mouhid - ok
19:17:27.0865 5332  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:17:27.0866 5332  mountmgr - ok
19:17:27.0886 5332  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:17:27.0887 5332  MozillaMaintenance - ok
19:17:27.0934 5332  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
19:17:27.0936 5332  MpFilter - ok
19:17:27.0950 5332  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:17:27.0952 5332  mpio - ok
19:17:27.0961 5332  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:17:27.0962 5332  mpsdrv - ok
19:17:27.0981 5332  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:17:27.0989 5332  MpsSvc - ok
19:17:28.0004 5332  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:17:28.0005 5332  MRxDAV - ok
19:17:28.0021 5332  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:17:28.0022 5332  mrxsmb - ok
19:17:28.0032 5332  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:17:28.0035 5332  mrxsmb10 - ok
19:17:28.0051 5332  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:17:28.0052 5332  mrxsmb20 - ok
19:17:28.0056 5332  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:17:28.0057 5332  msahci - ok
19:17:28.0061 5332  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:17:28.0062 5332  msdsm - ok
19:17:28.0073 5332  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
19:17:28.0076 5332  MSDTC - ok
19:17:28.0086 5332  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:17:28.0087 5332  Msfs - ok
19:17:28.0097 5332  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:17:28.0097 5332  mshidkmdf - ok
19:17:28.0109 5332  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:17:28.0109 5332  msisadrv - ok
19:17:28.0135 5332  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:17:28.0138 5332  MSiSCSI - ok
19:17:28.0141 5332  msiserver - ok
19:17:28.0163 5332  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:17:28.0164 5332  MSKSSRV - ok
19:17:28.0210 5332  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:17:28.0211 5332  MsMpSvc - ok
19:17:28.0227 5332  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:17:28.0228 5332  MSPCLOCK - ok
19:17:28.0237 5332  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:17:28.0238 5332  MSPQM - ok
19:17:28.0255 5332  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:17:28.0258 5332  MsRPC - ok
19:17:28.0273 5332  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:17:28.0274 5332  mssmbios - ok
19:17:28.0320 5332  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:17:28.0321 5332  MSTEE - ok
19:17:28.0362 5332  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
19:17:28.0363 5332  MTConfig - ok
19:17:28.0404 5332  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:17:28.0405 5332  Mup - ok
19:17:28.0499 5332  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
19:17:28.0505 5332  napagent - ok
19:17:28.0522 5332  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:17:28.0525 5332  NativeWifiP - ok
19:17:28.0554 5332  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:17:28.0561 5332  NDIS - ok
19:17:28.0572 5332  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:17:28.0573 5332  NdisCap - ok
19:17:28.0585 5332  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:17:28.0586 5332  NdisTapi - ok
19:17:28.0592 5332  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:17:28.0593 5332  Ndisuio - ok
19:17:28.0606 5332  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:17:28.0607 5332  NdisWan - ok
19:17:28.0619 5332  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:17:28.0620 5332  NDProxy - ok
19:17:28.0630 5332  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:17:28.0631 5332  NetBIOS - ok
19:17:28.0637 5332  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:17:28.0638 5332  NetBT - ok
19:17:28.0646 5332  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
19:17:28.0648 5332  Netlogon - ok
19:17:28.0673 5332  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:17:28.0676 5332  Netman - ok
19:17:28.0711 5332  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:17:28.0712 5332  NetMsmqActivator - ok
19:17:28.0715 5332  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:17:28.0716 5332  NetPipeActivator - ok
19:17:28.0733 5332  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:17:28.0736 5332  netprofm - ok
19:17:28.0739 5332  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:17:28.0740 5332  NetTcpActivator - ok
19:17:28.0742 5332  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:17:28.0743 5332  NetTcpPortSharing - ok
19:17:28.0757 5332  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
19:17:28.0758 5332  nfrd960 - ok
19:17:28.0781 5332  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:17:28.0782 5332  NisDrv - ok
19:17:28.0823 5332  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
19:17:28.0826 5332  NisSrv - ok
19:17:28.0844 5332  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:17:28.0848 5332  NlaSvc - ok
19:17:28.0857 5332  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:17:28.0857 5332  Npfs - ok
19:17:28.0863 5332  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
19:17:28.0865 5332  nsi - ok
19:17:28.0876 5332  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:17:28.0877 5332  nsiproxy - ok
19:17:28.0904 5332  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:17:28.0912 5332  Ntfs - ok
19:17:28.0915 5332  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:17:28.0916 5332  Null - ok
19:17:28.0935 5332  [ B4F53BCA4C688FF47F04FA90098F896E ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
19:17:28.0936 5332  NVHDA - ok
19:17:29.0065 5332  [ 4EE399576F76D38C04745DB739BBC8C7 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:17:29.0101 5332  nvlddmkm - ok
19:17:29.0120 5332  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:17:29.0121 5332  nvraid - ok
19:17:29.0142 5332  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:17:29.0143 5332  nvstor - ok
19:17:29.0188 5332  [ 7335C3D78A7746D76D37F6722CC4A466 ] nvsvc           C:\Windows\system32\nvvsvc.exe
19:17:29.0197 5332  nvsvc - ok
19:17:29.0228 5332  [ B7C53DA1C73FF39F4A6248643EFD979A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:17:29.0233 5332  nvUpdatusService - ok
19:17:29.0247 5332  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:17:29.0247 5332  ohci1394 - ok
19:17:29.0278 5332  [ 4965B005492CBA7719E82B71E3245495 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:17:29.0280 5332  ose64 - ok
19:17:29.0374 5332  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:17:29.0396 5332  osppsvc - ok
19:17:29.0410 5332  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:17:29.0413 5332  p2pimsvc - ok
19:17:29.0426 5332  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:17:29.0429 5332  p2psvc - ok
19:17:29.0431 5332  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
19:17:29.0432 5332  Parport - ok
19:17:29.0443 5332  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:17:29.0443 5332  partmgr - ok
19:17:29.0452 5332  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:17:29.0454 5332  PcaSvc - ok
19:17:29.0465 5332  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
19:17:29.0466 5332  pci - ok
19:17:29.0477 5332  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
19:17:29.0478 5332  pciide - ok
19:17:29.0481 5332  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:17:29.0482 5332  pcmcia - ok
19:17:29.0493 5332  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:17:29.0494 5332  pcw - ok
19:17:29.0503 5332  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:17:29.0505 5332  PEAUTH - ok
19:17:29.0547 5332  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:17:29.0550 5332  PerfHost - ok
19:17:29.0581 5332  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
19:17:29.0594 5332  pla - ok
19:17:29.0625 5332  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:17:29.0630 5332  PlugPlay - ok
19:17:29.0634 5332  PnkBstrA - ok
19:17:29.0646 5332  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:17:29.0650 5332  PNRPAutoReg - ok
19:17:29.0657 5332  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:17:29.0663 5332  PNRPsvc - ok
19:17:29.0686 5332  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:17:29.0691 5332  PolicyAgent - ok
19:17:29.0709 5332  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
19:17:29.0714 5332  Power - ok
19:17:29.0725 5332  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:17:29.0726 5332  PptpMiniport - ok
19:17:29.0737 5332  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
19:17:29.0738 5332  Processor - ok
19:17:29.0751 5332  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:17:29.0753 5332  ProfSvc - ok
19:17:29.0763 5332  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:17:29.0764 5332  ProtectedStorage - ok
19:17:29.0776 5332  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:17:29.0776 5332  Psched - ok
19:17:29.0801 5332  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:17:29.0806 5332  ql2300 - ok
19:17:29.0816 5332  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:17:29.0817 5332  ql40xx - ok
19:17:29.0829 5332  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
19:17:29.0831 5332  QWAVE - ok
19:17:29.0836 5332  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:17:29.0836 5332  QWAVEdrv - ok
19:17:29.0848 5332  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:17:29.0849 5332  RasAcd - ok
19:17:29.0856 5332  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:17:29.0857 5332  RasAgileVpn - ok
19:17:29.0860 5332  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
19:17:29.0862 5332  RasAuto - ok
19:17:29.0870 5332  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:17:29.0870 5332  Rasl2tp - ok
19:17:29.0893 5332  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
19:17:29.0895 5332  RasMan - ok
19:17:29.0904 5332  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:17:29.0905 5332  RasPppoe - ok
19:17:29.0916 5332  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:17:29.0916 5332  RasSstp - ok
19:17:29.0923 5332  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:17:29.0924 5332  rdbss - ok
19:17:29.0935 5332  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
19:17:29.0936 5332  rdpbus - ok
19:17:29.0946 5332  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:17:29.0947 5332  RDPCDD - ok
19:17:29.0959 5332  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:17:29.0959 5332  RDPENCDD - ok
19:17:29.0968 5332  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:17:29.0969 5332  RDPREFMP - ok
19:17:30.0013 5332  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:17:30.0013 5332  RdpVideoMiniport - ok
19:17:30.0030 5332  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:17:30.0032 5332  RDPWD - ok
19:17:30.0046 5332  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:17:30.0047 5332  rdyboost - ok
19:17:30.0096 5332  [ EA569D48B2E755AF6D96F03F3335D98A ] RealtekSE       C:\Program Files (x86)\Edimax\PCIe Wireless LAN\RtlService.exe
19:17:30.0097 5332  RealtekSE - ok
19:17:30.0122 5332  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:17:30.0125 5332  RemoteAccess - ok
19:17:30.0134 5332  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:17:30.0138 5332  RemoteRegistry - ok
19:17:30.0153 5332  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:17:30.0158 5332  RpcEptMapper - ok
19:17:30.0174 5332  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:17:30.0177 5332  RpcLocator - ok
19:17:30.0193 5332  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
19:17:30.0200 5332  RpcSs - ok
19:17:30.0210 5332  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:17:30.0211 5332  rspndr - ok
19:17:30.0249 5332  [ 6D17B48C2465E26808E5FB4FE7B77304 ] RTL8192Ce       C:\Windows\system32\DRIVERS\rtl8192Ce.sys
19:17:30.0258 5332  RTL8192Ce - ok
19:17:30.0271 5332  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
19:17:30.0274 5332  SamSs - ok
19:17:30.0285 5332  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:17:30.0286 5332  sbp2port - ok
19:17:30.0301 5332  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:17:30.0305 5332  SCardSvr - ok
19:17:30.0312 5332  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:17:30.0313 5332  scfilter - ok
19:17:30.0330 5332  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
19:17:30.0339 5332  Schedule - ok
19:17:30.0356 5332  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:17:30.0357 5332  SCPolicySvc - ok
19:17:30.0370 5332  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:17:30.0374 5332  SDRSVC - ok
19:17:30.0394 5332  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:17:30.0395 5332  secdrv - ok
19:17:30.0401 5332  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
19:17:30.0404 5332  seclogon - ok
19:17:30.0408 5332  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
19:17:30.0411 5332  SENS - ok
19:17:30.0431 5332  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:17:30.0434 5332  SensrSvc - ok
19:17:30.0454 5332  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:17:30.0454 5332  Serenum - ok
19:17:30.0465 5332  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:17:30.0466 5332  Serial - ok
19:17:30.0475 5332  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:17:30.0475 5332  sermouse - ok
19:17:30.0488 5332  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:17:30.0492 5332  SessionEnv - ok
19:17:30.0499 5332  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:17:30.0499 5332  sffdisk - ok
19:17:30.0511 5332  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:17:30.0512 5332  sffp_mmc - ok
19:17:30.0520 5332  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:17:30.0521 5332  sffp_sd - ok
19:17:30.0534 5332  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
19:17:30.0534 5332  sfloppy - ok
19:17:30.0554 5332  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:17:30.0557 5332  SharedAccess - ok
19:17:30.0570 5332  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:17:30.0575 5332  ShellHWDetection - ok
19:17:30.0584 5332  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
19:17:30.0585 5332  SiSRaid2 - ok
19:17:30.0596 5332  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:17:30.0597 5332  SiSRaid4 - ok
19:17:30.0632 5332  [ 3467821FD04A66C9786DF0C8C0219A73 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
19:17:30.0633 5332  SkypeUpdate - ok
19:17:30.0649 5332  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:17:30.0650 5332  Smb - ok
19:17:30.0666 5332  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:17:30.0670 5332  SNMPTRAP - ok
19:17:30.0722 5332  [ 3A4F2C0BB87A0895ABEBA341AA1E341B ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
19:17:30.0723 5332  Sony PC Companion - ok
19:17:30.0737 5332  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:17:30.0737 5332  spldr - ok
19:17:30.0764 5332  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
19:17:30.0767 5332  Spooler - ok
19:17:30.0802 5332  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
19:17:30.0817 5332  sppsvc - ok
19:17:30.0823 5332  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:17:30.0826 5332  sppuinotify - ok
19:17:30.0849 5332  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:17:30.0851 5332  srv - ok
19:17:30.0867 5332  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:17:30.0870 5332  srv2 - ok
19:17:30.0882 5332  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:17:30.0884 5332  srvnet - ok
19:17:30.0899 5332  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:17:30.0902 5332  SSDPSRV - ok
19:17:30.0909 5332  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:17:30.0912 5332  SstpSvc - ok
19:17:30.0941 5332  Steam Client Service - ok
19:17:30.0980 5332  [ 81F177C1954453AF407604160BD149CB ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:17:30.0983 5332  Stereo Service - ok
19:17:30.0994 5332  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
19:17:30.0995 5332  stexstor - ok
19:17:31.0022 5332  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
19:17:31.0031 5332  stisvc - ok
19:17:31.0044 5332  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:17:31.0045 5332  swenum - ok
19:17:31.0056 5332  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
19:17:31.0063 5332  swprv - ok
19:17:31.0093 5332  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
19:17:31.0107 5332  SysMain - ok
19:17:31.0111 5332  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:17:31.0115 5332  TabletInputService - ok
19:17:31.0129 5332  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:17:31.0132 5332  TapiSrv - ok
19:17:31.0144 5332  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
19:17:31.0146 5332  TBS - ok
19:17:31.0178 5332  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:17:31.0185 5332  Tcpip - ok
19:17:31.0211 5332  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:17:31.0218 5332  TCPIP6 - ok
19:17:31.0234 5332  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:17:31.0235 5332  tcpipreg - ok
19:17:31.0246 5332  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:17:31.0246 5332  TDPIPE - ok
19:17:31.0260 5332  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:17:31.0261 5332  TDTCP - ok
19:17:31.0270 5332  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:17:31.0271 5332  tdx - ok
19:17:31.0280 5332  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:17:31.0280 5332  TermDD - ok
19:17:31.0294 5332  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
19:17:31.0298 5332  TermService - ok
19:17:31.0306 5332  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
19:17:31.0308 5332  Themes - ok
19:17:31.0334 5332  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
19:17:31.0335 5332  THREADORDER - ok
19:17:31.0342 5332  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:17:31.0344 5332  TrkWks - ok
19:17:31.0373 5332  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:17:31.0375 5332  TrustedInstaller - ok
19:17:31.0382 5332  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:17:31.0383 5332  tssecsrv - ok
19:17:31.0418 5332  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:17:31.0419 5332  TsUsbFlt - ok
19:17:31.0429 5332  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
19:17:31.0430 5332  TsUsbGD - ok
19:17:31.0454 5332  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:17:31.0456 5332  tunnel - ok
19:17:31.0466 5332  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:17:31.0467 5332  uagp35 - ok
19:17:31.0478 5332  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:17:31.0480 5332  udfs - ok
19:17:31.0497 5332  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:17:31.0500 5332  UI0Detect - ok
19:17:31.0524 5332  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:17:31.0526 5332  uliagpkx - ok
19:17:31.0538 5332  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:17:31.0539 5332  umbus - ok
19:17:31.0550 5332  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
19:17:31.0551 5332  UmPass - ok
19:17:31.0563 5332  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:17:31.0569 5332  upnphost - ok
19:17:31.0596 5332  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
19:17:31.0597 5332  usbaudio - ok
19:17:31.0610 5332  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:17:31.0611 5332  usbccgp - ok
19:17:31.0622 5332  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:17:31.0623 5332  usbcir - ok
19:17:31.0639 5332  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
19:17:31.0640 5332  usbehci - ok
19:17:31.0656 5332  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:17:31.0659 5332  usbhub - ok
19:17:31.0676 5332  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:17:31.0677 5332  usbohci - ok
19:17:31.0686 5332  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
19:17:31.0687 5332  usbprint - ok
19:17:31.0710 5332  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:17:31.0711 5332  USBSTOR - ok
19:17:31.0723 5332  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:17:31.0724 5332  usbuhci - ok
19:17:31.0740 5332  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
19:17:31.0742 5332  UxSms - ok
19:17:31.0744 5332  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
19:17:31.0745 5332  VaultSvc - ok
19:17:31.0756 5332  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:17:31.0756 5332  vdrvroot - ok
19:17:31.0766 5332  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
19:17:31.0770 5332  vds - ok
19:17:31.0780 5332  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:17:31.0781 5332  vga - ok
19:17:31.0791 5332  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:17:31.0792 5332  VgaSave - ok
19:17:31.0799 5332  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:17:31.0800 5332  vhdmp - ok
19:17:31.0813 5332  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:17:31.0813 5332  viaide - ok
19:17:31.0822 5332  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:17:31.0823 5332  volmgr - ok
19:17:31.0833 5332  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:17:31.0834 5332  volmgrx - ok
19:17:31.0841 5332  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:17:31.0843 5332  volsnap - ok
19:17:31.0855 5332  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:17:31.0856 5332  vsmraid - ok
19:17:31.0887 5332  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
19:17:31.0902 5332  VSS - ok
19:17:31.0914 5332  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:17:31.0914 5332  vwifibus - ok
19:17:31.0916 5332  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:17:31.0917 5332  vwififlt - ok
19:17:31.0936 5332  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
19:17:31.0936 5332  vwifimp - ok
19:17:31.0946 5332  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
19:17:31.0949 5332  W32Time - ok
19:17:31.0961 5332  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:17:31.0962 5332  WacomPen - ok
19:17:31.0984 5332  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:17:31.0985 5332  WANARP - ok
19:17:31.0987 5332  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:17:31.0988 5332  Wanarpv6 - ok
19:17:32.0035 5332  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
19:17:32.0045 5332  WatAdminSvc - ok
19:17:32.0070 5332  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
19:17:32.0078 5332  wbengine - ok
19:17:32.0089 5332  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:17:32.0092 5332  WbioSrvc - ok
19:17:32.0104 5332  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:17:32.0107 5332  wcncsvc - ok
19:17:32.0118 5332  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:17:32.0120 5332  WcsPlugInService - ok
19:17:32.0130 5332  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
19:17:32.0131 5332  Wd - ok
19:17:32.0160 5332  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:17:32.0163 5332  Wdf01000 - ok
19:17:32.0173 5332  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:17:32.0176 5332  WdiServiceHost - ok
19:17:32.0179 5332  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:17:32.0182 5332  WdiSystemHost - ok
19:17:32.0187 5332  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
19:17:32.0190 5332  WebClient - ok
19:17:32.0202 5332  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:17:32.0206 5332  Wecsvc - ok
19:17:32.0210 5332  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:17:32.0212 5332  wercplsupport - ok
19:17:32.0227 5332  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:17:32.0230 5332  WerSvc - ok
19:17:32.0235 5332  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:17:32.0235 5332  WfpLwf - ok
19:17:32.0248 5332  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:17:32.0249 5332  WIMMount - ok
19:17:32.0257 5332  WinDefend - ok
19:17:32.0262 5332  WinHttpAutoProxySvc - ok
19:17:32.0298 5332  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:17:32.0301 5332  Winmgmt - ok
19:17:32.0334 5332  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
19:17:32.0347 5332  WinRM - ok
19:17:32.0390 5332  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:17:32.0390 5332  WinUsb - ok
19:17:32.0414 5332  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:17:32.0419 5332  Wlansvc - ok
19:17:32.0426 5332  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
19:17:32.0426 5332  WmiAcpi - ok
19:17:32.0439 5332  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:17:32.0440 5332  wmiApSrv - ok
19:17:32.0448 5332  WMPNetworkSvc - ok
19:17:32.0459 5332  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:17:32.0461 5332  WPCSvc - ok
19:17:32.0469 5332  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:17:32.0471 5332  WPDBusEnum - ok
19:17:32.0477 5332  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:17:32.0478 5332  ws2ifsl - ok
19:17:32.0487 5332  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
19:17:32.0490 5332  wscsvc - ok
19:17:32.0492 5332  WSearch - ok
19:17:32.0527 5332  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:17:32.0537 5332  wuauserv - ok
19:17:32.0554 5332  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:17:32.0555 5332  WudfPf - ok
19:17:32.0581 5332  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:17:32.0584 5332  WUDFRd - ok
19:17:32.0594 5332  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:17:32.0599 5332  wudfsvc - ok
19:17:32.0617 5332  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:17:32.0623 5332  WwanSvc - ok
19:17:32.0633 5332  ================ Scan global ===============================
19:17:32.0656 5332  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:17:32.0668 5332  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:17:32.0675 5332  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:17:32.0701 5332  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:17:32.0730 5332  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:17:32.0736 5332  [Global] - ok
19:17:32.0736 5332  ================ Scan MBR ==================================
19:17:32.0746 5332  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:17:32.0846 5332  \Device\Harddisk0\DR0 - ok
19:17:32.0846 5332  ================ Scan VBR ==================================
19:17:32.0848 5332  [ 23EA5AB21BDCE0B2942CCC95F0908C6C ] \Device\Harddisk0\DR0\Partition1
19:17:32.0849 5332  \Device\Harddisk0\DR0\Partition1 - ok
19:17:32.0856 5332  [ 19FEDA61F0FC2CE64094C40CACD937EB ] \Device\Harddisk0\DR0\Partition2
19:17:32.0857 5332  \Device\Harddisk0\DR0\Partition2 - ok
19:17:32.0857 5332  ============================================================
19:17:32.0857 5332  Scan finished
19:17:32.0857 5332  ============================================================
19:17:32.0861 0808  Detected object count: 0
19:17:32.0862 0808  Actual detected object count: 0
 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.400000 GHz
Memory total: 8478789632, free: 5915193344

Downloaded database version: v2013.06.11.06
Downloaded database version: v2013.05.22.01
Initializing...
------------ Kernel report ------------
     06/11/2013 19:20:17
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\asahci64.sys
\SystemRoot\system32\DRIVERS\AsrRamDisk.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\iaStorA.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\nvstor.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\DRIVERS\iaStorF.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\FNETURPX.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\cfosspeed6.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\DRIVERS\asmtxhci.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\DRIVERS\asmthub3.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\psapi.dll
\Windows\System32\nsi.dll
\Windows\System32\msctf.dll
\Windows\System32\oleaut32.dll
\Windows\System32\normaliz.dll
\Windows\System32\usp10.dll
\Windows\System32\clbcatq.dll
\Windows\System32\imagehlp.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\gdi32.dll
\Windows\System32\imm32.dll
\Windows\System32\sechost.dll
\Windows\System32\wininet.dll
\Windows\System32\comdlg32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\advapi32.dll
\Windows\System32\iertutil.dll
\Windows\System32\lpk.dll
\Windows\System32\shell32.dll
\Windows\System32\urlmon.dll
\Windows\System32\setupapi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\ole32.dll
\Windows\System32\difxapi.dll
\Windows\System32\kernel32.dll
\Windows\System32\user32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\comctl32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\devobj.dll
\Windows\System32\crypt32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80097b5060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006c\
Lower Device Object: 0xfffffa800781d9c0
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80097b5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80097b5b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80097b5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80095fcc50, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa800781d9c0, DeviceName: \Device\0000006c\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E051A8B

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 1953314816

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
 

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.06.11.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
MASTAVASE :: NATHANSPC [administrator]

11/06/2013 19:20:19
mbar-log-2013-06-11 (19-20-19).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 258044
Time elapsed: 9 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

