PDA

View Full Version : Spring files



rudebadger
2015-10-17, 06:46
Hi I have managed to download spring files & wajam. My home page was changed & when opening a new tab my browser cycled through numerous pages before settling on one. I also find that when I click normally links on websites I normally a new tab opens which is then instantly blocked by firefox.

I have run superantispyware which a PUP, still had the same problems so ran it again but it came back with no results. Then ran malwarebytes which removed a second, but still had the same problems so ran it again with no results. Finally I have run ESET online scanner which removed wajam, but the problems are still unresolved.

I hope someone can help with resolving these problems, here are my FRST & aswMBR logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-10-2015
Ran by Ollie (administrator) on GAMING-PC (17-10-2015 04:19:40)
Running from C:\Springclean
Loaded Profiles: Ollie (Available Profiles: Ollie & Lisa)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
() C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
() C:\Program Files (x86)\Everything\Everything.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Edimax\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Edimax\Common\RaRegistry64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(MY.COM B.V.) C:\Users\Ollie\AppData\Local\MyComGames\MyComGames.exe
(Edimax Technology Co.) C:\Program Files (x86)\Edimax\Common\RaUI.exe
(Corsair Components Inc) C:\Program Files (x86)\Corsair\M95 Mouse\M95Hid.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Corsair Components Inc) C:\Program Files (x86)\Corsair\M65 Mouse\M65Hid.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Gaming Headset Software\HeadsetControlPanel.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Corsair Components Inc) C:\Program Files (x86)\Corsair\M95 Mouse\CorsTra.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2014-08-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2014-08-05] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-08-06] (COMODO)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-22] (Apple Inc.)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43608 2010-09-07] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-07-12] (Apple Inc.)
HKLM-x32\...\Run: [Corsair Duke] => C:\Program Files (x86)\Corsair\M95 Mouse\M95Hid.exe [1771520 2013-08-15] (Corsair Components Inc)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Corsair M65 Mouse] => C:\Program Files (x86)\Corsair\M65 Mouse\M65Hid.exe [1766912 2013-08-15] (Corsair Components Inc)
HKLM-x32\...\Run: [Corsair Gaming Headset Software] => C:\Program Files (x86)\Corsair\Corsair Gaming Headset Software\HeadsetControlPanel.exe [2918152 2014-08-18] (Corsair Components, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2015-07-10] (Adobe Systems Incorporated)
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7777560 2014-11-13] (SUPERAntiSpyware)
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\Run: [RGSC] => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2901584 2015-10-16] (Valve Corporation)
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-30] (Safer-Networking Ltd.)
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\Run: [MyComGames] => C:\Users\Ollie\AppData\Local\MyComGames\MyComGames.exe [4222408 2015-10-17] (MY.COM B.V.)
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\MountPoints2: {5eeb5042-52a5-11e3-9e7f-902b3498c9e3} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\MountPoints2: {f8046c24-548b-11e4-a3ba-902b3498c9e3} - F:\HTC_Sync_Manager_PC.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Utility.lnk [2012-11-09]
ShortcutTarget: Wireless Utility.lnk -> C:\Program Files (x86)\Edimax\Common\RaUI.exe (Edimax Technology Co.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-3501653021-3640964384-1111194576-1000] => hxxp://get-access.me/wpad.dat?78a8af66cfad197e51123a91d81d7e43804347
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{023BED95-0A6C-4A68-8987-05741C533FF6}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{603A00DB-9D40-47FE-A688-300242898DC5}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{603A00DB-9D40-47FE-A688-300242898DC5}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://uk.yahoo.com?fr=fp-comodo
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3501653021-3640964384-1111194576-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Ollie\AppData\Roaming\Mozilla\Firefox\Profiles\yv073wfk.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-16] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-16] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-25] (ESN Social Software AB)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3501653021-3640964384-1111194576-1000: @my.com/Games -> C:\Users\Ollie\AppData\Local\MyComGames\NPMyComDetector.dll [2015-10-01] (My.com, Inc)
FF Extension: Avira Browser Safety - C:\Users\Ollie\AppData\Roaming\Mozilla\Firefox\Profiles\yv073wfk.default\Extensions\abs@avira.com [2015-09-17]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-07-12] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-09-07] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-06] (COMODO)
S3 DAUpdaterSvc; C:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare)
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () [File not signed]
R2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
R2 Everything; C:\Program Files (x86)\Everything\Everything.exe [1048576 2015-07-02] () [File not signed] <==== ATTENTION
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342240 2015-10-06] (Futuremark)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-04-12] (Nero AG)
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72280 2010-09-07] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-17] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-17] (Malwarebytes)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AODDriver; C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21184 2015-08-05] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [806032 2015-08-05] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45856 2015-08-05] (COMODO)
R3 CORK70; C:\Windows\System32\drivers\CORK70.sys [25600 2012-10-31] ( )
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider)
S3 DUKEMS; C:\Windows\System32\drivers\DUKEMS.sys [25600 2012-08-16] ( )
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-08-02] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105096 2015-08-05] (COMODO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-17] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-17] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-17] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SnakeEyes; C:\Windows\System32\drivers\SnakeEyes.sys [25600 2012-09-05] ( )
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-17 04:18 - 2015-10-17 04:19 - 00000000 ____D C:\FRST
2015-10-17 04:16 - 2015-10-17 04:19 - 00000000 ____D C:\Springclean
2015-10-17 04:15 - 2015-10-17 04:15 - 00000207 _____ C:\Windows\tweaking.com-regbackup-GAMING-PC-Windows-7-Home-Premium-(64-bit).dat
2015-10-17 04:15 - 2015-10-17 04:15 - 00000000 ____D C:\RegBackup
2015-10-17 04:14 - 2015-10-17 04:14 - 00002239 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-10-17 04:14 - 2015-10-17 04:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-10-17 04:14 - 2015-10-17 04:14 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-10-17 04:13 - 2015-10-17 04:13 - 04777232 _____ (Tweaking.com) C:\Users\Ollie\Downloads\tweaking.com_registry_backup_setup.exe
2015-10-17 03:50 - 2015-10-17 03:50 - 10357568 _____ (SurfRight B.V.) C:\Users\Ollie\Downloads\HitmanPro.exe
2015-10-17 02:56 - 2015-10-17 02:56 - 02870984 _____ (ESET) C:\Users\Ollie\Downloads\esetsmartinstaller_enu.exe
2015-10-17 02:56 - 2015-10-17 02:56 - 00000000 ____D C:\Program Files (x86)\ESET
2015-10-17 02:22 - 2015-10-17 02:22 - 22908888 _____ (Malwarebytes ) C:\Users\Ollie\Downloads\mbam-setup-2.2.0.1024.exe
2015-10-17 02:22 - 2015-10-17 02:22 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-17 02:22 - 2015-10-17 02:22 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-17 02:22 - 2015-10-17 02:22 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-17 02:22 - 2015-10-17 02:22 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-17 02:22 - 2015-10-17 02:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-17 02:22 - 2015-10-17 02:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-17 02:15 - 2015-10-17 02:15 - 01682432 _____ C:\Users\Ollie\Downloads\adwcleaner_5.013.exe
2015-10-17 01:52 - 2015-10-17 01:53 - 00000874 _____ C:\AdwCleaner[S5].txt
2015-10-17 01:39 - 2015-10-17 01:39 - 00000000 ____D C:\Users\Ollie\AppData\Roaming\SpringFiles
2015-10-16 00:26 - 2015-10-17 02:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-13 20:38 - 2015-10-13 20:38 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-13 20:38 - 2015-10-13 20:38 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-13 20:38 - 2015-10-13 20:38 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-13 20:38 - 2015-10-13 20:38 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-13 20:38 - 2015-10-13 20:38 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-13 20:38 - 2015-10-13 20:38 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-13 20:38 - 2015-10-13 20:38 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-13 20:38 - 2015-10-13 20:38 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-13 20:38 - 2015-09-16 05:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-13 20:38 - 2015-09-16 05:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-13 20:38 - 2015-09-16 04:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-13 20:38 - 2015-09-16 04:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-13 20:37 - 2015-10-13 20:37 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-13 20:37 - 2015-10-13 20:37 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-13 20:37 - 2015-10-13 20:37 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-13 20:37 - 2015-10-13 20:37 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-13 20:37 - 2015-10-13 20:37 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-13 20:37 - 2015-10-13 20:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-10 12:33 - 2015-10-10 12:33 - 00000812 _____ C:\AdwCleaner[S4].txt
2015-10-06 18:23 - 2015-10-06 18:23 - 00000022 _____ C:\Windows\GPU-Z.INI
2015-10-06 18:22 - 2015-10-06 18:22 - 00000000 ____D C:\Program Files (x86)\Futuremark
2015-10-06 18:21 - 2015-10-06 18:23 - 00000000 ____D C:\Users\Ollie\Documents\3DMark 11
2015-10-06 18:21 - 2015-10-06 18:21 - 02883584 _____ C:\Users\Ollie\Downloads\Futuremark_SystemInfo_v440_installer.msi
2015-10-06 18:21 - 2015-10-06 18:21 - 00000000 ____D C:\Users\Ollie\AppData\Local\IsolatedStorage
2015-10-06 18:21 - 2015-10-06 18:21 - 00000000 ____D C:\Users\Ollie\AppData\Local\Futuremark
2015-10-06 18:11 - 2015-10-06 18:11 - 00001227 _____ C:\Users\Public\Desktop\3DMark 11.lnk
2015-10-06 18:11 - 2015-10-06 18:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
2015-10-06 18:11 - 2015-10-06 18:11 - 00000000 ____D C:\Program Files\Futuremark
2015-10-06 18:05 - 2015-10-06 18:08 - 271860249 _____ C:\Users\Ollie\Downloads\3DMark11-v1-0-132.zip
2015-10-06 18:04 - 2015-10-06 18:05 - 12261072 _____ (Novawave Inc. ) C:\Users\Ollie\Downloads\novabench3.exe
2015-10-05 23:30 - 2015-10-05 23:30 - 01199856 _____ ( ) C:\Users\Ollie\Downloads\hwmonitor_1.28.exe
2015-10-05 23:30 - 2015-10-05 23:30 - 00000930 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2015-10-05 23:30 - 2015-10-05 23:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-10-05 23:30 - 2015-10-05 23:30 - 00000000 ____D C:\Program Files\CPUID
2015-10-02 22:04 - 2015-10-02 22:06 - 300806184 _____ (AMD Inc.) C:\Users\Ollie\Downloads\amd-catalyst-15.7.1-with-dotnet45-win7-64bit.exe
2015-10-02 21:57 - 2015-10-02 21:57 - 04288048 _____ C:\Users\Ollie\Downloads\memtest86-iso.zip
2015-10-02 00:54 - 2015-10-02 06:50 - 00000137 _____ C:\Users\Ollie\Desktop\Armored Warfare Open Beta.url
2015-10-02 00:54 - 2015-10-02 00:54 - 00000000 ____D C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Armored Warfare MyCom Beta
2015-10-01 00:06 - 2015-10-01 00:06 - 00002017 _____ C:\Users\Ollie\Desktop\My.com Game Center.lnk
2015-10-01 00:06 - 2015-10-01 00:06 - 00000000 ____D C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games
2015-10-01 00:05 - 2015-10-17 03:44 - 00000000 ____D C:\Users\Ollie\AppData\Local\MyComGames
2015-10-01 00:05 - 2015-10-01 00:05 - 05481456 _____ (MY.COM B.V.) C:\Users\Ollie\Downloads\ArmwarMycomLoader.exe
2015-09-17 00:13 - 2015-09-17 01:31 - 00000000 ____D C:\Users\Ollie\Documents\Mount&Blade Warband Savegames
2015-09-17 00:12 - 2015-09-17 00:13 - 00000000 ____D C:\Users\Ollie\Documents\Mount&Blade Warband
2015-09-17 00:12 - 2015-09-17 00:13 - 00000000 ____D C:\Users\Ollie\AppData\Roaming\Mount&Blade Warband

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-17 04:17 - 2015-04-21 10:26 - 01820138 _____ C:\Windows\system32\Drivers\fvstore.dat
2015-10-17 04:17 - 2014-04-12 13:03 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-17 04:14 - 2015-03-30 19:20 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2015-10-17 03:59 - 2013-06-02 23:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-17 03:52 - 2009-07-14 05:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-17 03:52 - 2009-07-14 05:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-17 03:50 - 2009-07-14 06:13 - 00159100 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-17 03:47 - 2012-11-09 17:45 - 01802332 _____ C:\Windows\WindowsUpdate.log
2015-10-17 03:45 - 2013-06-13 20:27 - 00000000 ____D C:\Program Files (x86)\Steam
2015-10-17 03:44 - 2015-05-02 00:44 - 00019461 _____ C:\Windows\setupact.log
2015-10-17 03:44 - 2013-08-03 00:23 - 00000000 ____D C:\Users\Ollie\AppData\Local\HTC MediaHub
2015-10-17 03:44 - 2012-11-10 18:40 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-10-17 03:44 - 2012-11-09 18:23 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-10-17 03:44 - 2012-11-09 17:55 - 00000144 _____ C:\service.log
2015-10-17 03:44 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-17 02:34 - 2010-11-21 04:47 - 00423058 _____ C:\Windows\PFRO.log
2015-10-17 02:15 - 2015-08-06 20:04 - 00000000 ____D C:\AdwCleaner
2015-10-17 02:12 - 2014-11-18 01:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-17 01:39 - 2014-11-18 01:21 - 00001255 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-17 01:39 - 2014-11-18 01:21 - 00001243 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-10-17 01:39 - 2012-11-09 17:45 - 00001509 _____ C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-16 22:59 - 2013-06-02 23:34 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-16 22:59 - 2012-11-10 01:52 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-16 22:59 - 2012-11-10 01:52 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-14 00:05 - 2013-08-15 02:01 - 00000000 ____D C:\Windows\system32\MRT
2015-10-14 00:03 - 2012-11-10 17:17 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-13 20:29 - 2015-07-17 22:36 - 00066544 _____ C:\Users\Lisa\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-13 20:29 - 2015-07-17 22:36 - 00000000 ____D C:\Users\Lisa\AppData\Local\HTC MediaHub
2015-10-11 16:24 - 2015-04-25 19:58 - 00000057 _____ C:\Users\Ollie\Desktop\cooling.txt
2015-10-10 17:05 - 2014-10-21 22:37 - 00001664 _____ C:\Users\Ollie\Desktop\details.txt
2015-10-09 23:33 - 2015-02-21 17:55 - 00000000 ____D C:\Users\Ollie\AppData\Local\Steam
2015-10-06 18:11 - 2012-11-09 20:10 - 00496911 _____ C:\Windows\DirectX.log
2015-10-06 18:10 - 2014-08-05 15:57 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-05 21:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2012-12-19 23:21 - 2012-12-19 23:21 - 0000111 _____ () C:\Users\Ollie\AppData\Roaming\adu.xml
2014-08-05 17:40 - 2014-08-05 17:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Ollie\AppData\Local\Temp\rootsupd.exe
C:\Users\Ollie\AppData\Local\Temp\sqlite3.dll
C:\Users\Ollie\AppData\Local\Temp\_isD806.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-11 15:48

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-10-2015
Ran by Ollie (2015-10-17 04:20:19)
Running from C:\Springclean
Windows 7 Home Premium Service Pack 1 (X64) (2012-11-09 16:45:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3501653021-3640964384-1111194576-500 - Administrator - Disabled)
Guest (S-1-5-21-3501653021-3640964384-1111194576-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3501653021-3640964384-1111194576-1002 - Limited - Enabled)
Lisa (S-1-5-21-3501653021-3640964384-1111194576-1009 - Limited - Enabled) => C:\Users\Lisa
Ollie (S-1-5-21-3501653021-3640964384-1111194576-1000 - Administrator - Enabled) => C:\Users\Ollie

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: COMODO Antivirus (Enabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}
AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.24 - GIGABYTE)
3DMark 11 (HKLM-x32\...\{f9e83b9c-ab7e-4005-8f32-4ea69703a5e4}) (Version: 1.0.132.0 - Futuremark)
3DMark 11 (Version: 1.0.132.0 - Futuremark) Hidden
7-Zip 15.06 beta (HKLM-x32\...\7-Zip) (Version: 15.06 - Igor Pavlov)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Armored Warfare MyCom Beta (HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\Armored Warfare MyCom Beta) (Version: 1.45 - My.com B.V.)
Aslain's XVM WoT Modpack version 4.6.8 (HKLM-x32\...\ZRwTINhSZfduKONYrSCTiCiGPggQZdcLRvoAVxyCOXXpkHeC~1DC3968F_is1) (Version: 4.6.8 - Aslain)
AutoGreen B12.0206.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B12.0206.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
COMODO Internet Security Premium (HKLM\...\{68BE8BAB-5375-4C99-9116-1808F5968D40}) (Version: 8.1.0.4426 - COMODO Security Solutions Inc.)
Corsair Gaming Headset Software (HKLM-x32\...\{6118E939-08B6-4180-8B5B-97836617813B}) (Version: 2.0.35 - Corsair)
Corsair K70 Firmware Update Application (HKLM-x32\...\{8C9DA353-2101-4658-BAA7-53F88EA0D3AB}_is1) (Version: - )
Corsair M65 Firmware Update Application (HKLM-x32\...\{29484F2D-404A-4EF6-B774-DF5EC5BDF481}_is1) (Version: - )
Corsair M65 Gaming Mouse Driver V1.0 (HKLM-x32\...\{62CC0366-207F-4BC3-97B1-4D4615B5BF0B}_is1) (Version: 1.00.00.11 - )
Corsair M95 Firmware Update Application (HKLM-x32\...\{4E44154D-0699-4D6C-996F-66D47B9A40D2}_is1) (Version: - )
Corsair M95 Gaming Mouse Driver V1.0 (HKLM-x32\...\{9C9EA6B0-2138-4111-BF26-9D0D40D12C0F}_is1) (Version: 1.00.00.14 - )
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Crusader Kings II (HKLM-x32\...\Steam App 203770) (Version: - Paradox Development Studio)
Dokan Library 0.6.0 (HKLM-x32\...\DokanLibrary) (Version: - )
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.04 - Electronic Arts, Inc.)
Easy Tune 6 B12.0509.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B12.0509.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
EasySaver B9.1214.1 (HKLM-x32\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)
Edimax RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.5.0 - Edimax)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Etron USB3.0 Host Controller (x32 Version: 0.104 - Etron Technology) Hidden
Everything 1.3.4.686 (x86) (HKLM-x32\...\Everything) (Version: - )
Futuremark SystemInfo (HKLM-x32\...\{185D7B00-8600-4716-A619-D8CBE689974B}) (Version: 4.40.560.0 - Futuremark)
Gigabyte Raid Configurer (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.63.1 - GIGABYTE Technologies, Inc.)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.3.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{F838C3DD-5785-4F19-AD0F-BD532C8A31F4}) (Version: 2.1.46.0 - HTC)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version: - Monolith Productions, Inc.)
Mount & Blade (HKLM-x32\...\Steam App 22100) (Version: - TaleWorlds Entertainment)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - TaleWorlds Entertainment)
Mount & Blade: With Fire and Sword (HKLM-x32\...\Steam App 48720) (Version: - TaleWorlds Entertainment)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My.com Game Center (HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\MyComGames) (Version: 3.147 - My.com B.V.)
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
ON_OFF Charge B11.1102.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7106 - Realtek Semiconductor Corp.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.3.1 - Tweaking.com)
Warhammer® 40,000™: Dawn of War® II - Chaos Rising™ (HKLM-x32\...\Steam App 20570) (Version: - Relic Entertainment)
Warhammer® 40,000™: Dawn of War® II (HKLM-x32\...\Steam App 15620) (Version: - Relic Entertainment)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
World of Tanks (HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net)
World of Warships (HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814eu}_is1) (Version: - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