ComboFix 13-06-08.02 - MASTAVASE 11/06/2013  19:41:02.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.8086.5576 [GMT 1:00]
Running from: c:\users\MASTAVASE\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\MASTAV~1\AppData\Local\Temp\_MEI38322\_ctypes.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI38322\_elementtree.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI38322\_hashlib.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI38322\_multiprocessing.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI38322\_socket.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI38322\_ssl.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI38322\pyexpat.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI38322\pysqlite2._sqlite.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI38322\python27.dll
c:\users\MASTAV~1\AppData\Local\Temp\_MEI38322\pythoncom27.dll
c:\users\MASTAV~1\AppData\Local\Temp\_MEI38322\PyWinTypes27.dll
c:\users\MASTAV~1\AppData\Local\Temp\_MEI38322\select.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI38322\unicodedata.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI38322\win32api.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI38322\win32com.shell.shell.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI38322\win32crypt.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI38322\win32event.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI38322\win32file.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI38322\win32inet.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI38322\win32pdh.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI38322\win32process.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI38322\win32profile.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI38322\win32security.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI38322\win32ts.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI38322\windows._cacheinvalidation.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI38322\wx._controls_.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI38322\wx._core_.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI38322\wx._gdi_.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI38322\wx._html2.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI38322\wx._misc_.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI38322\wx._windows_.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI38322\wx._wizard.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI38322\wxbase294u_net_vc90.dll
c:\users\MASTAV~1\AppData\Local\Temp\_MEI38322\wxbase294u_vc90.dll
c:\users\MASTAV~1\AppData\Local\Temp\_MEI38322\wxmsw294u_adv_vc90.dll
c:\users\MASTAV~1\AppData\Local\Temp\_MEI38322\wxmsw294u_core_vc90.dll
c:\users\MASTAV~1\AppData\Local\Temp\_MEI38322\wxmsw294u_html_vc90.dll
c:\users\MASTAV~1\AppData\Local\Temp\_MEI38322\wxmsw294u_webview_vc90.dll
c:\users\MASTAVASE\AppData\Local\Temp\_MEI38322\_ctypes.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI38322\_elementtree.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI38322\_hashlib.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI38322\_multiprocessing.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI38322\_socket.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI38322\_ssl.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI38322\pyexpat.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI38322\pysqlite2._sqlite.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI38322\python27.dll
c:\users\MASTAVASE\AppData\Local\Temp\_MEI38322\pythoncom27.dll
c:\users\MASTAVASE\AppData\Local\Temp\_MEI38322\PyWinTypes27.dll
c:\users\MASTAVASE\AppData\Local\Temp\_MEI38322\select.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI38322\unicodedata.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI38322\win32api.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI38322\win32com.shell.shell.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI38322\win32crypt.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI38322\win32event.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI38322\win32file.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI38322\win32inet.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI38322\win32pdh.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI38322\win32process.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI38322\win32profile.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI38322\win32security.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI38322\win32ts.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI38322\windows._cacheinvalidation.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI38322\wx._controls_.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI38322\wx._core_.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI38322\wx._gdi_.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI38322\wx._html2.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI38322\wx._misc_.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI38322\wx._windows_.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI38322\wx._wizard.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI38322\wxbase294u_net_vc90.dll
c:\users\MASTAVASE\AppData\Local\Temp\_MEI38322\wxbase294u_vc90.dll
c:\users\MASTAVASE\AppData\Local\Temp\_MEI38322\wxmsw294u_adv_vc90.dll
c:\users\MASTAVASE\AppData\Local\Temp\_MEI38322\wxmsw294u_core_vc90.dll
c:\users\MASTAVASE\AppData\Local\Temp\_MEI38322\wxmsw294u_html_vc90.dll
c:\users\MASTAVASE\AppData\Local\Temp\_MEI38322\wxmsw294u_webview_vc90.dll
c:\users\MASTAVASE\AppData\Roaming\Microsoft\Windows\Recent\Ghost Recon Online.appref-ms
c:\users\MASTAVASE\AppData\Roaming\technic-launcher.jar
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-11 to 2013-06-11  )))))))))))))))))))))))))))))))
.
.
2013-06-11 18:20 . 2013-06-11 18:34    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-11 17:44 . 2013-05-13 06:37    9460464    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FCE60118-9CF5-405B-A38B-C7A7FD28ADA4}\mpengine.dll
2013-06-10 08:13 . 2013-06-10 08:13    --------    d-----w-    c:\users\MASTAVASE\AppData\Local\TopArcadeHits
2013-06-09 16:52 . 2013-05-13 06:37    9460464    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-09 03:20 . 2013-06-09 03:20    --------    d-----w-    c:\programdata\CCP
2013-06-09 02:38 . 2013-06-09 02:38    --------    d-----w-    c:\users\MASTAVASE\AppData\Local\CCP
2013-06-04 01:29 . 2013-06-04 01:29    --------    d-----w-    c:\program files\WinRAR
2013-05-22 01:52 . 2013-05-22 01:52    964552    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{83C16143-56D7-48AF-A755-158EC32B33C2}\gapaengine.dll
2013-05-21 00:22 . 2013-06-11 17:02    --------    d-s---w-    c:\users\MASTAVASE\Google Drive
2013-05-16 01:18 . 2013-05-05 21:36    17818624    ----a-w-    c:\windows\system32\mshtml.dll
2013-05-16 01:18 . 2013-05-05 21:16    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2013-05-16 01:18 . 2013-05-05 19:12    2382848    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2013-05-15 14:33 . 2013-05-15 14:55    --------    d-----w-    c:\users\MASTAVASE\AppData\Roaming\BitTorrent
2013-05-15 14:18 . 2013-05-15 14:18    --------    d-----w-    c:\users\MASTAVASE\AppData\Roaming\GeoVid
2013-05-15 14:18 . 2013-05-15 14:18    --------    d-----w-    c:\program files (x86)\Common Files\VHelper
2013-05-15 14:18 . 2013-05-15 14:18    --------    d-----w-    c:\programdata\GeoVid
2013-05-15 14:18 . 2013-05-15 14:18    --------    d-----w-    c:\program files (x86)\Common Files\GeoVid
2013-05-15 14:18 . 2007-06-28 17:55    77824    ----a-w-    c:\windows\SysWow64\xvid.ax
2013-05-15 14:18 . 2003-03-19 07:12    1047552    ----a-w-    c:\windows\SysWow64\mfc71u.dll
2013-05-15 14:18 . 2005-06-07 14:11    60416    ----a-w-    c:\windows\SysWow64\dsetup.dll
2013-05-15 14:18 . 2004-08-18 14:00    1712128    ----a-w-    c:\windows\SysWow64\gdiplus.dll
2013-05-15 14:18 . 2003-03-19 07:19    1060864    ----a-w-    c:\windows\SysWow64\mfc71.dll
2013-05-15 14:18 . 2003-03-19 05:05    89088    ----a-w-    c:\windows\SysWow64\atl71.dll
2013-05-15 14:18 . 2013-05-15 14:18    --------    d-----w-    c:\program files (x86)\GeoVid
2013-05-12 23:39 . 2013-05-12 23:39    --------    d-----w-    c:\programdata\Bohemia Interactive
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-11 18:00 . 2013-03-06 22:00    124181    ----a-w-    c:\users\MASTAVASE\Network_Meter_Data.js
2013-05-16 01:20 . 2013-02-01 16:12    75016696    ----a-w-    c:\windows\system32\MRT.exe
2013-05-15 11:03 . 2013-02-01 16:45    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 11:03 . 2013-02-01 16:45    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-09 08:59 . 2013-03-18 08:30    189936    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59 . 2013-03-18 08:30    65336    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-02-11 15:59    378432    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2013-02-11 15:59    72016    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2013-02-11 15:59    64288    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2013-02-11 15:59    1025808    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2013-02-11 15:59    33400    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2013-02-11 15:59    80816    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2013-02-11 15:58    41664    ----a-w-    c:\windows\avastSS.scr
2013-05-09 08:58 . 2013-02-11 15:59    287840    ----a-w-    c:\windows\system32\aswBoot.exe
2013-05-02 15:29 . 2010-11-21 03:27    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-23 17:22 . 2013-03-12 19:26    905296    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-04-18 18:30 . 2013-04-18 18:30    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-18 18:30 . 2013-02-03 18:28    866720    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-04-18 18:30 . 2013-02-03 18:28    788896    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-04-13 05:49 . 2013-05-15 14:16    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 14:16    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 14:16    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 14:16    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 14:16    474624    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 14:16    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-23 17:15    1656680    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-04-04 13:50 . 2013-02-11 15:57    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-03-19 06:04 . 2013-04-10 00:17    5550424    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 00:17    43520    ----a-w-    c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 00:17    3968856    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 00:17    3913560    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 00:17    6656    ----a-w-    c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 00:17    112640    ----a-w-    c:\windows\system32\smss.exe
2013-03-15 05:53 . 2013-03-29 14:35    9414456    ----a-w-    c:\windows\system32\nvcuda.dll
2013-03-15 05:53 . 2013-03-29 14:35    7959000    ----a-w-    c:\windows\SysWow64\nvcuda.dll
2013-03-15 05:53 . 2013-03-29 14:35    7573816    ----a-w-    c:\windows\system32\nvopencl.dll
2013-03-15 05:53 . 2013-03-29 14:35    6271872    ----a-w-    c:\windows\SysWow64\nvopencl.dll
2013-03-15 05:53 . 2013-03-29 14:35    420128    ----a-w-    c:\windows\system32\nvEncodeAPI64.dll
2013-03-15 05:53 . 2013-03-29 14:35    364832    ----a-w-    c:\windows\SysWow64\nvEncodeAPI.dll
2013-03-15 05:53 . 2013-03-29 14:35    2913056    ----a-w-    c:\windows\system32\nvcuvid.dll
2013-03-15 05:53 . 2013-03-29 14:35    2728736    ----a-w-    c:\windows\SysWow64\nvcuvid.dll
2013-03-15 05:53 . 2013-03-29 14:35    26956576    ----a-w-    c:\windows\system32\nvoglv64.dll
2013-03-15 05:53 . 2013-03-29 14:35    25256736    ----a-w-    c:\windows\system32\nvcompiler.dll
2013-03-15 05:53 . 2013-03-29 14:35    2355488    ----a-w-    c:\windows\system32\nvcuvenc.dll
2013-03-15 05:53 . 2013-03-29 14:35    20542752    ----a-w-    c:\windows\SysWow64\nvoglv32.dll
2013-03-15 05:53 . 2013-03-29 14:35    1995552    ----a-w-    c:\windows\SysWow64\nvcuvenc.dll
2013-03-15 05:53 . 2013-03-29 14:35    1807136    ----a-w-    c:\windows\system32\nvdispco6431422.dll
2013-03-15 05:53 . 2013-03-29 14:35    17990800    ----a-w-    c:\windows\system32\nvd3dumx.dll
2013-03-15 05:53 . 2013-03-29 14:35    17560352    ----a-w-    c:\windows\SysWow64\nvcompiler.dll
2013-03-15 05:53 . 2013-03-29 14:35    1510176    ----a-w-    c:\windows\system32\nvdispgenco6431422.dll
2013-03-15 05:53 . 2013-03-29 14:35    15042928    ----a-w-    c:\windows\SysWow64\nvd3dum.dll
2013-03-15 05:53 . 2013-03-29 14:35    11048736    ----a-w-    c:\windows\system32\drivers\nvlddmkm.sys
2013-03-15 05:53 . 2013-02-02 20:01    968408    ----a-w-    c:\windows\SysWow64\nvumdshim.dll
2013-03-15 05:53 . 2013-02-02 20:01    2864144    ----a-w-    c:\windows\system32\nvapi64.dll
2013-03-15 05:53 . 2013-02-02 20:01    2539128    ----a-w-    c:\windows\SysWow64\nvapi.dll
2013-03-15 05:53 . 2013-02-02 20:01    250504    ----a-w-    c:\windows\system32\nvinitx.dll
2013-03-15 05:53 . 2013-02-02 20:01    205184    ----a-w-    c:\windows\SysWow64\nvinit.dll
2013-03-15 05:53 . 2013-02-02 20:01    15508512    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2013-03-15 05:53 . 2013-02-02 20:01    13088000    ----a-w-    c:\windows\SysWow64\nvwgf2um.dll
2013-03-15 05:53 . 2013-02-02 20:01    1118776    ----a-w-    c:\windows\system32\nvumdshimx.dll
2013-03-15 04:16 . 2013-02-02 20:02    3477280    ----a-w-    c:\windows\system32\nvsvc64.dll
2013-03-15 04:16 . 2013-02-02 20:02    6398240    ----a-w-    c:\windows\system32\nvcpl.dll
2013-03-15 04:16 . 2013-02-02 20:02    877856    ----a-w-    c:\windows\system32\nvvsvc.exe
2013-03-15 04:16 . 2013-02-02 20:02    63776    ----a-w-    c:\windows\system32\nvshext.dll
2013-03-15 04:16 . 2013-02-02 20:02    237856    ----a-w-    c:\windows\system32\nvmctray.dll
2013-03-14 22:07 . 2013-03-14 22:07    559904    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-04-16 19662744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"XFastUSB"="c:\program files (x86)\XFastUSB\XFastUsb.exe" [2013-02-01 5021448]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-11-30 56128]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R3 BRDriver64;BRDriver64;c:\programdata\bitraider\BRDriver64.sys;c:\programdata\bitraider\BRDriver64.sys [x]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\bitraider\BRSptSvc.exe;c:\programdata\bitraider\BRSptSvc.exe [x]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS;c:\windows\SYSNATIVE\drivers\FNETTBOH_305.SYS [x]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 AsrRamDisk;AsrRamDisk;c:\windows\system32\DRIVERS\AsrRamDisk.sys;c:\windows\SYSNATIVE\DRIVERS\AsrRamDisk.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS;c:\windows\SYSNATIVE\drivers\FNETURPX.SYS [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 RealtekSE;RealtekSE;c:\program files (x86)\Edimax\PCIe Wireless LAN\RtlService.exe;c:\program files (x86)\Edimax\PCIe Wireless LAN\RtlService.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-01 11:03]
.
2013-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-08 19:35]
.
2013-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-08 19:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58    133840    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 15:10    776144    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 15:10    776144    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 15:10    776144    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 15:10    776144    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XFast LAN"="c:\program files\ASRock\XFast LAN\cFosSpeed.exe" [2011-10-19 1441152]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 2345848]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\MASTAVASE\AppData\Roaming\Mozilla\Firefox\Profiles\pcgmafqi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.game-debate.com/
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file)
Wow6432Node-HKCU-Run-ASRockXTU - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1179438607-1188683190-1257082983-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f1,da,a3,4e,b7,33,b9,1e,ff,0e,bb,a7,f9,cc,06,fb,eb,c0,62,ae,19,32,71,
   57,55,a2,9d,cc,35,6c,7e,6c,47,cf,b9,7b,24,a4,f0,a1,db,d6,ba,96,ce,5f,16,f6,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Edimax\PCIe Wireless LAN\RtWlan.exe
c:\program files\AVAST Software\Avast\AvastEmUpdate.exe
.
**************************************************************************
.
Completion time: 2013-06-11  19:48:27 - machine was rebooted
ComboFix-quarantined-files.txt  2013-06-11 18:48
.
Pre-Run: 769,264,267,264 bytes free
Post-Run: 769,769,488,384 bytes free
.
- - End Of File - - 75151D95A5DDD0B717A0CC9A51DB3DF0
A36C5E4F47E84449FF07ED3517B43A31
 

 Results of screen317's Security Check version 0.99.64  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus                
Microsoft Security Essentials   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 21  
 Adobe Flash Player 11.7.700.202  
 Adobe Reader XI  
 Mozilla Firefox (21.0)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 

OTL logfile created on: 11/06/2013 20:06:31 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\MASTAVASE\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
7.90 Gb Total Physical Memory | 5.65 Gb Available Physical Memory | 71.52% Memory free
15.79 Gb Paging File | 13.42 Gb Available in Paging File | 84.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 717.19 Gb Free Space | 77.00% Space Free | Partition Type: NTFS
 
Computer Name: NATHANSPC | User Name: MASTAVASE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/06/11 20:00:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MASTAVASE\Desktop\OTL.exe
PRC - [2013/05/18 17:00:48 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/05/15 12:03:18 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
PRC - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 09:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/04/16 16:10:44 | 019,662,744 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/03/14 23:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/02/11 02:38:15 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/02/01 16:42:15 | 005,021,448 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files (x86)\XFastUSB\XFastUsb.exe
PRC - [2012/11/19 13:15:20 | 000,285,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2012/11/19 13:15:20 | 000,014,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/02/27 04:01:56 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011/10/12 12:05:54 | 001,957,888 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\Edimax\PCIe Wireless LAN\RtWLan.exe
PRC - [2010/04/16 17:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files (x86)\Edimax\PCIe Wireless LAN\RtlService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/06/11 19:54:26 | 001,175,040 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI32322\wx._core_.pyd
MOD - [2013/06/11 19:54:26 | 001,153,024 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI32322\_ssl.pyd
MOD - [2013/06/11 19:54:26 | 001,062,400 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI32322\wx._controls_.pyd
MOD - [2013/06/11 19:54:26 | 001,022,416 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI32322\windows._cacheinvalidation.pyd
MOD - [2013/06/11 19:54:26 | 000,811,008 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI32322\wx._windows_.pyd
MOD - [2013/06/11 19:54:26 | 000,805,888 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI32322\wx._gdi_.pyd
MOD - [2013/06/11 19:54:26 | 000,735,232 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI32322\wx._misc_.pyd
MOD - [2013/06/11 19:54:26 | 000,711,680 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI32322\_hashlib.pyd
MOD - [2013/06/11 19:54:26 | 000,686,080 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI32322\unicodedata.pyd
MOD - [2013/06/11 19:54:26 | 000,557,056 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI32322\pysqlite2._sqlite.pyd
MOD - [2013/06/11 19:54:26 | 000,364,544 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI32322\pythoncom27.dll
MOD - [2013/06/11 19:54:26 | 000,320,512 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI32322\win32com.shell.shell.pyd
MOD - [2013/06/11 19:54:26 | 000,128,512 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI32322\_elementtree.pyd
MOD - [2013/06/11 19:54:26 | 000,127,488 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI32322\pyexpat.pyd
MOD - [2013/06/11 19:54:26 | 000,122,368 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI32322\wx._wizard.pyd
MOD - [2013/06/11 19:54:26 | 000,119,808 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI32322\win32file.pyd
MOD - [2013/06/11 19:54:26 | 000,110,080 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI32322\PyWinTypes27.dll
MOD - [2013/06/11 19:54:26 | 000,108,544 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI32322\win32security.pyd
MOD - [2013/06/11 19:54:26 | 000,098,816 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI32322\win32api.pyd
MOD - [2013/06/11 19:54:26 | 000,087,040 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI32322\_ctypes.pyd
MOD - [2013/06/11 19:54:26 | 000,070,656 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI32322\wx._html2.pyd
MOD - [2013/06/11 19:54:26 | 000,044,032 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI32322\_socket.pyd
MOD - [2013/06/11 19:54:26 | 000,038,912 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI32322\win32inet.pyd
MOD - [2013/06/11 19:54:26 | 000,035,840 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI32322\win32process.pyd
MOD - [2013/06/11 19:54:26 | 000,026,624 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI32322\_multiprocessing.pyd
MOD - [2013/06/11 19:54:26 | 000,025,600 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI32322\win32pdh.pyd
MOD - [2013/06/11 19:54:26 | 000,022,528 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI32322\win32ts.pyd
MOD - [2013/06/11 19:54:26 | 000,018,432 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI32322\win32event.pyd
MOD - [2013/06/11 19:54:26 | 000,017,408 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI32322\win32profile.pyd
MOD - [2013/06/11 19:54:26 | 000,011,264 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI32322\win32crypt.pyd
MOD - [2013/06/11 19:54:26 | 000,010,240 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI32322\select.pyd
MOD - [2013/05/18 17:00:35 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/05/16 17:58:16 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\2531d89e2357431074bcdbefb09a1456\System.ServiceModel.Routing.ni.dll
MOD - [2013/05/16 17:58:15 | 001,140,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ce7e1377adf7d75da942633f2906caca\System.ServiceModel.Discovery.ni.dll
MOD - [2013/05/16 17:58:15 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\bae991ffae94e02a4e2db7045196eb9f\System.ServiceModel.Channels.ni.dll
MOD - [2013/05/16 17:58:10 | 001,085,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\41192c1843e211b71eac4f8c2e48b5f3\System.ServiceModel.Web.ni.dll
MOD - [2013/05/16 17:57:18 | 001,393,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\e553f65d36418a28a1dbaf3332e6cefd\System.ServiceModel.Activities.ni.dll
MOD - [2013/05/16 17:57:17 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\7e0e59f1f0acf0078a8ed9c04947bcc2\System.IdentityModel.ni.dll
MOD - [2013/05/16 17:57:16 | 018,080,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\051d4dcae1aa316265d69ea0d3796b9c\System.ServiceModel.ni.dll
MOD - [2013/05/16 17:57:00 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\8e3479ab33dd0bc6a074003a28d9f28a\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/05/16 17:56:59 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d701cc56a037e8673e4880ae819b23bf\System.Runtime.Serialization.ni.dll
MOD - [2013/05/16 02:20:06 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\b2c0f91d4817a23f3fd07cd05ebd8e89\System.Windows.Forms.ni.dll
MOD - [2013/05/16 02:20:05 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\d5eb9579d1850678612625ab995629ea\System.Core.ni.dll
MOD - [2013/05/16 02:20:02 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\11dfbb7df959cb6dd5b57816141de355\System.Configuration.ni.dll
MOD - [2013/05/15 12:03:17 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
MOD - [2013/02/14 01:28:30 | 001,226,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\3b1d7952215bc34df472d77057fb9a95\System.WorkflowServices.ni.dll
MOD - [2013/02/14 01:27:59 | 000,361,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\2d8a7dc45bb6e2fae260e84aca3324e6\IAStorUtil.ni.dll
MOD - [2013/02/11 16:40:39 | 000,027,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMgrSvcInt#\9ece74a249e7d0c033acf2bcdabf1ca6\IAStorDataMgrSvcInterfaces.ni.dll
MOD - [2013/02/11 16:40:37 | 000,026,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\dd9f242d63dc216e957dd2e6c5b239a9\IAStorCommon.ni.dll
MOD - [2013/02/11 16:40:30 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cbb7db665b3ba25a931258eb702527f5\System.Xaml.ni.dll
MOD - [2013/02/11 16:40:23 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\62d047ff6c2865139d95eb19545b1cc6\SMDiagnostics.ni.dll
MOD - [2013/02/11 03:06:09 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b83993cc955262507c8ead67567c8060\System.Drawing.ni.dll
MOD - [2013/02/11 03:04:53 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d884c684ee3f738a60e3c50dd5d88caa\System.Xml.ni.dll
MOD - [2013/02/11 03:04:45 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\df418085cedae9fa2efee87e20a419a4\System.ni.dll
MOD - [2013/02/11 03:04:42 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\60c214b6ad5691e368a16ec65d127c27\mscorlib.ni.dll
MOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/01/25 14:48:06 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/05/09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/10/19 17:19:30 | 000,395,136 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\ASRock\XFast LAN\spd.exe -- (cFosSpeedS)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/06/06 23:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/06/05 22:51:52 | 000,909,592 | ---- | M] (BitRaider, LLC) [On_Demand | Stopped] -- C:\ProgramData\BitRaider\BRSptSvc.exe -- (BRSptSvc)
SRV - [2013/05/18 17:00:48 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/15 12:03:18 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/15 06:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/03/14 23:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/02/28 19:09:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/11 02:38:15 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/02/04 17:39:18 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012/12/14 03:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/11/19 13:15:20 | 000,014,904 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/04/16 17:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\Edimax\PCIe Wireless LAN\RtlService.exe -- (RealtekSE)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/05/09 09:59:07 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/05/09 09:59:07 | 000,378,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/05/09 09:59:07 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/05/09 09:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/05/09 09:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/05/09 09:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/05/09 09:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/05/09 09:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/02/28 20:32:52 | 000,032,320 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV:64bit: - [2013/02/01 16:42:15 | 000,016,648 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/19 06:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/12/14 03:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/11/19 13:10:38 | 000,652,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/11/19 13:10:36 | 000,028,216 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/27 04:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/02/27 04:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/02/27 04:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/01/13 13:52:38 | 000,031,016 | ---- | M] (ASRock Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AsrRamDisk.sys -- (AsrRamDisk)
DRV:64bit: - [2011/10/06 08:58:42 | 001,163,880 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011/09/21 18:56:24 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)
DRV:64bit: - [2011/07/04 16:19:34 | 001,632,128 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed)
DRV:64bit: - [2011/05/09 21:42:14 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 17:00:14 | 000,390,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/03/04 17:00:14 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1179438607-1188683190-1257082983-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-1179438607-1188683190-1257082983-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DF 04 74 4D 16 54 CE 01  [binary data]
IE - HKU\S-1-5-21-1179438607-1188683190-1257082983-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1179438607-1188683190-1257082983-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1179438607-1188683190-1257082983-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1179438607-1188683190-1257082983-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "http://www.game-debate.com/"
FF - prefs.js..extensions.enabledAddons: %7B0113D088-8ED1-468C-B225-585A9C53B5E3%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/05/27 23:55:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/06/10 09:13:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MASTAVASE\AppData\Roaming\Mozilla\Extensions
[2013/06/10 09:13:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MASTAVASE\AppData\Roaming\Mozilla\Firefox\Profiles\pcgmafqi.default\extensions
[2013/06/10 09:13:09 | 000,000,000 | ---D | M] (TopArcadeHits) -- C:\Users\MASTAVASE\AppData\Roaming\Mozilla\Firefox\Profiles\pcgmafqi.default\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}
[2013/05/08 18:10:26 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\MASTAVASE\AppData\Roaming\Mozilla\Firefox\Profiles\pcgmafqi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/18 17:00:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/18 17:00:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013/06/11 19:46:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [XFastUSB] C:\Program Files (x86)\XFastUSB\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKU\S-1-5-21-1179438607-1188683190-1257082983-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1179438607-1188683190-1257082983-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1179438607-1188683190-1257082983-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1179438607-1188683190-1257082983-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1179438607-1188683190-1257082983-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1179438607-1188683190-1257082983-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1179438607-1188683190-1257082983-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9B4B068-0E1B-4052-AD58-FFFEBB7B9CF4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA4A00D4-828D-4C9F-B896-D74B11E8AFF5}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/11 20:00:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MASTAVASE\Desktop\OTL.exe
[2013/06/11 19:48:29 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/06/11 19:46:26 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/06/11 19:40:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/06/11 19:40:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/06/11 19:40:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/06/11 19:36:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/11 19:36:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/06/11 19:20:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/06/10 09:13:12 | 000,000,000 | ---D | C] -- C:\Users\MASTAVASE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits
[2013/06/10 09:13:07 | 000,000,000 | ---D | C] -- C:\Users\MASTAVASE\AppData\Local\TopArcadeHits
[2013/06/09 04:20:47 | 000,000,000 | ---D | C] -- C:\Users\MASTAVASE\Documents\EVE
[2013/06/09 04:20:43 | 000,000,000 | ---D | C] -- C:\ProgramData\CCP
[2013/06/09 03:38:39 | 000,000,000 | ---D | C] -- C:\Users\MASTAVASE\AppData\Local\CCP
[2013/06/04 02:29:38 | 000,000,000 | ---D | C] -- C:\Users\MASTAVASE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/06/04 02:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/06/04 02:29:35 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013/05/30 20:01:11 | 000,000,000 | ---D | C] -- C:\Users\MASTAVASE\Desktop\War Thunder (Dev server)
[2013/05/29 19:15:23 | 000,000,000 | ---D | C] -- C:\Users\MASTAVASE\Documents\Outlook Files
[2013/05/21 01:22:36 | 000,000,000 | --SD | C] -- C:\Users\MASTAVASE\Google Drive
[2013/05/21 01:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/05/18 17:00:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/05/16 02:17:32 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/05/16 02:17:32 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/05/16 02:17:31 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/05/16 02:17:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/16 02:17:31 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/05/16 02:17:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/05/16 02:17:30 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/05/16 02:17:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/05/16 02:17:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/05/16 02:17:29 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/05/16 02:17:29 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/05/16 02:17:29 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/05/16 02:17:28 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/05/16 02:17:28 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/16 02:17:28 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/05/15 15:33:24 | 000,000,000 | ---D | C] -- C:\Users\MASTAVASE\AppData\Roaming\BitTorrent
[2013/05/15 15:18:51 | 000,000,000 | ---D | C] -- C:\Users\MASTAVASE\AppData\Roaming\GeoVid
[2013/05/15 15:18:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VHelper
[2013/05/15 15:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\GeoVid
[2013/05/15 15:18:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\GeoVid
[2013/05/15 15:18:33 | 001,047,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71u.dll
[2013/05/15 15:18:32 | 001,712,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2013/05/15 15:18:32 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
[2013/05/15 15:18:32 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\atl71.dll
[2013/05/15 15:18:32 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dsetup.dll
[2013/05/15 15:18:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GeoVid
[2013/05/15 15:16:50 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/05/15 15:16:50 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013/05/15 15:16:44 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/05/15 15:16:43 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/05/15 15:16:42 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013/05/15 15:16:41 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/05/15 15:16:39 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013/05/13 00:39:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Bohemia Interactive
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/11 20:03:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/11 20:02:49 | 000,780,650 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/11 20:02:49 | 000,665,358 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/11 20:02:49 | 000,125,592 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/11 20:01:31 | 000,020,688 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/11 20:01:31 | 000,020,688 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/11 20:00:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MASTAVASE\Desktop\OTL.exe
[2013/06/11 20:00:00 | 000,124,215 | ---- | M] () -- C:\Users\MASTAVASE\Network_Meter_Data.js
[2013/06/11 19:54:25 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/11 19:54:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/11 19:54:05 | 2064,121,855 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/11 19:46:23 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/06/11 19:45:22 | 000,000,027 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Roaming\Network Meter_Usage.ini
[2013/06/11 19:40:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/11 19:38:15 | 000,001,140 | ---- | M] () -- C:\Users\MASTAVASE\Desktop\ComboFix - Shortcut.lnk
[2013/06/11 06:28:29 | 000,001,181 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Roaming\Network Meter_Settings.ini
[2013/06/09 17:43:02 | 000,000,282 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Roaming\GPU MeterV2_Settings.ini
[2013/05/29 19:15:27 | 000,001,105 | ---- | M] () -- C:\Users\MASTAVASE\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013/05/27 23:55:43 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/05/21 01:22:36 | 000,001,675 | ---- | M] () -- C:\Users\MASTAVASE\Desktop\Google Drive.lnk
[2013/05/16 17:51:39 | 000,418,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/15 15:20:28 | 000,003,584 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/15 12:03:18 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/15 12:03:18 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/06/11 19:40:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/06/11 19:40:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/06/11 19:40:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/06/11 19:40:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/06/11 19:40:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/06/11 19:38:15 | 000,001,140 | ---- | C] () -- C:\Users\MASTAVASE\Desktop\ComboFix - Shortcut.lnk
[2013/05/29 19:15:27 | 000,001,105 | ---- | C] () -- C:\Users\MASTAVASE\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013/05/21 01:22:36 | 000,001,675 | ---- | C] () -- C:\Users\MASTAVASE\Desktop\Google Drive.lnk
[2013/05/15 15:20:28 | 000,003,584 | ---- | C] () -- C:\Users\MASTAVASE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/15 15:18:34 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2013/03/07 00:16:21 | 000,000,027 | ---- | C] () -- C:\Users\MASTAVASE\AppData\Roaming\Network Meter_Usage.ini
[2013/03/06 23:00:00 | 000,124,215 | ---- | C] () -- C:\Users\MASTAVASE\Network_Meter_Data.js
[2013/02/15 21:54:11 | 000,000,000 | ---- | C] () -- C:\ProgramData\CLDShowX.ini
[2013/02/10 23:44:00 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2013/02/02 02:45:22 | 000,283,032 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/02/02 02:45:21 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013/02/02 02:45:21 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/02/01 19:04:23 | 000,000,576 | ---- | C] () -- C:\Users\MASTAVASE\AppData\Roaming\All CPU MeterV3_Settings.ini
[2013/02/01 19:03:46 | 000,001,181 | ---- | C] () -- C:\Users\MASTAVASE\AppData\Roaming\Network Meter_Settings.ini
[2013/02/01 19:02:55 | 000,000,282 | ---- | C] () -- C:\Users\MASTAVASE\AppData\Roaming\GPU MeterV2_Settings.ini
[2013/02/01 17:28:53 | 000,766,118 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/02/01 16:44:33 | 000,000,003 | ---- | C] () -- C:\Users\MASTAVASE\AppData\Local\user_data.ini
[2013/02/01 16:02:48 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2013/01/31 08:08:34 | 000,039,904 | ---- | C] () -- C:\Windows\SysWow64\dischandler.exe
[2013/01/25 17:48:32 | 003,915,776 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2013/01/25 17:47:32 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013/01/25 17:46:18 | 000,271,360 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2013/01/25 17:46:16 | 000,157,184 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2013/01/25 17:46:16 | 000,099,840 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2013/01/25 17:46:12 | 000,211,968 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2013/01/25 17:46:12 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2013/01/25 17:46:08 | 001,525,760 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2013/01/25 17:46:08 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2013/01/25 17:00:40 | 000,384,472 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll
[2013/01/25 17:00:40 | 000,247,920 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-52.dll
[2013/01/25 17:00:40 | 000,183,976 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll
[2013/01/25 17:00:40 | 000,165,160 | ---- | C] () -- C:\Windows\SysWow64\avresample-lav-1.dll
[2013/01/25 17:00:38 | 007,833,552 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-54.dll
[2013/01/25 17:00:38 | 001,257,464 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-54.dll
[2013/01/25 17:00:38 | 000,169,888 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-3.dll
[2012/12/14 03:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/12/14 03:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012/12/14 03:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012/09/29 23:47:28 | 000,000,178 | ---- | C] () -- C:\Windows\SysWow64\Formats.ini
[2012/09/28 20:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2011/12/07 20:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\Lagarith.dll
[2011/09/08 15:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2011/09/08 15:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2011/09/08 15:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2011/09/08 15:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2011/09/08 15:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2011/09/08 15:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2011/09/08 15:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2011/09/08 15:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2011/09/08 14:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2011/09/08 14:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2011/06/24 04:58:32 | 000,242,259 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/06/24 04:58:04 | 000,877,296 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 2560 bytes -> C:\ProgramData\CLDShowX.ini:Update.CL