11-10-2015 21:07:35 Windows Backup
14-10-2015 00:00:31 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-07-30 20:46 - 00450892 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 15469 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {21FD3B25-29C2-447F-93CA-F418B38D494D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-16] (Adobe Systems Incorporated)
Task: {2AE452DD-7663-4C08-86D9-150C6FD9B29D} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-06] (COMODO)
Task: {3FACD55F-1894-47BD-ADAA-04DFE5A5BCFD} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-06] (COMODO)
Task: {4DA682FB-99CB-4AEA-AF79-8060720E11A4} - System32\Tasks\{F792DE50-AA36-4F10-8148-9E7EF9D76636} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {73C1E663-DBDF-45F2-BAE0-A9C921E39E62} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-06] (COMODO)
Task: {99146579-3923-4B7C-B229-3DA59088957D} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-06] (COMODO)
Task: {B3390CAB-97E0-4E55-B694-1DEB10AD59E3} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-06] (COMODO)
Task: {C1F54412-F95F-4A06-B8BF-CEA4B74277EE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-01-10 13:49 - 2011-01-10 13:49 - 00014848 _____ () C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
2012-11-09 17:55 - 2009-08-24 15:38 - 00068136 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
2015-07-02 22:54 - 2015-07-02 22:54 - 01048576 _____ () C:\Program Files (x86)\Everything\Everything.exe
2012-11-09 18:01 - 2010-09-07 10:46 - 00072280 ____R () C:\Windows\SysWOW64\XSrvSetup.exe
2013-08-03 00:22 - 2012-12-07 17:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2013-04-15 17:39 - 2015-01-08 23:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2013-08-01 20:33 - 2013-08-01 20:33 - 00169312 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2012-11-09 17:55 - 2009-03-13 12:30 - 00109096 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\YCC.DLL
2013-08-01 20:31 - 2013-08-01 20:31 - 00030056 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2013-08-01 20:32 - 2013-08-01 20:32 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2013-08-01 20:32 - 2013-08-01 20:32 - 00044392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2013-08-01 20:32 - 2013-08-01 20:32 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2013-08-01 20:33 - 2013-08-01 20:33 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2013-08-01 20:40 - 2013-08-01 20:40 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2015-10-01 00:05 - 2015-10-01 00:05 - 00144896 _____ () C:\Users\Ollie\AppData\Local\MyComGames\zlib1.dll
2015-10-01 00:05 - 2015-10-01 00:05 - 00062464 _____ () C:\Users\Ollie\AppData\Local\MyComGames\pxd.dll
2015-10-01 00:05 - 2015-10-01 00:05 - 00179144 _____ () C:\Users\Ollie\AppData\Local\MyComGames\LightUpdate.dll
2015-10-01 00:05 - 2015-10-01 00:05 - 02419488 _____ () C:\Users\Ollie\AppData\Local\MyComGames\BigUp2.dll
2015-08-26 10:18 - 2015-08-26 10:18 - 50425344 _____ () C:\Users\Ollie\AppData\Local\MyComGames\Chrome\3.2454.1317\libcef.dll
2012-11-09 18:28 - 2009-10-07 02:35 - 00901120 _____ () C:\Program Files (x86)\Edimax\Common\RaWLAPI.dll
2013-11-14 23:51 - 2013-05-26 15:40 - 00054272 _____ () C:\Program Files (x86)\Corsair\M95 Mouse\hidGetKey.dll
2014-12-28 18:42 - 2012-05-14 13:41 - 00043008 _____ () C:\Program Files (x86)\Corsair\M65 Mouse\hidGetKey.dll
2013-05-06 17:05 - 2015-10-09 23:33 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-19 21:59 - 2015-07-22 16:57 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-19 21:59 - 2015-07-22 16:57 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-19 21:59 - 2015-07-22 16:57 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-07-01 22:21 - 2015-10-16 22:34 - 02423376 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-29 20:56 - 2015-10-09 23:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 20:56 - 2015-10-09 23:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-29 20:56 - 2015-10-09 23:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 20:56 - 2015-10-09 23:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-29 20:56 - 2015-10-09 23:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-06-06 14:06 - 2015-10-16 22:34 - 00705104 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-07-22 16:57 - 2015-10-16 22:34 - 00193024 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2013-03-26 16:16 - 2015-10-08 23:20 - 45010208 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-01-19 21:59 - 2015-10-09 23:33 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aaclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdave64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdhcp64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdmantle64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdmmcl6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdocl_as64.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdocl_ld64.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdpcom64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiadlxx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiapfxx.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atibtmon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aticalcl64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aticaldd64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aticalrt64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aticfx64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atidemgy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atidxx64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atieclxx.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiesrxx.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atig6pxx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atig6txx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiglpxx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atimpc64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atimuixx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atio6axx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ATIODCLI.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ATIODE.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atisamu64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atitmm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiu9p64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiumd64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiumd6a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiuxp64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clinfo.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\coinst_14.50.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dns-sd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\GEARAspi64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jnwmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mantle64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mantleaxl64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OpenCL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OpenVideo64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OVDecode64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aaclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdave32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdhcp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdmantle32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdmmcl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdocl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdocl_as32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdocl_ld32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdpcom32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atiadlxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aticalcl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aticaldd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aticalrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aticfx32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atidxx32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atigktxx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atiglpxx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atimpc32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atioglxx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atisamu32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atiu9pag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atiumdag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atiumdva.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atiuxpag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dns-sd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\GEARAspi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mantle32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mantleaxl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\occache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OpenCL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OpenVideo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OVDecode.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\amdacpksd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ati2erec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\atikmdag.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\atikmdag.sys.bak:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\atikmpag.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\atikmpag.sys.bak:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Desktop\autodetectutility.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\autodetectutility.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Desktop\Display Driver Uninstaller.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\11713829_1223641617661299_793691498209012780_o.jpg:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\11713829_1223641617661299_793691498209012780_o.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\3DMark11-v1-0-132.zip:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\3DMark11-v1-0-132.zip:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\7z1506.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\7z1506.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\adwcleaner_5.013.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\adwcleaner_5.013.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\amd-catalyst-15.7.1-with-dotnet45-win7-64bit.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\amd-catalyst-15.7.1-with-dotnet45-win7-64bit.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-GB.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-GB.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\ArmwarMycomLoader.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\ArmwarMycomLoader.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\Aslains_XVM_WoT_Modpack_Installer_v.4.6.8_910.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\Aslains_XVM_WoT_Modpack_Installer_v.4.6.8_910.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\esetsmartinstaller_enu.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\esetsmartinstaller_enu.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\Futuremark_SystemInfo_v440_installer.msi:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\Futuremark_SystemInfo_v440_installer.msi:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\HitmanPro.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\HitmanPro.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\hwmonitor_1.28.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\hwmonitor_1.28.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\mbam-setup-2.2.0.1024.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\mbam-setup-2.2.0.1024.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\memtest86-iso.zip:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\memtest86-iso.zip:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\novabench3.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\novabench3.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\template.jpg:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\template.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\tweaking.com_registry_backup_setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\tweaking.com_registry_backup_setup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\WoT_internet_install_eu.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\WoT_internet_install_eu.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\WoWS_internet_install_eu.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\WoWS_internet_install_eu.exe:$CmdZnID

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 15753 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 156.154.70.22 - 156.154.71.22
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{57693123-6D81-46F1-A29B-103A8316E953}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E2D61947-CAAD-42E6-A1B8-CDF82AF738E9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EBCF617F-C492-448B-999A-A3A5844F0E06}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7F56CF5A-97AA-42E1-8D0D-1449B76DE4FD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{073DFCF0-9ED0-4697-8575-3F8EF5288D1C}] => (Allow) C:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{2BEFBC93-C3B9-4AE5-8B4A-8A3313F8E349}] => (Allow) C:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{7BB94A60-90C9-42DD-B8CE-5BD16827DAE2}] => (Allow) C:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe
FirewallRules: [{F515A6CB-144F-4EAE-AF36-D0AD592FB656}] => (Allow) C:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe
FirewallRules: [{B98CEFF2-7C68-4FD7-BD29-3790DA99F7D8}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{A76D94D3-DAC7-434F-A912-06FDFF7FC774}] => (Allow) C:\Windows\Temp\CMC_DRAGON\restart_helper.exe
FirewallRules: [{0DA5898E-0431-4826-A40E-89F18F20D94D}] => (Allow) C:\Windows\Temp\CMC_DRAGON\restart_helper.exe
FirewallRules: [{DE42BB9A-911F-44F5-B4EE-E42122737169}] => (Allow) C:\Windows\Temp\CMC_DRAGON\restart_helper.exe
FirewallRules: [{9419282F-AAF2-477F-872B-79EC07E6036A}] => (Allow) C:\Windows\Temp\CMC_DRAGON\restart_helper.exe
FirewallRules: [{B8E732A2-36CC-4006-8AE7-333546D71017}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{B9DECAD9-B37A-4B88-BA9F-714FE6F5E80F}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{CB4DAA4C-C6F2-46B4-8507-95E95EAA86A2}] => (Allow) C:\ProgramData\eSafe\eGdpSvc.exe
FirewallRules: [{5D2BFE37-EDB7-425E-BAB7-FACC4CB62731}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
FirewallRules: [{CEB19D6D-7926-4B1A-BDC7-D004D0269E3B}] => (Allow) C:\Games\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{EB9C7AA2-1FB6-492F-A16A-79C7F8924DBD}] => (Allow) C:\Games\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{6C70A579-A7B5-4B3F-9F4B-3447D62338AA}] => (Allow) C:\Games\Dragon Age\DAOriginsLauncher.exe
FirewallRules: [{7373ADBF-766D-4311-A551-A4394298A08A}] => (Allow) C:\Games\Dragon Age\DAOriginsLauncher.exe
FirewallRules: [{B2FA87E4-B840-430B-AC2A-03AF545A3923}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
FirewallRules: [{4A5985A9-48CC-4C5F-8375-B9994F4FB513}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{29484216-7ED3-43B7-8B33-491586C04BA2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A4AD10BE-9F9D-4269-9512-A7D7BA8DB95E}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
FirewallRules: [{4DB5D3D0-3D67-4366-8623-623D3546C952}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{99409EE6-9421-4ABF-9664-0EC0859783CD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7D406204-5B22-458E-858D-C7932BE225EA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{C1552EF1-8A93-41E5-9971-B99AE37CFE43}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [TCP Query User{4ADE1AE1-853C-4DD5-B122-72766D01D087}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{1116679B-E214-4A35-9AEF-F20E714CDF90}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{457A1534-EC97-4D86-879B-D1CD6C063DB7}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{CA9F1D8F-3975-4FBC-A10C-06A235CAA980}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [{5799148E-0D9D-492C-B727-C36BB7F3C1B4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EF29EA24-D5F9-404A-A9D0-2261D490EB42}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{42EA9344-B558-4156-BF3F-61E2D8B6944D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{6539B8FD-4C7E-466D-9B01-7DFACE2298C9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{A737F16D-97CA-4E74-A822-1609AD4403B6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{25D9FEB8-19DE-4EBA-9B82-F040D52A6FD6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{373E1A11-BD53-4EE1-897B-208B88A47542}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{CBEBAAEA-FA68-4F34-A1A8-A6F72B81794A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{ABDB5590-65E8-48EE-A5CC-9B9551BDD2D6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{56742189-4528-4262-89E7-32B844C978EA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{089EE90C-4194-45C3-BC1C-30BEC35ED335}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{F1F63541-C8CB-4EDD-A100-3A31C55BC1D7}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{29F53783-B4AC-47A5-9AD7-77FC64CCC00E}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{FE627920-BF0F-4AC9-A32D-6AF150A3C4C5}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{0714BF63-3AC9-482C-A9C2-52A3417E87AB}] => (Allow) C:\Program files (x86)\raidxpert2\apache\bin\httpd.exe
FirewallRules: [{F55318D7-4D13-4319-90DD-AC04F8C3B7D4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{494014B9-8EA9-4541-9DD1-B13691A6FC01}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{72EB2A00-0609-42CF-BE11-9E23C1EFEBD0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E27046DC-4BB7-40BA-A751-A177DECBB3D5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0F05D2A5-8D75-45E1-BDE8-60C36A04D5FC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{D149B3BC-CB0A-4B9B-BB23-E74022673DD2}] => (Allow) E:\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{90C78A4E-7182-413F-8FC8-F38CC5B0A4C9}] => (Allow) E:\World_of_Tanks\WorldofTanks.exe
FirewallRules: [{17C7B4BE-10DF-45D4-9C9D-563A864BBF61}] => (Allow) E:\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{96B1012E-C482-498B-BEF2-29361399D73C}] => (Allow) E:\World_of_Tanks\WorldofTanks.exe
FirewallRules: [{FA4444DB-2D0B-420C-A84A-97E7E3D1D0EA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War 2\DOW2.exe
FirewallRules: [{0BBB55CE-C27E-40B5-ADF0-CC8B2D5687A0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War 2\DOW2.exe
FirewallRules: [{00511F78-33DB-4A77-9F3D-729BEC001482}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mount and Blade\runme.exe
FirewallRules: [{FF2BB3D8-7FB3-47A9-BFC4-DF9D247154F0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mount and Blade\runme.exe
FirewallRules: [{23A3F365-2D78-4926-983C-BE1CEC56B3D1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{D0C0D638-3339-4F3A-B85E-3CA9F6CE2D7C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{A7968FAC-2277-4DB8-97E8-7C2BBA91DEB1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mount & Blade With Fire and Sword\mb_wfas.exe
FirewallRules: [{E3B34F64-938E-4087-A52B-CDC020F56CA4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mount & Blade With Fire and Sword\mb_wfas.exe
FirewallRules: [{DE6975F5-AA8C-4591-AC76-DF7B8FBC055D}] => (Allow) C:\Program Files (x86)\SpringFiles\SpringFiles.exe
FirewallRules: [{32BEAC66-AE96-4761-AFC8-98ED94A53912}] => (Allow) C:\Program Files (x86)\SpringFiles\SpringFiles.exe
FirewallRules: [{93CA2B2F-42A8-410B-9A4B-9434A2C656EA}] => (Allow) C:\Program Files (x86)\SpringFiles\downloader.exe
FirewallRules: [{640E0CCF-0CA2-40C3-89D8-3BA6AA576A6D}] => (Allow) C:\Program Files (x86)\SpringFiles\downloader.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/17/2015 04:14:07 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (10/17/2015 03:44:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/17/2015 02:56:48 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (10/17/2015 02:34:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/17/2015 02:12:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/16/2015 10:34:36 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to copy new service file to temp location

Error: (10/16/2015 10:32:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/15/2015 09:55:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/14/2015 09:03:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 41.0.1.5750 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14e8

Start Time: 01d106b4f049beef

Termination Time: 137

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 8f4b2e1f-72ae-11e5-9051-902b3498c9e3

Error: (10/14/2015 08:16:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/17/2015 03:42:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (10/17/2015 03:42:11 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Ollie\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/17/2015 03:42:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (10/17/2015 03:42:11 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Ollie\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/17/2015 03:42:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (10/17/2015 03:42:11 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Ollie\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/17/2015 03:42:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (10/17/2015 03:42:11 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Ollie\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/17/2015 03:42:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (10/17/2015 03:42:10 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Ollie\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


==================== Memory info ===========================

Processor: AMD FX(tm)-8120 Eight-Core Processor
Percentage of memory in use: 32%
Total physical RAM: 8173.24 MB
Available physical RAM: 5488 MB
Total Virtual: 16344.69 MB
Available Virtual: 13268.38 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:167.58 GB) (Free:14.29 GB) NTFS
Drive e: (Data drive) (Fixed) (Total:931.51 GB) (Free:644.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DEAEFB8F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 167.7 GB) (Disk ID: B8A0EC17)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=167.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-10-17 04:36:25
-----------------------------
04:36:25.376 OS Version: Windows x64 6.1.7601 Service Pack 1
04:36:25.376 Number of processors: 8 586 0x102
04:36:25.392 ComputerName: GAMING-PC UserName: Ollie
04:36:25.751 Initialize success
04:36:25.797 VM: initialized successfully
04:36:25.797 VM: Amd CPU BiosDisabled
04:38:35.493 AVAST engine defs: 15101601
04:38:46.295 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
04:38:46.295 Disk 0 Vendor: ST1000DM003-9YN162 CC4B Size: 953869MB BusType: 3
04:38:46.295 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-1
04:38:46.295 Disk 1 Vendor: Corsair_Force_3_SSD 5.03 Size: 171705MB BusType: 3
04:38:46.310 Disk 1 MBR read successfully
04:38:46.310 Disk 1 MBR scan
04:38:46.310 Disk 1 Windows 7 default MBR code
04:38:46.326 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
04:38:46.326 Disk 1 default boot code
04:38:46.326 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 171603 MB offset 206848
04:38:46.342 Disk 1 scanning C:\Windows\system32\drivers
04:38:49.686 Service scanning
04:38:59.222 Modules scanning
04:38:59.222 Disk 1 trace - called modules:
04:38:59.222 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
04:38:59.238 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800725e060]
04:38:59.238 3 CLASSPNP.SYS[fffff88000c4543f] -> nt!IofCallDriver -> [0xfffffa8007009520]
04:38:59.238 5 ACPI.sys[fffff88000f737a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-1[0xfffffa8007006680]
04:38:59.596 AVAST engine scan C:\Windows
04:39:01.974 AVAST engine scan C:\Windows\system32
04:40:56.820 AVAST engine scan C:\Windows\system32\drivers
04:41:01.011 AVAST engine scan C:\Users\Ollie
04:41:45.778 AVAST engine scan C:\ProgramData
04:42:11.977 Disk 1 statistics 3598783/0/0 @ 47.87 MB/s
04:42:11.977 Scan finished successfully
04:45:03.822 Disk 1 MBR has been saved successfully to "C:\Users\Ollie\Desktop\MBR.dat"
04:45:03.822 The log file has been saved successfully to "C:\Users\Ollie\Desktop\aswMBR.txt

Many thanks in advance for any help with this :)

Juliet
2015-10-17, 20:14
Running from C:\Springclean

We really need to move FRST to desktop.