< End of report >
 

 



BC AdBot (Login to Remove)

 


#2 MASTAVASE

MASTAVASE
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 12 June 2013 - 02:31 PM

Any advice on this?



#3 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:08:39 PM

Posted 13 June 2013 - 09:10 PM

Hello MASTAVASE and welcome to Bleeping Computer!

I am D-FRED-BROWN and I will be helping you. smile.png

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.


----------Step 1----------------
I know you've already run TDSSKiller, but I ask that you run it again:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
----------Step 2----------------
Please download Malwarebytes Anti-Rootkit from HERE
  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
----------Step 3----------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.


NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


----------Step 4----------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
----------Step 5----------------
In your next reply, please include the following:
  • TDSSKiller's logfile
  • MBAR mbar-log.txt and system-log.txt
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt
After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. smile.png

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

-------> Your topic will be closed if you haven't replied within 3 days! <--------
(If I don't respond within 24 hours, please send me a PM)



-DFB
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#4 MASTAVASE

MASTAVASE
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 14 June 2013 - 02:36 AM

Thanks for the reply, here are the logs:

 

07:56:55.0939 5812  TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
07:56:56.0039 5812  ============================================================
07:56:56.0039 5812  Current date / time: 2013/06/14 07:56:56.0039
07:56:56.0039 5812  SystemInfo:
07:56:56.0039 5812  
07:56:56.0039 5812  OS Version: 6.1.7601 ServicePack: 1.0
07:56:56.0039 5812  Product type: Workstation
07:56:56.0039 5812  ComputerName: NATHANSPC
07:56:56.0039 5812  UserName: MASTAVASE
07:56:56.0039 5812  Windows directory: C:\Windows
07:56:56.0039 5812  System windows directory: C:\Windows
07:56:56.0039 5812  Running under WOW64
07:56:56.0039 5812  Processor architecture: Intel x64
07:56:56.0039 5812  Number of processors: 4
07:56:56.0039 5812  Page size: 0x1000
07:56:56.0039 5812  Boot type: Normal boot
07:56:56.0039 5812  ============================================================
07:56:56.0989 5812  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:56:56.0999 5812  ============================================================
07:56:56.0999 5812  \Device\Harddisk0\DR0:
07:56:56.0999 5812  MBR partitions:
07:56:56.0999 5812  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
07:56:56.0999 5812  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
07:56:56.0999 5812  ============================================================
07:56:57.0019 5812  C: <-> \Device\Harddisk0\DR0\Partition2
07:56:57.0019 5812  ============================================================
07:56:57.0019 5812  Initialize success
07:56:57.0019 5812  ============================================================
07:56:58.0439 4856  ============================================================
07:56:58.0439 4856  Scan started
07:56:58.0439 4856  Mode: Manual;
07:56:58.0439 4856  ============================================================
07:56:59.0009 4856  ================ Scan system memory ========================
07:56:59.0009 4856  System memory - ok
07:56:59.0009 4856  ================ Scan services =============================
07:56:59.0089 4856  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
07:56:59.0089 4856  1394ohci - ok
07:56:59.0119 4856  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
07:56:59.0119 4856  ACPI - ok
07:56:59.0129 4856  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
07:56:59.0129 4856  AcpiPmi - ok
07:56:59.0179 4856  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
07:56:59.0179 4856  AdobeARMservice - ok
07:56:59.0219 4856  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
07:56:59.0219 4856  AdobeFlashPlayerUpdateSvc - ok
07:56:59.0239 4856  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
07:56:59.0239 4856  adp94xx - ok
07:56:59.0249 4856  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
07:56:59.0249 4856  adpahci - ok
07:56:59.0269 4856  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
07:56:59.0269 4856  adpu320 - ok
07:56:59.0289 4856  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
07:56:59.0289 4856  AeLookupSvc - ok
07:56:59.0309 4856  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
07:56:59.0309 4856  AFD - ok
07:56:59.0329 4856  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
07:56:59.0329 4856  agp440 - ok
07:56:59.0349 4856  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
07:56:59.0349 4856  ALG - ok
07:56:59.0359 4856  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
07:56:59.0359 4856  aliide - ok
07:56:59.0369 4856  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
07:56:59.0369 4856  amdide - ok
07:56:59.0389 4856  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
07:56:59.0389 4856  AmdK8 - ok
07:56:59.0399 4856  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
07:56:59.0399 4856  AmdPPM - ok
07:56:59.0419 4856  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
07:56:59.0419 4856  amdsata - ok
07:56:59.0429 4856  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
07:56:59.0429 4856  amdsbs - ok
07:56:59.0449 4856  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
07:56:59.0449 4856  amdxata - ok
07:56:59.0469 4856  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
07:56:59.0469 4856  AppID - ok
07:56:59.0479 4856  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
07:56:59.0479 4856  AppIDSvc - ok
07:56:59.0499 4856  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
07:56:59.0509 4856  Appinfo - ok
07:56:59.0539 4856  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:56:59.0539 4856  Apple Mobile Device - ok
07:56:59.0559 4856  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
07:56:59.0559 4856  arc - ok
07:56:59.0569 4856  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
07:56:59.0569 4856  arcsas - ok
07:56:59.0599 4856  [ 4DFF4312661F54EE87DC9A13CAEE60E0 ] asahci64        C:\Windows\system32\DRIVERS\asahci64.sys
07:56:59.0599 4856  asahci64 - ok
07:56:59.0609 4856  [ 6FE3237C1177E66437E7AD0E8AC1A6E5 ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
07:56:59.0619 4856  asmthub3 - ok
07:56:59.0629 4856  [ C4043E39A2ABBC56581CA25DF161E9F7 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
07:56:59.0629 4856  asmtxhci - ok
07:56:59.0699 4856  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
07:56:59.0699 4856  aspnet_state - ok
07:56:59.0709 4856  [ 0C3F9E39C0B10D351026D580D9FF6F86 ] AsrRamDisk      C:\Windows\system32\DRIVERS\AsrRamDisk.sys
07:56:59.0719 4856  AsrRamDisk - ok
07:56:59.0749 4856  [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
07:56:59.0749 4856  aswFsBlk - ok
07:56:59.0779 4856  [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
07:56:59.0779 4856  aswMonFlt - ok
07:56:59.0789 4856  [ 64E2BAB4096C13D2342BC4661C967E07 ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
07:56:59.0789 4856  aswRdr - ok
07:56:59.0829 4856  [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
07:56:59.0829 4856  aswRvrt - ok
07:56:59.0859 4856  [ 10ED1CAB84AA65983C41A11F60294C9B ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
07:56:59.0859 4856  aswSnx - ok
07:56:59.0879 4856  [ 00E5253353717D3CA12A0F5A6F9991EC ] aswSP           C:\Windows\system32\drivers\aswSP.sys
07:56:59.0879 4856  aswSP - ok
07:56:59.0879 4856  [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
07:56:59.0879 4856  aswTdi - ok
07:56:59.0889 4856  [ 6359B99C955DB9F40B653159A0EED261 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
07:56:59.0889 4856  aswVmm - ok
07:56:59.0899 4856  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
07:56:59.0899 4856  AsyncMac - ok
07:56:59.0909 4856  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
07:56:59.0909 4856  atapi - ok
07:56:59.0929 4856  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:56:59.0929 4856  AudioEndpointBuilder - ok
07:56:59.0939 4856  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
07:56:59.0939 4856  AudioSrv - ok
07:56:59.0999 4856  [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
07:56:59.0999 4856  avast! Antivirus - ok
07:57:00.0009 4856  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
07:57:00.0009 4856  AxInstSV - ok
07:57:00.0029 4856  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
07:57:00.0029 4856  b06bdrv - ok
07:57:00.0059 4856  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
07:57:00.0059 4856  b57nd60a - ok
07:57:00.0069 4856  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
07:57:00.0069 4856  BDESVC - ok
07:57:00.0079 4856  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
07:57:00.0079 4856  Beep - ok
07:57:00.0099 4856  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
07:57:00.0109 4856  BFE - ok
07:57:00.0129 4856  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
07:57:00.0139 4856  BITS - ok
07:57:00.0149 4856  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
07:57:00.0149 4856  blbdrive - ok
07:57:00.0189 4856  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
07:57:00.0189 4856  Bonjour Service - ok
07:57:00.0199 4856  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
07:57:00.0199 4856  bowser - ok
07:57:00.0229 4856  BRDriver64 - ok
07:57:00.0249 4856  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
07:57:00.0249 4856  BrFiltLo - ok
07:57:00.0259 4856  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
07:57:00.0259 4856  BrFiltUp - ok
07:57:00.0289 4856  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
07:57:00.0299 4856  BridgeMP - ok
07:57:00.0309 4856  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
07:57:00.0309 4856  Browser - ok
07:57:00.0319 4856  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
07:57:00.0319 4856  Brserid - ok
07:57:00.0329 4856  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
07:57:00.0339 4856  BrSerWdm - ok
07:57:00.0349 4856  [ D9A3918D76AE893D885F556DA9F58977 ] BRSptSvc        C:\programdata\bitraider\BRSptSvc.exe
07:57:00.0359 4856  BRSptSvc - ok
07:57:00.0369 4856  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
07:57:00.0369 4856  BrUsbMdm - ok
07:57:00.0379 4856  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
07:57:00.0379 4856  BrUsbSer - ok
07:57:00.0389 4856  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
07:57:00.0389 4856  BTHMODEM - ok
07:57:00.0399 4856  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
07:57:00.0409 4856  bthserv - ok
07:57:00.0419 4856  catchme - ok
07:57:00.0419 4856  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
07:57:00.0419 4856  cdfs - ok
07:57:00.0439 4856  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
07:57:00.0439 4856  cdrom - ok
07:57:00.0449 4856  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
07:57:00.0449 4856  CertPropSvc - ok
07:57:00.0479 4856  [ 33B82CF69E41B38A2EC0C3CABDE80D6E ] cFosSpeed       C:\Windows\system32\DRIVERS\cfosspeed6.sys
07:57:00.0499 4856  cFosSpeed - ok
07:57:00.0529 4856  [ A469854CD303A39162931FA770EA45A2 ] cFosSpeedS      C:\Program Files\ASRock\XFast LAN\spd.exe
07:57:00.0529 4856  cFosSpeedS - ok
07:57:00.0539 4856  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
07:57:00.0539 4856  circlass - ok
07:57:00.0549 4856  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
07:57:00.0559 4856  CLFS - ok
07:57:00.0609 4856  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:57:00.0609 4856  clr_optimization_v2.0.50727_32 - ok
07:57:00.0629 4856  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:57:00.0629 4856  clr_optimization_v2.0.50727_64 - ok
07:57:00.0689 4856  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:57:00.0689 4856  clr_optimization_v4.0.30319_32 - ok
07:57:00.0689 4856  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:57:00.0689 4856  clr_optimization_v4.0.30319_64 - ok
07:57:00.0709 4856  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
07:57:00.0709 4856  CmBatt - ok
07:57:00.0719 4856  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
07:57:00.0719 4856  cmdide - ok
07:57:00.0739 4856  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
07:57:00.0739 4856  CNG - ok
07:57:00.0759 4856  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
07:57:00.0759 4856  Compbatt - ok
07:57:00.0769 4856  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
07:57:00.0769 4856  CompositeBus - ok
07:57:00.0769 4856  COMSysApp - ok
07:57:00.0819 4856  [ 815F3180B5117E42E422188E9CCC89C6 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
07:57:00.0829 4856  cphs - ok
07:57:00.0839 4856  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
07:57:00.0839 4856  crcdisk - ok
07:57:00.0859 4856  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
07:57:00.0869 4856  CryptSvc - ok
07:57:00.0889 4856  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
07:57:00.0889 4856  DcomLaunch - ok
07:57:00.0909 4856  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
07:57:00.0909 4856  defragsvc - ok
07:57:00.0919 4856  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
07:57:00.0919 4856  DfsC - ok
07:57:00.0929 4856  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
07:57:00.0939 4856  Dhcp - ok
07:57:00.0939 4856  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
07:57:00.0939 4856  discache - ok
07:57:00.0959 4856  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
07:57:00.0959 4856  Disk - ok
07:57:00.0979 4856  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
07:57:00.0979 4856  Dnscache - ok
07:57:00.0989 4856  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
07:57:00.0989 4856  dot3svc - ok
07:57:00.0999 4856  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
07:57:00.0999 4856  DPS - ok
07:57:01.0029 4856  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
07:57:01.0029 4856  drmkaud - ok
07:57:01.0059 4856  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
07:57:01.0059 4856  DXGKrnl - ok
07:57:01.0079 4856  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
07:57:01.0079 4856  EapHost - ok
07:57:01.0129 4856  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
07:57:01.0149 4856  ebdrv - ok
07:57:01.0169 4856  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
07:57:01.0169 4856  EFS - ok
07:57:01.0219 4856  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
07:57:01.0219 4856  ehRecvr - ok
07:57:01.0239 4856  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
07:57:01.0239 4856  ehSched - ok
07:57:01.0259 4856  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
07:57:01.0259 4856  elxstor - ok
07:57:01.0269 4856  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
07:57:01.0279 4856  ErrDev - ok
07:57:01.0289 4856  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
07:57:01.0299 4856  EventSystem - ok
07:57:01.0299 4856  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
07:57:01.0309 4856  exfat - ok
07:57:01.0319 4856  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
07:57:01.0319 4856  fastfat - ok
07:57:01.0329 4856  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
07:57:01.0339 4856  Fax - ok
07:57:01.0349 4856  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
07:57:01.0349 4856  fdc - ok
07:57:01.0359 4856  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
07:57:01.0359 4856  fdPHost - ok
07:57:01.0369 4856  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
07:57:01.0379 4856  FDResPub - ok
07:57:01.0389 4856  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
07:57:01.0389 4856  FileInfo - ok
07:57:01.0389 4856  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
07:57:01.0389 4856  Filetrace - ok
07:57:01.0409 4856  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
07:57:01.0409 4856  flpydisk - ok
07:57:01.0419 4856  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
07:57:01.0429 4856  FltMgr - ok
07:57:01.0449 4856  [ 508401A63E6B1CBF0B9C9A011498731F ] FNETTBOH_305    C:\Windows\system32\drivers\FNETTBOH_305.SYS
07:57:01.0449 4856  FNETTBOH_305 - ok
07:57:01.0479 4856  [ E341178C116DAC6A3A764587E68DFA7B ] FNETURPX        C:\Windows\system32\drivers\FNETURPX.SYS
07:57:01.0479 4856  FNETURPX - ok
07:57:01.0519 4856  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
07:57:01.0529 4856  FontCache - ok
07:57:01.0549 4856  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:57:01.0549 4856  FontCache3.0.0.0 - ok
07:57:01.0569 4856  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
07:57:01.0569 4856  FsDepends - ok
07:57:01.0589 4856  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
07:57:01.0589 4856  Fs_Rec - ok
07:57:01.0609 4856  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
07:57:01.0609 4856  fvevol - ok
07:57:01.0629 4856  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
07:57:01.0629 4856  gagp30kx - ok
07:57:01.0649 4856  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:57:01.0659 4856  GEARAspiWDM - ok
07:57:01.0669 4856  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
07:57:01.0679 4856  gpsvc - ok
07:57:01.0739 4856  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:57:01.0739 4856  gupdate - ok
07:57:01.0759 4856  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:57:01.0759 4856  gupdatem - ok
07:57:01.0769 4856  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
07:57:01.0769 4856  hcw85cir - ok
07:57:01.0809 4856  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:57:01.0809 4856  HdAudAddService - ok
07:57:01.0819 4856  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
07:57:01.0819 4856  HDAudBus - ok
07:57:01.0839 4856  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
07:57:01.0839 4856  HidBatt - ok
07:57:01.0849 4856  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
07:57:01.0849 4856  HidBth - ok
07:57:01.0869 4856  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
07:57:01.0869 4856  HidIr - ok
07:57:01.0879 4856  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
07:57:01.0879 4856  hidserv - ok
07:57:01.0909 4856  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
07:57:01.0909 4856  HidUsb - ok
07:57:01.0929 4856  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
07:57:01.0929 4856  hkmsvc - ok
07:57:01.0939 4856  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:57:01.0949 4856  HomeGroupListener - ok
07:57:01.0969 4856  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:57:01.0969 4856  HomeGroupProvider - ok
07:57:01.0979 4856  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
07:57:01.0979 4856  HpSAMD - ok
07:57:01.0999 4856  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
07:57:01.0999 4856  HTTP - ok
07:57:02.0009 4856  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
07:57:02.0009 4856  hwpolicy - ok
07:57:02.0019 4856  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
07:57:02.0019 4856  i8042prt - ok
07:57:02.0059 4856  [ AE0C5DF7E7DA3E7AC29B64CFA8C4F044 ] iaStorA         C:\Windows\system32\DRIVERS\iaStorA.sys
07:57:02.0059 4856  iaStorA - ok
07:57:02.0089 4856  [ 777788D9B63CCEEEF2DB353BA4EDD454 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
07:57:02.0099 4856  IAStorDataMgrSvc - ok
07:57:02.0099 4856  [ 711241EA1BA9DB44F34D03D2AD00ED08 ] iaStorF         C:\Windows\system32\DRIVERS\iaStorF.sys
07:57:02.0099 4856  iaStorF - ok
07:57:02.0119 4856  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
07:57:02.0119 4856  iaStorV - ok
07:57:02.0159 4856  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:57:02.0169 4856  idsvc - ok
07:57:02.0239 4856  [ 348214F96642FD4FEF630DE021BA3540 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
07:57:02.0269 4856  igfx - ok
07:57:02.0289 4856  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
07:57:02.0289 4856  iirsp - ok
07:57:02.0309 4856  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
07:57:02.0319 4856  IKEEXT - ok
07:57:02.0329 4856  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
07:57:02.0329 4856  intelide - ok
07:57:02.0349 4856  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
07:57:02.0349 4856  intelppm - ok
07:57:02.0369 4856  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
07:57:02.0369 4856  IPBusEnum - ok
07:57:02.0379 4856  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:57:02.0389 4856  IpFilterDriver - ok
07:57:02.0419 4856  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
07:57:02.0429 4856  iphlpsvc - ok
07:57:02.0439 4856  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
07:57:02.0449 4856  IPMIDRV - ok
07:57:02.0449 4856  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
07:57:02.0449 4856  IPNAT - ok
07:57:02.0489 4856  [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
07:57:02.0489 4856  iPod Service - ok
07:57:02.0509 4856  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
07:57:02.0509 4856  IRENUM - ok
07:57:02.0519 4856  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
07:57:02.0519 4856  isapnp - ok
07:57:02.0529 4856  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
07:57:02.0529 4856  iScsiPrt - ok
07:57:02.0549 4856  [ 846354992EBB373F452EB9182D501B08 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
07:57:02.0549 4856  iusb3hcs - ok
07:57:02.0569 4856  [ 1D88A23853387D34D52CC8F9DDBFC56C ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
07:57:02.0579 4856  iusb3hub - ok
07:57:02.0599 4856  [ FC5EFD7C797DF19DFB999F0605A7924E ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
07:57:02.0609 4856  iusb3xhc - ok
07:57:02.0639 4856  [ 455B75C19BF3F1F2EE3AC10E1169826C ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
07:57:02.0639 4856  k57nd60a - ok
07:57:02.0649 4856  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
07:57:02.0649 4856  kbdclass - ok
07:57:02.0659 4856  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
07:57:02.0659 4856  kbdhid - ok
07:57:02.0669 4856  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
07:57:02.0679 4856  KeyIso - ok
07:57:02.0689 4856  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
07:57:02.0689 4856  KSecDD - ok
07:57:02.0709 4856  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
07:57:02.0709 4856  KSecPkg - ok
07:57:02.0719 4856  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
07:57:02.0729 4856  ksthunk - ok
07:57:02.0749 4856  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
07:57:02.0759 4856  KtmRm - ok
07:57:02.0779 4856  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
07:57:02.0779 4856  LanmanServer - ok
07:57:02.0799 4856  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:57:02.0809 4856  LanmanWorkstation - ok
07:57:02.0819 4856  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
07:57:02.0819 4856  lltdio - ok
07:57:02.0829 4856  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
07:57:02.0839 4856  lltdsvc - ok
07:57:02.0849 4856  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
07:57:02.0849 4856  lmhosts - ok
07:57:02.0879 4856  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
07:57:02.0879 4856  LSI_FC - ok
07:57:02.0879 4856  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
07:57:02.0889 4856  LSI_SAS - ok
07:57:02.0899 4856  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
07:57:02.0899 4856  LSI_SAS2 - ok
07:57:02.0909 4856  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
07:57:02.0909 4856  LSI_SCSI - ok
07:57:02.0929 4856  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
07:57:02.0929 4856  luafv - ok
07:57:02.0949 4856  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
07:57:02.0949 4856  Mcx2Svc - ok
07:57:02.0969 4856  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
07:57:02.0969 4856  megasas - ok
07:57:02.0979 4856  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
07:57:02.0979 4856  MegaSR - ok
07:57:02.0999 4856  [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
07:57:02.0999 4856  MEIx64 - ok
07:57:03.0049 4856  Microsoft SharePoint Workspace Audit Service - ok
07:57:03.0049 4856  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
07:57:03.0059 4856  MMCSS - ok
07:57:03.0069 4856  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
07:57:03.0069 4856  Modem - ok
07:57:03.0089 4856  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
07:57:03.0099 4856  monitor - ok
07:57:03.0109 4856  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
07:57:03.0119 4856  mouclass - ok
07:57:03.0129 4856  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
07:57:03.0129 4856  mouhid - ok
07:57:03.0139 4856  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
07:57:03.0139 4856  mountmgr - ok
07:57:03.0159 4856  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
07:57:03.0169 4856  MozillaMaintenance - ok
07:57:03.0199 4856  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
07:57:03.0209 4856  MpFilter - ok
07:57:03.0219 4856  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
07:57:03.0219 4856  mpio - ok
07:57:03.0239 4856  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
07:57:03.0239 4856  mpsdrv - ok
07:57:03.0259 4856  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
07:57:03.0269 4856  MpsSvc - ok
07:57:03.0279 4856  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
07:57:03.0279 4856  MRxDAV - ok
07:57:03.0319 4856  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
07:57:03.0319 4856  mrxsmb - ok
07:57:03.0339 4856  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:57:03.0339 4856  mrxsmb10 - ok
07:57:03.0349 4856  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:57:03.0349 4856  mrxsmb20 - ok
07:57:03.0349 4856  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
07:57:03.0349 4856  msahci - ok
07:57:03.0349 4856  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
07:57:03.0349 4856  msdsm - ok