Go to C:\Springclean, locate Farbar Recovery Scan Tool, right click and select CUT
Go to an open spot on your desktop, right click and select PASTE
You should now have Farbar Recovery Scan Tool on your desktop.


Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG




start
CreateRestorePoint:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
R2 Everything; C:\Program Files (x86)\Everything\Everything.exe [1048576 2015-07-02] () [File not signed] <==== ATTENTION
2015-10-17 01:39 - 2015-10-17 01:39 - 00000000 ____D C:\Users\Ollie\AppData\Roaming\SpringFiles
C:\Users\Ollie\AppData\Local\Temp\rootsupd.exe
C:\Users\Ollie\AppData\Local\Temp\sqlite3.dll
C:\Users\Ollie\AppData\Local\Temp\_isD806.exe
FirewallRules: [{DE6975F5-AA8C-4591-AC76-DF7B8FBC055D}] => (Allow) C:\Program Files (x86)\SpringFiles\SpringFiles.exe
FirewallRules: [{32BEAC66-AE96-4761-AFC8-98ED94A53912}] => (Allow) C:\Program Files (x86)\SpringFiles\SpringFiles.exe
FirewallRules: [{93CA2B2F-42A8-410B-9A4B-9434A2C656EA}] => (Allow) C:\Program Files (x86)\SpringFiles\downloader.exe
FirewallRules: [{640E0CCF-0CA2-40C3-89D8-3BA6AA576A6D}] => (Allow) C:\Program Files (x86)\SpringFiles\downloader.exe
EmptyTemp:
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
End


Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~~~`

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) and save the file to your Desktop.
Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[SX].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[SX].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/)
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


~~~~~~~~~~~~~~~`
please post
Fixlog.txt
AdwCleaner[CX].txt
JRT.txt

rudebadger
2015-10-18, 03:50
Hi Juliet,

Thanks very much for the quick response, I followed your instructions here are the logs:

Fix result of Farbar Recovery Scan Tool (x64) Version:17-10-2015
Ran by Ollie (2015-10-18 01:14:50) Run:1
Running from C:\Users\Ollie\Desktop
Loaded Profiles: Ollie (Available Profiles: Ollie & Lisa)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
R2 Everything; C:\Program Files (x86)\Everything\Everything.exe [1048576 2015-07-02] () [File not signed] <==== ATTENTION
2015-10-17 01:39 - 2015-10-17 01:39 - 00000000 ____D C:\Users\Ollie\AppData\Roaming\SpringFiles
C:\Users\Ollie\AppData\Local\Temp\rootsupd.exe
C:\Users\Ollie\AppData\Local\Temp\sqlite3.dll
C:\Users\Ollie\AppData\Local\Temp\_isD806.exe
FirewallRules: [{DE6975F5-AA8C-4591-AC76-DF7B8FBC055D}] => (Allow) C:\Program Files (x86)\SpringFiles\SpringFiles.exe
FirewallRules: [{32BEAC66-AE96-4761-AFC8-98ED94A53912}] => (Allow) C:\Program Files (x86)\SpringFiles\SpringFiles.exe
FirewallRules: [{93CA2B2F-42A8-410B-9A4B-9434A2C656EA}] => (Allow) C:\Program Files (x86)\SpringFiles\downloader.exe
FirewallRules: [{640E0CCF-0CA2-40C3-89D8-3BA6AA576A6D}] => (Allow) C:\Program Files (x86)\SpringFiles\downloader.exe
EmptyTemp:
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
End
*****************

Restore point was successfully created.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
Everything => Service stopped successfully.
Everything => service removed successfully
C:\Users\Ollie\AppData\Roaming\SpringFiles => moved successfully
C:\Users\Ollie\AppData\Local\Temp\rootsupd.exe => moved successfully
C:\Users\Ollie\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Users\Ollie\AppData\Local\Temp\_isD806.exe => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DE6975F5-AA8C-4591-AC76-DF7B8FBC055D} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{32BEAC66-AE96-4761-AFC8-98ED94A53912} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{93CA2B2F-42A8-410B-9A4B-9434A2C656EA} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{640E0CCF-0CA2-40C3-89D8-3BA6AA576A6D} => value removed successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset all =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========

EmptyTemp: => 1.2 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 01:15:22 ====

# AdwCleaner v5.013 - Logfile created 18/10/2015 at 01:26:40
# Updated 09/10/2015 by Xplode
# Database : 2015-10-16.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Ollie - GAMING-PC
# Running from : C:\Users\Ollie\Desktop\adwcleaner_5.013.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****

[-] File Deleted : C:\Users\Ollie\AppData\Roaming\Mozilla\Firefox\Profiles\yv073wfk.default\searchplugins\search-provided-by-bing.xml

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[!] Key Not Deleted : [x64] HKCU\Software\PRODUCTSETUP

***** [ Web browsers ] *****


*************************

:: Winsock settings cleared

*************************

C:\AdwCleaner[C2].txt - [841 bytes] - [15/08/2015 14:39:36]
C:\AdwCleaner[S3].txt - [688 bytes] - [15/08/2015 14:30:10]
C:\AdwCleaner[S4].txt - [812 bytes] - [10/10/2015 12:33:14]
C:\AdwCleaner[S5].txt - [874 bytes] - [17/10/2015 01:52:51]

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1162 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Home Premium x64
Ran by Ollie on 18/10/2015 at 1:32:35.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Ollie\AppData\Roaming\mozilla\firefox\profiles\yv073wfk.default\minidumps [8 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18/10/2015 at 1:45:13.01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

rudebadger
2015-10-18, 03:57
Hi again, not sure if it is connected but have had 2 blue screen crashes. The most recent was on restarting my PC after posting my last response to you.

Juliet
2015-10-18, 04:54
Hi again, not sure if it is connected but have had 2 blue screen crashes. The most recent was on restarting my PC after posting my last response to you.

We can try to check that out later.

Open Malwarebytes

On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

When the scan is finished and the log pops up...select Copy to Clipboard

Please paste the log back into this thread for review

Exit Malwarebytes

~~~~~~~~~~~~~~~~~~~~~~``

http://i24.photobucket.com/albums/c30/ken545/MBAM%20Application_zps7zm0ftdm.png (http://s24.photobucket.com/user/ken545/media/MBAM%20Application_zps7zm0ftdm.png.html)

1. Open up Malwarebytes and you will be on the Dashboard
2. Click on the History Tab
3. Then click on Application Logs
4. Double click on the SCAN LOG (Not Protection Log ) you just ran
5. When it opens it will look like this



http://i24.photobucket.com/albums/c30/ken545/MBAM%20Export_zpsjbtttjun.jpg (http://s24.photobucket.com/user/ken545/media/MBAM%20Export_zpsjbtttjun.jpg.html)

6. Then click on Export
7. On the drop down list click on Copy to Clipboard
8. Then paste the log back into this thread

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list and then click on the log to highlight it.

Click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.


~~~~~~~~~~~~~~~~~~~~~~~~~~~

rudebadger
2015-10-18, 13:40
Hi, again I ran the Malwarebytes scan but did not get a log at the end of it, here is the scan log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 18/10/2015
Scan Time: 11:18
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.10.18.01
Rootkit Database: v2015.10.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ollie

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 374499
Time Elapsed: 5 min, 55 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Juliet
2015-10-18, 14:13
Tell me what the computer is doing now.


What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.



Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

http://i.imgur.com/GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

Please download ESET Online Scan (http://download.eset.com/special/eos/esetsmartinstaller_enu.exe) and save the file to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).
Double-click esetsmartinstaller_enu.exe to run the programme.
Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
Agree to the Terms of Use once more and click Start. Allow components to download.
Place a checkmark next to Enable detection of potentially unwanted applications.
Click Advanced settings. Place a checkmark next to:

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology


Ensure Remove found threats is unchecked.
Click Start.
Wait for the scan to finish. Please be patient as this can take some time.
Upon completion, click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png. If no threats were found, skip the next two bullet points.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
Push the Back button.
Place a checkmark next to http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.

rudebadger
2015-10-18, 20:09
My computer still does not go to the correct home page when I open firefox, it goes to a page called esurf.biz. When I am surfing on sites I usually visit if I click a link it sometimes tries to open a new tab occasionally these go to a page but most of the time Avira blocks the page from opening.

Here are the results of the eset scan:

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Users\Ollie\Downloads\winzip19-lan.exe a variant of Win32/InstallCore.ACZ potentially unwanted application
C:\Windows\Installer\75a7f9.msi a variant of Win32/Systweak.L potentially unwanted application

Juliet
2015-10-18, 21:53
Let's see if this next script can help.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG




start
CloseProcesses:
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe
C:\Users\Ollie\Downloads\winzip19-lan.exe
C:\Windows\Installer\75a7f9.msi
EmptyTemp:
Hosts:
End


Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Post this log when finished.

rudebadger
2015-10-18, 23:02
Ok here is the report:
Fix result of Farbar Recovery Scan Tool (x64) Version:17-10-2015
Ran by Ollie (2015-10-18 20:46:36) Run:2
Running from C:\Users\Ollie\Desktop
Loaded Profiles: Ollie (Available Profiles: Ollie & Lisa)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe
C:\Users\Ollie\Downloads\winzip19-lan.exe
C:\Windows\Installer\75a7f9.msi
EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe => moved successfully
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll => moved successfully
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe => moved successfully
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe => moved successfully
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe => moved successfully
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe => moved successfully
C:\Users\Ollie\Downloads\winzip19-lan.exe => moved successfully
C:\Windows\Installer\75a7f9.msi => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 264.8 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 20:46:38 ====

When I ran firefox again I still got redirected to the page I mentioned in my last post, but my browser no longer tries to open new tabs when I click on links on websites. However I am now getting almost constant popups from malwarebytes saying that it has blocked a malicious website. The popup says that it is linked to C:\Users\Ollie\AppData\Local\MyComGames\MyComGames.exe

Juliet
2015-10-19, 02:50
let's see if we reset Firefox if we can get rid of it that way.

Instructions on how to backup your Favourites/Bookmarks and other data can be found below.
Backup Firefox Bookmarks (https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer)

Proceed with the reset once done.

Firefox: Reset Firefox (https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems)


~~~~~~~~~~~~~
Also


Right-Click FRST.exe / FRST64.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Yes to the disclaimer.