07:57:03.0369 4856  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
07:57:03.0369 4856  MSDTC - ok
07:57:03.0379 4856  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
07:57:03.0379 4856  Msfs - ok
07:57:03.0389 4856  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
07:57:03.0389 4856  mshidkmdf - ok
07:57:03.0399 4856  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
07:57:03.0399 4856  msisadrv - ok
07:57:03.0409 4856  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
07:57:03.0409 4856  MSiSCSI - ok
07:57:03.0419 4856  msiserver - ok
07:57:03.0429 4856  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
07:57:03.0429 4856  MSKSSRV - ok
07:57:03.0479 4856  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
07:57:03.0479 4856  MsMpSvc - ok
07:57:03.0499 4856  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
07:57:03.0499 4856  MSPCLOCK - ok
07:57:03.0509 4856  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
07:57:03.0509 4856  MSPQM - ok
07:57:03.0519 4856  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
07:57:03.0529 4856  MsRPC - ok
07:57:03.0539 4856  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
07:57:03.0539 4856  mssmbios - ok
07:57:03.0559 4856  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
07:57:03.0559 4856  MSTEE - ok
07:57:03.0559 4856  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
07:57:03.0569 4856  MTConfig - ok
07:57:03.0579 4856  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
07:57:03.0579 4856  Mup - ok
07:57:03.0599 4856  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
07:57:03.0609 4856  napagent - ok
07:57:03.0619 4856  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
07:57:03.0629 4856  NativeWifiP - ok
07:57:03.0659 4856  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
07:57:03.0659 4856  NDIS - ok
07:57:03.0669 4856  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
07:57:03.0679 4856  NdisCap - ok
07:57:03.0689 4856  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
07:57:03.0689 4856  NdisTapi - ok
07:57:03.0699 4856  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
07:57:03.0699 4856  Ndisuio - ok
07:57:03.0719 4856  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
07:57:03.0719 4856  NdisWan - ok
07:57:03.0719 4856  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
07:57:03.0719 4856  NDProxy - ok
07:57:03.0729 4856  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
07:57:03.0729 4856  NetBIOS - ok
07:57:03.0749 4856  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
07:57:03.0749 4856  NetBT - ok
07:57:03.0759 4856  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
07:57:03.0759 4856  Netlogon - ok
07:57:03.0779 4856  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
07:57:03.0789 4856  Netman - ok
07:57:03.0819 4856  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:57:03.0819 4856  NetMsmqActivator - ok
07:57:03.0829 4856  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:57:03.0829 4856  NetPipeActivator - ok
07:57:03.0849 4856  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
07:57:03.0849 4856  netprofm - ok
07:57:03.0859 4856  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:57:03.0859 4856  NetTcpActivator - ok
07:57:03.0859 4856  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:57:03.0869 4856  NetTcpPortSharing - ok
07:57:03.0879 4856  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
07:57:03.0879 4856  nfrd960 - ok
07:57:03.0899 4856  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
07:57:03.0899 4856  NisDrv - ok
07:57:03.0919 4856  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
07:57:03.0919 4856  NisSrv - ok
07:57:03.0939 4856  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
07:57:03.0939 4856  NlaSvc - ok
07:57:03.0949 4856  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
07:57:03.0949 4856  Npfs - ok
07:57:03.0959 4856  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
07:57:03.0959 4856  nsi - ok
07:57:03.0969 4856  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
07:57:03.0969 4856  nsiproxy - ok
07:57:03.0999 4856  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
07:57:03.0999 4856  Ntfs - ok
07:57:04.0009 4856  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
07:57:04.0009 4856  Null - ok
07:57:04.0029 4856  [ B4F53BCA4C688FF47F04FA90098F896E ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
07:57:04.0029 4856  NVHDA - ok
07:57:04.0169 4856  [ 4EE399576F76D38C04745DB739BBC8C7 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
07:57:04.0209 4856  nvlddmkm - ok
07:57:04.0229 4856  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
07:57:04.0229 4856  nvraid - ok
07:57:04.0249 4856  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
07:57:04.0259 4856  nvstor - ok
07:57:04.0299 4856  [ 7335C3D78A7746D76D37F6722CC4A466 ] nvsvc           C:\Windows\system32\nvvsvc.exe
07:57:04.0309 4856  nvsvc - ok
07:57:04.0339 4856  [ B7C53DA1C73FF39F4A6248643EFD979A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
07:57:04.0349 4856  nvUpdatusService - ok
07:57:04.0369 4856  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
07:57:04.0369 4856  ohci1394 - ok
07:57:04.0389 4856  [ 4965B005492CBA7719E82B71E3245495 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:57:04.0389 4856  ose64 - ok
07:57:04.0479 4856  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
07:57:04.0499 4856  osppsvc - ok
07:57:04.0519 4856  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
07:57:04.0519 4856  p2pimsvc - ok
07:57:04.0539 4856  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
07:57:04.0539 4856  p2psvc - ok
07:57:04.0539 4856  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
07:57:04.0539 4856  Parport - ok
07:57:04.0559 4856  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
07:57:04.0559 4856  partmgr - ok
07:57:04.0569 4856  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
07:57:04.0569 4856  PcaSvc - ok
07:57:04.0589 4856  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
07:57:04.0589 4856  pci - ok
07:57:04.0609 4856  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
07:57:04.0609 4856  pciide - ok
07:57:04.0609 4856  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
07:57:04.0609 4856  pcmcia - ok
07:57:04.0629 4856  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
07:57:04.0629 4856  pcw - ok
07:57:04.0639 4856  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
07:57:04.0639 4856  PEAUTH - ok
07:57:04.0680 4856  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
07:57:04.0680 4856  PerfHost - ok
07:57:04.0700 4856  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
07:57:04.0710 4856  pla - ok
07:57:04.0740 4856  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
07:57:04.0750 4856  PlugPlay - ok
07:57:04.0750 4856  PnkBstrA - ok
07:57:04.0760 4856  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
07:57:04.0760 4856  PNRPAutoReg - ok
07:57:04.0760 4856  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
07:57:04.0760 4856  PNRPsvc - ok
07:57:04.0790 4856  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
07:57:04.0790 4856  PolicyAgent - ok
07:57:04.0810 4856  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
07:57:04.0810 4856  Power - ok
07:57:04.0830 4856  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
07:57:04.0830 4856  PptpMiniport - ok
07:57:04.0840 4856  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
07:57:04.0840 4856  Processor - ok
07:57:04.0850 4856  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
07:57:04.0860 4856  ProfSvc - ok
07:57:04.0860 4856  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
07:57:04.0870 4856  ProtectedStorage - ok
07:57:04.0890 4856  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
07:57:04.0890 4856  Psched - ok
07:57:04.0920 4856  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
07:57:04.0930 4856  ql2300 - ok
07:57:04.0940 4856  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
07:57:04.0940 4856  ql40xx - ok
07:57:04.0960 4856  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
07:57:04.0960 4856  QWAVE - ok
07:57:04.0960 4856  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
07:57:04.0960 4856  QWAVEdrv - ok
07:57:04.0980 4856  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
07:57:04.0980 4856  RasAcd - ok
07:57:04.0980 4856  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
07:57:04.0980 4856  RasAgileVpn - ok
07:57:05.0000 4856  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
07:57:05.0000 4856  RasAuto - ok
07:57:05.0000 4856  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
07:57:05.0010 4856  Rasl2tp - ok
07:57:05.0030 4856  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
07:57:05.0030 4856  RasMan - ok
07:57:05.0040 4856  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
07:57:05.0040 4856  RasPppoe - ok
07:57:05.0050 4856  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
07:57:05.0050 4856  RasSstp - ok
07:57:05.0060 4856  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
07:57:05.0060 4856  rdbss - ok
07:57:05.0070 4856  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
07:57:05.0070 4856  rdpbus - ok
07:57:05.0080 4856  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
07:57:05.0080 4856  RDPCDD - ok
07:57:05.0090 4856  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
07:57:05.0090 4856  RDPENCDD - ok
07:57:05.0100 4856  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
07:57:05.0100 4856  RDPREFMP - ok
07:57:05.0150 4856  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
07:57:05.0150 4856  RdpVideoMiniport - ok
07:57:05.0170 4856  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
07:57:05.0170 4856  RDPWD - ok
07:57:05.0180 4856  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
07:57:05.0180 4856  rdyboost - ok
07:57:05.0220 4856  [ EA569D48B2E755AF6D96F03F3335D98A ] RealtekSE       C:\Program Files (x86)\Edimax\PCIe Wireless LAN\RtlService.exe
07:57:05.0220 4856  RealtekSE - ok
07:57:05.0240 4856  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
07:57:05.0250 4856  RemoteAccess - ok
07:57:05.0270 4856  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
07:57:05.0270 4856  RemoteRegistry - ok
07:57:05.0280 4856  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
07:57:05.0280 4856  RpcEptMapper - ok
07:57:05.0300 4856  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
07:57:05.0300 4856  RpcLocator - ok
07:57:05.0320 4856  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
07:57:05.0330 4856  RpcSs - ok
07:57:05.0340 4856  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
07:57:05.0340 4856  rspndr - ok
07:57:05.0380 4856  [ 6D17B48C2465E26808E5FB4FE7B77304 ] RTL8192Ce       C:\Windows\system32\DRIVERS\rtl8192Ce.sys
07:57:05.0380 4856  RTL8192Ce - ok
07:57:05.0410 4856  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
07:57:05.0410 4856  SamSs - ok
07:57:05.0420 4856  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
07:57:05.0420 4856  sbp2port - ok
07:57:05.0440 4856  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
07:57:05.0440 4856  SCardSvr - ok
07:57:05.0450 4856  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
07:57:05.0450 4856  scfilter - ok
07:57:05.0480 4856  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
07:57:05.0490 4856  Schedule - ok
07:57:05.0510 4856  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
07:57:05.0510 4856  SCPolicySvc - ok
07:57:05.0520 4856  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
07:57:05.0530 4856  SDRSVC - ok
07:57:05.0540 4856  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
07:57:05.0540 4856  secdrv - ok
07:57:05.0540 4856  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
07:57:05.0550 4856  seclogon - ok
07:57:05.0560 4856  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
07:57:05.0570 4856  SENS - ok
07:57:05.0570 4856  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
07:57:05.0580 4856  SensrSvc - ok
07:57:05.0610 4856  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
07:57:05.0610 4856  Serenum - ok
07:57:05.0620 4856  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
07:57:05.0620 4856  Serial - ok
07:57:05.0630 4856  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
07:57:05.0630 4856  sermouse - ok
07:57:05.0640 4856  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
07:57:05.0640 4856  SessionEnv - ok
07:57:05.0650 4856  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
07:57:05.0650 4856  sffdisk - ok
07:57:05.0660 4856  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
07:57:05.0660 4856  sffp_mmc - ok
07:57:05.0670 4856  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
07:57:05.0670 4856  sffp_sd - ok
07:57:05.0680 4856  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
07:57:05.0680 4856  sfloppy - ok
07:57:05.0700 4856  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
07:57:05.0700 4856  SharedAccess - ok
07:57:05.0710 4856  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:57:05.0720 4856  ShellHWDetection - ok
07:57:05.0740 4856  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
07:57:05.0740 4856  SiSRaid2 - ok
07:57:05.0750 4856  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
07:57:05.0750 4856  SiSRaid4 - ok
07:57:05.0780 4856  [ 3467821FD04A66C9786DF0C8C0219A73 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
07:57:05.0780 4856  SkypeUpdate - ok
07:57:05.0790 4856  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
07:57:05.0790 4856  Smb - ok
07:57:05.0810 4856  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
07:57:05.0810 4856  SNMPTRAP - ok
07:57:05.0870 4856  [ 3A4F2C0BB87A0895ABEBA341AA1E341B ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
07:57:05.0870 4856  Sony PC Companion - ok
07:57:05.0880 4856  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
07:57:05.0880 4856  spldr - ok
07:57:05.0900 4856  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
07:57:05.0910 4856  Spooler - ok
07:57:05.0950 4856  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
07:57:05.0960 4856  sppsvc - ok
07:57:05.0980 4856  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
07:57:05.0980 4856  sppuinotify - ok
07:57:06.0000 4856  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
07:57:06.0000 4856  srv - ok
07:57:06.0020 4856  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
07:57:06.0020 4856  srv2 - ok
07:57:06.0030 4856  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
07:57:06.0030 4856  srvnet - ok
07:57:06.0030 4856  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
07:57:06.0040 4856  SSDPSRV - ok
07:57:06.0040 4856  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
07:57:06.0050 4856  SstpSvc - ok
07:57:06.0060 4856  Steam Client Service - ok
07:57:06.0100 4856  [ 81F177C1954453AF407604160BD149CB ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
07:57:06.0100 4856  Stereo Service - ok
07:57:06.0110 4856  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
07:57:06.0110 4856  stexstor - ok
07:57:06.0140 4856  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
07:57:06.0150 4856  stisvc - ok
07:57:06.0160 4856  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
07:57:06.0160 4856  swenum - ok
07:57:06.0180 4856  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
07:57:06.0190 4856  swprv - ok
07:57:06.0220 4856  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
07:57:06.0230 4856  SysMain - ok
07:57:06.0240 4856  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:57:06.0240 4856  TabletInputService - ok
07:57:06.0250 4856  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
07:57:06.0250 4856  TapiSrv - ok
07:57:06.0260 4856  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
07:57:06.0270 4856  TBS - ok
07:57:06.0300 4856  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
07:57:06.0310 4856  Tcpip - ok
07:57:06.0340 4856  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
07:57:06.0350 4856  TCPIP6 - ok
07:57:06.0360 4856  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
07:57:06.0360 4856  tcpipreg - ok
07:57:06.0370 4856  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
07:57:06.0370 4856  TDPIPE - ok
07:57:06.0390 4856  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
07:57:06.0390 4856  TDTCP - ok
07:57:06.0400 4856  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
07:57:06.0400 4856  tdx - ok
07:57:06.0410 4856  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
07:57:06.0410 4856  TermDD - ok
07:57:06.0420 4856  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
07:57:06.0430 4856  TermService - ok
07:57:06.0430 4856  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
07:57:06.0440 4856  Themes - ok
07:57:06.0480 4856  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
07:57:06.0480 4856  THREADORDER - ok
07:57:06.0500 4856  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
07:57:06.0510 4856  TrkWks - ok
07:57:06.0540 4856  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:57:06.0540 4856  TrustedInstaller - ok
07:57:06.0550 4856  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
07:57:06.0550 4856  tssecsrv - ok
07:57:06.0580 4856  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
07:57:06.0580 4856  TsUsbFlt - ok
07:57:06.0590 4856  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
07:57:06.0590 4856  TsUsbGD - ok
07:57:06.0610 4856  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
07:57:06.0620 4856  tunnel - ok
07:57:06.0630 4856  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
07:57:06.0630 4856  uagp35 - ok
07:57:06.0640 4856  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
07:57:06.0640 4856  udfs - ok
07:57:06.0660 4856  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
07:57:06.0660 4856  UI0Detect - ok
07:57:06.0680 4856  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
07:57:06.0690 4856  uliagpkx - ok
07:57:06.0710 4856  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
07:57:06.0710 4856  umbus - ok
07:57:06.0720 4856  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
07:57:06.0720 4856  UmPass - ok
07:57:06.0730 4856  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
07:57:06.0740 4856  upnphost - ok
07:57:06.0760 4856  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
07:57:06.0770 4856  usbaudio - ok
07:57:06.0780 4856  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
07:57:06.0780 4856  usbccgp - ok
07:57:06.0780 4856  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
07:57:06.0790 4856  usbcir - ok
07:57:06.0800 4856  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
07:57:06.0800 4856  usbehci - ok
07:57:06.0820 4856  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
07:57:06.0820 4856  usbhub - ok
07:57:06.0830 4856  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
07:57:06.0830 4856  usbohci - ok
07:57:06.0840 4856  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
07:57:06.0840 4856  usbprint - ok
07:57:06.0860 4856  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:57:06.0860 4856  USBSTOR - ok
07:57:06.0870 4856  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
07:57:06.0880 4856  usbuhci - ok
07:57:06.0900 4856  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
07:57:06.0900 4856  UxSms - ok
07:57:06.0910 4856  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
07:57:06.0920 4856  VaultSvc - ok
07:57:06.0920 4856  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
07:57:06.0930 4856  vdrvroot - ok
07:57:06.0940 4856  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
07:57:06.0950 4856  vds - ok
07:57:06.0970 4856  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
07:57:06.0980 4856  vga - ok
07:57:06.0990 4856  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
07:57:06.0990 4856  VgaSave - ok
07:57:06.0990 4856  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
07:57:06.0990 4856  vhdmp - ok
07:57:07.0020 4856  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
07:57:07.0020 4856  viaide - ok
07:57:07.0020 4856  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
07:57:07.0030 4856  volmgr - ok
07:57:07.0040 4856  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
07:57:07.0040 4856  volmgrx - ok
07:57:07.0050 4856  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
07:57:07.0060 4856  volsnap - ok
07:57:07.0070 4856  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
07:57:07.0080 4856  vsmraid - ok
07:57:07.0100 4856  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
07:57:07.0120 4856  VSS - ok
07:57:07.0120 4856  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
07:57:07.0130 4856  vwifibus - ok
07:57:07.0130 4856  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
07:57:07.0130 4856  vwififlt - ok
07:57:07.0150 4856  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
07:57:07.0150 4856  vwifimp - ok
07:57:07.0170 4856  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
07:57:07.0180 4856  W32Time - ok
07:57:07.0200 4856  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
07:57:07.0200 4856  WacomPen - ok
07:57:07.0210 4856  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
07:57:07.0210 4856  WANARP - ok
07:57:07.0220 4856  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
07:57:07.0220 4856  Wanarpv6 - ok
07:57:07.0260 4856  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
07:57:07.0260 4856  WatAdminSvc - ok
07:57:07.0290 4856  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
07:57:07.0300 4856  wbengine - ok
07:57:07.0310 4856  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
07:57:07.0310 4856  WbioSrvc - ok
07:57:07.0320 4856  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
07:57:07.0330 4856  wcncsvc - ok
07:57:07.0340 4856  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:57:07.0340 4856  WcsPlugInService - ok
07:57:07.0350 4856  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
07:57:07.0350 4856  Wd - ok
07:57:07.0380 4856  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
07:57:07.0380 4856  Wdf01000 - ok
07:57:07.0390 4856  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
07:57:07.0390 4856  WdiServiceHost - ok
07:57:07.0400 4856  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
07:57:07.0400 4856  WdiSystemHost - ok
07:57:07.0400 4856  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
07:57:07.0410 4856  WebClient - ok
07:57:07.0420 4856  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
07:57:07.0420 4856  Wecsvc - ok
07:57:07.0430 4856  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
07:57:07.0430 4856  wercplsupport - ok
07:57:07.0440 4856  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
07:57:07.0440 4856  WerSvc - ok
07:57:07.0450 4856  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
07:57:07.0450 4856  WfpLwf - ok
07:57:07.0460 4856  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
07:57:07.0460 4856  WIMMount - ok
07:57:07.0470 4856  WinDefend - ok
07:57:07.0470 4856  WinHttpAutoProxySvc - ok
07:57:07.0510 4856  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
07:57:07.0510 4856  Winmgmt - ok
07:57:07.0550 4856  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
07:57:07.0570 4856  WinRM - ok
07:57:07.0600 4856  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
07:57:07.0600 4856  WinUsb - ok
07:57:07.0630 4856  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
07:57:07.0640 4856  Wlansvc - ok
07:57:07.0640 4856  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
07:57:07.0640 4856  WmiAcpi - ok
07:57:07.0650 4856  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
07:57:07.0650 4856  wmiApSrv - ok
07:57:07.0660 4856  WMPNetworkSvc - ok
07:57:07.0670 4856  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
07:57:07.0670 4856  WPCSvc - ok
07:57:07.0680 4856  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
07:57:07.0680 4856  WPDBusEnum - ok
07:57:07.0690 4856  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
07:57:07.0690 4856  ws2ifsl - ok
07:57:07.0700 4856  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
07:57:07.0700 4856  wscsvc - ok
07:57:07.0700 4856  WSearch - ok
07:57:07.0750 4856  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
07:57:07.0760 4856  wuauserv - ok
07:57:07.0780 4856  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
07:57:07.0780 4856  WudfPf - ok
07:57:07.0810 4856  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
07:57:07.0810 4856  WUDFRd - ok
07:57:07.0830 4856  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
07:57:07.0830 4856  wudfsvc - ok
07:57:07.0850 4856  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
07:57:07.0850 4856  WwanSvc - ok
07:57:07.0870 4856  ================ Scan global ===============================
07:57:07.0880 4856  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
07:57:07.0890 4856  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
07:57:07.0900 4856  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
07:57:07.0920 4856  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
07:57:07.0940 4856  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
07:57:07.0950 4856  [Global] - ok
07:57:07.0950 4856  ================ Scan MBR ==================================
07:57:07.0960 4856  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
07:57:08.0060 4856  \Device\Harddisk0\DR0 - ok
07:57:08.0060 4856  ================ Scan VBR ==================================
07:57:08.0060 4856  [ 23EA5AB21BDCE0B2942CCC95F0908C6C ] \Device\Harddisk0\DR0\Partition1
07:57:08.0060 4856  \Device\Harddisk0\DR0\Partition1 - ok
07:57:08.0070 4856  [ 19FEDA61F0FC2CE64094C40CACD937EB ] \Device\Harddisk0\DR0\Partition2
07:57:08.0070 4856  \Device\Harddisk0\DR0\Partition2 - ok
07:57:08.0070 4856  ============================================================
07:57:08.0070 4856  Scan finished
07:57:08.0070 4856  ============================================================
07:57:08.0070 5768  Detected object count: 0
07:57:08.0070 5768  Actual detected object count: 0
07:57:44.0473 2208  Deinitialize success
 