Check Shortcut.txt
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.



~~~~~~~~~~~~~~~~`

Did you install MyComGames ?


https://www.reddit.com/r/ArmoredWarfare/comments/3ecyap/why_does_this_game_hate_my_malwarebytes_antivuris/
probable false positive detections
game launcher provided by Skyforge

If the notifications are too frequent, and you wish to disable them while still allowing Malwarebytes Anti-Malware to continue protecting your PC by blocking the malicious websites, please follow the steps on this article:
https://support.malwarebytes.org/customer/portal/articles/1835324?b_id=6400

Alternatively, if you would like to stop Malwarebytes Anti-Malware from blocking the program entirely, you may follow the steps on this article:
https://support.malwarebytes.org/customer/portal/articles/1835326?b_id=6400

rudebadger
2015-10-19, 21:31
Ok I tried the reset but no joy, firefox still opens on the esurf.biz page.

Yes I did install MyComGames, but was just worried that it might have become infected. Looking at the reddit thread it seems to be a known issue, thanks for the help with that :)

Here are the scan reports:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-10-2015
Ran by Ollie (administrator) on GAMING-PC (19-10-2015 19:04:02)
Running from C:\Users\Ollie\Desktop
Loaded Profiles: Ollie (Available Profiles: Ollie & Lisa)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
() C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Edimax\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Edimax\Common\RaRegistry64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(MY.COM B.V.) C:\Users\Ollie\AppData\Local\MyComGames\MyComGames.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Edimax Technology Co.) C:\Program Files (x86)\Edimax\Common\RaUI.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(Corsair Components Inc) C:\Program Files (x86)\Corsair\M95 Mouse\M95Hid.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Corsair Components Inc) C:\Program Files (x86)\Corsair\M65 Mouse\M65Hid.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Gaming Headset Software\HeadsetControlPanel.exe
(Corsair Components Inc) C:\Program Files (x86)\Corsair\M95 Mouse\CorsTra.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2014-08-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2014-08-05] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-08-06] (COMODO)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-17] (Apple Inc.)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43608 2010-09-07] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-17] (Apple Inc.)
HKLM-x32\...\Run: [Corsair Duke] => C:\Program Files (x86)\Corsair\M95 Mouse\M95Hid.exe [1771520 2013-08-15] (Corsair Components Inc)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Corsair M65 Mouse] => C:\Program Files (x86)\Corsair\M65 Mouse\M65Hid.exe [1766912 2013-08-15] (Corsair Components Inc)
HKLM-x32\...\Run: [Corsair Gaming Headset Software] => C:\Program Files (x86)\Corsair\Corsair Gaming Headset Software\HeadsetControlPanel.exe [2918152 2014-08-18] (Corsair Components, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2015-07-10] (Adobe Systems Incorporated)
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7777560 2014-11-13] (SUPERAntiSpyware)
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\Run: [RGSC] => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2901584 2015-10-16] (Valve Corporation)
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-30] (Safer-Networking Ltd.)
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\Run: [MyComGames] => C:\Users\Ollie\AppData\Local\MyComGames\MyComGames.exe [4222408 2015-10-17] (MY.COM B.V.)
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\MountPoints2: {5eeb5042-52a5-11e3-9e7f-902b3498c9e3} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\MountPoints2: {f8046c24-548b-11e4-a3ba-902b3498c9e3} - F:\HTC_Sync_Manager_PC.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-10-17]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-10-17]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Utility.lnk [2012-11-09]
ShortcutTarget: Wireless Utility.lnk -> C:\Program Files (x86)\Edimax\Common\RaUI.exe (Edimax Technology Co.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-3501653021-3640964384-1111194576-1000] => hxxp://get-access.me/wpad.dat?78a8af66cfad197e51123a91d81d7e43804347
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{023BED95-0A6C-4A68-8987-05741C533FF6}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{603A00DB-9D40-47FE-A688-300242898DC5}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{603A00DB-9D40-47FE-A688-300242898DC5}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-9aca07fe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-9aca07fe&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-9aca07fe&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3501653021-3640964384-1111194576-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-9aca07fe&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3501653021-3640964384-1111194576-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-9aca07fe&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3501653021-3640964384-1111194576-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Ollie\AppData\Roaming\Mozilla\Firefox\Profiles\utkgrewf.default-1445277530700
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-16] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-16] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-25] (ESN Social Software AB)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3501653021-3640964384-1111194576-1000: @my.com/Games -> C:\Users\Ollie\AppData\Local\MyComGames\NPMyComDetector.dll [2015-10-01] (My.com, Inc)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-17] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-09-07] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-06] (COMODO)
S3 DAUpdaterSvc; C:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare)
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () [File not signed]
R2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342240 2015-10-06] (Futuremark)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-04-12] (Nero AG)
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72280 2010-09-07] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-17] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-17] (Malwarebytes)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AODDriver; C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21184 2015-08-05] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [806032 2015-08-05] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45856 2015-08-05] (COMODO)
R3 CORK70; C:\Windows\System32\drivers\CORK70.sys [25600 2012-10-31] ( )
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider)
S3 DUKEMS; C:\Windows\System32\drivers\DUKEMS.sys [25600 2012-08-16] ( )
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-08-02] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105096 2015-08-05] (COMODO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-17] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-19] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-17] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SnakeEyes; C:\Windows\System32\drivers\SnakeEyes.sys [25600 2012-09-05] ( )
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-19 19:04 - 2015-10-19 19:04 - 00016897 _____ C:\Users\Ollie\Desktop\FRST.txt
2015-10-18 18:04 - 2015-10-18 18:04 - 00001936 _____ C:\Users\Ollie\Desktop\esetresults.txt
2015-10-18 11:37 - 2015-10-18 11:37 - 00001050 _____ C:\Users\Ollie\Desktop\mbam.txt
2015-10-18 01:53 - 2015-10-18 01:53 - 00319952 _____ C:\Windows\Minidump\101815-13088-01.dmp
2015-10-18 01:45 - 2015-10-18 01:45 - 00000736 _____ C:\Users\Ollie\Desktop\JRT.txt
2015-10-18 01:31 - 2015-10-18 01:31 - 01801288 _____ (Malwarebytes) C:\Users\Ollie\Downloads\JRT.exe
2015-10-18 01:28 - 2015-10-18 01:28 - 00001245 _____ C:\Users\Ollie\Desktop\AdwCleaner[C3].txt
2015-10-18 01:23 - 2015-10-17 02:15 - 01682432 _____ C:\Users\Ollie\Desktop\adwcleaner_5.013.exe
2015-10-18 01:14 - 2015-10-18 01:14 - 00000000 ____D C:\Users\Ollie\Desktop\FRST-OlderVersion
2015-10-17 17:05 - 2015-10-18 01:55 - 00001438 _____ C:\Users\Ollie\Desktop\bsod.txt
2015-10-17 17:03 - 2015-10-17 17:03 - 00276880 _____ C:\Windows\Minidump\101715-13603-01.dmp
2015-10-17 16:27 - 2015-10-17 16:27 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-10-17 16:27 - 2015-10-17 16:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-10-17 16:27 - 2015-10-17 16:27 - 00000000 ____D C:\Program Files\iTunes
2015-10-17 16:27 - 2015-10-17 16:27 - 00000000 ____D C:\Program Files\iPod
2015-10-17 16:26 - 2015-10-17 16:26 - 00000000 ____D C:\Program Files\Bonjour
2015-10-17 16:26 - 2015-10-17 16:26 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-10-17 16:25 - 2015-10-17 16:25 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2015-10-17 16:25 - 2015-10-17 16:25 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-10-17 12:34 - 2015-10-17 12:43 - 00000000 ____D C:\Users\Ollie\AppData\Local\WinZip
2015-10-17 12:34 - 2015-10-17 12:42 - 00000000 ____D C:\ProgramData\WinZip
2015-10-17 12:34 - 2015-10-17 12:34 - 00002287 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-10-17 12:34 - 2015-10-17 12:34 - 00002281 _____ C:\Users\Public\Desktop\WinZip.lnk
2015-10-17 12:34 - 2015-10-17 12:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-10-17 12:34 - 2015-10-17 12:34 - 00000000 ____D C:\Program Files\WinZip
2015-10-17 04:45 - 2015-10-17 04:45 - 00002301 _____ C:\Users\Ollie\Desktop\aswMBR.txt
2015-10-17 04:45 - 2015-10-17 04:45 - 00000512 _____ C:\Users\Ollie\Desktop\MBR.dat
2015-10-17 04:20 - 2015-10-17 04:20 - 05198336 _____ (AVAST Software) C:\Users\Ollie\Desktop\aswMBR.exe
2015-10-17 04:18 - 2015-10-19 19:04 - 00000000 ____D C:\FRST
2015-10-17 04:18 - 2015-10-18 01:14 - 02196992 _____ (Farbar) C:\Users\Ollie\Desktop\FRST64.exe
2015-10-17 04:16 - 2015-10-18 01:12 - 00000000 ____D C:\Springclean
2015-10-17 04:15 - 2015-10-17 04:15 - 00000207 _____ C:\Windows\tweaking.com-regbackup-GAMING-PC-Windows-7-Home-Premium-(64-bit).dat
2015-10-17 04:15 - 2015-10-17 04:15 - 00000000 ____D C:\RegBackup
2015-10-17 04:14 - 2015-10-17 04:14 - 00002239 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-10-17 04:14 - 2015-10-17 04:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-10-17 04:14 - 2015-10-17 04:14 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-10-17 04:13 - 2015-10-17 04:13 - 04777232 _____ (Tweaking.com) C:\Users\Ollie\Downloads\tweaking.com_registry_backup_setup.exe
2015-10-17 03:50 - 2015-10-17 03:50 - 10357568 _____ (SurfRight B.V.) C:\Users\Ollie\Downloads\HitmanPro.exe
2015-10-17 02:56 - 2015-10-17 02:56 - 02870984 _____ (ESET) C:\Users\Ollie\Desktop\esetsmartinstaller_enu.exe
2015-10-17 02:56 - 2015-10-17 02:56 - 00000000 ____D C:\Program Files (x86)\ESET
2015-10-17 02:22 - 2015-10-17 02:22 - 22908888 _____ (Malwarebytes ) C:\Users\Ollie\Downloads\mbam-setup-2.2.0.1024.exe
2015-10-17 02:22 - 2015-10-17 02:22 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-17 02:22 - 2015-10-17 02:22 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-17 02:22 - 2015-10-17 02:22 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-17 02:22 - 2015-10-17 02:22 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-17 02:22 - 2015-10-17 02:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-17 02:22 - 2015-10-17 02:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-17 02:15 - 2015-10-17 02:15 - 01682432 _____ C:\Users\Ollie\Downloads\adwcleaner_5.013.exe
2015-10-17 01:52 - 2015-10-17 01:53 - 00000874 _____ C:\AdwCleaner[S5].txt
2015-10-16 00:26 - 2015-10-17 02:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-13 20:38 - 2015-10-13 20:38 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-13 20:38 - 2015-10-13 20:38 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-13 20:38 - 2015-10-13 20:38 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-13 20:38 - 2015-10-13 20:38 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-13 20:38 - 2015-10-13 20:38 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-13 20:38 - 2015-10-13 20:38 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-13 20:38 - 2015-10-13 20:38 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-13 20:38 - 2015-10-13 20:38 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-13 20:38 - 2015-09-16 05:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-13 20:38 - 2015-09-16 05:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-13 20:38 - 2015-09-16 04:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-13 20:38 - 2015-09-16 04:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-13 20:37 - 2015-10-13 20:37 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-13 20:37 - 2015-10-13 20:37 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-13 20:37 - 2015-10-13 20:37 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-13 20:37 - 2015-10-13 20:37 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-13 20:37 - 2015-10-13 20:37 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-13 20:37 - 2015-10-13 20:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-10 12:33 - 2015-10-10 12:33 - 00000812 _____ C:\AdwCleaner[S4].txt
2015-10-06 18:23 - 2015-10-06 18:23 - 00000022 _____ C:\Windows\GPU-Z.INI
2015-10-06 18:22 - 2015-10-06 18:22 - 00000000 ____D C:\Program Files (x86)\Futuremark
2015-10-06 18:21 - 2015-10-06 18:23 - 00000000 ____D C:\Users\Ollie\Documents\3DMark 11
2015-10-06 18:21 - 2015-10-06 18:21 - 02883584 _____ C:\Users\Ollie\Downloads\Futuremark_SystemInfo_v440_installer.msi
2015-10-06 18:21 - 2015-10-06 18:21 - 00000000 ____D C:\Users\Ollie\AppData\Local\IsolatedStorage
2015-10-06 18:21 - 2015-10-06 18:21 - 00000000 ____D C:\Users\Ollie\AppData\Local\Futuremark
2015-10-06 18:11 - 2015-10-06 18:11 - 00001227 _____ C:\Users\Public\Desktop\3DMark 11.lnk
2015-10-06 18:11 - 2015-10-06 18:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
2015-10-06 18:11 - 2015-10-06 18:11 - 00000000 ____D C:\Program Files\Futuremark
2015-10-06 18:05 - 2015-10-06 18:08 - 271860249 _____ C:\Users\Ollie\Downloads\3DMark11-v1-0-132.zip
2015-10-06 18:04 - 2015-10-06 18:05 - 12261072 _____ (Novawave Inc. ) C:\Users\Ollie\Downloads\novabench3.exe
2015-10-05 23:30 - 2015-10-05 23:30 - 01199856 _____ ( ) C:\Users\Ollie\Downloads\hwmonitor_1.28.exe
2015-10-05 23:30 - 2015-10-05 23:30 - 00000930 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2015-10-05 23:30 - 2015-10-05 23:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-10-05 23:30 - 2015-10-05 23:30 - 00000000 ____D C:\Program Files\CPUID
2015-10-02 22:04 - 2015-10-02 22:06 - 300806184 _____ (AMD Inc.) C:\Users\Ollie\Downloads\amd-catalyst-15.7.1-with-dotnet45-win7-64bit.exe
2015-10-02 21:57 - 2015-10-02 21:57 - 04288048 _____ C:\Users\Ollie\Downloads\memtest86-iso.zip
2015-10-02 00:54 - 2015-10-02 06:50 - 00000137 _____ C:\Users\Ollie\Desktop\Armored Warfare Open Beta.url
2015-10-02 00:54 - 2015-10-02 00:54 - 00000000 ____D C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Armored Warfare MyCom Beta
2015-10-01 00:06 - 2015-10-01 00:06 - 00002017 _____ C:\Users\Ollie\Desktop\My.com Game Center.lnk
2015-10-01 00:06 - 2015-10-01 00:06 - 00000000 ____D C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games
2015-10-01 00:05 - 2015-10-19 18:50 - 00000000 ____D C:\Users\Ollie\AppData\Local\MyComGames
2015-10-01 00:05 - 2015-10-01 00:05 - 05481456 _____ (MY.COM B.V.) C:\Users\Ollie\Downloads\ArmwarMycomLoader.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-19 18:59 - 2015-03-30 19:20 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2015-10-19 18:59 - 2013-06-02 23:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-19 18:58 - 2012-11-09 17:45 - 01964383 _____ C:\Windows\WindowsUpdate.log
2015-10-19 18:57 - 2009-07-14 05:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-19 18:57 - 2009-07-14 05:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-19 18:55 - 2009-07-14 06:13 - 00159100 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-19 18:50 - 2014-04-12 13:03 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-19 18:50 - 2013-08-03 00:23 - 00000000 ____D C:\Users\Ollie\AppData\Local\HTC MediaHub
2015-10-19 18:50 - 2013-06-13 20:27 - 00000000 ____D C:\Program Files (x86)\Steam
2015-10-19 18:49 - 2015-05-02 00:44 - 00020301 _____ C:\Windows\setupact.log
2015-10-19 18:49 - 2012-11-09 18:23 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-10-19 18:49 - 2012-11-09 17:55 - 00000144 _____ C:\service.log
2015-10-19 18:49 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-18 20:47 - 2012-11-10 18:40 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-10-18 01:53 - 2013-06-01 01:41 - 00000000 ____D C:\Windows\Minidump
2015-10-18 01:26 - 2015-08-06 20:04 - 00000000 ____D C:\AdwCleaner
2015-10-18 01:21 - 2015-04-21 10:26 - 01819954 _____ C:\Windows\system32\Drivers\fvstore.dat
2015-10-18 01:15 - 2014-02-23 22:55 - 00000000 ____D C:\Users\Ollie\AppData\LocalLow\Temp
2015-10-17 16:27 - 2013-06-08 17:23 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-10-17 16:27 - 2013-05-28 14:09 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-10-17 16:26 - 2015-08-12 16:03 - 00096528 _____ (Apple Inc.) C:\Windows\system32\dns-sd.exe
2015-10-17 16:26 - 2015-08-12 16:03 - 00084240 _____ (Apple Inc.) C:\Windows\SysWOW64\dns-sd.exe
2015-10-17 16:25 - 2013-05-28 14:09 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-10-17 11:33 - 2015-05-17 13:17 - 00000000 ____D C:\Windows\rescache
2015-10-17 04:35 - 2014-10-21 22:37 - 00001728 _____ C:\Users\Ollie\Desktop\details.txt
2015-10-17 02:34 - 2010-11-21 04:47 - 00423058 _____ C:\Windows\PFRO.log
2015-10-17 02:12 - 2014-11-18 01:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-17 01:39 - 2014-11-18 01:21 - 00001255 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-17 01:39 - 2014-11-18 01:21 - 00001243 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-10-17 01:39 - 2012-11-09 17:45 - 00001509 _____ C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-16 22:59 - 2013-06-02 23:34 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-16 22:59 - 2012-11-10 01:52 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-16 22:59 - 2012-11-10 01:52 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-14 00:05 - 2013-08-15 02:01 - 00000000 ____D C:\Windows\system32\MRT
2015-10-14 00:03 - 2012-11-10 17:17 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-13 20:29 - 2015-07-17 22:36 - 00066544 _____ C:\Users\Lisa\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-13 20:29 - 2015-07-17 22:36 - 00000000 ____D C:\Users\Lisa\AppData\Local\HTC MediaHub
2015-10-11 16:24 - 2015-04-25 19:58 - 00000057 _____ C:\Users\Ollie\Desktop\cooling.txt
2015-10-09 23:33 - 2015-02-21 17:55 - 00000000 ____D C:\Users\Ollie\AppData\Local\Steam
2015-10-06 18:11 - 2012-11-09 20:10 - 00496911 _____ C:\Windows\DirectX.log
2015-10-06 18:10 - 2014-08-05 15:57 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-05 21:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2012-12-19 23:21 - 2012-12-19 23:21 - 0000111 _____ () C:\Users\Ollie\AppData\Roaming\adu.xml
2014-08-05 17:40 - 2014-08-05 17:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-11 15:48

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-10-2015
Ran by Ollie (2015-10-19 19:04:36)
Running from C:\Users\Ollie\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-11-09 16:45:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3501653021-3640964384-1111194576-500 - Administrator - Disabled)
Guest (S-1-5-21-3501653021-3640964384-1111194576-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3501653021-3640964384-1111194576-1002 - Limited - Enabled)
Lisa (S-1-5-21-3501653021-3640964384-1111194576-1009 - Limited - Enabled) => C:\Users\Lisa
Ollie (S-1-5-21-3501653021-3640964384-1111194576-1000 - Administrator - Enabled) => C:\Users\Ollie

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: COMODO Antivirus (Enabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}
AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.24 - GIGABYTE)
3DMark 11 (HKLM-x32\...\{f9e83b9c-ab7e-4005-8f32-4ea69703a5e4}) (Version: 1.0.132.0 - Futuremark)
3DMark 11 (Version: 1.0.132.0 - Futuremark) Hidden
7-Zip 15.06 beta (HKLM-x32\...\7-Zip) (Version: 15.06 - Igor Pavlov)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{A50679D9-6CBD-4FCD-BACB-62EF3894F6F3}) (Version: 4.0.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{1F72FDD5-A069-45B4-928F-D0F16492DC69}) (Version: 4.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Armored Warfare MyCom Beta (HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\Armored Warfare MyCom Beta) (Version: 1.45 - My.com B.V.)
Aslain's XVM WoT Modpack version 4.6.8 (HKLM-x32\...\ZRwTINhSZfduKONYrSCTiCiGPggQZdcLRvoAVxyCOXXpkHeC~1DC3968F_is1) (Version: 4.6.8 - Aslain)
AutoGreen B12.0206.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B12.0206.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
COMODO Internet Security Premium (HKLM\...\{68BE8BAB-5375-4C99-9116-1808F5968D40}) (Version: 8.1.0.4426 - COMODO Security Solutions Inc.)
Corsair Gaming Headset Software (HKLM-x32\...\{6118E939-08B6-4180-8B5B-97836617813B}) (Version: 2.0.35 - Corsair)
Corsair K70 Firmware Update Application (HKLM-x32\...\{8C9DA353-2101-4658-BAA7-53F88EA0D3AB}_is1) (Version: - )
Corsair M65 Firmware Update Application (HKLM-x32\...\{29484F2D-404A-4EF6-B774-DF5EC5BDF481}_is1) (Version: - )
Corsair M65 Gaming Mouse Driver V1.0 (HKLM-x32\...\{62CC0366-207F-4BC3-97B1-4D4615B5BF0B}_is1) (Version: 1.00.00.11 - )
Corsair M95 Firmware Update Application (HKLM-x32\...\{4E44154D-0699-4D6C-996F-66D47B9A40D2}_is1) (Version: - )
Corsair M95 Gaming Mouse Driver V1.0 (HKLM-x32\...\{9C9EA6B0-2138-4111-BF26-9D0D40D12C0F}_is1) (Version: 1.00.00.14 - )
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Crusader Kings II (HKLM-x32\...\Steam App 203770) (Version: - Paradox Development Studio)
Dokan Library 0.6.0 (HKLM-x32\...\DokanLibrary) (Version: - )
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.04 - Electronic Arts, Inc.)
Easy Tune 6 B12.0509.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B12.0509.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
EasySaver B9.1214.1 (HKLM-x32\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)
Edimax RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.5.0 - Edimax)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Etron USB3.0 Host Controller (x32 Version: 0.104 - Etron Technology) Hidden
Everything 1.3.4.686 (x86) (HKLM-x32\...\Everything) (Version: - )
Futuremark SystemInfo (HKLM-x32\...\{185D7B00-8600-4716-A619-D8CBE689974B}) (Version: 4.40.560.0 - Futuremark)
Gigabyte Raid Configurer (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.63.1 - GIGABYTE Technologies, Inc.)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.3.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{F838C3DD-5785-4F19-AD0F-BD532C8A31F4}) (Version: 2.1.46.0 - HTC)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{96984DE8-1DB8-425C-AC8C-3098BC696F04}) (Version: 12.3.0.44 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version: - Monolith Productions, Inc.)
Mount & Blade (HKLM-x32\...\Steam App 22100) (Version: - TaleWorlds Entertainment)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - TaleWorlds Entertainment)
Mount & Blade: With Fire and Sword (HKLM-x32\...\Steam App 48720) (Version: - TaleWorlds Entertainment)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My.com Game Center (HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\MyComGames) (Version: 3.147 - My.com B.V.)
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
ON_OFF Charge B11.1102.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7106 - Realtek Semiconductor Corp.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.3.1 - Tweaking.com)
Warhammer® 40,000™: Dawn of War® II - Chaos Rising™ (HKLM-x32\...\Steam App 20570) (Version: - Relic Entertainment)
Warhammer® 40,000™: Dawn of War® II (HKLM-x32\...\Steam App 15620) (Version: - Relic Entertainment)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}) (Version: 19.5.11532 - WinZip Computing, S.L. )
World of Tanks (HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net)
World of Warships (HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814eu}_is1) (Version: - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

18-10-2015 01:14:52 Restore Point Created by FRST
18-10-2015 01:32:38 JRT Pre-Junkware Removal
18-10-2015 19:00:03 Windows Backup

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-10-18 20:46 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {21FD3B25-29C2-447F-93CA-F418B38D494D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-16] (Adobe Systems Incorporated)
Task: {2AE452DD-7663-4C08-86D9-150C6FD9B29D} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-06] (COMODO)
Task: {3FACD55F-1894-47BD-ADAA-04DFE5A5BCFD} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-06] (COMODO)
Task: {4DA682FB-99CB-4AEA-AF79-8060720E11A4} - System32\Tasks\{F792DE50-AA36-4F10-8148-9E7EF9D76636} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {633F2494-35E3-4DE2-A618-4E7E55AE10BB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-10-17] (Apple Inc.)
Task: {73C1E663-DBDF-45F2-BAE0-A9C921E39E62} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-06] (COMODO)
Task: {99146579-3923-4B7C-B229-3DA59088957D} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-06] (COMODO)
Task: {B3390CAB-97E0-4E55-B694-1DEB10AD59E3} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-06] (COMODO)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-23 16:47 - 2015-09-23 16:47 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-01-10 13:49 - 2011-01-10 13:49 - 00014848 _____ () C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
2012-11-09 17:55 - 2009-08-24 15:38 - 00068136 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
2012-11-09 18:01 - 2010-09-07 10:46 - 00072280 ____R () C:\Windows\SysWOW64\XSrvSetup.exe
2013-08-03 00:22 - 2012-12-07 17:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2013-08-01 20:33 - 2013-08-01 20:33 - 00169312 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2013-04-15 17:39 - 2015-01-08 23:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2012-11-09 17:55 - 2009-03-13 12:30 - 00109096 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\YCC.DLL
2013-08-01 20:31 - 2013-08-01 20:31 - 00030056 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2013-08-01 20:32 - 2013-08-01 20:32 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2013-08-01 20:32 - 2013-08-01 20:32 - 00044392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2013-08-01 20:32 - 2013-08-01 20:32 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2013-08-01 20:33 - 2013-08-01 20:33 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2013-08-01 20:40 - 2013-08-01 20:40 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2013-05-06 17:05 - 2015-10-09 23:33 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-19 21:59 - 2015-07-22 16:57 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-19 21:59 - 2015-07-22 16:57 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-19 21:59 - 2015-07-22 16:57 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-07-01 22:21 - 2015-10-16 22:34 - 02423376 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-29 20:56 - 2015-10-09 23:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 20:56 - 2015-10-09 23:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-29 20:56 - 2015-10-09 23:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 20:56 - 2015-10-09 23:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-29 20:56 - 2015-10-09 23:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-06-06 14:06 - 2015-10-16 22:34 - 00705104 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-07-22 16:57 - 2015-10-16 22:34 - 00193024 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2015-10-01 00:05 - 2015-10-01 00:05 - 00144896 _____ () C:\Users\Ollie\AppData\Local\MyComGames\zlib1.dll
2015-10-01 00:05 - 2015-10-01 00:05 - 00062464 _____ () C:\Users\Ollie\AppData\Local\MyComGames\pxd.dll
2015-10-01 00:05 - 2015-10-01 00:05 - 00179144 _____ () C:\Users\Ollie\AppData\Local\MyComGames\LightUpdate.dll
2015-10-01 00:05 - 2015-10-01 00:05 - 02419488 _____ () C:\Users\Ollie\AppData\Local\MyComGames\BigUp2.dll
2015-08-26 10:18 - 2015-08-26 10:18 - 50425344 _____ () C:\Users\Ollie\AppData\Local\MyComGames\Chrome\3.2454.1317\libcef.dll
2012-11-09 18:28 - 2009-10-07 02:35 - 00901120 _____ () C:\Program Files (x86)\Edimax\Common\RaWLAPI.dll
2013-11-14 23:51 - 2013-05-26 15:40 - 00054272 _____ () C:\Program Files (x86)\Corsair\M95 Mouse\hidGetKey.dll
2014-12-28 18:42 - 2012-05-14 13:41 - 00043008 _____ () C:\Program Files (x86)\Corsair\M65 Mouse\hidGetKey.dll
2013-03-26 16:16 - 2015-10-08 23:20 - 45010208 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aaclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdave64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdhcp64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdmantle64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdmmcl6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdocl_as64.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdocl_ld64.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdpcom64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiadlxx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiapfxx.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atibtmon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aticalcl64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aticaldd64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aticalrt64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aticfx64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atidemgy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atidxx64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atieclxx.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiesrxx.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atig6pxx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atig6txx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiglpxx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atimpc64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atimuixx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atio6axx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ATIODCLI.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ATIODE.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atisamu64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atitmm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiu9p64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiumd64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiumd6a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiuxp64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clinfo.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\coinst_14.50.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dns-sd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\GEARAspi64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jnwmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mantle64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mantleaxl64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OpenCL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OpenVideo64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OVDecode64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aaclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdave32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdhcp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdmantle32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdmmcl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdocl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdocl_as32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdocl_ld32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdpcom32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atiadlxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aticalcl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aticaldd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aticalrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aticfx32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atidxx32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atigktxx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atiglpxx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atimpc32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atioglxx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atisamu32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atiu9pag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atiumdag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atiumdva.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atiuxpag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dns-sd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\GEARAspi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mantle32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mantleaxl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\occache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OpenCL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OpenVideo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OVDecode.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\amdacpksd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ati2erec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\atikmdag.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\atikmdag.sys.bak:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\atikmpag.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\atikmpag.sys.bak:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\adwcleaner_5.013.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\adwcleaner_5.013.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Desktop\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Desktop\aswMBR.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\aswMBR.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Desktop\autodetectutility.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\autodetectutility.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Desktop\Display Driver Uninstaller.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\esetsmartinstaller_enu.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\esetsmartinstaller_enu.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\11713829_1223641617661299_793691498209012780_o.jpg:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\11713829_1223641617661299_793691498209012780_o.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\3DMark11-v1-0-132.zip:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\3DMark11-v1-0-132.zip:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\7z1506.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\7z1506.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\adwcleaner_5.013.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\adwcleaner_5.013.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\amd-catalyst-15.7.1-with-dotnet45-win7-64bit.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\amd-catalyst-15.7.1-with-dotnet45-win7-64bit.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-GB.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-GB.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\ArmwarMycomLoader.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\ArmwarMycomLoader.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\Aslains_XVM_WoT_Modpack_Installer_v.4.6.8_910.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\Aslains_XVM_WoT_Modpack_Installer_v.4.6.8_910.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\Futuremark_SystemInfo_v440_installer.msi:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\Futuremark_SystemInfo_v440_installer.msi:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\HitmanPro.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\HitmanPro.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\hwmonitor_1.28.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\hwmonitor_1.28.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\JRT.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\JRT.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\mbam-setup-2.2.0.1024.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\mbam-setup-2.2.0.1024.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\memtest86-iso.zip:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\memtest86-iso.zip:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\novabench3.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\novabench3.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\template.jpg:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\template.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\tweaking.com_registry_backup_setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\tweaking.com_registry_backup_setup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\WoT_internet_install_eu.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\WoT_internet_install_eu.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\WoWS_internet_install_eu.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\WoWS_internet_install_eu.exe:$CmdZnID

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 15753 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 156.154.70.22 - 156.154.71.22
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{57693123-6D81-46F1-A29B-103A8316E953}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E2D61947-CAAD-42E6-A1B8-CDF82AF738E9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EBCF617F-C492-448B-999A-A3A5844F0E06}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7F56CF5A-97AA-42E1-8D0D-1449B76DE4FD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{073DFCF0-9ED0-4697-8575-3F8EF5288D1C}] => (Allow) C:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{2BEFBC93-C3B9-4AE5-8B4A-8A3313F8E349}] => (Allow) C:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{7BB94A60-90C9-42DD-B8CE-5BD16827DAE2}] => (Allow) C:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe
FirewallRules: [{F515A6CB-144F-4EAE-AF36-D0AD592FB656}] => (Allow) C:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe
FirewallRules: [{B98CEFF2-7C68-4FD7-BD29-3790DA99F7D8}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{A76D94D3-DAC7-434F-A912-06FDFF7FC774}] => (Allow) C:\Windows\Temp\CMC_DRAGON\restart_helper.exe
FirewallRules: [{0DA5898E-0431-4826-A40E-89F18F20D94D}] => (Allow) C:\Windows\Temp\CMC_DRAGON\restart_helper.exe
FirewallRules: [{DE42BB9A-911F-44F5-B4EE-E42122737169}] => (Allow) C:\Windows\Temp\CMC_DRAGON\restart_helper.exe
FirewallRules: [{9419282F-AAF2-477F-872B-79EC07E6036A}] => (Allow) C:\Windows\Temp\CMC_DRAGON\restart_helper.exe
FirewallRules: [{B8E732A2-36CC-4006-8AE7-333546D71017}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{B9DECAD9-B37A-4B88-BA9F-714FE6F5E80F}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{CB4DAA4C-C6F2-46B4-8507-95E95EAA86A2}] => (Allow) C:\ProgramData\eSafe\eGdpSvc.exe
FirewallRules: [{5D2BFE37-EDB7-425E-BAB7-FACC4CB62731}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
FirewallRules: [{CEB19D6D-7926-4B1A-BDC7-D004D0269E3B}] => (Allow) C:\Games\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{EB9C7AA2-1FB6-492F-A16A-79C7F8924DBD}] => (Allow) C:\Games\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{6C70A579-A7B5-4B3F-9F4B-3447D62338AA}] => (Allow) C:\Games\Dragon Age\DAOriginsLauncher.exe
FirewallRules: [{7373ADBF-766D-4311-A551-A4394298A08A}] => (Allow) C:\Games\Dragon Age\DAOriginsLauncher.exe
FirewallRules: [{B2FA87E4-B840-430B-AC2A-03AF545A3923}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
FirewallRules: [{4A5985A9-48CC-4C5F-8375-B9994F4FB513}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{29484216-7ED3-43B7-8B33-491586C04BA2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A4AD10BE-9F9D-4269-9512-A7D7BA8DB95E}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
FirewallRules: [{4DB5D3D0-3D67-4366-8623-623D3546C952}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{99409EE6-9421-4ABF-9664-0EC0859783CD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7D406204-5B22-458E-858D-C7932BE225EA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{C1552EF1-8A93-41E5-9971-B99AE37CFE43}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [TCP Query User{4ADE1AE1-853C-4DD5-B122-72766D01D087}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{1116679B-E214-4A35-9AEF-F20E714CDF90}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{457A1534-EC97-4D86-879B-D1CD6C063DB7}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{CA9F1D8F-3975-4FBC-A10C-06A235CAA980}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [{5799148E-0D9D-492C-B727-C36BB7F3C1B4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EF29EA24-D5F9-404A-A9D0-2261D490EB42}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{42EA9344-B558-4156-BF3F-61E2D8B6944D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{6539B8FD-4C7E-466D-9B01-7DFACE2298C9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{A737F16D-97CA-4E74-A822-1609AD4403B6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{25D9FEB8-19DE-4EBA-9B82-F040D52A6FD6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{373E1A11-BD53-4EE1-897B-208B88A47542}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{CBEBAAEA-FA68-4F34-A1A8-A6F72B81794A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{ABDB5590-65E8-48EE-A5CC-9B9551BDD2D6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{56742189-4528-4262-89E7-32B844C978EA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{089EE90C-4194-45C3-BC1C-30BEC35ED335}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{F1F63541-C8CB-4EDD-A100-3A31C55BC1D7}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{29F53783-B4AC-47A5-9AD7-77FC64CCC00E}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{FE627920-BF0F-4AC9-A32D-6AF150A3C4C5}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{0714BF63-3AC9-482C-A9C2-52A3417E87AB}] => (Allow) C:\Program files (x86)\raidxpert2\apache\bin\httpd.exe
FirewallRules: [{D149B3BC-CB0A-4B9B-BB23-E74022673DD2}] => (Allow) E:\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{90C78A4E-7182-413F-8FC8-F38CC5B0A4C9}] => (Allow) E:\World_of_Tanks\WorldofTanks.exe
FirewallRules: [{17C7B4BE-10DF-45D4-9C9D-563A864BBF61}] => (Allow) E:\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{96B1012E-C482-498B-BEF2-29361399D73C}] => (Allow) E:\World_of_Tanks\WorldofTanks.exe
FirewallRules: [{FA4444DB-2D0B-420C-A84A-97E7E3D1D0EA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War 2\DOW2.exe
FirewallRules: [{0BBB55CE-C27E-40B5-ADF0-CC8B2D5687A0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War 2\DOW2.exe
FirewallRules: [{00511F78-33DB-4A77-9F3D-729BEC001482}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mount and Blade\runme.exe
FirewallRules: [{FF2BB3D8-7FB3-47A9-BFC4-DF9D247154F0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mount and Blade\runme.exe
FirewallRules: [{23A3F365-2D78-4926-983C-BE1CEC56B3D1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{D0C0D638-3339-4F3A-B85E-3CA9F6CE2D7C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{A7968FAC-2277-4DB8-97E8-7C2BBA91DEB1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mount & Blade With Fire and Sword\mb_wfas.exe
FirewallRules: [{E3B34F64-938E-4087-A52B-CDC020F56CA4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mount & Blade With Fire and Sword\mb_wfas.exe
FirewallRules: [{AEA1C473-53E1-4111-8B6B-DAA9DE279F72}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{08F133DF-B3AC-476E-BCA6-6CA3E4B95597}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5FA2A8C0-9FDA-40DB-8894-14F77A579E4B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DC5ECE49-934D-4572-AF28-B65E6EC42A35}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{42D7AE02-59D4-49B1-A4AC-5E61BBC7A955}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/19/2015 06:49:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/19/2015 07:34:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/18/2015 08:47:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/18/2015 08:42:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/18/2015 02:49:27 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (10/18/2015 02:49:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (10/18/2015 02:49:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (10/18/2015 02:48:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (10/18/2015 11:04:32 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (10/18/2015 10:38:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/18/2015 08:46:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\RAIHV.dll

Error: (10/18/2015 08:46:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\RAIHV.dll

Error: (10/18/2015 08:46:46 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\RAIHV.dll

Error: (10/18/2015 08:46:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (10/18/2015 08:46:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (10/18/2015 08:46:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly. It has done this 1 time(s).

Error: (10/18/2015 08:46:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Error: (10/18/2015 08:46:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

Error: (10/18/2015 08:46:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (10/18/2015 08:46:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


==================== Memory info ===========================

Processor: AMD FX(tm)-8120 Eight-Core Processor
Percentage of memory in use: 28%
Total physical RAM: 8173.24 MB
Available physical RAM: 5812.68 MB
Total Virtual: 16344.69 MB
Available Virtual: 13706.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:167.58 GB) (Free:14.9 GB) NTFS
Drive e: (Data drive) (Fixed) (Total:931.51 GB) (Free:643.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DEAEFB8F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 167.7 GB) (Disk ID: B8A0EC17)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=167.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Users shortcut scan result (x64) Version:17-10-2015
Ran by Ollie (2015-10-19 19:06:16)
Running from C:\Users\Ollie\Desktop
Boot Mode: Normal

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)



Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk -> C:\Program Files\WinZip\WINZIP64.EXE (WinZip Computing, S.L.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}\AppleSoftwareUpdateIco.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\SIGNINOPTIONS.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks\Encyclopedia.lnk -> E:\World_of_Tanks\wiki.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks\Game Manual.lnk -> E:\World_of_Tanks\game_manual.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks\Latest updates.lnk -> E:\World_of_Tanks\readme.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks\Official website.lnk -> E:\World_of_Tanks\website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks\Uninstall World of Tanks.lnk -> E:\World_of_Tanks\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks\World of Tanks.lnk -> E:\World_of_Tanks\WoTLauncher.exe (Wargaming.net)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip\WinZip 19.5.lnk -> C:\Program Files\WinZip\WINZIP64.EXE (WinZip Computing, S.L.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Registry Backup\Tweaking.com - Registry Backup.lnk -> C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe (Tweaking.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Alternate Start.lnk -> C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE (SUPERAdBlocker.com and SUPERAntiSpyware.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Free Edition.lnk -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.lnk -> C:\Windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan\Help and HOW-TO.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.chm (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan\Release info.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan\SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan\Uninstall SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\uninstall.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Base.lnk -> C:\Program Files (x86)\OpenOffice 4\program\sbase.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Calc.lnk -> C:\Program Files (x86)\OpenOffice 4\program\scalc.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Draw.lnk -> C:\Program Files (x86)\OpenOffice 4\program\sdraw.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Impress.lnk -> C:\Program Files (x86)\OpenOffice 4\program\simpress.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Math.lnk -> C:\Program Files (x86)\OpenOffice 4\program\smath.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Writer.lnk -> C:\Program Files (x86)\OpenOffice 4\program\swriter.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice.lnk -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\NVIDIA PhysX Properties.lnk -> C:\Windows\SysWOW64\PhysX.cpl (NVIDIA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends\Riot Games\Play League of Legends.lnk -> C:\Games\League of Legends\lol.launcher.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk -> C:\Program Files\iTunes\iTunes.Resources\en_GB.lproj\About iTunes.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC\HTC Sync Manager\HTC Sync Manager.lnk -> C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gigabyte Technology Corp\Gigabyte Raid Configurer.lnk -> C:\Windows\SysWOW64\xRaidSetup.exe (Gigabyte Technology Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE\@BIOS.lnk -> C:\Program Files (x86)\Gigabyte\@BIOS\BIOS_Run.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE\ET6\ET6.lnk -> C:\Windows\Installer\{457D7505-D665-4F95-91C3-ECB8C56E9ACA}\ET6SC.exe_457D7505D6654F9591C3ECB8C56E9ACA.exe (InstallShield Software Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE\ET6\Help.lnk -> C:\Program Files (x86)\Gigabyte\ET6\et6help.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE\EasySaver\EasySaver.lnk -> C:\Program Files (x86)\Gigabyte\EasySaver\eslite.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE\EasySaver\Uninstall.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{07300F01-89CA-4CF8-92BD-2A605EB83C95}\setup.exe (Macrovision Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE\AutoGreen\AutoGreen.lnk -> C:\Windows\Installer\{C75FAD21-EC08-42F3-92D6-C9C0AB355345}\CallAG.exe_C75FAD21EC0842F392D6C9C0AB355345.exe (InstallShield Software Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark\3DMark 11\3DMark 11.lnk -> C:\Program Files\Futuremark\3DMark 11\bin\x64\3DMark11.exe (Futuremark)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Edimax Wireless\Wireless Utility.lnk -> C:\Program Files (x86)\Edimax\Common\RaUI.exe (Edimax Technology Co.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby\Dolby Demo.lnk -> C:\Program Files (x86)\Dolby Home Theater v4\pcee4d.exe (Dolby Laboratories Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby\Dolby Profile.lnk -> C:\Program Files (x86)\Dolby Home Theater v4\pcee4e.exe (Dolby Laboratories Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\HWMonitor\HWMonitor.lnk -> C:\Program Files\CPUID\HWMonitor\HWMonitor.exe (CPUID)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\HWMonitor\Uninstall HWMonitor.lnk -> C:\Program Files\CPUID\HWMonitor\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair\Corsair Gaming Headset Software.lnk -> C:\Program Files (x86)\Corsair\Corsair Gaming Headset Software\HeadsetControlPanel.exe (Corsair Components, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair\M95 Mouse\Corsair M95 Gaming Mouse Configuration.lnk -> C:\Program Files (x86)\Corsair\M95 Mouse\mainframe.exe (Corsair Components Inc)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair\M95 Mouse\Uninstall .lnk -> C:\Windows\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair\M65 Mouse\Corsair M65 Gaming Mouse Configuration.lnk -> C:\Program Files (x86)\Corsair\M65 Mouse\mainframe.exe (Corsair Components Inc)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair\M65 Mouse\Uninstall .lnk -> C:\Windows\unins004.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair\Corsair M95 Firmware Update Application\Start Corsair M95 Firmware Update Application.lnk -> C:\Program Files (x86)\Corsair\M95 firmware update\FWUpdate.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair\Corsair M95 Firmware Update Application\Uninstall .lnk -> C:\Windows\unins001.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair\Corsair M65 Firmware Update Application\Start Corsair M65 Firmware Update Application.lnk -> C:\Program Files (x86)\Corsair\M65 firmware update\FWUpdate.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair\Corsair M65 Firmware Update Application\Uninstall .lnk -> C:\Windows\unins003.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair\Corsair K70 Firmware Update Application\Start Corsair K70 Firmware Update Application.lnk -> C:\Program Files (x86)\Corsair\K70 firmware update\FWUpdate.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair\Corsair K70 Firmware Update Application\Uninstall .lnk -> C:\Windows\unins002.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk -> C:\Program Files (x86)\7-Zip\7zFM.exe (Igor Pavlov)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk -> C:\Program Files (x86)\7-Zip\7-zip.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{E9DFE522-FB0D-474B-8B05-F3913EE7319F}\PlayTasks\0\Launch.lnk -> C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe (Bethesda Softworks)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{C124BF7F-D91E-41C4-BA19-A28EDB147440}\PlayTasks\0\Launch.lnk -> C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War 2\DOW2.exe (Sega Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{7B961D6F-862E-4965-A6FB-2CF8702F77F3}\PlayTasks\0\Launch.lnk -> C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War 2\DOW2.exe (Sega Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Lisa\Links\Desktop.lnk -> C:\Users\Lisa\Desktop ()
Shortcut: C:\Users\Lisa\Links\Downloads.lnk -> C:\Users\Lisa\Downloads ()
Shortcut: C:\Users\Lisa\Desktop\World of Tanks 0.9.9 ProMod.lnk -> C:\Games\World_of_Tanks\WoTLauncher.exe (No File)
Shortcut: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Lisa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Lisa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Ollie\Links\Desktop.lnk -> C:\Users\Ollie\Desktop ()
Shortcut: C:\Users\Ollie\Links\Downloads.lnk -> C:\Users\Ollie\Downloads ()
Shortcut: C:\Users\Ollie\Desktop\My.com Game Center.lnk -> C:\Users\Ollie\AppData\Local\MyComGames\MyComGames.exe (MY.COM B.V.)
Shortcut: C:\Users\Ollie\Desktop\World of Warships.lnk -> E:\World_of_Warships\WoWSLauncher.exe (Wargaming.net)
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Warships\Uninstall World of Warships.lnk -> E:\World_of_Warships\unins000.exe ()
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Warships\World of Warships.lnk -> E:\World_of_Warships\WoWSLauncher.exe (Wargaming.net)
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games\My.com Game Center.lnk -> C:\Users\Ollie\AppData\Local\MyComGames\MyComGames.exe (MY.COM B.V.)
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything\Search Everything.lnk -> C:\Program Files (x86)\Everything\Everything.exe ()
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything\Uninstall Everything.lnk -> C:\Program Files (x86)\Everything\Uninstall.exe ()
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Dragon Age Origins.lnk -> C:\Games\Dragon Age\DAOriginsLauncher.exe (BioWare)
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CPUID HWMonitor.lnk -> C:\Program Files\CPUID\HWMonitor\HWMonitor.exe (CPUID)
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Dragon Age Origins.lnk -> C:\Games\Dragon Age\DAOriginsLauncher.exe (BioWare)
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\My.com Game Center.lnk -> C:\Users\Ollie\AppData\Local\MyComGames\MyComGames.exe (MY.COM B.V.)
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\OpenOffice 4.1.1.lnk -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\World of Tanks.lnk -> E:\World_of_Tanks\WoTLauncher.exe (Wargaming.net)
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\World of Warships.lnk -> E:\World_of_Warships\WoWSLauncher.exe (Wargaming.net)
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Ollie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Ollie\AppData\Local\Microsoft\Windows\GameExplorer\{A1C7461A-1AD3-4735-95A5-28567D7BBC45}\PlayTasks\0\Play.lnk -> C:\Games\Pirates!.exe (No File)
Shortcut: C:\Users\Ollie\AppData\Local\Microsoft\Windows\GameExplorer\{7B961D6F-862E-4965-A6FB-2CF8702F77F3}\PlayTasks\0\Launch.lnk -> C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War 2\DOW2.exe (Sega Corporation)
Shortcut: C:\Users\Public\Desktop\3DMark 11.lnk -> C:\Program Files\Futuremark\3DMark 11\bin\x64\3DMark11.exe (Futuremark)
Shortcut: C:\Users\Public\Desktop\Adobe Reader XI.lnk -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\CPUID HWMonitor.lnk -> C:\Program Files\CPUID\HWMonitor\HWMonitor.exe (CPUID)
Shortcut: C:\Users\Public\Desktop\Dragon Age Origins.lnk -> C:\Games\Dragon Age\DAOriginsLauncher.exe (BioWare)
Shortcut: C:\Users\Public\Desktop\ET6.lnk -> C:\Program Files (x86)\Gigabyte\ET6\ET6SC.exe ()
Shortcut: C:\Users\Public\Desktop\HTC Sync Manager.lnk -> C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe ()
Shortcut: C:\Users\Public\Desktop\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
Shortcut: C:\Users\Public\Desktop\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
Shortcut: C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk -> C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe (Tweaking.com)
Shortcut: C:\Users\Public\Desktop\WinZip.lnk -> C:\Program Files\WinZip\WINZIP64.EXE (WinZip Computing, S.L.)
Shortcut: C:\Users\Public\Desktop\World of Tanks.lnk -> E:\World_of_Tanks\WoTLauncher.exe (Wargaming.net)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1445042301&a=1003268"
ShortcutWithArgument: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1445042301&a=1003268"
ShortcutWithArgument: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1445042301&a=1003268"
ShortcutWithArgument: C:\Users\Ollie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1445042301&a=1003268"
ShortcutWithArgument: C:\Users\Ollie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1445042301&a=1003268"
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1445042301&a=1003268"


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Registry Backup\Uninstall Tweaking.com - Registry Backup.lnk -> C:\Program Files (x86)\Tweaking.com\Registry Backup\uninstall.exe (Indigo Rose Corporation) -> "/U:C:\Program Files (x86)\Tweaking.com\Registry Backup\Uninstall\uninstall.xml"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Registration-Activation.lnk -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware) -> /register
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Utility.lnk -> C:\Program Files (x86)\Edimax\Common\RaUI.exe (Edimax Technology Co.) -> -s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC\HTC Sync Manager\Uninstall HTC Sync Manager.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {F838C3DD-5785-4F19-AD0F-BD532C8A31F4}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC\HTC Driver\Uninstall HTC Driver.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {4CEEE5D0-F905-4688-B9F9-ECC710507796}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE\ET6\UnInstall.lnk -> C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriver.exe (Macrovision Corporation) -> /M{457D7505-D665-4F95-91C3-ECB8C56E9ACA}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Edimax Wireless\Uninstall.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}\setup.exe (Macrovision Corporation) -> -runfromtemp -removeonly
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo\COMODO Internet Security\Add and Remove components.lnk -> C:\Windows\System32\msiexec.exe (Microsoft Corporation) -> /I{68BE8BAB-5375-4C99-9116-1808F5968D40}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo\COMODO Internet Security\COMODO Internet Security.lnk -> C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (COMODO) -> --shortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff
ShortcutWithArgument: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Lisa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Ollie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\Public\Desktop\COMODO Internet Security.lnk -> C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (COMODO) -> --shortcut


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks\World of Tanks on the Web.url -> hxxp://www.worldoftanks.eu
InternetURL: C:\Users\Lisa\Favorites\Links for United Kingdom\Business Link - the site for business.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129728
InternetURL: C:\Users\Lisa\Favorites\Links for United Kingdom\Directgov - the nation's official website.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129698
InternetURL: C:\Users\Lisa\Favorites\Links for United Kingdom\NHS Choices - for health and social care.url -> hxxp://go.microsoft.com/fwlink/?LinkId=143271
InternetURL: C:\Users\Lisa\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\Ollie\Favorites\Windows Live\Get Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkId=69172
InternetURL: C:\Users\Ollie\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\Ollie\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68925
InternetURL: C:\Users\Ollie\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68927
InternetURL: C:\Users\Ollie\Favorites\MSN Websites\MSN Autos.url -> hxxp://go.microsoft.com/fwlink/?LinkId=55143
InternetURL: C:\Users\Ollie\Favorites\MSN Websites\MSN Entertainment.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68924
InternetURL: C:\Users\Ollie\Favorites\MSN Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68923
InternetURL: C:\Users\Ollie\Favorites\MSN Websites\MSN Sports.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68921
InternetURL: C:\Users\Ollie\Favorites\MSN Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=54729
InternetURL: C:\Users\Ollie\Favorites\MSN Websites\MSNBC News.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68922
InternetURL: C:\Users\Ollie\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\Ollie\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661
InternetURL: C:\Users\Ollie\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424
InternetURL: C:\Users\Ollie\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920
InternetURL: C:\Users\Ollie\Favorites\Microsoft Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\Ollie\Favorites\Links for United Kingdom\Business Link - the site for business.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129728
InternetURL: C:\Users\Ollie\Favorites\Links for United Kingdom\Directgov - the nation's official website.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129698
InternetURL: C:\Users\Ollie\Favorites\Links for United Kingdom\NHS Choices - for health and social care.url -> hxxp://go.microsoft.com/fwlink/?LinkId=143271
InternetURL: C:\Users\Ollie\Favorites\Links\Suggested Sites.url -> hxxps://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\Ollie\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\Ollie\Desktop\Armored Warfare Open Beta.url -> mycomgames://play/13.2000009
InternetURL: C:\Users\Ollie\Desktop\Crusader Kings II.url -> steam://rungameid/203770
InternetURL: C:\Users\Ollie\Desktop\Middle-earth Shadow of Mordor.url -> steam://rungameid/241930
InternetURL: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Crusader Kings II.url -> steam://rungameid/203770
InternetURL: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Middle-earth Shadow of Mordor.url -> steam://rungameid/241930
InternetURL: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Armored Warfare MyCom Beta\Armored Warfare Open Beta.url -> mycomgames://play/13.2000009
InternetURL: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Armored Warfare MyCom Beta\Uninstall Armored Warfare Open Beta.url -> mycomgames://uninstall/13.2000009

==================== End of Shortcut.txt =============================

Juliet
2015-10-20, 00:08
MY.COM B.V.) C:\Users\Ollie\Downloads\ArmwarMycomLoader.exe
https://www.virustotal.com/en/url/d5e536477d89bef1c1a4fba39b7677a059ee3069640468305b969ff8aba7bed1/analysis/

The ADS files are created by COMODO software.You may uninstall it if you do not use it



Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)



start
CreateRestorePoint:
CloseProcesses:
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about_:blank
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-9aca07fe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-9aca07fe&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-9aca07fe&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3501653021-3640964384-1111194576-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-9aca07fe&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3501653021-3640964384-1111194576-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-9aca07fe&q={searchTerms}
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1445042301&a=1003268"
ShortcutWithArgument: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1445042301&a=1003268"
ShortcutWithArgument: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1445042301&a=1003268"
ShortcutWithArgument: C:\Users\Ollie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1445042301&a=1003268"
ShortcutWithArgument: C:\Users\Ollie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1445042301&a=1003268"
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1445042301&a=1003268"
EmptyTemp:
End


Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