 

 

 

 

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.06.13.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
MASTAVASE :: NATHANSPC [administrator]

14/06/2013 08:00:15
mbar-log-2013-06-14 (08-00-15).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 258905
Time elapsed: 7 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

 

 

 

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.400000 GHz
Memory total: 8478789632, free: 5915193344

Downloaded database version: v2013.06.11.06
Downloaded database version: v2013.05.22.01
Initializing...
------------ Kernel report ------------
     06/11/2013 19:20:17
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\asahci64.sys
\SystemRoot\system32\DRIVERS\AsrRamDisk.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\iaStorA.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\nvstor.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\DRIVERS\iaStorF.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\FNETURPX.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\cfosspeed6.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\DRIVERS\asmtxhci.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\DRIVERS\asmthub3.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\psapi.dll
\Windows\System32\nsi.dll
\Windows\System32\msctf.dll
\Windows\System32\oleaut32.dll
\Windows\System32\normaliz.dll
\Windows\System32\usp10.dll
\Windows\System32\clbcatq.dll
\Windows\System32\imagehlp.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\gdi32.dll
\Windows\System32\imm32.dll
\Windows\System32\sechost.dll
\Windows\System32\wininet.dll
\Windows\System32\comdlg32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\advapi32.dll
\Windows\System32\iertutil.dll
\Windows\System32\lpk.dll
\Windows\System32\shell32.dll
\Windows\System32\urlmon.dll
\Windows\System32\setupapi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\ole32.dll
\Windows\System32\difxapi.dll
\Windows\System32\kernel32.dll
\Windows\System32\user32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\comctl32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\devobj.dll
\Windows\System32\crypt32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80097b5060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006c\
Lower Device Object: 0xfffffa800781d9c0
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80097b5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80097b5b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80097b5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80095fcc50, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa800781d9c0, DeviceName: \Device\0000006c\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E051A8B

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 1953314816

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.400000 GHz
Memory total: 8478789632, free: 6248615936

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.400000 GHz
Memory total: 8478789632, free: 6276005888

Downloaded database version: v2013.06.11.07
Downloaded database version: v2013.06.11.08
Downloaded database version: v2013.06.12.01
Downloaded database version: v2013.06.12.02
Downloaded database version: v2013.06.12.03
Downloaded database version: v2013.06.12.04
Downloaded database version: v2013.06.12.05
Downloaded database version: v2013.06.12.06
Downloaded database version: v2013.06.12.07
Downloaded database version: v2013.06.12.08
Downloaded database version: v2013.06.12.09
Downloaded database version: v2013.06.13.01
Downloaded database version: v2013.06.13.02
Downloaded database version: v2013.06.13.03
Downloaded database version: v2013.06.13.04
Downloaded database version: v2013.06.13.05
Downloaded database version: v2013.06.13.06
Downloaded database version: v2013.06.13.07
Downloaded database version: v2013.06.13.08
Downloaded database version: v2013.06.13.09
Initializing...
------------ Kernel report ------------
     06/14/2013 08:00:12
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\asahci64.sys
\SystemRoot\system32\DRIVERS\AsrRamDisk.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\iaStorA.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\nvstor.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\DRIVERS\iaStorF.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\FNETURPX.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\cfosspeed6.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\DRIVERS\asmtxhci.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\DRIVERS\asmthub3.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\imm32.dll
\Windows\System32\urlmon.dll
\Windows\System32\wininet.dll
\Windows\System32\msvcrt.dll
\Windows\System32\psapi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\msctf.dll
\Windows\System32\difxapi.dll
\Windows\System32\kernel32.dll
\Windows\System32\sechost.dll
\Windows\System32\normaliz.dll
\Windows\System32\comdlg32.dll
\Windows\System32\lpk.dll
\Windows\System32\gdi32.dll
\Windows\System32\user32.dll
\Windows\System32\usp10.dll
\Windows\System32\imagehlp.dll
\Windows\System32\advapi32.dll
\Windows\System32\iertutil.dll
\Windows\System32\ole32.dll
\Windows\System32\shell32.dll
\Windows\System32\nsi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\setupapi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\devobj.dll
\Windows\System32\KernelBase.dll
\Windows\System32\wintrust.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\comctl32.dll
\Windows\System32\crypt32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80097b5060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006c\
Lower Device Object: 0xfffffa80078c29c0
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80097b5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80097b5b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80097b5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007a00c50, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa80078c29c0, DeviceName: \Device\0000006c\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E051A8B

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 1953314816

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
 

 

 

 

 

 

 

 

 

ComboFix 13-06-13.01 - MASTAVASE 14/06/2013   8:16.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.8086.6245 [GMT 1:00]
Running from: c:\users\MASTAVASE\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\MASTAV~1\AppData\Local\Temp\_MEI2122\_ctypes.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI2122\_elementtree.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI2122\_hashlib.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI2122\_multiprocessing.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI2122\_socket.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI2122\_ssl.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI2122\pyexpat.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI2122\pysqlite2._sqlite.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI2122\python27.dll
c:\users\MASTAV~1\AppData\Local\Temp\_MEI2122\pythoncom27.dll
c:\users\MASTAV~1\AppData\Local\Temp\_MEI2122\PyWinTypes27.dll
c:\users\MASTAV~1\AppData\Local\Temp\_MEI2122\select.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI2122\unicodedata.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI2122\win32api.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI2122\win32com.shell.shell.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI2122\win32crypt.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI2122\win32event.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI2122\win32file.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI2122\win32inet.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI2122\win32pdh.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI2122\win32process.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI2122\win32profile.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI2122\win32security.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI2122\win32ts.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI2122\windows._cacheinvalidation.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI2122\wx._controls_.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI2122\wx._core_.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI2122\wx._gdi_.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI2122\wx._html2.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI2122\wx._misc_.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI2122\wx._windows_.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI2122\wx._wizard.pyd
c:\users\MASTAV~1\AppData\Local\Temp\_MEI2122\wxbase294u_net_vc90.dll
c:\users\MASTAV~1\AppData\Local\Temp\_MEI2122\wxbase294u_vc90.dll
c:\users\MASTAV~1\AppData\Local\Temp\_MEI2122\wxmsw294u_adv_vc90.dll
c:\users\MASTAV~1\AppData\Local\Temp\_MEI2122\wxmsw294u_core_vc90.dll
c:\users\MASTAV~1\AppData\Local\Temp\_MEI2122\wxmsw294u_html_vc90.dll
c:\users\MASTAV~1\AppData\Local\Temp\_MEI2122\wxmsw294u_webview_vc90.dll
c:\users\MASTAVASE\AppData\Local\Temp\_MEI2122\_ctypes.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI2122\_elementtree.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI2122\_hashlib.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI2122\_multiprocessing.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI2122\_socket.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI2122\_ssl.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI2122\pyexpat.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI2122\pysqlite2._sqlite.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI2122\python27.dll
c:\users\MASTAVASE\AppData\Local\Temp\_MEI2122\pythoncom27.dll
c:\users\MASTAVASE\AppData\Local\Temp\_MEI2122\PyWinTypes27.dll
c:\users\MASTAVASE\AppData\Local\Temp\_MEI2122\select.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI2122\unicodedata.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI2122\win32api.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI2122\win32com.shell.shell.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI2122\win32crypt.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI2122\win32event.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI2122\win32file.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI2122\win32inet.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI2122\win32pdh.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI2122\win32process.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI2122\win32profile.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI2122\win32security.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI2122\win32ts.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI2122\windows._cacheinvalidation.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI2122\wx._controls_.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI2122\wx._core_.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI2122\wx._gdi_.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI2122\wx._html2.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI2122\wx._misc_.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI2122\wx._windows_.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI2122\wx._wizard.pyd
c:\users\MASTAVASE\AppData\Local\Temp\_MEI2122\wxbase294u_net_vc90.dll
c:\users\MASTAVASE\AppData\Local\Temp\_MEI2122\wxbase294u_vc90.dll
c:\users\MASTAVASE\AppData\Local\Temp\_MEI2122\wxmsw294u_adv_vc90.dll
c:\users\MASTAVASE\AppData\Local\Temp\_MEI2122\wxmsw294u_core_vc90.dll
c:\users\MASTAVASE\AppData\Local\Temp\_MEI2122\wxmsw294u_html_vc90.dll
c:\users\MASTAVASE\AppData\Local\Temp\_MEI2122\wxmsw294u_webview_vc90.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-14 to 2013-06-14  )))))))))))))))))))))))))))))))
.
.
2013-06-14 07:20 . 2013-06-14 07:20    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2013-06-14 07:20 . 2013-06-14 07:20    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-06-14 07:12 . 2013-05-13 06:37    9460464    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{90551508-0002-4901-AC17-F1645C287296}\mpengine.dll
2013-06-14 05:40 . 2013-05-22 01:52    964552    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1DEEE352-272D-4194-BA81-C00D617D9395}\gapaengine.dll
2013-06-12 21:29 . 2013-05-08 06:39    1910632    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-06-11 18:55 . 2013-05-13 06:37    9460464    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-11 18:20 . 2013-06-14 07:08    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-10 08:13 . 2013-06-10 08:13    --------    d-----w-    c:\users\MASTAVASE\AppData\Local\TopArcadeHits
2013-06-09 03:20 . 2013-06-09 03:20    --------    d-----w-    c:\programdata\CCP
2013-06-09 02:38 . 2013-06-09 02:38    --------    d-----w-    c:\users\MASTAVASE\AppData\Local\CCP
2013-06-04 01:29 . 2013-06-04 01:29    --------    d-----w-    c:\program files\WinRAR
2013-05-21 00:22 . 2013-06-14 05:40    --------    d-s---w-    c:\users\MASTAVASE\Google Drive
2013-05-15 14:33 . 2013-05-15 14:55    --------    d-----w-    c:\users\MASTAVASE\AppData\Roaming\BitTorrent
2013-05-15 14:18 . 2013-05-15 14:18    --------    d-----w-    c:\users\MASTAVASE\AppData\Roaming\GeoVid
2013-05-15 14:18 . 2013-05-15 14:18    --------    d-----w-    c:\program files (x86)\Common Files\VHelper
2013-05-15 14:18 . 2013-05-15 14:18    --------    d-----w-    c:\programdata\GeoVid
2013-05-15 14:18 . 2013-05-15 14:18    --------    d-----w-    c:\program files (x86)\Common Files\GeoVid
2013-05-15 14:18 . 2007-06-28 17:55    77824    ----a-w-    c:\windows\SysWow64\xvid.ax
2013-05-15 14:18 . 2003-03-19 07:12    1047552    ----a-w-    c:\windows\SysWow64\mfc71u.dll
2013-05-15 14:18 . 2005-06-07 14:11    60416    ----a-w-    c:\windows\SysWow64\dsetup.dll
2013-05-15 14:18 . 2004-08-18 14:00    1712128    ----a-w-    c:\windows\SysWow64\gdiplus.dll
2013-05-15 14:18 . 2003-03-19 07:19    1060864    ----a-w-    c:\windows\SysWow64\mfc71.dll
2013-05-15 14:18 . 2003-03-19 05:05    89088    ----a-w-    c:\windows\SysWow64\atl71.dll
2013-05-15 14:18 . 2013-05-15 14:18    --------    d-----w-    c:\program files (x86)\GeoVid
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-14 07:00 . 2013-03-06 22:00    125097    ----a-w-    c:\users\MASTAVASE\Network_Meter_Data.js
2013-06-12 23:18 . 2013-02-01 16:12    75825640    ----a-w-    c:\windows\system32\MRT.exe
2013-06-12 19:03 . 2013-02-01 16:45    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 19:03 . 2013-02-01 16:45    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-22 01:52 . 2013-03-12 19:26    964552    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-09 08:59 . 2013-03-18 08:30    189936    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59 . 2013-03-18 08:30    65336    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-02-11 15:59    378432    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2013-02-11 15:59    72016    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2013-02-11 15:59    64288    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2013-02-11 15:59    1025808    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2013-02-11 15:59    33400    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2013-02-11 15:59    80816    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2013-02-11 15:58    41664    ----a-w-    c:\windows\avastSS.scr
2013-05-09 08:58 . 2013-02-11 15:59    287840    ----a-w-    c:\windows\system32\aswBoot.exe
2013-05-02 15:29 . 2010-11-21 03:27    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-18 18:30 . 2013-04-18 18:30    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-18 18:30 . 2013-02-03 18:28    866720    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-04-18 18:30 . 2013-02-03 18:28    788896    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-04-13 05:49 . 2013-05-15 14:16    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 14:16    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 14:16    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 14:16    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 14:16    474624    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 14:16    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-23 17:15    1656680    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-04-04 13:50 . 2013-02-11 15:57    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-03-19 06:04 . 2013-04-10 00:17    5550424    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 00:17    43520    ----a-w-    c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 00:17    3968856    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 00:17    3913560    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 00:17    6656    ----a-w-    c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 00:17    112640    ----a-w-    c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-04-16 19662744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"XFastUSB"="c:\program files (x86)\XFastUSB\XFastUsb.exe" [2013-02-01 5021448]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-11-30 56128]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R3 BRDriver64;BRDriver64;c:\programdata\bitraider\BRDriver64.sys;c:\programdata\bitraider\BRDriver64.sys [x]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\bitraider\BRSptSvc.exe;c:\programdata\bitraider\BRSptSvc.exe [x]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS;c:\windows\SYSNATIVE\drivers\FNETTBOH_305.SYS [x]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 AsrRamDisk;AsrRamDisk;c:\windows\system32\DRIVERS\AsrRamDisk.sys;c:\windows\SYSNATIVE\DRIVERS\AsrRamDisk.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS;c:\windows\SYSNATIVE\drivers\FNETURPX.SYS [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 RealtekSE;RealtekSE;c:\program files (x86)\Edimax\PCIe Wireless LAN\RtlService.exe;c:\program files (x86)\Edimax\PCIe Wireless LAN\RtlService.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-01 19:03]
.
2013-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-08 19:35]
.
2013-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-08 19:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58    133840    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 15:10    776144    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 15:10    776144    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 15:10    776144    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 15:10    776144    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XFast LAN"="c:\program files\ASRock\XFast LAN\cFosSpeed.exe" [2011-10-19 1441152]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 2345848]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\MASTAVASE\AppData\Roaming\Mozilla\Firefox\Profiles\pcgmafqi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.game-debate.com/
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1179438607-1188683190-1257082983-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f1,da,a3,4e,b7,33,b9,1e,ff,0e,bb,a7,f9,cc,06,fb,eb,c0,62,ae,19,32,71,
   57,55,a2,9d,cc,35,6c,7e,6c,47,cf,b9,7b,24,a4,f0,a1,db,d6,ba,96,ce,5f,16,f6,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Edimax\PCIe Wireless LAN\RtWlan.exe
c:\program files\AVAST Software\Avast\AvastEmUpdate.exe
.
**************************************************************************
.
Completion time: 2013-06-14  08:23:48 - machine was rebooted
ComboFix-quarantined-files.txt  2013-06-14 07:23
.
Pre-Run: 766,696,812,544 bytes free
Post-Run: 766,411,218,944 bytes free
.
- - End Of File - - 7DDF0060014F7A1734016C37C3FDBEB8
A36C5E4F47E84449FF07ED3517B43A31
 

 

 

 

 

 

 

 Results of screen317's Security Check version 0.99.64  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus                
Microsoft Security Essentials   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 21  
 Adobe Flash Player 11.7.700.224  
 Adobe Reader XI  
 Mozilla Firefox (21.0)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 

 

 

 

I'm still receiving the issue as shown. The link takes me to the Inskdata pop up.

 

Untitled-1.png



#5 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:08:39 PM

Posted 14 June 2013 - 09:59 AM

----------Step 1----------------
Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.
----------Step 2----------------
We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Run Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
----------Step 3 (note: this scan may take a little time)----------------
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt


----------Step 4----------------
Please post the AdwCleaner logfile, the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.

Let me know how things go.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#6 MASTAVASE

MASTAVASE
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 15 June 2013 - 08:50 AM

When doing the ESET scan, no threats were found. So I couldn't produce nor find the log.

 

 

 

 

 

# AdwCleaner v2.303 - Logfile created 06/15/2013 at 13:27:46
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : MASTAVASE - NATHANSPC
# Boot Mode : Normal
# Running from : C:\Users\MASTAVASE\Downloads\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\StartSearch
Key Found : HKLM\Software\PIP
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\MASTAVASE\AppData\Roaming\Mozilla\Firefox\Profiles\pcgmafqi.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [909 octets] - [15/06/2013 13:27:46]

########## EOF - C:\AdwCleaner[R1].txt - [968 octets] ##########
 

 

 

 

 

 

 

 

OTL logfile created on: 15/06/2013 13:29:55 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\MASTAVASE\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
7.90 Gb Total Physical Memory | 5.57 Gb Available Physical Memory | 70.58% Memory free
15.79 Gb Paging File | 13.32 Gb Available in Paging File | 84.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 715.04 Gb Free Space | 76.77% Space Free | Partition Type: NTFS
 