~~~~~~~~~~~~~~~``

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.



Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

http://i.imgur.com/GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

Please download ESET Online Scan (http://download.eset.com/special/eos/esetsmartinstaller_enu.exe) and save the file to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).
Double-click esetsmartinstaller_enu.exe to run the programme.
Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
Agree to the Terms of Use once more and click Start. Allow components to download.
Place a checkmark next to Enable detection of potentially unwanted applications.
Click Advanced settings. Place a checkmark next to:

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology


Ensure Remove found threats is unchecked.
Click Start.
Wait for the scan to finish. Please be patient as this can take some time.
Upon completion, click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png. If no threats were found, skip the next two bullet points.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
Push the Back button.
Place a checkmark next to http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.



Please let me know how the computer is now.

rudebadger
2015-10-20, 09:47
Awesome, my home page is back :)

Unfortunately firefox still opens new tabs when I click links on legitimate sites, sorry I thought this had resolved but it started happening again yesterday evening.

Here are the logs:

Eset:

C:\FRST\Quarantine\C\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe.xBAD a variant of Win32/Systweak.L potentially unwanted application
C:\FRST\Quarantine\C\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll.xBAD a variant of Win32/Systweak.N potentially unwanted application
C:\FRST\Quarantine\C\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe.xBAD a variant of Win32/Systweak.L potentially unwanted application
C:\FRST\Quarantine\C\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe.xBAD a variant of Win32/Systweak potentially unwanted application
C:\FRST\Quarantine\C\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe.xBAD a variant of Win32/Systweak.L potentially unwanted application
C:\FRST\Quarantine\C\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe.xBAD a variant of Win32/Systweak.L potentially unwanted application
C:\FRST\Quarantine\C\Users\Ollie\Downloads\winzip19-lan.exe.xBAD a variant of Win32/InstallCore.ACZ potentially unwanted application
E:\GAMING-PC\Backup Set 2015-09-13 190004\Backup Files 2015-10-18 190001\Backup files 2.zip a variant of Win32/InstallCore.ACZ potentially unwanted application

Fix result of Farbar Recovery Scan Tool (x64) Version:17-10-2015
Ran by Ollie (2015-10-19 22:34:22) Run:3
Running from C:\Users\Ollie\Desktop
Loaded Profiles: Ollie (Available Profiles: Ollie & Lisa)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about_:blank
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-9aca07fe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-9aca07fe&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-9aca07fe&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3501653021-3640964384-1111194576-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-9aca07fe&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3501653021-3640964384-1111194576-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-9aca07fe&q={searchTerms}
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1445042301&a=1003268"
ShortcutWithArgument: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1445042301&a=1003268"
ShortcutWithArgument: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1445042301&a=1003268"
ShortcutWithArgument: C:\Users\Ollie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1445042301&a=1003268"
ShortcutWithArgument: C:\Users\Ollie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1445042301&a=1003268"
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1445042301&a=1003268"
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Shortcut argument removed successfully.
C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Shortcut argument removed successfully.
C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => Shortcut argument restored successfully
C:\Users\Ollie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Shortcut argument removed successfully.
C:\Users\Ollie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk => Shortcut argument removed successfully.
C:\Users\Public\Desktop\Mozilla Firefox.lnk => Shortcut argument removed successfully.
EmptyTemp: => 254.6 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 22:34:37 ====

Juliet
2015-10-20, 15:02
E:\GAMING-PC\Backup Set 2015-09-13 190004\Backup Files 2015-10-18 190001\Backup files 2.zip
a variant of Win32/InstallCore.ACZ potentially unwanted application

Win32/InstallCore is a type of potentially unwanted program that may install other threats when run into the computer. In this case, PUA:Win32/InstallCore may install other adware, toolbars, browser redirect, and hijack the home page of affected browser. Meaning that additional software is bundled with it and may get installed along InstallCore unless you untick (if possible) the installation of the bundled software.(the PUA detection)

It's possible we have removed the infection, but the program came with unwanted little addons that had to be removed.
Future scans will probably show the same results. I'll leave it up to you rather to remove the backup.

~~~~~~~~~~~~~~~~~`
Let's save Firefox bookmarks, then uninstall, We will reinstall and see if that works here.

Are you connected through a router?
Which router are you using?


http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif Flush the FireFox Cache
(these directions are specific to Firefox 19, if you have a different version the exact steps might be slightly different)

In Firefox, Options
Select Options
Select Privacy tab
Find the section that reads: You might want to clear your recent history or remove individual cookies
Select clear your recent history
Click the Details drop-down arrow
Make sure a check mark is placed in the following boxes:

Cookies
Cache

Next select the Time Range to Clear drop-down menu
Select Everything (this will only delete all the cookies and cache, and will save the other items not selected)
Click Clear Now

=========================

~~~~~~~~~~~~~~~~~~~
Now, through your add/remove programs panel uninstall Firefox.
Reboot

Reinstall Firefox
https://www.mozilla.org/en-US/firefox/new/?utm_source=getfirefox-com&utm_medium=referral

rudebadger
2015-10-20, 21:33
Ok I reinstalled Firefox, but still get hijacked to other pages when I click on links on legitimate sites. It does not seem to be a frequent, on the other hand the 3 times it has happened twice I was taken to a page to update flash player, complete with handy little popup to click on to download the update and once to update java which also had the same helpful popup.

I do connect through a router, it was provided by my ISP (Plusnet) and is a Sagecom 2704N.

Juliet
2015-10-20, 23:15
One easy way to refresh your router:
Turn off your computer.
There should be an on/off switch on your router. Turn your router off, leave it off for 5 minutes or so then turn it back om.
Most routers will have lights flash during the set up.
After all lights have stopped flashing, turn your computer back on and try to reconnect to the internet.
~~~~~~~~~~~~~~~`

Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe).
or these 2 other sites.
http://rocketgrannie.spywareinfoforum.org/SecurityCheck.exe
http://www.bleepingcomputer.com/download/securitycheck/


Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


~~~~~~~~~~~~~~~~`

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.
Emergency Backup Procedure - Tech Support Forum (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/306529-emergency-backup-procedure.html)

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Download ComboFix from here:
Link 1 (http://www.bleepingcomputer.com/download/combofix/)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

Place ComboFix.exe on your Desktop <--Important

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.