Computer Name: NATHANSPC | User Name: MASTAVASE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/06/15 13:29:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MASTAVASE\Desktop\OTL.exe
PRC - [2013/06/15 13:27:36 | 000,648,201 | ---- | M] () -- C:\Users\MASTAVASE\Downloads\AdwCleaner.exe
PRC - [2013/06/12 20:03:11 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
PRC - [2013/05/18 17:00:48 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 09:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/04/16 16:10:44 | 019,662,744 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/03/14 23:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/02/11 02:38:15 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/02/01 16:42:15 | 005,021,448 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files (x86)\XFastUSB\XFastUsb.exe
PRC - [2012/11/19 13:15:20 | 000,285,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2012/11/19 13:15:20 | 000,014,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/02/27 04:01:56 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011/10/12 12:05:54 | 001,957,888 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\Edimax\PCIe Wireless LAN\RtWLan.exe
PRC - [2010/04/16 17:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files (x86)\Edimax\PCIe Wireless LAN\RtlService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/06/15 13:27:36 | 000,648,201 | ---- | M] () -- C:\Users\MASTAVASE\Downloads\AdwCleaner.exe
MOD - [2013/06/15 13:26:28 | 000,128,512 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI37882\_elementtree.pyd
MOD - [2013/06/15 13:26:28 | 000,098,816 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI37882\win32api.pyd
MOD - [2013/06/15 13:26:28 | 000,044,032 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI37882\_socket.pyd
MOD - [2013/06/15 13:26:26 | 000,022,528 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI37882\win32ts.pyd
MOD - [2013/06/15 13:26:25 | 000,557,056 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI37882\pysqlite2._sqlite.pyd
MOD - [2013/06/15 13:26:22 | 000,320,512 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI37882\win32com.shell.shell.pyd
MOD - [2013/06/15 13:26:22 | 000,070,656 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI37882\wx._html2.pyd
MOD - [2013/06/15 13:26:22 | 000,026,624 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI37882\_multiprocessing.pyd
MOD - [2013/06/15 13:26:21 | 001,022,416 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI37882\windows._cacheinvalidation.pyd
MOD - [2013/06/15 13:26:21 | 000,805,888 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI37882\wx._gdi_.pyd
MOD - [2013/06/15 13:26:21 | 000,017,408 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI37882\win32profile.pyd
MOD - [2013/06/15 13:26:21 | 000,011,264 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI37882\win32crypt.pyd
MOD - [2013/06/15 13:26:20 | 001,175,040 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI37882\wx._core_.pyd
MOD - [2013/06/15 13:26:20 | 001,153,024 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI37882\_ssl.pyd
MOD - [2013/06/15 13:26:20 | 000,735,232 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI37882\wx._misc_.pyd
MOD - [2013/06/15 13:26:20 | 000,364,544 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI37882\pythoncom27.dll
MOD - [2013/06/15 13:26:20 | 000,110,080 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI37882\PyWinTypes27.dll
MOD - [2013/06/15 13:26:20 | 000,108,544 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI37882\win32security.pyd
MOD - [2013/06/15 13:26:20 | 000,087,040 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI37882\_ctypes.pyd
MOD - [2013/06/15 13:26:19 | 000,811,008 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI37882\wx._windows_.pyd
MOD - [2013/06/15 13:26:19 | 000,711,680 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI37882\_hashlib.pyd
MOD - [2013/06/15 13:26:19 | 000,035,840 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI37882\win32process.pyd
MOD - [2013/06/15 13:26:19 | 000,025,600 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI37882\win32pdh.pyd
MOD - [2013/06/15 13:26:18 | 000,122,368 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI37882\wx._wizard.pyd
MOD - [2013/06/15 13:26:16 | 000,119,808 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI37882\win32file.pyd
MOD - [2013/06/15 13:26:15 | 000,038,912 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI37882\win32inet.pyd
MOD - [2013/06/15 13:26:14 | 001,062,400 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI37882\wx._controls_.pyd
MOD - [2013/06/15 13:26:13 | 000,018,432 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI37882\win32event.pyd
MOD - [2013/06/15 13:26:12 | 000,686,080 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI37882\unicodedata.pyd
MOD - [2013/06/15 13:26:12 | 000,127,488 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI37882\pyexpat.pyd
MOD - [2013/06/15 13:26:12 | 000,010,240 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI37882\select.pyd
MOD - [2013/06/12 20:03:10 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2013/05/18 17:00:35 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/05/16 17:58:16 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\2531d89e2357431074bcdbefb09a1456\System.ServiceModel.Routing.ni.dll
MOD - [2013/05/16 17:58:15 | 001,140,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ce7e1377adf7d75da942633f2906caca\System.ServiceModel.Discovery.ni.dll
MOD - [2013/05/16 17:58:15 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\bae991ffae94e02a4e2db7045196eb9f\System.ServiceModel.Channels.ni.dll
MOD - [2013/05/16 17:58:10 | 001,085,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\41192c1843e211b71eac4f8c2e48b5f3\System.ServiceModel.Web.ni.dll
MOD - [2013/05/16 17:57:18 | 001,393,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\e553f65d36418a28a1dbaf3332e6cefd\System.ServiceModel.Activities.ni.dll
MOD - [2013/05/16 17:57:17 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\7e0e59f1f0acf0078a8ed9c04947bcc2\System.IdentityModel.ni.dll
MOD - [2013/05/16 17:57:16 | 018,080,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\051d4dcae1aa316265d69ea0d3796b9c\System.ServiceModel.ni.dll
MOD - [2013/05/16 17:57:00 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\8e3479ab33dd0bc6a074003a28d9f28a\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/05/16 17:56:59 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d701cc56a037e8673e4880ae819b23bf\System.Runtime.Serialization.ni.dll
MOD - [2013/05/16 02:20:06 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\b2c0f91d4817a23f3fd07cd05ebd8e89\System.Windows.Forms.ni.dll
MOD - [2013/05/16 02:20:05 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\d5eb9579d1850678612625ab995629ea\System.Core.ni.dll
MOD - [2013/05/16 02:20:02 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\11dfbb7df959cb6dd5b57816141de355\System.Configuration.ni.dll
MOD - [2013/02/14 01:28:30 | 001,226,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\3b1d7952215bc34df472d77057fb9a95\System.WorkflowServices.ni.dll
MOD - [2013/02/14 01:27:59 | 000,361,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\2d8a7dc45bb6e2fae260e84aca3324e6\IAStorUtil.ni.dll
MOD - [2013/02/11 16:40:39 | 000,027,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMgrSvcInt#\9ece74a249e7d0c033acf2bcdabf1ca6\IAStorDataMgrSvcInterfaces.ni.dll
MOD - [2013/02/11 16:40:37 | 000,026,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\dd9f242d63dc216e957dd2e6c5b239a9\IAStorCommon.ni.dll
MOD - [2013/02/11 16:40:30 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cbb7db665b3ba25a931258eb702527f5\System.Xaml.ni.dll
MOD - [2013/02/11 16:40:23 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\62d047ff6c2865139d95eb19545b1cc6\SMDiagnostics.ni.dll
MOD - [2013/02/11 03:06:09 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b83993cc955262507c8ead67567c8060\System.Drawing.ni.dll
MOD - [2013/02/11 03:04:53 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d884c684ee3f738a60e3c50dd5d88caa\System.Xml.ni.dll
MOD - [2013/02/11 03:04:45 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\df418085cedae9fa2efee87e20a419a4\System.ni.dll
MOD - [2013/02/11 03:04:42 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\60c214b6ad5691e368a16ec65d127c27\mscorlib.ni.dll
MOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/05/09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/10/19 17:19:30 | 000,395,136 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\ASRock\XFast LAN\spd.exe -- (cFosSpeedS)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/06/12 20:03:11 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/06 23:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/06/05 22:51:52 | 000,909,592 | ---- | M] (BitRaider, LLC) [On_Demand | Stopped] -- C:\ProgramData\BitRaider\BRSptSvc.exe -- (BRSptSvc)
SRV - [2013/05/18 17:00:48 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/15 06:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/03/14 23:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/02/28 19:09:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/11 02:38:15 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/02/04 17:39:18 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012/12/14 03:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/11/19 13:15:20 | 000,014,904 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/04/16 17:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\Edimax\PCIe Wireless LAN\RtlService.exe -- (RealtekSE)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/05/09 09:59:07 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/05/09 09:59:07 | 000,378,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/05/09 09:59:07 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/05/09 09:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/05/09 09:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/05/09 09:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/05/09 09:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/05/09 09:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/02/28 20:32:52 | 000,032,320 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV:64bit: - [2013/02/01 16:42:15 | 000,016,648 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/19 06:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/12/14 03:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/11/19 13:10:38 | 000,652,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/11/19 13:10:36 | 000,028,216 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/27 04:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/02/27 04:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/02/27 04:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/01/13 13:52:38 | 000,031,016 | ---- | M] (ASRock Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AsrRamDisk.sys -- (AsrRamDisk)
DRV:64bit: - [2011/10/06 08:58:42 | 001,163,880 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011/09/21 18:56:24 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)
DRV:64bit: - [2011/07/04 16:19:34 | 001,632,128 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed)
DRV:64bit: - [2011/05/09 21:42:14 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 17:00:14 | 000,390,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/03/04 17:00:14 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1179438607-1188683190-1257082983-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-1179438607-1188683190-1257082983-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB 57 41 84 59 67 CE 01  [binary data]
IE - HKU\S-1-5-21-1179438607-1188683190-1257082983-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1179438607-1188683190-1257082983-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1179438607-1188683190-1257082983-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1179438607-1188683190-1257082983-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "http://www.game-debate.com/"
FF - prefs.js..extensions.enabledAddons: %7B0113D088-8ED1-468C-B225-585A9C53B5E3%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/05/27 23:55:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/06/10 09:13:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MASTAVASE\AppData\Roaming\Mozilla\Extensions
[2013/06/10 09:13:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MASTAVASE\AppData\Roaming\Mozilla\Firefox\Profiles\pcgmafqi.default\extensions
[2013/06/10 09:13:09 | 000,000,000 | ---D | M] (TopArcadeHits) -- C:\Users\MASTAVASE\AppData\Roaming\Mozilla\Firefox\Profiles\pcgmafqi.default\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}
[2013/05/08 18:10:26 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\MASTAVASE\AppData\Roaming\Mozilla\Firefox\Profiles\pcgmafqi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/18 17:00:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/18 17:00:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013/06/14 08:21:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [XFastUSB] C:\Program Files (x86)\XFastUSB\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKU\S-1-5-21-1179438607-1188683190-1257082983-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1179438607-1188683190-1257082983-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1179438607-1188683190-1257082983-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1179438607-1188683190-1257082983-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1179438607-1188683190-1257082983-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1179438607-1188683190-1257082983-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1179438607-1188683190-1257082983-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9B4B068-0E1B-4052-AD58-FFFEBB7B9CF4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA4A00D4-828D-4C9F-B896-D74B11E8AFF5}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/14 15:45:01 | 000,000,000 | ---D | C] -- C:\Users\MASTAVASE\AppData\Local\Warframe
[2013/06/14 08:23:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/06/14 08:21:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/06/14 08:13:23 | 005,080,197 | R--- | C] (Swearware) -- C:\Users\MASTAVASE\Desktop\ComboFix.exe
[2013/06/13 00:19:18 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/06/13 00:19:18 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/06/13 00:19:17 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/13 00:19:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/06/13 00:19:17 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/06/13 00:19:16 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/06/13 00:19:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/06/13 00:19:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/06/13 00:19:15 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/06/13 00:19:15 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/06/13 00:19:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/06/13 00:19:15 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/06/13 00:19:14 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/06/13 00:19:14 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/06/13 00:19:14 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/06/12 22:29:29 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/06/12 22:29:29 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/06/12 22:29:27 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013/06/12 22:29:27 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013/06/12 22:29:24 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013/06/12 22:29:23 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/06/12 22:29:23 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013/06/12 22:29:23 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/06/12 22:29:23 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013/06/12 22:29:23 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013/06/11 20:00:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MASTAVASE\Desktop\OTL.exe
[2013/06/11 19:40:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/06/11 19:40:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/06/11 19:40:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/06/11 19:36:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/11 19:36:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/06/11 19:20:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/06/11 19:16:40 | 002,240,864 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\MASTAVASE\Desktop\tdsskiller.exe
[2013/06/10 09:13:12 | 000,000,000 | ---D | C] -- C:\Users\MASTAVASE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits
[2013/06/10 09:13:07 | 000,000,000 | ---D | C] -- C:\Users\MASTAVASE\AppData\Local\TopArcadeHits
[2013/06/09 04:20:47 | 000,000,000 | ---D | C] -- C:\Users\MASTAVASE\Documents\EVE
[2013/06/09 04:20:43 | 000,000,000 | ---D | C] -- C:\ProgramData\CCP
[2013/06/09 03:38:39 | 000,000,000 | ---D | C] -- C:\Users\MASTAVASE\AppData\Local\CCP
[2013/06/04 02:29:38 | 000,000,000 | ---D | C] -- C:\Users\MASTAVASE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/06/04 02:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/06/04 02:29:35 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013/05/30 20:01:11 | 000,000,000 | ---D | C] -- C:\Users\MASTAVASE\Desktop\War Thunder (Dev server)
[2013/05/29 19:15:23 | 000,000,000 | ---D | C] -- C:\Users\MASTAVASE\Documents\Outlook Files
[2013/05/21 01:22:36 | 000,000,000 | --SD | C] -- C:\Users\MASTAVASE\Google Drive
[2013/05/21 01:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/05/18 17:00:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/15 13:29:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MASTAVASE\Desktop\OTL.exe
[2013/06/15 13:26:54 | 000,125,762 | ---- | M] () -- C:\Users\MASTAVASE\Network_Meter_Data.js
[2013/06/15 13:25:44 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/15 13:25:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/15 13:25:27 | 2064,121,855 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/15 02:49:30 | 000,000,027 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Roaming\Network Meter_Usage.ini
[2013/06/15 02:40:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/15 02:03:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/14 08:33:48 | 000,780,650 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/14 08:33:48 | 000,665,358 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/14 08:33:48 | 000,125,592 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/14 08:32:21 | 000,020,688 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/14 08:32:21 | 000,020,688 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/14 08:27:35 | 000,890,839 | ---- | M] () -- C:\Users\MASTAVASE\Desktop\SecurityCheck.exe
[2013/06/14 08:21:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/06/14 08:13:49 | 005,080,197 | R--- | M] (Swearware) -- C:\Users\MASTAVASE\Desktop\ComboFix.exe
[2013/06/14 07:56:26 | 002,240,864 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\MASTAVASE\Desktop\tdsskiller.exe
[2013/06/12 20:03:11 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/06/12 20:03:11 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/06/11 06:28:29 | 000,001,181 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Roaming\Network Meter_Settings.ini
[2013/06/09 17:43:02 | 000,000,282 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Roaming\GPU MeterV2_Settings.ini
[2013/05/29 19:15:27 | 000,001,105 | ---- | M] () -- C:\Users\MASTAVASE\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013/05/27 23:55:43 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/05/21 01:22:36 | 000,001,675 | ---- | M] () -- C:\Users\MASTAVASE\Desktop\Google Drive.lnk
[2013/05/17 04:09:56 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/05/17 04:01:13 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/05/17 04:00:22 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/05/17 03:56:09 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/05/17 03:56:00 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/05/17 03:55:59 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/05/17 03:54:09 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/05/17 03:51:49 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/05/17 03:46:31 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/05/16 23:27:30 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/05/16 23:26:07 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/05/16 23:21:37 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/05/16 23:21:34 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/16 23:17:21 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/05/16 23:12:55 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/16 17:51:39 | 000,418,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/06/11 19:56:45 | 000,890,839 | ---- | C] () -- C:\Users\MASTAVASE\Desktop\SecurityCheck.exe
[2013/06/11 19:40:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/06/11 19:40:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/06/11 19:40:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/06/11 19:40:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/06/11 19:40:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/29 19:15:27 | 000,001,105 | ---- | C] () -- C:\Users\MASTAVASE\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013/05/21 01:22:36 | 000,001,675 | ---- | C] () -- C:\Users\MASTAVASE\Desktop\Google Drive.lnk
[2013/05/15 15:20:28 | 000,003,584 | ---- | C] () -- C:\Users\MASTAVASE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/07 00:16:21 | 000,000,027 | ---- | C] () -- C:\Users\MASTAVASE\AppData\Roaming\Network Meter_Usage.ini
[2013/03/06 23:00:00 | 000,125,762 | ---- | C] () -- C:\Users\MASTAVASE\Network_Meter_Data.js
[2013/02/15 21:54:11 | 000,000,000 | ---- | C] () -- C:\ProgramData\CLDShowX.ini
[2013/02/10 23:44:00 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2013/02/02 02:45:22 | 000,283,032 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/02/02 02:45:21 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013/02/02 02:45:21 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/02/01 19:04:23 | 000,000,576 | ---- | C] () -- C:\Users\MASTAVASE\AppData\Roaming\All CPU MeterV3_Settings.ini
[2013/02/01 19:03:46 | 000,001,181 | ---- | C] () -- C:\Users\MASTAVASE\AppData\Roaming\Network Meter_Settings.ini
[2013/02/01 19:02:55 | 000,000,282 | ---- | C] () -- C:\Users\MASTAVASE\AppData\Roaming\GPU MeterV2_Settings.ini
[2013/02/01 17:28:53 | 000,766,118 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/02/01 16:44:33 | 000,000,003 | ---- | C] () -- C:\Users\MASTAVASE\AppData\Local\user_data.ini
[2013/02/01 16:02:48 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2013/01/31 08:08:34 | 000,039,904 | ---- | C] () -- C:\Windows\SysWow64\dischandler.exe
[2013/01/25 17:48:32 | 003,915,776 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2013/01/25 17:47:32 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013/01/25 17:46:18 | 000,271,360 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2013/01/25 17:46:16 | 000,157,184 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2013/01/25 17:46:16 | 000,099,840 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2013/01/25 17:46:12 | 000,211,968 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2013/01/25 17:46:12 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2013/01/25 17:46:08 | 001,525,760 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2013/01/25 17:46:08 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2013/01/25 17:00:40 | 000,384,472 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll
[2013/01/25 17:00:40 | 000,247,920 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-52.dll
[2013/01/25 17:00:40 | 000,183,976 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll
[2013/01/25 17:00:40 | 000,165,160 | ---- | C] () -- C:\Windows\SysWow64\avresample-lav-1.dll
[2013/01/25 17:00:38 | 007,833,552 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-54.dll
[2013/01/25 17:00:38 | 001,257,464 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-54.dll
[2013/01/25 17:00:38 | 000,169,888 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-3.dll
[2012/12/14 03:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/12/14 03:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012/12/14 03:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012/09/29 23:47:28 | 000,000,178 | ---- | C] () -- C:\Windows\SysWow64\Formats.ini
[2012/09/28 20:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2011/12/07 20:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\Lagarith.dll
[2011/09/08 15:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2011/09/08 15:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2011/09/08 15:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2011/09/08 15:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2011/09/08 15:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2011/09/08 15:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2011/09/08 15:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2011/09/08 15:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2011/09/08 14:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2011/09/08 14:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2011/06/24 04:58:32 | 000,242,259 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/06/24 04:58:04 | 000,877,296 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 2560 bytes -> C:\ProgramData\CLDShowX.ini:Update.CL

< End of report >
 

 

 

OTL Extras logfile created on: 15/06/2013 13:29:55 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\MASTAVASE\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
7.90 Gb Total Physical Memory | 5.57 Gb Available Physical Memory | 70.58% Memory free
15.79 Gb Paging File | 13.32 Gb Available in Paging File | 84.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 715.04 Gb Free Space | 76.77% Space Free | Partition Type: NTFS
 
Computer Name: NATHANSPC | User Name: MASTAVASE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1179438607-1188683190-1257082983-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2572E4B6-771B-4288-A6A9-935AA080DFF7}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{2658B56B-79E5-4C3F-9B75-D011AF5077CF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{335761CE-44E8-41D1-8557-D34070F16493}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{4049C54A-9F8C-4E31-8736-468077641846}" = lport=53 | protocol=17 | dir=in | name=rtldns-port-2 |
"{72144F79-CCC5-461E-9E7F-67EE0DB8801C}" = lport=68 | protocol=17 | dir=in | name=rtldhcp-port-2 |
"{858C5DE0-99A6-4774-A1B7-765EBB81EEC6}" = lport=53 | protocol=6 | dir=in | name=rtldns-port |
"{89653724-DDCA-4E09-99CB-B8E63AAF42B0}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{958A95AA-A557-49FE-9EF5-269B7FC5A8B7}" = lport=67 | protocol=17 | dir=in | name=rtldhcp-port |
"{BED9B559-3019-42A7-A25D-F29280A492A5}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{D364F0F9-66D8-4CCB-B0C7-994883D91014}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{DFC6549F-4CE3-4FBA-8E5C-BC0E135D48E3}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0026B826-8FAC-4DD6-AF12-7C334FC41BED}" = protocol=17 | dir=in | app=c:\users\mastavase\games\games storage\assassin's creed lll\assassin's creed iii\ac3sp.exe |
"{02B2A2D1-A6D6-4A7D-85FF-1233742B9E34}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{045E7854-9682-4354-892A-8B4F4CB79216}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{0756B4E3-1776-48DE-9CA0-BCF6A47063B6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{0767FBD4-0055-4AB8-BB77-CE57BA1E3F19}" = protocol=17 | dir=in | app=c:\users\mastavase\games\games storage\assassin's creed lll\assassin's creed iii\ac3mp.exe |
"{0A8B2355-B3F3-460A-A97F-744B99D27ED9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0C95F815-AF7C-44D7-85DD-7ED3822A5663}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{0F164E45-15CD-46EF-ABC1-346DD8CF17AB}" = protocol=6 | dir=in | app=c:\program files (x86)\edimax\pcie wireless lan\rtldhcp.exe |
"{119491D0-5627-4863-A8FC-960D4CD3BE32}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{14074A6D-9C4F-4F52-AFBB-E82C8CA986F6}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{16AAABB9-F2EA-4E91-BE6A-A75BC07793F5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{18A9A29A-6072-452A-BAC0-B78E3C7A1387}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{1AA0711A-1725-4F36-83CE-D17670A7E51F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe |
"{2A7C96F7-3D32-42C1-8948-3796B253C978}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{2A88BCE0-8700-4B74-87FD-71E359BCB642}" = protocol=6 | dir=in | app=c:\users\mastavase\games\games storage\world in conflict\wic_online.exe |
"{2AFD360F-5D47-48C5-A2AC-8DFE76E544A5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{2B12B158-ED11-4B6D-82A7-708393F54389}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat |
"{2D50D8B9-EE3B-42AB-9952-E7EBABC245AE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes 2\reliccoh2.exe |
"{3731C896-601A-4FB1-B5E9-42B6A7E9070A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{44927DEC-9562-4A3B-BE85-96EBCF5E9614}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{4D7B8143-7626-43BC-99AB-773D0269E692}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{5AD5AECA-3227-4683-87E0-5F7C3C566BB7}" = protocol=17 | dir=in | app=c:\users\mastavase\appdata\roaming\bittorrent\bittorrent.exe |
"{5C4C61C5-7F5D-4C87-95A2-2F0AF4568341}" = protocol=6 | dir=in | app=c:\users\mastavase\appdata\roaming\bittorrent\bittorrent.exe |
"{663F4886-56FC-475F-B04A-C078B7BFC555}" = protocol=17 | dir=in | app=c:\users\mastavase\games\games storage\world in conflict\wic_ds.exe |
"{66C3085D-ADAE-4303-997D-DD4A681E7BBE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{66E4A1AA-1D26-4508-9726-A4EC0822EC80}" = protocol=17 | dir=in | app=c:\users\mastavase\games\games storage\world in conflict\wic_online.exe |
"{67AA6884-6BF9-42E4-9983-2653C3A6D4B2}" = protocol=17 | dir=in | app=c:\users\mastavase\games\games storage\assassin's creed lll\assassin's creed iii\assassinscreed3.exe |
"{77946097-65C7-4F48-A3C2-5637D766794E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{78721596-97AB-430B-A3E9-E4E715537EE6}" = protocol=6 | dir=in | app=c:\program files (x86)\edimax\pcie wireless lan\rtwlan.exe |
"{80F7AB4F-B2F4-4A4A-B889-FB5073CF3E6D}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{832B81C8-C8D0-479D-8898-8A7AB2E376A1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
"{879CD030-7907-4C41-8879-2AB1209198C6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{887E6AED-4EA5-469B-A873-3538E5931191}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe |
"{9603F425-FB7D-46A0-BABD-8D7CF3FD312C}" = protocol=6 | dir=in | app=c:\users\mastavase\games\games storage\world in conflict\wic.exe |
"{9AD5419E-7CAE-4545-85F7-B387AECF66FB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe |
"{9E6EA799-34F4-44FD-8B46-0624EF2775DC}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{A2E3978D-7049-4E10-8CAF-32EADE2CF462}" = protocol=17 | dir=in | app=c:\program files (x86)\edimax\pcie wireless lan\rtwlan.exe |
"{A33B9A70-1B5F-4BE5-9BCF-0D7011C43DCC}" = protocol=6 | dir=in | app=c:\users\mastavase\games\games storage\world in conflict\wic_ds.exe |
"{A7B081C6-0209-456F-964E-7834F5CE472C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes 2\reliccoh2.exe |
"{B005592D-94FA-4927-9349-5B1099CC8E62}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nexus the jupiter incident\runme.exe |
"{B7A8B14C-153B-47D1-B1EA-3270B6E89204}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{C0AC51D7-8CF1-432C-9F03-A3EDDB5B92A0}" = protocol=6 | dir=in | app=c:\users\mastavase\games\games storage\assassin's creed lll\assassin's creed iii\ac3sp.exe |
"{CEE95073-8481-4F09-A8CA-11D61EAD739C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{D5EBE4EE-175E-42B3-943B-45C1F19B26C6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
"{D63841C7-1506-4CD5-BF5D-B27B67F5B447}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nexus the jupiter incident\runme.exe |
"{D9AB265E-450A-41BC-ABCF-3EAA2436F2AC}" = protocol=17 | dir=in | app=c:\users\mastavase\games\games storage\world in conflict\wic.exe |
"{D9ADAB42-8F04-4029-989A-A60CCA989340}" = protocol=6 | dir=in | app=c:\users\mastavase\games\games storage\assassin's creed lll\assassin's creed iii\assassinscreed3.exe |
"{DB86FED9-AEEE-42D7-A70F-1295C486C9FE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DEDB5BCE-D952-4E24-830E-E4FC1A05156A}" = protocol=17 | dir=in | app=c:\program files (x86)\edimax\pcie wireless lan\rtldhcp.exe |
"{E1F4FF65-B75E-49D0-9D90-5BF5099CD921}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\eve.exe |
"{E21C80AB-C746-49F7-8A10-6BD1327F76EC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E2FF88F4-DB4F-4352-B459-A50F046CC6FC}" = protocol=17 | dir=in | app=c:\users\mastavase\games\games storage\war thunder\launcher.exe |
"{E3F2ED86-22EB-48B2-A0DD-97C8DD221463}" = protocol=6 | dir=in | app=c:\users\mastavase\games\games storage\war thunder\launcher.exe |
"{E44D46B8-B25F-4B11-8E42-BFB889126387}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{E7BCC6DC-FE5F-4C3C-9CFE-69ABC6CE4B5B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe |
"{ECA104AD-CDDD-4CEA-BDBF-FD19B48099AC}" = protocol=6 | dir=in | app=c:\users\mastavase\games\games storage\assassin's creed lll\assassin's creed iii\ac3mp.exe |
"{ECD0AAB8-155E-4CAD-904C-E1ADCF1EB6AE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ED4158AB-B35E-4C16-93A8-A5C35B9E7865}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{EFFB4589-6739-4222-9FCB-CC7CC4CE82C6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat |
"{F374581A-1877-47BB-B947-E35639B501F4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F8F24475-DFFB-4791-92C5-53A8AE372BC2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\eve.exe |
"TCP Query User{2C2BA547-2D83-4A30-8975-FD83CF1EEEBE}C:\users\mastavase\games\games storage\war thunder\aces.exe" = protocol=6 | dir=in | app=c:\users\mastavase\games\games storage\war thunder\aces.exe |
"TCP Query User{2D786F86-B903-4C2E-B97C-4CFA2051DEC4}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe |
"TCP Query User{36368978-A2B1-4964-8460-435922561044}C:\users\mastavase\games\games storage\gro\ghost recon online\pdc-live\ghostrecononline.exe" = protocol=6 | dir=in | app=c:\users\mastavase\games\games storage\gro\ghost recon online\pdc-live\ghostrecononline.exe |
"TCP Query User{41D2623E-561B-44D2-9BA3-B19941F86051}C:\users\mastavase\desktop\war thunder (dev server)\aces.exe" = protocol=6 | dir=in | app=c:\users\mastavase\desktop\war thunder (dev server)\aces.exe |
"TCP Query User{49DCCCA3-7C9B-42ED-A155-E7D30A885A49}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{4AAA7D48-B17A-4927-BDA1-52D608DAED55}C:\users\mastavase\desktop\war thunder\launcher.exe" = protocol=6 | dir=in | app=c:\users\mastavase\desktop\war thunder\launcher.exe |
"TCP Query User{7F666371-8BDA-4E5F-9FA8-62F3B6D6656D}C:\users\mastavase\desktop\war thunder (dev server)\launcher.exe" = protocol=6 | dir=in | app=c:\users\mastavase\desktop\war thunder (dev server)\launcher.exe |
"TCP Query User{9B0853FC-55B5-4E92-8CF5-DF71E5FB9B1C}C:\users\mastavase\appdata\local\apps\2.0\z4lm6qqt.a4r\8wp4botr.6xt\laun...app_59711684aa47878d_0001.001e_488c36b75bc31b10\launcher.exe" = protocol=6 | dir=in | app=c:\users\mastavase\appdata\local\apps\2.0\z4lm6qqt.a4r\8wp4botr.6xt\laun...app_59711684aa47878d_0001.001e_488c36b75bc31b10\launcher.exe |
"TCP Query User{9FAA7C70-9109-4673-81F6-F1AB0FF86A9F}C:\users\mastavase\games\games storage\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe" = protocol=6 | dir=in | app=c:\users\mastavase\games\games storage\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe |
"TCP Query User{B21F02E8-6D4B-4913-ABC2-622DE5451EF2}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{B897FC0D-0507-48A9-8A54-649EABCE60AA}C:\users\mastavase\desktop\war thunder\aces.exe" = protocol=6 | dir=in | app=c:\users\mastavase\desktop\war thunder\aces.exe |
"TCP Query User{C2B09147-9AFE-455E-A191-774682C497A2}C:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game |
"TCP Query User{FF9D0B11-7283-4503-97C5-3A2962DB6413}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe |
"UDP Query User{026FC95C-A10F-45B4-B6B8-446235655CD8}C:\users\mastavase\desktop\war thunder\launcher.exe" = protocol=17 | dir=in | app=c:\users\mastavase\desktop\war thunder\launcher.exe |
"UDP Query User{1266C7C8-27DF-407D-921D-F8CF3FA15546}C:\users\mastavase\appdata\local\apps\2.0\z4lm6qqt.a4r\8wp4botr.6xt\laun...app_59711684aa47878d_0001.001e_488c36b75bc31b10\launcher.exe" = protocol=17 | dir=in | app=c:\users\mastavase\appdata\local\apps\2.0\z4lm6qqt.a4r\8wp4botr.6xt\laun...app_59711684aa47878d_0001.001e_488c36b75bc31b10\launcher.exe |
"UDP Query User{3B907747-1B4B-432B-B766-34F8CA79DB4E}C:\users\mastavase\games\games storage\gro\ghost recon online\pdc-live\ghostrecononline.exe" = protocol=17 | dir=in | app=c:\users\mastavase\games\games storage\gro\ghost recon online\pdc-live\ghostrecononline.exe |
"UDP Query User{3F85D2C1-F282-441A-BE7D-7F9071029B53}C:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game |
"UDP Query User{542C210C-E2F1-4A45-82DE-5444AACED29D}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe |
"UDP Query User{5758515A-EB7A-4B6D-ADDF-109C29E6725B}C:\users\mastavase\games\games storage\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe" = protocol=17 | dir=in | app=c:\users\mastavase\games\games storage\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe |
"UDP Query User{754FAC54-4A6D-4A9B-9AB1-C6178D822B1C}C:\users\mastavase\desktop\war thunder (dev server)\aces.exe" = protocol=17 | dir=in | app=c:\users\mastavase\desktop\war thunder (dev server)\aces.exe |
"UDP Query User{8C02C58A-C23A-4D4B-A1AF-3C9D2C1794BA}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe |
"UDP Query User{8D738052-78A0-4D2F-8CDB-2D38C5F7265C}C:\users\mastavase\games\games storage\war thunder\aces.exe" = protocol=17 | dir=in | app=c:\users\mastavase\games\games storage\war thunder\aces.exe |
"UDP Query User{9E280B1A-86BF-4179-BD6F-106AC8A37C06}C:\users\mastavase\desktop\war thunder (dev server)\launcher.exe" = protocol=17 | dir=in | app=c:\users\mastavase\desktop\war thunder (dev server)\launcher.exe |
"UDP Query User{A648D9B2-F3A4-40D3-BE6E-A17A881AD401}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{A6F4948E-4359-4A67-9797-0829908D78BF}C:\users\mastavase\desktop\war thunder\aces.exe" = protocol=17 | dir=in | app=c:\users\mastavase\desktop\war thunder\aces.exe |
"UDP Query User{BE1E8C6B-B328-4807-BE5D-1A61AC34EFD0}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417013FF}" = Java 7 Update 13 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0081-0409-1000-0000000FF1CE}" = Microsoft Outlook Hotmail Connector 64-bit
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{E6B7BD80-A921-4C72-A68B-44A9EB438BE4}" = Microsoft IntelliType Pro 7.1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ASRock XFast RAM_is1" = ASRock XFast RAM v2.0.9
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.62.0
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.21
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WhoCrashed_is1" = WhoCrashed 4.01
"WinRAR archiver" = WinRAR 5.00 beta 5 (64-bit)
"XFast LAN" = XFast LAN v6.61
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 2.5.0
"{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{556BEFE2-30FF-4113-98F4-01234396DF2B}" = Edimax Wireless LAN Driver and Utility
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6F9D5A0B-202C-4161-BC7F-0664EA39E7E7}" = NVIDIA PhysX (Legacy)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed® III v1.04
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{EA561FC0-A965-11E2-94D3-B8AC6F98CCE3}" = Google Earth Plug-in
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.153
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.136
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict: Soviet Assault
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.3.1
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.257
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.29
"avast" = avast! Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"BitRaider Web Client" = BitRaider Web Client
"ESN Sonar-0.70.4" = ESN Sonar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Media Player - Codec Pack" = Media Player Codec Pack 4.2.5
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"potbs" = Pirates Of The Burning Sea
"PunkBusterSvc" = PunkBuster Services
"Steam App 107410" = Arma 3 Alpha
"Steam App 218230" = PlanetSide 2
"Steam App 230410" = Warframe
"Steam App 231430" = Company of Heroes 2
"Steam App 6420" = Nexus: The Jupiter Incident
"Steam App 8510" = EVE Online Demo
"Steam App 8870" = BioShock Infinite
"Uplay" = Uplay
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"XFastUSB" = XFastUSB
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1179438607-1188683190-1257082983-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"World in Conflict MW Mod 3.5" = World in Conflict MW Mod 3.5
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/06/2013 14:48:35 | Computer Name = NathansPC | Source = .NET Runtime | ID = 1026
Description =
 