You can get help on disabling your protection programs here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html)
Double click on ComboFix.exe & follow the prompts.
You may be asked to install or update the Recovery Console (http://en.wikipedia.org/wiki/Recovery_Console) (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
---------------------------------------------------------------------------------------------
If there are Internet issues after running ComboFix:
Internet Explorer:
Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
Firefox:
Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
Chrome:
Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.

rudebadger
2015-10-21, 21:01
Ok I ran security check & combofix, here are the logs:

ComboFix 15-10-21.01 - Ollie 21/10/2015 18:44:23.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8173.6095 [GMT 1:00]
Running from: c:\users\Ollie\Desktop\ComboFix.exe
AV: COMODO Antivirus *Enabled/Updated* {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}
FW: COMODO Firewall *Enabled* {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}
SP: Comodo Defense+ *Enabled/Updated* {493CE176-EB84-BC8D-9707-B3ACF7598648}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msdownld.tmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2015-09-21 to 2015-10-21 )))))))))))))))))))))))))))))))
.
.
2015-10-21 17:52 . 2015-10-21 17:52 -------- d-----w- c:\users\Lisa\AppData\Local\temp
2015-10-21 17:52 . 2015-10-21 17:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-10-17 15:27 . 2015-10-17 15:27 -------- d-----w- c:\program files\iTunes
2015-10-17 15:27 . 2015-10-17 15:27 -------- d-----w- c:\program files\iPod
2015-10-17 15:26 . 2015-10-17 15:26 -------- d-----w- c:\program files (x86)\Bonjour
2015-10-17 15:26 . 2015-10-17 15:26 -------- d-----w- c:\program files\Bonjour
2015-10-17 15:25 . 2015-10-17 15:25 -------- d-----w- c:\program files (x86)\Apple Software Update
2015-10-17 11:34 . 2015-10-17 11:43 -------- d-----w- c:\users\Ollie\AppData\Local\WinZip
2015-10-17 11:34 . 2015-10-17 11:42 -------- d-----w- c:\programdata\WinZip
2015-10-17 11:34 . 2015-10-17 11:34 -------- d-----w- c:\program files\WinZip
2015-10-17 03:18 . 2015-10-19 21:35 -------- d-----w- C:\FRST
2015-10-17 03:16 . 2015-10-18 00:12 -------- d-----w- C:\Springclean
2015-10-17 03:15 . 2015-10-17 03:15 -------- d-----w- C:\RegBackup
2015-10-17 03:14 . 2015-10-17 03:14 -------- d-----w- c:\program files (x86)\Tweaking.com
2015-10-17 01:22 . 2015-10-17 01:22 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-10-17 01:22 . 2015-10-17 01:22 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-10-17 01:22 . 2015-10-17 01:22 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-10-17 01:22 . 2015-10-17 01:22 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-13 19:37 . 2015-10-13 19:37 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2015-10-06 17:22 . 2015-10-06 17:22 -------- d-----w- c:\program files (x86)\Futuremark
2015-10-06 17:21 . 2015-10-06 17:21 -------- d-----w- c:\users\Ollie\AppData\Local\IsolatedStorage
2015-10-06 17:21 . 2015-10-06 17:21 -------- d-----w- c:\users\Ollie\AppData\Local\Futuremark
2015-10-06 17:11 . 2015-10-06 17:11 -------- d-----w- c:\program files\Futuremark
2015-10-05 22:30 . 2015-10-05 22:30 -------- d-----w- c:\program files\CPUID
2015-09-30 23:05 . 2015-10-21 17:35 -------- d-----w- c:\users\Ollie\AppData\Local\MyComGames
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-21 17:35 . 2012-11-09 17:23 25640 ----a-w- c:\windows\gdrv.sys
2015-10-20 21:26 . 2014-04-12 12:03 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-10-17 15:26 . 2015-08-12 15:03 96528 ----a-w- c:\windows\system32\dns-sd.exe
2015-10-17 15:26 . 2015-08-12 15:03 84240 ----a-w- c:\windows\SysWow64\dns-sd.exe
2015-10-16 21:59 . 2012-11-10 00:52 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-10-16 21:59 . 2012-11-10 00:52 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-10-13 23:03 . 2012-11-10 16:17 143481208 ----a-w- c:\windows\system32\MRT.exe
2015-10-13 19:38 . 2015-10-13 19:38 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-09-09 14:19 . 2015-09-09 14:19 1110016 ----a-w- c:\windows\system32\schedsvc.dll
2015-09-09 14:19 . 2015-09-09 14:19 275456 ----a-w- c:\windows\system32\InkEd.dll
2015-09-09 14:19 . 2015-09-09 14:19 24576 ----a-w- c:\windows\system32\jnwmon.dll
2015-09-09 14:19 . 2015-09-09 14:19 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
2015-09-09 14:19 . 2015-09-09 14:19 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2015-09-09 14:19 . 2015-09-09 14:19 2048 ----a-w- c:\windows\system32\tzres.dll
2015-09-09 14:18 . 2015-09-09 14:18 3209216 ----a-w- c:\windows\system32\win32k.sys
2015-09-09 14:18 . 2015-09-09 14:18 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-09-09 14:18 . 2015-09-09 14:18 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-09-09 14:18 . 2015-09-09 14:18 41984 ----a-w- c:\windows\system32\lpk.dll
2015-09-09 14:18 . 2015-09-09 14:18 372736 ----a-w- c:\windows\system32\atmfd.dll
2015-09-09 14:18 . 2015-09-09 14:18 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-09-09 14:18 . 2015-09-09 14:18 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-09-09 14:18 . 2015-09-09 14:18 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-09-09 14:18 . 2015-09-09 14:18 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-09-09 14:18 . 2015-09-09 14:18 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-09-09 14:18 . 2015-09-09 14:18 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-09-03 11:52 . 2015-01-30 11:27 445472 ----a-w- c:\windows\SysWow64\guard32.dll
2015-09-03 11:52 . 2015-01-30 11:27 579408 ----a-w- c:\windows\system32\guard64.dll
2015-08-12 19:26 . 2015-08-12 19:26 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-08-12 19:26 . 2015-08-12 19:26 1743360 ----a-w- c:\windows\system32\sysmain.dll
2015-08-12 19:26 . 2015-08-12 19:26 11264 ----a-w- c:\windows\system32\msmmsp.dll
2015-08-12 19:26 . 2015-08-12 19:26 3722752 ----a-w- c:\windows\system32\mstscax.dll
2015-08-12 19:26 . 2015-08-12 19:26 3221504 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-08-12 19:26 . 2015-08-12 19:26 44032 ----a-w- c:\windows\system32\tsgqec.dll
2015-08-12 19:26 . 2015-08-12 19:26 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2015-08-12 19:26 . 2015-08-12 19:26 158720 ----a-w- c:\windows\system32\aaclient.dll
2015-08-12 19:26 . 2015-08-12 19:26 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2015-08-12 19:26 . 2015-08-12 19:26 52736 ----a-w- c:\windows\system32\basesrv.dll
2015-08-12 19:24 . 2015-08-12 19:24 82432 ----a-w- c:\windows\SysWow64\davclnt.dll
2015-08-12 19:24 . 2015-08-12 19:24 260096 ----a-w- c:\windows\system32\WebClnt.dll
2015-08-12 19:24 . 2015-08-12 19:24 206848 ----a-w- c:\windows\SysWow64\WebClnt.dll
2015-08-12 19:24 . 2015-08-12 19:24 102912 ----a-w- c:\windows\system32\davclnt.dll
2015-08-12 19:24 . 2015-08-12 19:24 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
2015-08-12 19:24 . 2015-08-12 19:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-08-12 19:24 . 2015-08-12 19:24 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-08-12 19:24 . 2015-08-12 19:24 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-08-12 19:24 . 2015-08-12 19:24 2004992 ----a-w- c:\windows\system32\msxml6.dll
2015-08-12 19:24 . 2015-08-12 19:24 1887232 ----a-w- c:\windows\system32\msxml3.dll
2015-08-12 19:24 . 2015-08-12 19:24 1390592 ----a-w- c:\windows\SysWow64\msxml6.dll
2015-08-12 19:24 . 2015-08-12 19:24 1241088 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-08-12 19:24 . 2015-08-12 19:24 1648128 ----a-w- c:\windows\system32\DWrite.dll
2015-08-12 19:24 . 2015-08-12 19:24 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-08-12 19:24 . 2015-08-12 19:24 1180160 ----a-w- c:\windows\system32\FntCache.dll
2015-08-12 19:24 . 2015-08-12 19:24 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2015-08-12 19:24 . 2015-08-12 19:24 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2015-08-12 19:24 . 2015-08-12 19:24 193536 ----a-w- c:\windows\system32\notepad.exe
2015-08-12 19:24 . 2015-08-12 19:24 193536 ----a-w- c:\windows\notepad.exe
2015-08-12 19:24 . 2015-08-12 19:24 179712 ----a-w- c:\windows\SysWow64\notepad.exe
2015-08-12 19:24 . 2015-08-12 19:24 493504 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2015-08-12 15:03 . 2015-08-12 15:03 86288 ----a-w- c:\windows\system32\dnssd.dll
2015-08-12 15:03 . 2015-08-12 15:03 61712 ----a-w- c:\windows\system32\jdns_sd.dll
2015-08-12 15:03 . 2015-08-12 15:03 213264 ----a-w- c:\windows\system32\dnssdX.dll
2015-08-12 15:03 . 2015-08-12 15:03 72976 ----a-w- c:\windows\SysWow64\dnssd.dll
2015-08-12 15:03 . 2015-08-12 15:03 50960 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2015-08-12 15:03 . 2015-08-12 15:03 178960 ----a-w- c:\windows\SysWow64\dnssdX.dll
2015-08-05 00:31 . 2015-01-30 11:27 105096 ----a-w- c:\windows\system32\drivers\inspect.sys
2015-08-05 00:31 . 2015-01-30 11:27 45856 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2015-08-05 00:31 . 2015-01-30 11:27 806032 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2015-08-05 00:31 . 2015-01-30 11:27 21184 ----a-w- c:\windows\system32\drivers\cmderd.sys
2015-08-05 00:29 . 2015-01-30 11:27 41224 ----a-w- c:\windows\system32\cmdcsr.dll
2015-08-05 00:28 . 2015-01-30 11:27 358080 ----a-w- c:\windows\system32\cmdvrt64.dll
2015-08-05 00:28 . 2015-01-30 11:27 45760 ----a-w- c:\windows\system32\cmdkbd64.dll
2015-08-05 00:27 . 2015-01-30 11:27 288448 ----a-w- c:\windows\SysWow64\cmdvrt32.dll
2015-08-05 00:26 . 2015-01-30 11:27 40640 ----a-w- c:\windows\SysWow64\cmdkbd32.dll
2015-07-30 13:13 . 2015-08-13 00:06 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-07-30 13:13 . 2015-08-13 00:06 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-27 22:00 . 2014-12-02 23:44 155136 ----a-w- c:\windows\SysWow64\unrar.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-11-13 7777560]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2015-10-16 2901584]
"SpybotPostWindows10UpgradeReInstall"="c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [2015-07-30 1011200]
"MyComGames"="c:\users\Ollie\AppData\Local\MyComGames\MyComGames.exe" [2015-10-17 4222408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-10-17 60688]
"Corsair Duke"="c:\program files (x86)\Corsair\M95 Mouse\M95Hid.exe" [2013-08-15 1771520]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2012-08-31 508656]
"Corsair M65 Mouse"="c:\program files (x86)\Corsair\M65 Mouse\M65Hid.exe" [2013-08-15 1766912]
"Corsair Gaming Headset Software"="c:\program files (x86)\Corsair\Corsair Gaming Headset Software\HeadsetControlPanel.exe" [2014-08-18 2918152]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2015-07-10 926896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FAH.lnk - c:\program files\WinZip\FAH\FAHConsole.exe [2015-6-22 434352]
WinZip Preloader.lnk - c:\program files\WinZip\WzPreloader.exe [2015-6-22 126176]
Wireless Utility.lnk - c:\program files (x86)\Edimax\Common\RaUI.exe -s [2012-11-9 1638400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 AODDriver;AODDriver;c:\program files (x86)\Gigabyte\ET6\amd64\AODDriver.sys;c:\program files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe;c:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 DUKEMS;Corsair M95 Gaming Mouse;c:\windows\system32\drivers\DUKEMS.sys;c:\windows\SYSNATIVE\drivers\DUKEMS.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys;c:\windows\SYSNATIVE\drivers\dokan.sys [x]
S2 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe [x]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [x]
S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [x]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe;c:\windows\SysWOW64\XSrvSetup.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Edimax\Common\RaRegistry64.exe;c:\program files (x86)\Edimax\Common\RaRegistry64.exe [x]
S3 CORK70;Corsair K70 Gaming Keyboard;c:\windows\system32\drivers\CORK70.sys;c:\windows\SYSNATIVE\drivers\CORK70.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SnakeEyes;Corsair M65 Gaming Mouse;c:\windows\system32\drivers\SnakeEyes.sys;c:\windows\SYSNATIVE\drivers\SnakeEyes.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2015-10-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-10 21:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-08-05 13662936]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-08-05 1368792]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2015-08-06 1427648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-10-17 170256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{023BED95-0A6C-4A68-8987-05741C533FF6}: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{603A00DB-9D40-47FE-A688-300242898DC5}: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{603A00DB-9D40-47FE-A688-300242898DC5}\245624F687: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\Ollie\AppData\Roaming\Mozilla\Firefox\Profiles\utkgrewf.default-1445277530700\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RGSC - c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3501653021-3640964384-1111194576-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:18,1d,15,b1,a2,9e,99,a9,9b,3a,83,52,07,db,f0,2f,66,64,8b,54,29,c2,ba,
db,39,04,5a,2f,87,97,bd,8b,15,f4,77,86,6e,f8,3f,8f,24,c9,f4,1a,11,9d,f6,ee,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-3501653021-3640964384-1111194576-1000\Software\SecuROM\License information*]
"datasecu"=hex:da,1d,e0,69,dc,6f,25,8c,ab,57,09,83,4b,61,64,53,f8,f1,66,a1,1b,
e3,7b,57,9f,77,4e,2e,c4,e8,fd,d5,2d,f9,cc,d0,d2,58,2a,88,82,fb,58,ab,11,d2,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Installer\Sym_Cam\CIS]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Configurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Data]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Options]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
Completion time: 2015-10-21 18:56:55
ComboFix-quarantined-files.txt 2015-10-21 17:56
.
Pre-Run: 15,670,272,000 bytes free
Post-Run: 15,237,644,288 bytes free
.
- - End Of File - - AFF25145B6A2DAE3B3D71D1F6829A742
A36C5E4F47E84449FF07ED3517B43A31

Results of screen317's Security Check version 1.009
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
COMODO Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 31
Java version 32-bit out of Date!
Adobe Flash Player 19.0.0.226
Adobe Reader XI
Mozilla Firefox (41.0.2)
````````Process Check: objlist.exe by Laurent````````
Comodo Firewall cmdagent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 19% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Juliet
2015-10-21, 23:26
Flash 19.0.0.226 released

For Firefox and other Plugin-based browsers:
- https://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_19_plugin.exe

Flash test site: https://www.adobe.com/software/flash/about/
___

Adobe Acrobat/Reader 11.0.13/10.1.16 released
To install Adobe Reader and Acrobat updates from Adobe Updater, do the following:

Launch Adobe Reader or Acrobat.
Choose Help > Check for Updates.
Follow the steps in the Updater window to download and install the latest updates.


Go to this page to verify which version of Java your using. If it says you need to update, please follow the instructions.
https://www.java.com/en/download/installed.jsp

~~~~~~~~~~~~~~~

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif Malwarebytes Anti-Rootkit

Download Malwarebytes Anti-Rootkit (http://downloads.malwarebytes.org/file/mbar)
Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkit1_zps4613be8c.png


Please click by the introduction screen on the Next button to continue.


http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkit2update_zpsf85fca28.png


Next you will see the Update Database screen.
Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.


http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitupdatecomplete_zpscf9f4cdb.png


When the update has finished, click on the Next button.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitscan_zps9b346fe7.png


Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitscan-results_zps9f0fdf8e.png


When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
Make sure everything is selected and that the option to create a restore point is checked.
Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
Click on Yes button to restart your computer.

There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.

For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.


The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

rudebadger
2015-10-22, 01:12
I ran MBAR but it did not find anything here are the logs:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.18059

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.120000 GHz
Memory total: 8570265600, free: 6165397504

Downloaded database version: v2015.10.21.07
Downloaded database version: v2015.10.16.01
Downloaded database version: v2015.10.21.01
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
10/21/2015 22:55:14
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\jraid.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\DRIVERS\cmderd.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\cmdguard.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\cmdhlp.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\inspect.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\AppleCharger.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\System32\Drivers\EtronXHCI.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\netr28x.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\WmBEnum.sys
\SystemRoot\system32\drivers\WmXlCore.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\System32\Drivers\EtronHub3.sys
\SystemRoot\System32\Drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtHDMIVX.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\CORK70.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\drivers\SnakeEyes.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\dokan.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\gdrv.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!

Scan started
Database versions:
main: v2015.10.21.07
rootkit: v2015.10.16.01

<<<2>>>
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007253060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80072340a0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007253060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80069e2450, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8006ff6680, DeviceName: \Device\Ide\IdeDeviceP0T1L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007234790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80071369a0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007234790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006ff9520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8006ff2060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: DEAEFB8F

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 1953519616
Partition is not bootable
Partition file system is NTFS

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Drive 1
This is a System drive
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B8A0EC17

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition is bootable
Partition file system is NTFS

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 351442944
Partition is not bootable
Partition file system is NTFS

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable

Disk Size: 180045766656 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.18059

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.120000 GHz
Memory total: 8570265600, free: 6424834048

=======================================

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
main: v2015.10.21.07
rootkit: v2015.10.16.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18059
Ollie :: GAMING-PC [administrator]

21/10/2015 22:55:23
mbar-log-2015-10-21 (22-55-23).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 386084
Time elapsed: 9 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Unfortunately, I am still getting the redirects :(

Juliet
2015-10-22, 03:41
It's like it reinfected and now I'm just not seeing it.