Error - 11/06/2013 14:48:37 | Computer Name = NathansPC | Source = Application Error | ID = 1000
Description = Faulting application name: IAStorDataMgrSvc.exe, version: 11.7.0.1013,
 time stamp: 0x50aa9310  Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015,
 time stamp: 0x50b83c8a  Exception code: 0xe0434352  Fault offset: 0x0000c41f  Faulting
 process id: 0x538  Faulting application start time: 0x01ce66d4409c4f61  Faulting application
 path: C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
Faulting
 module path: C:\Windows\syswow64\KERNELBASE.dll  Report Id: 85d81900-d2c7-11e2-98cc-a66da9e3c440
 
Error - 11/06/2013 14:55:55 | Computer Name = NathansPC | Source = WinMgmt | ID = 10
Description =
 
Error - 11/06/2013 18:36:14 | Computer Name = NathansPC | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 21.0.0.4879, time
 stamp: 0x518ec3cc  Faulting module name: xul.dll, version: 21.0.0.4879, time stamp:
 0x518ec306  Exception code: 0xc0000005  Fault offset: 0x001c9789  Faulting process id:
 0x748  Faulting application start time: 0x01ce66d54dd756a9  Faulting application path:
 C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Faulting module path: C:\Program
 Files (x86)\Mozilla Firefox\xul.dll  Report Id: 52345a92-d2e7-11e2-abd4-bc5ff4482562
 
Error - 12/06/2013 02:58:39 | Computer Name = NathansPC | Source = WinMgmt | ID = 10
Description =
 
Error - 14/06/2013 01:30:45 | Computer Name = NathansPC | Source = WinMgmt | ID = 10
Description =
 
Error - 14/06/2013 03:23:14 | Computer Name = NathansPC | Source = WinMgmt | ID = 10
Description =
 
Error - 14/06/2013 03:26:47 | Computer Name = NathansPC | Source = WinMgmt | ID = 10
Description =
 
Error - 14/06/2013 05:05:19 | Computer Name = NathansPC | Source = Application Error | ID = 1000
Description = Faulting application name: wic.exe, version: 1.0.1.1, time stamp:
0x4a2f7509  Faulting module name: wic.exe, version: 1.0.1.1, time stamp: 0x4a2f7509
Exception
 code: 0xc0000005  Fault offset: 0x006310c4  Faulting process id: 0x1600  Faulting application
 start time: 0x01ce68dc643b43ae  Faulting application path: C:\Users\MASTAVASE\Games\Games
 storage\World in Conflict\wic.exe  Faulting module path: C:\Users\MASTAVASE\Games\Games
 storage\World in Conflict\wic.exe  Report Id: 8923bbd6-d4d1-11e2-9921-bc5ff4482562
 
Error - 14/06/2013 05:38:51 | Computer Name = NathansPC | Source = Application Hang | ID = 1002
Description = The program RelicCoH2.exe version 3.0.0.9515 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 150c    Start
 Time: 01ce68e2542c0248    Termination Time: 300    Application Path: C:\Program Files (x86)\Steam\steamapps\common\Company
 of Heroes 2\RelicCoH2.exe    Report Id:   
 
Error - 15/06/2013 08:27:19 | Computer Name = NathansPC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 14/06/2013 03:18:57 | Computer Name = NathansPC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 14/06/2013 03:20:12 | Computer Name = NathansPC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
 with this system. Please contact your software vendor for a compatible version
of the driver.
 
Error - 14/06/2013 03:20:12 | Computer Name = NathansPC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
 with this system. Please contact your software vendor for a compatible version
of the driver.
 
Error - 14/06/2013 03:20:43 | Computer Name = NathansPC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 14/06/2013 03:23:47 | Computer Name = NathansPC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
 with the currently configured password due to the following error:   %%1330    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).
 
Error - 14/06/2013 03:23:47 | Computer Name = NathansPC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
 following error:   %%1069
 
Error - 14/06/2013 03:27:17 | Computer Name = NathansPC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
 with the currently configured password due to the following error:   %%1330    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).
 
Error - 14/06/2013 03:27:17 | Computer Name = NathansPC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
 following error:   %%1069
 
Error - 15/06/2013 08:28:00 | Computer Name = NathansPC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
 with the currently configured password due to the following error:   %%1330    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).
 
Error - 15/06/2013 08:28:00 | Computer Name = NathansPC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
 following error:   %%1069
 
 
< End of report >
 



#7 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:08:39 PM

Posted 15 June 2013 - 11:23 AM

----------Step 1----------------
We need to run an OTL Fix
  • Please reopen otlicon.png on your desktop.
  • Copy and Paste the following code into the customscanfix.png textbox.


    :OTL
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    
    [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    
    @Alternate Data Stream - 2560 bytes -> C:\ProgramData\CLDShowX.ini:Update.CL
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Push runfix.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
----------Step 2----------------
Instructions for DELETE:
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Afterwards, please reboot the computer.

----------Step 3----------------
Please download RogueKiller to your desktop
  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 1 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.


----------Step 4----------------
Please post the OTL, AdwCleaner, and RogueKiller reports in your next reply. How are things running now?
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#8 MASTAVASE

MASTAVASE
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 15 June 2013 - 11:50 AM

Thanks for the quick replies.

 

 

 

All processes killed
========== OTL ==========
C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP folder deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Windows\assembly\Desktop.ini moved successfully.
File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
ADS C:\ProgramData\CLDShowX.ini:Update.CL deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: MASTAVASE
->Temp folder emptied: 40098062 bytes
->Temporary Internet Files folder emptied: 86645151 bytes
->Java cache emptied: 160436 bytes
->FireFox cache emptied: 373783121 bytes
->Flash cache emptied: 884 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 90935224 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 2353132 bytes
 
Total Files Cleaned = 567.00 mb
 
 
[EMPTYJAVA]
 
User: All Users
 
User: Default
 
User: Default User
 
User: MASTAVASE
->Java cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
 
Total Java Files Cleaned = 0.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: MASTAVASE
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06152013_173718

Files\Folders moved on Reboot...
C:\Users\MASTAVASE\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

 

 

 

 

 

 

# AdwCleaner v2.303 - Logfile created 06/15/2013 at 17:41:28
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : MASTAVASE - NATHANSPC
# Boot Mode : Normal
# Running from : C:\Users\MASTAVASE\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\MASTAVASE\AppData\Roaming\Mozilla\Firefox\Profiles\pcgmafqi.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1034 octets] - [15/06/2013 13:27:46]
AdwCleaner[S1].txt - [979 octets] - [15/06/2013 17:41:28]

########## EOF - C:\AdwCleaner[S1].txt - [1038 octets] ##########
 

 

 

 

 

 

 

 

 

RogueKiller V8.6.0 _x64_ [Jun 15 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7
Started in : Normal mode
User : MASTAVASE [Admin rights]
Mode : Scan -- Date : 06/15/2013 17:48:23
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ATA ST1000DM003-1CH1 SCSI Disk Device +++++
--- User ---
[MBR] 189b673a90bb73209acbfd6320b6fe5e
[BSP] 2cbdb07a6435ab9257a5794480e6d3fd : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_06152013_174823.txt >>



 



#9 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:08:39 PM

Posted 15 June 2013 - 11:58 AM

Your logs appear to be clean :).
 
Unless there are any other issues, I will now provide you with some steps to better protect your computer.

First, however we need to remove ComboFix.

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

-------------------

Let's remove OTL and the other tools we used as well:
  • Reopen otlicon.png on your desktop.
  • Click on cleanup.png
  • You will be prompted to reboot your system. Please do so.
-------------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

-------------------

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.
AntiVir
AVG
Microsoft Security Essentials

-------------------

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

-------------------

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.
A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.
If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions availableA tutorial on understanding and using firewalls may be found here.

-------------------

Please keep your security programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time.

-------------------

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewa...nti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

-------------------

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.
If you are interested, Firefox may be downloaded from here
Opera is available here: http://www.opera.com/download/

-------------------

For more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.

-------------------

I would grateful if you could reply to this post so that I know you have read it and, if you have no other questions, the thread can then be closed.

I will leave the thread open for a few more days. If you need anything, just come back here and let me know. After that time you will have to send me a PM.


---------------------------------------------------------


My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against malware, then click here:
paypal.gif Every little bit helps. :)

-DFB
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#10 MASTAVASE

MASTAVASE
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 15 June 2013 - 12:20 PM

I've downdoaded comodo firewall and spyware blaster and also currently downloading spybot,

 

however it seems I'm still reciveing the issue.

 

Untitled-2.png



#11 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:08:39 PM

Posted 15 June 2013 - 12:25 PM

Go ahead and download OTL again and run a scan with it. Please post the OTL.txt and the Extras.txt it makes.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#12 MASTAVASE

MASTAVASE
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 15 June 2013 - 12:47 PM

OTL logfile created on: 15/06/2013 18:28:55 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\MASTAVASE\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
7.90 Gb Total Physical Memory | 5.22 Gb Available Physical Memory | 66.13% Memory free
15.79 Gb Paging File | 12.91 Gb Available in Paging File | 81.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 713.70 Gb Free Space | 76.63% Space Free | Partition Type: NTFS
 
Computer Name: NATHANSPC | User Name: MASTAVASE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/06/15 18:28:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MASTAVASE\Desktop\OTL.exe
PRC - [2013/06/12 20:03:11 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
PRC - [2013/05/18 17:00:48 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/05/16 10:59:00 | 003,830,224 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/05/16 10:58:46 | 003,611,600 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
PRC - [2013/05/16 10:58:12 | 003,859,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
PRC - [2013/05/16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/05/16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/05/15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 09:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/04/16 16:10:44 | 019,662,744 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/03/14 23:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/02/11 02:38:15 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/02/01 16:42:15 | 005,021,448 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files (x86)\XFastUSB\XFastUsb.exe
PRC - [2012/11/19 13:15:20 | 000,285,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2012/11/19 13:15:20 | 000,014,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/02/27 04:01:56 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011/10/12 12:05:54 | 001,957,888 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\Edimax\PCIe Wireless LAN\RtWLan.exe
PRC - [2010/04/16 17:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files (x86)\Edimax\PCIe Wireless LAN\RtlService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/06/15 18:14:09 | 000,557,056 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI23362\pysqlite2._sqlite.pyd
MOD - [2013/06/15 18:14:09 | 000,128,512 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI23362\_elementtree.pyd
MOD - [2013/06/15 18:14:09 | 000,098,816 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI23362\win32api.pyd
MOD - [2013/06/15 18:14:09 | 000,044,032 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI23362\_socket.pyd
MOD - [2013/06/15 18:14:09 | 000,022,528 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI23362\win32ts.pyd
MOD - [2013/06/15 18:14:08 | 001,022,416 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI23362\windows._cacheinvalidation.pyd
MOD - [2013/06/15 18:14:08 | 000,805,888 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI23362\wx._gdi_.pyd
MOD - [2013/06/15 18:14:08 | 000,320,512 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI23362\win32com.shell.shell.pyd
MOD - [2013/06/15 18:14:08 | 000,070,656 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI23362\wx._html2.pyd
MOD - [2013/06/15 18:14:08 | 000,026,624 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI23362\_multiprocessing.pyd
MOD - [2013/06/15 18:14:08 | 000,011,264 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI23362\win32crypt.pyd
MOD - [2013/06/15 18:14:07 | 000,735,232 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI23362\wx._misc_.pyd
MOD - [2013/06/15 18:14:07 | 000,364,544 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI23362\pythoncom27.dll
MOD - [2013/06/15 18:14:07 | 000,110,080 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI23362\PyWinTypes27.dll
MOD - [2013/06/15 18:14:07 | 000,087,040 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI23362\_ctypes.pyd
MOD - [2013/06/15 18:14:07 | 000,017,408 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI23362\win32profile.pyd
MOD - [2013/06/15 18:14:05 | 001,175,040 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI23362\wx._core_.pyd
MOD - [2013/06/15 18:14:05 | 000,108,544 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI23362\win32security.pyd
MOD - [2013/06/15 18:13:59 | 001,153,024 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI23362\_ssl.pyd
MOD - [2013/06/15 18:13:59 | 000,811,008 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI23362\wx._windows_.pyd
MOD - [2013/06/15 18:13:59 | 000,711,680 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI23362\_hashlib.pyd
MOD - [2013/06/15 18:13:59 | 000,122,368 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI23362\wx._wizard.pyd
MOD - [2013/06/15 18:13:59 | 000,119,808 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI23362\win32file.pyd
MOD - [2013/06/15 18:13:59 | 000,035,840 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI23362\win32process.pyd
MOD - [2013/06/15 18:13:59 | 000,025,600 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI23362\win32pdh.pyd
MOD - [2013/06/15 18:13:58 | 000,038,912 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI23362\win32inet.pyd
MOD - [2013/06/15 18:13:57 | 001,062,400 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI23362\wx._controls_.pyd
MOD - [2013/06/15 18:13:56 | 000,018,432 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI23362\win32event.pyd
MOD - [2013/06/15 18:13:55 | 000,686,080 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI23362\unicodedata.pyd
MOD - [2013/06/15 18:13:55 | 000,127,488 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI23362\pyexpat.pyd
MOD - [2013/06/15 18:13:55 | 000,010,240 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Local\Temp\_MEI23362\select.pyd
MOD - [2013/06/12 20:03:10 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2013/05/18 17:00:35 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/05/16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/08/23 10:38:24 | 000,574,840 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/05/09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/04/25 01:30:18 | 005,784,472 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2013/04/15 18:38:22 | 000,158,928 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/10/19 17:19:30 | 000,395,136 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\ASRock\XFast LAN\spd.exe -- (cFosSpeedS)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/06/12 20:03:11 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/06 23:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/06/05 22:51:52 | 000,909,592 | ---- | M] (BitRaider, LLC) [On_Demand | Stopped] -- C:\ProgramData\BitRaider\BRSptSvc.exe -- (BRSptSvc)
SRV - [2013/05/18 17:00:48 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/15 06:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/03/14 23:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/02/28 19:09:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/11 02:38:15 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/02/04 17:39:18 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012/12/14 03:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/11/19 13:15:20 | 000,014,904 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/04/16 17:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\Edimax\PCIe Wireless LAN\RtlService.exe -- (RealtekSE)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/05/09 09:59:07 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/05/09 09:59:07 | 000,378,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/05/09 09:59:07 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/05/09 09:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/05/09 09:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/05/09 09:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/05/09 09:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/05/09 09:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/04/15 18:38:52 | 000,023,168 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2013/02/28 20:32:52 | 000,032,320 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV:64bit: - [2013/02/01 16:42:15 | 000,016,648 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/19 06:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/12/14 03:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/11/19 13:10:38 | 000,652,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/11/19 13:10:36 | 000,028,216 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/27 04:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/02/27 04:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/02/27 04:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/01/13 13:52:38 | 000,031,016 | ---- | M] (ASRock Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AsrRamDisk.sys -- (AsrRamDisk)
DRV:64bit: - [2011/10/06 08:58:42 | 001,163,880 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011/09/21 18:56:24 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)
DRV:64bit: - [2011/07/04 16:19:34 | 001,632,128 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed)
DRV:64bit: - [2011/05/09 21:42:14 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 17:00:14 | 000,390,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/03/04 17:00:14 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1179438607-1188683190-1257082983-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-1179438607-1188683190-1257082983-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB 57 41 84 59 67 CE 01  [binary data]
IE - HKU\S-1-5-21-1179438607-1188683190-1257082983-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1179438607-1188683190-1257082983-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1179438607-1188683190-1257082983-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1179438607-1188683190-1257082983-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1179438607-1188683190-1257082983-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "http://www.game-debate.com/"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: %7B0113D088-8ED1-468C-B225-585A9C53B5E3%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/05/27 23:55:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/06/10 09:13:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MASTAVASE\AppData\Roaming\Mozilla\Extensions
[2013/06/15 18:27:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MASTAVASE\AppData\Roaming\Mozilla\Firefox\Profiles\pcgmafqi.default\extensions
[2013/06/15 18:27:06 | 000,085,966 | ---- | M] () (No name found) -- C:\Users\MASTAVASE\AppData\Roaming\Mozilla\Firefox\Profiles\pcgmafqi.default\extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi
[2013/05/08 18:10:26 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\MASTAVASE\AppData\Roaming\Mozilla\Firefox\Profiles\pcgmafqi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/18 17:00:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/18 17:00:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/05/27 23:55:42 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013/06/10 09:13:09 | 000,000,000 | ---D | M] (TopArcadeHits) -- C:\USERS\MASTAVASE\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}
 
O1 HOSTS File: ([2013/06/14 08:21:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe (COMODO)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [XFastUSB] C:\Program Files (x86)\XFastUSB\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKU\S-1-5-21-1179438607-1188683190-1257082983-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1179438607-1188683190-1257082983-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1179438607-1188683190-1257082983-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1179438607-1188683190-1257082983-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1179438607-1188683190-1257082983-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1179438607-1188683190-1257082983-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1179438607-1188683190-1257082983-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9B4B068-0E1B-4052-AD58-FFFEBB7B9CF4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9B4B068-0E1B-4052-AD58-FFFEBB7B9CF4}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA4A00D4-828D-4C9F-B896-D74B11E8AFF5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA4A00D4-828D-4C9F-B896-D74B11E8AFF5}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/15 18:28:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MASTAVASE\Desktop\OTL.exe
[2013/06/15 18:22:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/06/15 18:21:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/06/15 18:21:39 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/06/15 18:21:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/06/15 18:13:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/06/15 18:12:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/15 18:11:36 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2013/06/15 18:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2013/06/15 18:04:57 | 001,070,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2013/06/15 18:04:57 | 000,129,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSSTDFMT.DLL
[2013/06/15 18:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2013/06/15 18:04:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2013/06/15 18:03:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2013/06/15 18:02:50 | 000,000,000 | --SD | C] -- C:\ProgramData\Shared Space
[2013/06/15 18:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2013/06/15 18:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2013/06/15 18:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2013/06/14 15:45:01 | 000,000,000 | ---D | C] -- C:\Users\MASTAVASE\AppData\Local\Warframe
[2013/06/14 08:23:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/06/13 00:19:18 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/06/13 00:19:18 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/06/13 00:19:17 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/13 00:19:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/06/13 00:19:17 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/06/13 00:19:16 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/06/13 00:19:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/06/13 00:19:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/06/13 00:19:15 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/06/13 00:19:15 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/06/13 00:19:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/06/13 00:19:15 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/06/13 00:19:14 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/06/13 00:19:14 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/06/13 00:19:14 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/06/12 22:29:29 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/06/12 22:29:29 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/06/12 22:29:27 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013/06/12 22:29:27 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013/06/12 22:29:24 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013/06/12 22:29:23 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/06/12 22:29:23 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013/06/12 22:29:23 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/06/12 22:29:23 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013/06/12 22:29:23 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013/06/11 19:36:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/06/11 19:20:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/06/10 09:13:12 | 000,000,000 | ---D | C] -- C:\Users\MASTAVASE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits
[2013/06/10 09:13:07 | 000,000,000 | ---D | C] -- C:\Users\MASTAVASE\AppData\Local\TopArcadeHits
[2013/06/09 04:20:47 | 000,000,000 | ---D | C] -- C:\Users\MASTAVASE\Documents\EVE
[2013/06/09 04:20:43 | 000,000,000 | ---D | C] -- C:\ProgramData\CCP
[2013/06/09 03:38:39 | 000,000,000 | ---D | C] -- C:\Users\MASTAVASE\AppData\Local\CCP
[2013/06/04 02:29:38 | 000,000,000 | ---D | C] -- C:\Users\MASTAVASE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/06/04 02:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/06/04 02:29:35 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013/05/30 20:01:11 | 000,000,000 | ---D | C] -- C:\Users\MASTAVASE\Desktop\War Thunder (Dev server)
[2013/05/29 19:15:23 | 000,000,000 | ---D | C] -- C:\Users\MASTAVASE\Documents\Outlook Files
[2013/05/21 01:22:36 | 000,000,000 | --SD | C] -- C:\Users\MASTAVASE\Google Drive
[2013/05/21 01:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/05/18 17:00:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/15 18:28:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MASTAVASE\Desktop\OTL.exe
[2013/06/15 18:22:13 | 000,780,650 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/15 18:22:13 | 000,665,358 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/15 18:22:13 | 000,125,592 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/15 18:21:44 | 000,001,383 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/06/15 18:21:17 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/06/15 18:20:47 | 000,020,688 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/15 18:20:47 | 000,020,688 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/15 18:13:37 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/15 18:13:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/15 18:13:19 | 2064,121,855 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/15 18:12:46 | 000,000,027 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Roaming\Network Meter_Usage.ini
[2013/06/15 18:04:57 | 000,001,083 | ---- | M] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2013/06/15 18:03:30 | 000,001,838 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2013/06/15 18:03:30 | 000,000,593 | ---- | M] () -- C:\Users\Public\Desktop\Shared Space.lnk
[2013/06/15 18:03:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/15 18:00:00 | 000,125,936 | ---- | M] () -- C:\Users\MASTAVASE\Network_Meter_Data.js
[2013/06/15 17:40:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/14 08:21:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/06/12 20:03:11 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/06/12 20:03:11 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/06/11 06:28:29 | 000,001,181 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Roaming\Network Meter_Settings.ini
[2013/06/09 17:43:02 | 000,000,282 | ---- | M] () -- C:\Users\MASTAVASE\AppData\Roaming\GPU MeterV2_Settings.ini
[2013/05/29 19:15:27 | 000,001,105 | ---- | M] () -- C:\Users\MASTAVASE\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013/05/21 01:22:36 | 000,001,675 | ---- | M] () -- C:\Users\MASTAVASE\Desktop\Google Drive.lnk
[2013/05/17 04:09:56 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/05/17 04:01:13 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/05/17 04:00:22 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/05/17 03:56:09 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/05/17 03:56:00 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/05/17 03:55:59 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/05/17 03:54:09 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/05/17 03:51:49 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/05/17 03:46:31 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/05/16 23:27:30 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/05/16 23:26:07 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/05/16 23:21:37 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/05/16 23:21:34 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/16 23:17:21 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/05/16 23:12:55 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
 
========== Files Created - No Company Name ==========
 
[2013/06/15 18:21:44 | 000,001,395 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/06/15 18:21:44 | 000,001,383 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/06/15 18:04:57 | 000,001,083 | ---- | C] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2013/06/15 18:03:30 | 000,001,838 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2013/06/15 18:03:30 | 000,000,593 | ---- | C] () -- C:\Users\Public\Desktop\Shared Space.lnk
[2013/06/15 17:45:46 | 003,748,864 | ---- | C] () -- C:\Users\MASTAVASE\Desktop\RogueKillerX64.exe
[2013/06/11 19:56:45 | 000,890,839 | ---- | C] () -- C:\Users\MASTAVASE\Desktop\SecurityCheck.exe
[2013/05/29 19:15:27 | 000,001,105 | ---- | C] () -- C:\Users\MASTAVASE\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013/05/21 01:22:36 | 000,001,675 | ---- | C] () -- C:\Users\MASTAVASE\Desktop\Google Drive.lnk
[2013/05/15 15:20:28 | 000,003,584 | ---- | C] () -- C:\Users\MASTAVASE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/07 00:16:21 | 000,000,027 | ---- | C] () -- C:\Users\MASTAVASE\AppData\Roaming\Network Meter_Usage.ini
[2013/03/06 23:00:00 | 000,125,936 | ---- | C] () -- C:\Users\MASTAVASE\Network_Meter_Data.js
[2013/02/15 21:54:11 | 000,000,000 | ---- | C] () -- C:\ProgramData\CLDShowX.ini
[2013/02/10 23:44:00 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2013/02/02 02:45:22 | 000,283,032 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/02/02 02:45:21 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013/02/02 02:45:21 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/02/01 19:04:23 | 000,000,576 | ---- | C] () -- C:\Users\MASTAVASE\AppData\Roaming\All CPU MeterV3_Settings.ini
[2013/02/01 19:03:46 | 000,001,181 | ---- | C] () -- C:\Users\MASTAVASE\AppData\Roaming\Network Meter_Settings.ini
[2013/02/01 19:02:55 | 000,000,282 | ---- | C] () -- C:\Users\MASTAVASE\AppData\Roaming\GPU MeterV2_Settings.ini
[2013/02/01 17:28:53 | 000,766,118 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/02/01 16:44:33 | 000,000,003 | ---- | C] () -- C:\Users\MASTAVASE\AppData\Local\user_data.ini
[2013/02/01 16:02:48 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2013/01/31 08:08:34 | 000,039,904 | ---- | C] () -- C:\Windows\SysWow64\dischandler.exe
[2013/01/25 17:48:32 | 003,915,776 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2013/01/25 17:47:32 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013/01/25 17:46:18 | 000,271,360 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2013/01/25 17:46:16 | 000,157,184 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2013/01/25 17:46:16 | 000,099,840 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2013/01/25 17:46:12 | 000,211,968 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2013/01/25 17:46:12 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2013/01/25 17:46:08 | 001,525,760 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2013/01/25 17:46:08 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2013/01/25 17:00:40 | 000,384,472 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll
[2013/01/25 17:00:40 | 000,247,920 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-52.dll
[2013/01/25 17:00:40 | 000,183,976 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll
[2013/01/25 17:00:40 | 000,165,160 | ---- | C] () -- C:\Windows\SysWow64\avresample-lav-1.dll
[2013/01/25 17:00:38 | 007,833,552 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-54.dll
[2013/01/25 17:00:38 | 001,257,464 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-54.dll
[2013/01/25 17:00:38 | 000,169,888 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-3.dll
[2012/12/14 03:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/12/14 03:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012/12/14 03:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012/09/29 23:47:28 | 000,000,178 | ---- | C] () -- C:\Windows\SysWow64\Formats.ini
[2012/09/28 20:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2011/12/07 20:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\Lagarith.dll
[2011/09/08 15:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2011/09/08 15:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2011/09/08 15:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2011/09/08 15:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2011/09/08 15:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2011/09/08 15:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2011/09/08 15:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2011/09/08 15:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2011/09/08 14:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2011/09/08 14:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2011/06/24 04:58:32 | 000,242,259 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/06/24 04:58:04 | 000,877,296 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >
 

 

 

 

 

 

OTL Extras logfile created on: 15/06/2013 18:28:55 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\MASTAVASE\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
7.90 Gb Total Physical Memory | 5.22 Gb Available Physical Memory | 66.13% Memory free
15.79 Gb Paging File | 12.91 Gb Available in Paging File | 81.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 713.70 Gb Free Space | 76.63% Space Free | Partition Type: NTFS
 
Computer Name: NATHANSPC | User Name: MASTAVASE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1179438607-1188683190-1257082983-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2572E4B6-771B-4288-A6A9-935AA080DFF7}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{2658B56B-79E5-4C3F-9B75-D011AF5077CF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{335761CE-44E8-41D1-8557-D34070F16493}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{4049C54A-9F8C-4E31-8736-468077641846}" = lport=53 | protocol=17 | dir=in | name=rtldns-port-2 |
"{72144F79-CCC5-461E-9E7F-67EE0DB8801C}" = lport=68 | protocol=17 | dir=in | name=rtldhcp-port-2 |
"{858C5DE0-99A6-4774-A1B7-765EBB81EEC6}" = lport=53 | protocol=6 | dir=in | name=rtldns-port |
"{89653724-DDCA-4E09-99CB-B8E63AAF42B0}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{958A95AA-A557-49FE-9EF5-269B7FC5A8B7}" = lport=67 | protocol=17 | dir=in | name=rtldhcp-port |
"{BED9B559-3019-42A7-A25D-F29280A492A5}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{D364F0F9-66D8-4CCB-B0C7-994883D91014}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{DFC6549F-4CE3-4FBA-8E5C-BC0E135D48E3}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0026B826-8FAC-4DD6-AF12-7C334FC41BED}" = protocol=17 | dir=in | app=c:\users\mastavase\games\games storage\assassin's creed lll\assassin's creed iii\ac3sp.exe |
"{02B2A2D1-A6D6-4A7D-85FF-1233742B9E34}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{045E7854-9682-4354-892A-8B4F4CB79216}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{0756B4E3-1776-48DE-9CA0-BCF6A47063B6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{0767FBD4-0055-4AB8-BB77-CE57BA1E3F19}" = protocol=17 | dir=in | app=c:\users\mastavase\games\games storage\assassin's creed lll\assassin's creed iii\ac3mp.exe |
"{0A8B2355-B3F3-460A-A97F-744B99D27ED9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0C95F815-AF7C-44D7-85DD-7ED3822A5663}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{0F164E45-15CD-46EF-ABC1-346DD8CF17AB}" = protocol=6 | dir=in | app=c:\program files (x86)\edimax\pcie wireless lan\rtldhcp.exe |
"{119491D0-5627-4863-A8FC-960D4CD3BE32}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{14074A6D-9C4F-4F52-AFBB-E82C8CA986F6}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{16AAABB9-F2EA-4E91-BE6A-A75BC07793F5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{18A9A29A-6072-452A-BAC0-B78E3C7A1387}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{1AA0711A-1725-4F36-83CE-D17670A7E51F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe |
"{2A7C96F7-3D32-42C1-8948-3796B253C978}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{2A88BCE0-8700-4B74-87FD-71E359BCB642}" = protocol=6 | dir=in | app=c:\users\mastavase\games\games storage\world in conflict\wic_online.exe |
"{2AFD360F-5D47-48C5-A2AC-8DFE76E544A5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{2B12B158-ED11-4B6D-82A7-708393F54389}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat |
"{2D50D8B9-EE3B-42AB-9952-E7EBABC245AE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes 2\reliccoh2.exe |
"{3731C896-601A-4FB1-B5E9-42B6A7E9070A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{44927DEC-9562-4A3B-BE85-96EBCF5E9614}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{4D7B8143-7626-43BC-99AB-773D0269E692}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{5AD5AECA-3227-4683-87E0-5F7C3C566BB7}" = protocol=17 | dir=in | app=c:\users\mastavase\appdata\roaming\bittorrent\bittorrent.exe |
"{5C4C61C5-7F5D-4C87-95A2-2F0AF4568341}" = protocol=6 | dir=in | app=c:\users\mastavase\appdata\roaming\bittorrent\bittorrent.exe |
"{663F4886-56FC-475F-B04A-C078B7BFC555}" = protocol=17 | dir=in | app=c:\users\mastavase\games\games storage\world in conflict\wic_ds.exe |
"{66C3085D-ADAE-4303-997D-DD4A681E7BBE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{66E4A1AA-1D26-4508-9726-A4EC0822EC80}" = protocol=17 | dir=in | app=c:\users\mastavase\games\games storage\world in conflict\wic_online.exe |
"{67AA6884-6BF9-42E4-9983-2653C3A6D4B2}" = protocol=17 | dir=in | app=c:\users\mastavase\games\games storage\assassin's creed lll\assassin's creed iii\assassinscreed3.exe |
"{77946097-65C7-4F48-A3C2-5637D766794E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{78721596-97AB-430B-A3E9-E4E715537EE6}" = protocol=6 | dir=in | app=c:\program files (x86)\edimax\pcie wireless lan\rtwlan.exe |
"{80F7AB4F-B2F4-4A4A-B889-FB5073CF3E6D}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{832B81C8-C8D0-479D-8898-8A7AB2E376A1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
"{879CD030-7907-4C41-8879-2AB1209198C6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{887E6AED-4EA5-469B-A873-3538E5931191}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe |
"{9603F425-FB7D-46A0-BABD-8D7CF3FD312C}" = protocol=6 | dir=in | app=c:\users\mastavase\games\games storage\world in conflict\wic.exe |
"{9AD5419E-7CAE-4545-85F7-B387AECF66FB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe |
"{9E6EA799-34F4-44FD-8B46-0624EF2775DC}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{A2E3978D-7049-4E10-8CAF-32EADE2CF462}" = protocol=17 | dir=in | app=c:\program files (x86)\edimax\pcie wireless lan\rtwlan.exe |
"{A33B9A70-1B5F-4BE5-9BCF-0D7011C43DCC}" = protocol=6 | dir=in | app=c:\users\mastavase\games\games storage\world in conflict\wic_ds.exe |
"{A7B081C6-0209-456F-964E-7834F5CE472C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes 2\reliccoh2.exe |
"{B005592D-94FA-4927-9349-5B1099CC8E62}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nexus the jupiter incident\runme.exe |
"{B7A8B14C-153B-47D1-B1EA-3270B6E89204}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{C0AC51D7-8CF1-432C-9F03-A3EDDB5B92A0}" = protocol=6 | dir=in | app=c:\users\mastavase\games\games storage\assassin's creed lll\assassin's creed iii\ac3sp.exe |
"{CEE95073-8481-4F09-A8CA-11D61EAD739C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{D5EBE4EE-175E-42B3-943B-45C1F19B26C6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
"{D63841C7-1506-4CD5-BF5D-B27B67F5B447}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nexus the jupiter incident\runme.exe |
"{D9AB265E-450A-41BC-ABCF-3EAA2436F2AC}" = protocol=17 | dir=in | app=c:\users\mastavase\games\games storage\world in conflict\wic.exe |
"{D9ADAB42-8F04-4029-989A-A60CCA989340}" = protocol=6 | dir=in | app=c:\users\mastavase\games\games storage\assassin's creed lll\assassin's creed iii\assassinscreed3.exe |
"{DB86FED9-AEEE-42D7-A70F-1295C486C9FE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DEDB5BCE-D952-4E24-830E-E4FC1A05156A}" = protocol=17 | dir=in | app=c:\program files (x86)\edimax\pcie wireless lan\rtldhcp.exe |
"{E1F4FF65-B75E-49D0-9D90-5BF5099CD921}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\eve.exe |
"{E21C80AB-C746-49F7-8A10-6BD1327F76EC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E2FF88F4-DB4F-4352-B459-A50F046CC6FC}" = protocol=17 | dir=in | app=c:\users\mastavase\games\games storage\war thunder\launcher.exe |
"{E3F2ED86-22EB-48B2-A0DD-97C8DD221463}" = protocol=6 | dir=in | app=c:\users\mastavase\games\games storage\war thunder\launcher.exe |
"{E44D46B8-B25F-4B11-8E42-BFB889126387}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{E7BCC6DC-FE5F-4C3C-9CFE-69ABC6CE4B5B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe |
"{ECA104AD-CDDD-4CEA-BDBF-FD19B48099AC}" = protocol=6 | dir=in | app=c:\users\mastavase\games\games storage\assassin's creed lll\assassin's creed iii\ac3mp.exe |
"{ECD0AAB8-155E-4CAD-904C-E1ADCF1EB6AE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ED4158AB-B35E-4C16-93A8-A5C35B9E7865}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{EFFB4589-6739-4222-9FCB-CC7CC4CE82C6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat |
"{F374581A-1877-47BB-B947-E35639B501F4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F8F24475-DFFB-4791-92C5-53A8AE372BC2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\eve.exe |
"TCP Query User{2C2BA547-2D83-4A30-8975-FD83CF1EEEBE}C:\users\mastavase\games\games storage\war thunder\aces.exe" = protocol=6 | dir=in | app=c:\users\mastavase\games\games storage\war thunder\aces.exe |
"TCP Query User{2D786F86-B903-4C2E-B97C-4CFA2051DEC4}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe |
"TCP Query User{36368978-A2B1-4964-8460-435922561044}C:\users\mastavase\games\games storage\gro\ghost recon online\pdc-live\ghostrecononline.exe" = protocol=6 | dir=in | app=c:\users\mastavase\games\games storage\gro\ghost recon online\pdc-live\ghostrecononline.exe |
"TCP Query User{41D2623E-561B-44D2-9BA3-B19941F86051}C:\users\mastavase\desktop\war thunder (dev server)\aces.exe" = protocol=6 | dir=in | app=c:\users\mastavase\desktop\war thunder (dev server)\aces.exe |
"TCP Query User{49DCCCA3-7C9B-42ED-A155-E7D30A885A49}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{4AAA7D48-B17A-4927-BDA1-52D608DAED55}C:\users\mastavase\desktop\war thunder\launcher.exe" = protocol=6 | dir=in | app=c:\users\mastavase\desktop\war thunder\launcher.exe |
"TCP Query User{7F666371-8BDA-4E5F-9FA8-62F3B6D6656D}C:\users\mastavase\desktop\war thunder (dev server)\launcher.exe" = protocol=6 | dir=in | app=c:\users\mastavase\desktop\war thunder (dev server)\launcher.exe |
"TCP Query User{9B0853FC-55B5-4E92-8CF5-DF71E5FB9B1C}C:\users\mastavase\appdata\local\apps\2.0\z4lm6qqt.a4r\8wp4botr.6xt\laun...app_59711684aa47878d_0001.001e_488c36b75bc31b10\launcher.exe" = protocol=6 | dir=in | app=c:\users\mastavase\appdata\local\apps\2.0\z4lm6qqt.a4r\8wp4botr.6xt\laun...app_59711684aa47878d_0001.001e_488c36b75bc31b10\launcher.exe |
"TCP Query User{9FAA7C70-9109-4673-81F6-F1AB0FF86A9F}C:\users\mastavase\games\games storage\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe" = protocol=6 | dir=in | app=c:\users\mastavase\games\games storage\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe |
"TCP Query User{B21F02E8-6D4B-4913-ABC2-622DE5451EF2}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{B897FC0D-0507-48A9-8A54-649EABCE60AA}C:\users\mastavase\desktop\war thunder\aces.exe" = protocol=6 | dir=in | app=c:\users\mastavase\desktop\war thunder\aces.exe |
"TCP Query User{C2B09147-9AFE-455E-A191-774682C497A2}C:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game |
"TCP Query User{FF9D0B11-7283-4503-97C5-3A2962DB6413}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe |
"UDP Query User{026FC95C-A10F-45B4-B6B8-446235655CD8}C:\users\mastavase\desktop\war thunder\launcher.exe" = protocol=17 | dir=in | app=c:\users\mastavase\desktop\war thunder\launcher.exe |
"UDP Query User{1266C7C8-27DF-407D-921D-F8CF3FA15546}C:\users\mastavase\appdata\local\apps\2.0\z4lm6qqt.a4r\8wp4botr.6xt\laun...app_59711684aa47878d_0001.001e_488c36b75bc31b10\launcher.exe" = protocol=17 | dir=in | app=c:\users\mastavase\appdata\local\apps\2.0\z4lm6qqt.a4r\8wp4botr.6xt\laun...app_59711684aa47878d_0001.001e_488c36b75bc31b10\launcher.exe |
"UDP Query User{3B907747-1B4B-432B-B766-34F8CA79DB4E}C:\users\mastavase\games\games storage\gro\ghost recon online\pdc-live\ghostrecononline.exe" = protocol=17 | dir=in | app=c:\users\mastavase\games\games storage\gro\ghost recon online\pdc-live\ghostrecononline.exe |
"UDP Query User{3F85D2C1-F282-441A-BE7D-7F9071029B53}C:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game |
"UDP Query User{542C210C-E2F1-4A45-82DE-5444AACED29D}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe |
"UDP Query User{5758515A-EB7A-4B6D-ADDF-109C29E6725B}C:\users\mastavase\games\games storage\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe" = protocol=17 | dir=in | app=c:\users\mastavase\games\games storage\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe |
"UDP Query User{754FAC54-4A6D-4A9B-9AB1-C6178D822B1C}C:\users\mastavase\desktop\war thunder (dev server)\aces.exe" = protocol=17 | dir=in | app=c:\users\mastavase\desktop\war thunder (dev server)\aces.exe |
"UDP Query User{8C02C58A-C23A-4D4B-A1AF-3C9D2C1794BA}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe |
"UDP Query User{8D738052-78A0-4D2F-8CDB-2D38C5F7265C}C:\users\mastavase\games\games storage\war thunder\aces.exe" = protocol=17 | dir=in | app=c:\users\mastavase\games\games storage\war thunder\aces.exe |
"UDP Query User{9E280B1A-86BF-4179-BD6F-106AC8A37C06}C:\users\mastavase\desktop\war thunder (dev server)\launcher.exe" = protocol=17 | dir=in | app=c:\users\mastavase\desktop\war thunder (dev server)\launcher.exe |
"UDP Query User{A648D9B2-F3A4-40D3-BE6E-A17A881AD401}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{A6F4948E-4359-4A67-9797-0829908D78BF}C:\users\mastavase\desktop\war thunder\aces.exe" = protocol=17 | dir=in | app=c:\users\mastavase\desktop\war thunder\aces.exe |
"UDP Query User{BE1E8C6B-B328-4807-BE5D-1A61AC34EFD0}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417013FF}" = Java 7 Update 13 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0081-0409-1000-0000000FF1CE}" = Microsoft Outlook Hotmail Connector 64-bit
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{E6B7BD80-A921-4C72-A68B-44A9EB438BE4}" = Microsoft IntelliType Pro 7.1
"{F1EC4151-805B-4097-B9BB-7D71A417AAF1}" = COMODO Firewall
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ASRock XFast RAM_is1" = ASRock XFast RAM v2.0.9
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.62.0
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.21
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WhoCrashed_is1" = WhoCrashed 4.01
"WinRAR archiver" = WinRAR 5.00 beta 5 (64-bit)
"XFast LAN" = XFast LAN v6.61
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 2.5.0
"{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{556BEFE2-30FF-4113-98F4-01234396DF2B}" = Edimax Wireless LAN Driver and Utility
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6F9D5A0B-202C-4161-BC7F-0664EA39E7E7}" = NVIDIA PhysX (Legacy)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed® III v1.04
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{EA561FC0-A965-11E2-94D3-B8AC6F98CCE3}" = Google Earth Plug-in
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.153
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.136
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict: Soviet Assault
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.3.1
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.257
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.29
"avast" = avast! Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"BitRaider Web Client" = BitRaider Web Client
"ESN Sonar-0.70.4" = ESN Sonar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Media Player - Codec Pack" = Media Player Codec Pack 4.2.5
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"potbs" = Pirates Of The Burning Sea
"PunkBusterSvc" = PunkBuster Services
"SpywareBlaster_is1" = SpywareBlaster 5.0
"Steam App 107410" = Arma 3 Alpha
"Steam App 218230" = PlanetSide 2
"Steam App 230410" = Warframe
"Steam App 231430" = Company of Heroes 2
"Steam App 6420" = Nexus: The Jupiter Incident
"Steam App 8510" = EVE Online Demo
"Steam App 8870" = BioShock Infinite
"Uplay" = Uplay
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"XFastUSB" = XFastUSB
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1179438607-1188683190-1257082983-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"World in Conflict MW Mod 3.5" = World in Conflict MW Mod 3.5
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14/06/2013 05:05:19 | Computer Name = NathansPC | Source = Application Error | ID = 1000
Description = Faulting application name: wic.exe, version: 1.0.1.1, time stamp:
0x4a2f7509  Faulting module name: wic.exe, version: 1.0.1.1, time stamp: 0x4a2f7509
Exception
 code: 0xc0000005  Fault offset: 0x006310c4  Faulting process id: 0x1600  Faulting application
 start time: 0x01ce68dc643b43ae  Faulting application path: C:\Users\MASTAVASE\Games\Games
 storage\World in Conflict\wic.exe  Faulting module path: C:\Users\MASTAVASE\Games\Games
 storage\World in Conflict\wic.exe  Report Id: 8923bbd6-d4d1-11e2-9921-bc5ff4482562
 
Error - 14/06/2013 05:38:51 | Computer Name = NathansPC | Source = Application Hang | ID = 1002
Description = The program RelicCoH2.exe version 3.0.0.9515 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 150c    Start
 Time: 01ce68e2542c0248    Termination Time: 300    Application Path: C:\Program Files (x86)\Steam\steamapps\common\Company
 of Heroes 2\RelicCoH2.exe    Report Id:   
 
Error - 15/06/2013 08:27:19 | Computer Name = NathansPC | Source = WinMgmt | ID = 10
Description =
 
Error - 15/06/2013 08:36:52 | Computer Name = NathansPC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\MASTAVASE\Downloads\esetsmartinstaller_enu.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 15/06/2013 08:37:06 | Computer Name = NathansPC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\MASTAVASE\Downloads\esetsmartinstaller_enu.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 15/06/2013 08:37:06 | Computer Name = NathansPC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\MASTAVASE\Downloads\esetsmartinstaller_enu.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 15/06/2013 08:37:09 | Computer Name = NathansPC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\MASTAVASE\Downloads\esetsmartinstaller_enu.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 15/06/2013 12:40:17 | Computer Name = NathansPC | Source = WinMgmt | ID = 10
Description =
 
Error - 15/06/2013 12:46:01 | Computer Name = NathansPC | Source = WinMgmt | ID = 10
Description =
 
Error - 15/06/2013 13:10:51 | Computer Name = NathansPC | Source = WinMgmt | ID = 10
Description =
 
Error - 15/06/2013 13:15:09 | Computer Name = NathansPC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 15/06/2013 08:28:00 | Computer Name = NathansPC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
 following error:   %%1069
 
Error - 15/06/2013 12:37:18 | Computer Name = NathansPC | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 15/06/2013 12:41:06 | Computer Name = NathansPC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
 with the currently configured password due to the following error:   %%1330    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).
 
Error - 15/06/2013 12:41:06 | Computer Name = NathansPC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
 following error:   %%1069
 
Error - 15/06/2013 12:46:37 | Computer Name = NathansPC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
 with the currently configured password due to the following error:   %%1330    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).
 
Error - 15/06/2013 12:46:37 | Computer Name = NathansPC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
 following error:   %%1069
 
Error - 15/06/2013 13:11:32 | Computer Name = NathansPC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
 with the currently configured password due to the following error:   %%1330    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).
 
Error - 15/06/2013 13:11:32 | Computer Name = NathansPC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
 following error:   %%1069
 
Error - 15/06/2013 13:15:42 | Computer Name = NathansPC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
 with the currently configured password due to the following error:   %%1330    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).
 
Error - 15/06/2013 13:15:42 | Computer Name = NathansPC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
 following error:   %%1069
 
 
< End of report >
 



#13 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:08:39 PM

Posted 15 June 2013 - 01:07 PM

We need to run an OTL Fix
  • Please reopen otlicon.png on your desktop.
  • Copy and Paste the following code into the customscanfix.png textbox.

    :OTL
    FF - prefs.js: browser.startup.homepage - hxxp://www.game-debate.com/
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
     
  • Push runfix.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
Any better after that?
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#14 MASTAVASE

MASTAVASE
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 15 June 2013 - 01:15 PM

Unfortunatly no, the problem still remains, I'm baffeld as to where it could of come from and what it really is myself.

 

All processes killed
========== OTL ==========
Prefs.js: browser.startup.homepage - hxxp://www.game-debate.com/ removed from refs.js
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: MASTAVASE
->Temp folder emptied: 21725648 bytes
->Temporary Internet Files folder emptied: 33367 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 86975347 bytes
->Flash cache emptied: 602 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 90940824 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 190.00 mb
 
 
[EMPTYJAVA]
 
User: All Users
 
User: Default
 
User: Default User
 
User: MASTAVASE
->Java cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
 
Total Java Files Cleaned = 0.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: MASTAVASE
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06152013_190900

Files\Folders moved on Reboot...
C:\Users\MASTAVASE\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 



#15 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:08:39 PM

Posted 15 June 2013 - 02:53 PM

Does it happen in all browsers or just one?
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users