Right-Click FRST.exe / FRST64.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.


~~~~~~~~~~~

Please download RogueKiller and save it to your desktop.

You can check here (http://support.microsoft.com/kb/827218) if you're not sure if your computer is 32-bit or 64-bit

Download RogueKiller (http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe) to your desktop.


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes Close the program > Don't Fix anything!
Don't run any other options, they're not all bad!!
Post back the report which should be located on your desktop.

rudebadger
2015-10-22, 04:40
Yeah its almost like the infection is worse now :(

I followed the instructions about updating everything earlier but a few of the times that it has redirected it has popped up that I need to update flashplayer.

Not sure if it helps, but I noticed that a lot of the redirects go to a web page called startnewtab & then to several other pages.

Here are the logs:

RogueKiller V10.11.2.0 [Oct 20 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ollie [Administrator]
Started from : C:\Users\Ollie\Desktop\RogueKiller.exe
Mode : Scan -- Date : 10/22/2015 02:29:24

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-9YN162 ATA Device +++++
--- User ---
[MBR] 24b2680c40d1268291dfa912613e6822
[BSP] 921765b9950be56b821162cd46adb8e1 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Corsair Force 3 SSD ATA Device +++++
--- User ---
[MBR] 7c905eea817878e84145ee4d942fe8c4
[BSP] 43eb0f86a7769b95c572877efa27ef7f : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 171603 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-10-2015 01
Ran by Ollie (administrator) on GAMING-PC (22-10-2015 02:14:55)
Running from C:\Users\Ollie\Desktop
Loaded Profiles: Ollie (Available Profiles: Ollie & Lisa)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
() C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Edimax\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Edimax\Common\RaRegistry64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Edimax Technology Co.) C:\Program Files (x86)\Edimax\Common\RaUI.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(Corsair Components Inc) C:\Program Files (x86)\Corsair\M95 Mouse\M95Hid.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Corsair Components Inc) C:\Program Files (x86)\Corsair\M95 Mouse\CorsTra.exe
(Corsair Components Inc) C:\Program Files (x86)\Corsair\M65 Mouse\M65Hid.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Gaming Headset Software\HeadsetControlPanel.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(MY.COM B.V.) C:\Users\Ollie\AppData\Local\MyComGames\MyComGames.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2014-08-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2014-08-05] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-08-06] (COMODO)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-17] (Apple Inc.)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43608 2010-09-07] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-17] (Apple Inc.)
HKLM-x32\...\Run: [Corsair Duke] => C:\Program Files (x86)\Corsair\M95 Mouse\M95Hid.exe [1771520 2013-08-15] (Corsair Components Inc)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Corsair M65 Mouse] => C:\Program Files (x86)\Corsair\M65 Mouse\M65Hid.exe [1766912 2013-08-15] (Corsair Components Inc)
HKLM-x32\...\Run: [Corsair Gaming Headset Software] => C:\Program Files (x86)\Corsair\Corsair Gaming Headset Software\HeadsetControlPanel.exe [2918152 2014-08-18] (Corsair Components, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-21] (Oracle Corporation)
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7777560 2014-11-13] (SUPERAntiSpyware)
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2901584 2015-10-16] (Valve Corporation)
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-30] (Safer-Networking Ltd.)
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\Run: [MyComGames] => C:\Users\Ollie\AppData\Local\MyComGames\MyComGames.exe [4235208 2015-10-22] (MY.COM B.V.)
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-21] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-10-17]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-10-17]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Utility.lnk [2012-11-09]
ShortcutTarget: Wireless Utility.lnk -> C:\Program Files (x86)\Edimax\Common\RaUI.exe (Edimax Technology Co.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{023BED95-0A6C-4A68-8987-05741C533FF6}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{603A00DB-9D40-47FE-A688-300242898DC5}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{603A00DB-9D40-47FE-A688-300242898DC5}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3501653021-3640964384-1111194576-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-21] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-21] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Ollie\AppData\Roaming\Mozilla\Firefox\Profiles\utkgrewf.default-1445277530700
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-21] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-25] (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3501653021-3640964384-1111194576-1000: @my.com/Games -> C:\Users\Ollie\AppData\Local\MyComGames\NPMyComDetector.dll [2015-10-01] (My.com, Inc)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-17] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-09-07] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-06] (COMODO)
S3 DAUpdaterSvc; C:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare)
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () [File not signed]
R2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342240 2015-10-06] (Futuremark)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-04-12] (Nero AG)
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72280 2010-09-07] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-17] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-17] (Malwarebytes)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AODDriver; C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21184 2015-08-05] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [806032 2015-08-05] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45856 2015-08-05] (COMODO)
R3 CORK70; C:\Windows\System32\drivers\CORK70.sys [25600 2012-10-31] ( )
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider)
S3 DUKEMS; C:\Windows\System32\drivers\DUKEMS.sys [25600 2012-08-16] ( )
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-08-02] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105096 2015-08-05] (COMODO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-17] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-22] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-17] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SnakeEyes; C:\Windows\System32\drivers\SnakeEyes.sys [25600 2012-09-05] ( )
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-22 02:14 - 2015-10-22 02:15 - 00015908 _____ C:\Users\Ollie\Desktop\FRST.txt
2015-10-21 22:55 - 2015-10-21 23:05 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-10-21 22:54 - 2015-10-21 23:05 - 00000000 ____D C:\Users\Ollie\Desktop\mbar
2015-10-21 22:43 - 2015-10-21 22:43 - 00000000 ____D C:\Users\Ollie\AppData\Roaming\Sun
2015-10-21 22:43 - 2015-10-21 22:43 - 00000000 ____D C:\Users\Ollie\.oracle_jre_usage
2015-10-21 22:42 - 2015-10-21 22:42 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-21 22:42 - 2015-10-21 22:42 - 00000000 ____D C:\Users\Ollie\AppData\LocalLow\Oracle
2015-10-21 22:41 - 2015-10-21 22:41 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-21 22:41 - 2015-10-21 22:41 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-10-21 22:40 - 2015-10-21 22:40 - 00584288 _____ (Oracle Corporation) C:\Users\Ollie\Downloads\jxpiinstall.exe
2015-10-21 22:37 - 2015-10-21 22:37 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Ollie\Desktop\mbar-1.09.3.1001.exe
2015-10-21 22:00 - 2015-10-21 22:00 - 00000000 ____D C:\Users\Ollie\AppData\LocalLow\Adobe
2015-10-21 21:57 - 2015-10-21 21:57 - 18833096 _____ (Adobe Systems Incorporated) C:\Users\Ollie\Downloads\install_flash_player_19_plugin.exe
2015-10-21 18:56 - 2015-10-21 18:56 - 00022798 _____ C:\ComboFix.txt
2015-10-21 18:41 - 2015-10-21 18:36 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-10-21 18:41 - 2015-10-21 18:36 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-10-21 18:41 - 2015-10-21 18:36 - 00256000 _____ C:\Windows\PEV.exe
2015-10-21 18:41 - 2015-10-21 18:36 - 00208896 _____ C:\Windows\MBR.exe
2015-10-21 18:41 - 2015-10-21 18:36 - 00098816 _____ C:\Windows\sed.exe
2015-10-21 18:41 - 2015-10-21 18:36 - 00080412 _____ C:\Windows\grep.exe
2015-10-21 18:41 - 2015-10-21 18:36 - 00068096 _____ C:\Windows\zip.exe
2015-10-21 18:41 - 2015-10-21 18:36 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-10-21 18:37 - 2015-10-21 18:57 - 00000000 ____D C:\Qoobox
2015-10-21 18:36 - 2015-10-21 18:53 - 00000000 ____D C:\Windows\erdnt
2015-10-20 23:13 - 2015-10-20 23:13 - 00000877 _____ C:\Users\Ollie\Desktop\checkup.txt
2015-10-20 22:42 - 2015-10-21 18:36 - 05637184 ____R (Swearware) C:\Users\Ollie\Desktop\ComboFix.exe
2015-10-20 22:41 - 2015-10-20 22:41 - 00852720 _____ C:\Users\Ollie\Desktop\SecurityCheck.exe
2015-10-20 19:10 - 2015-10-20 19:10 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-20 19:10 - 2015-10-20 19:10 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-10-20 19:10 - 2015-10-20 19:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-20 19:04 - 2015-10-20 19:04 - 42710448 _____ C:\Users\Ollie\Downloads\Firefox Setup 41.0.2.exe
2015-10-20 07:45 - 2015-10-20 07:45 - 00002388 _____ C:\Users\Ollie\Desktop\esetscan.txt
2015-10-18 18:04 - 2015-10-18 18:04 - 00001936 _____ C:\Users\Ollie\Desktop\esetresults.txt
2015-10-18 11:37 - 2015-10-18 11:37 - 00001050 _____ C:\Users\Ollie\Desktop\mbam.txt
2015-10-18 01:53 - 2015-10-18 01:53 - 00319952 _____ C:\Windows\Minidump\101815-13088-01.dmp
2015-10-18 01:45 - 2015-10-18 01:45 - 00000736 _____ C:\Users\Ollie\Desktop\JRT.txt
2015-10-18 01:31 - 2015-10-18 01:31 - 01801288 _____ (Malwarebytes) C:\Users\Ollie\Downloads\JRT.exe
2015-10-18 01:28 - 2015-10-18 01:28 - 00001245 _____ C:\Users\Ollie\Desktop\AdwCleaner[C3].txt
2015-10-18 01:23 - 2015-10-17 02:15 - 01682432 _____ C:\Users\Ollie\Desktop\adwcleaner_5.013.exe
2015-10-18 01:14 - 2015-10-22 02:14 - 00000000 ____D C:\Users\Ollie\Desktop\FRST-OlderVersion
2015-10-17 17:05 - 2015-10-18 01:55 - 00001438 _____ C:\Users\Ollie\Desktop\bsod.txt
2015-10-17 17:03 - 2015-10-17 17:03 - 00276880 _____ C:\Windows\Minidump\101715-13603-01.dmp
2015-10-17 16:27 - 2015-10-17 16:27 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-10-17 16:27 - 2015-10-17 16:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-10-17 16:27 - 2015-10-17 16:27 - 00000000 ____D C:\Program Files\iTunes
2015-10-17 16:27 - 2015-10-17 16:27 - 00000000 ____D C:\Program Files\iPod
2015-10-17 16:26 - 2015-10-17 16:26 - 00000000 ____D C:\Program Files\Bonjour
2015-10-17 16:26 - 2015-10-17 16:26 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-10-17 16:25 - 2015-10-17 16:25 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2015-10-17 16:25 - 2015-10-17 16:25 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-10-17 12:34 - 2015-10-17 12:43 - 00000000 ____D C:\Users\Ollie\AppData\Local\WinZip
2015-10-17 12:34 - 2015-10-17 12:42 - 00000000 ____D C:\ProgramData\WinZip
2015-10-17 12:34 - 2015-10-17 12:34 - 00002287 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-10-17 12:34 - 2015-10-17 12:34 - 00002281 _____ C:\Users\Public\Desktop\WinZip.lnk
2015-10-17 12:34 - 2015-10-17 12:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-10-17 12:34 - 2015-10-17 12:34 - 00000000 ____D C:\Program Files\WinZip
2015-10-17 04:45 - 2015-10-17 04:45 - 00002301 _____ C:\Users\Ollie\Desktop\aswMBR.txt
2015-10-17 04:45 - 2015-10-17 04:45 - 00000512 _____ C:\Users\Ollie\Desktop\MBR.dat
2015-10-17 04:20 - 2015-10-17 04:20 - 05198336 _____ (AVAST Software) C:\Users\Ollie\Desktop\aswMBR.exe
2015-10-17 04:18 - 2015-10-22 02:14 - 02196480 _____ (Farbar) C:\Users\Ollie\Desktop\FRST64.exe
2015-10-17 04:18 - 2015-10-22 02:14 - 00000000 ____D C:\FRST
2015-10-17 04:16 - 2015-10-18 01:12 - 00000000 ____D C:\Springclean
2015-10-17 04:15 - 2015-10-17 04:15 - 00000207 _____ C:\Windows\tweaking.com-regbackup-GAMING-PC-Windows-7-Home-Premium-(64-bit).dat
2015-10-17 04:15 - 2015-10-17 04:15 - 00000000 ____D C:\RegBackup
2015-10-17 04:14 - 2015-10-17 04:14 - 00002239 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-10-17 04:14 - 2015-10-17 04:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-10-17 04:14 - 2015-10-17 04:14 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-10-17 04:13 - 2015-10-17 04:13 - 04777232 _____ (Tweaking.com) C:\Users\Ollie\Downloads\tweaking.com_registry_backup_setup.exe
2015-10-17 03:50 - 2015-10-17 03:50 - 10357568 _____ (SurfRight B.V.) C:\Users\Ollie\Downloads\HitmanPro.exe
2015-10-17 02:56 - 2015-10-17 02:56 - 02870984 _____ (ESET) C:\Users\Ollie\Desktop\esetsmartinstaller_enu.exe
2015-10-17 02:22 - 2015-10-21 23:05 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-17 02:22 - 2015-10-17 02:22 - 22908888 _____ (Malwarebytes ) C:\Users\Ollie\Downloads\mbam-setup-2.2.0.1024.exe
2015-10-17 02:22 - 2015-10-17 02:22 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-17 02:22 - 2015-10-17 02:22 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-17 02:22 - 2015-10-17 02:22 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-17 02:22 - 2015-10-17 02:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-17 02:22 - 2015-10-17 02:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-17 02:15 - 2015-10-17 02:15 - 01682432 _____ C:\Users\Ollie\Downloads\adwcleaner_5.013.exe
2015-10-17 01:52 - 2015-10-17 01:53 - 00000874 _____ C:\AdwCleaner[S5].txt
2015-10-13 20:38 - 2015-10-13 20:38 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-13 20:38 - 2015-10-13 20:38 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-13 20:38 - 2015-10-13 20:38 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-13 20:38 - 2015-10-13 20:38 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-13 20:38 - 2015-10-13 20:38 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-13 20:38 - 2015-10-13 20:38 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-13 20:38 - 2015-10-13 20:38 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-13 20:38 - 2015-10-13 20:38 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-13 20:38 - 2015-09-16 05:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-13 20:38 - 2015-09-16 05:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-13 20:38 - 2015-09-16 04:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-13 20:38 - 2015-09-16 04:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-13 20:37 - 2015-10-13 20:37 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-13 20:37 - 2015-10-13 20:37 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-13 20:37 - 2015-10-13 20:37 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-13 20:37 - 2015-10-13 20:37 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-13 20:37 - 2015-10-13 20:37 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-13 20:37 - 2015-10-13 20:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-10 12:33 - 2015-10-10 12:33 - 00000812 _____ C:\AdwCleaner[S4].txt
2015-10-06 18:23 - 2015-10-06 18:23 - 00000022 _____ C:\Windows\GPU-Z.INI
2015-10-06 18:22 - 2015-10-06 18:22 - 00000000 ____D C:\Program Files (x86)\Futuremark
2015-10-06 18:21 - 2015-10-06 18:23 - 00000000 ____D C:\Users\Ollie\Documents\3DMark 11
2015-10-06 18:21 - 2015-10-06 18:21 - 02883584 _____ C:\Users\Ollie\Downloads\Futuremark_SystemInfo_v440_installer.msi
2015-10-06 18:21 - 2015-10-06 18:21 - 00000000 ____D C:\Users\Ollie\AppData\Local\IsolatedStorage
2015-10-06 18:21 - 2015-10-06 18:21 - 00000000 ____D C:\Users\Ollie\AppData\Local\Futuremark
2015-10-06 18:11 - 2015-10-06 18:11 - 00001227 _____ C:\Users\Public\Desktop\3DMark 11.lnk
2015-10-06 18:11 - 2015-10-06 18:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
2015-10-06 18:11 - 2015-10-06 18:11 - 00000000 ____D C:\Program Files\Futuremark
2015-10-06 18:05 - 2015-10-06 18:08 - 271860249 _____ C:\Users\Ollie\Downloads\3DMark11-v1-0-132.zip
2015-10-06 18:04 - 2015-10-06 18:05 - 12261072 _____ (Novawave Inc. ) C:\Users\Ollie\Downloads\novabench3.exe
2015-10-05 23:30 - 2015-10-05 23:30 - 01199856 _____ ( ) C:\Users\Ollie\Downloads\hwmonitor_1.28.exe
2015-10-05 23:30 - 2015-10-05 23:30 - 00000930 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2015-10-05 23:30 - 2015-10-05 23:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-10-05 23:30 - 2015-10-05 23:30 - 00000000 ____D C:\Program Files\CPUID
2015-10-02 22:04 - 2015-10-02 22:06 - 300806184 _____ (AMD Inc.) C:\Users\Ollie\Downloads\amd-catalyst-15.7.1-with-dotnet45-win7-64bit.exe
2015-10-02 21:57 - 2015-10-02 21:57 - 04288048 _____ C:\Users\Ollie\Downloads\memtest86-iso.zip
2015-10-02 00:54 - 2015-10-02 06:50 - 00000137 _____ C:\Users\Ollie\Desktop\Armored Warfare Open Beta.url
2015-10-02 00:54 - 2015-10-02 00:54 - 00000000 ____D C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Armored Warfare MyCom Beta
2015-10-01 00:06 - 2015-10-01 00:06 - 00002017 _____ C:\Users\Ollie\Desktop\My.com Game Center.lnk
2015-10-01 00:06 - 2015-10-01 00:06 - 00000000 ____D C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games
2015-10-01 00:05 - 2015-10-22 02:10 - 00000000 ____D C:\Users\Ollie\AppData\Local\MyComGames
2015-10-01 00:05 - 2015-10-01 00:05 - 05481456 _____ (MY.COM B.V.) C:\Users\Ollie\Downloads\ArmwarMycomLoader.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-22 02:08 - 2015-03-30 19:20 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2015-10-22 01:59 - 2013-06-02 23:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-22 00:14 - 2015-05-02 00:44 - 00021141 _____ C:\Windows\setupact.log
2015-10-22 00:03 - 2014-04-12 13:03 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-21 22:56 - 2009-07-14 05:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-21 22:56 - 2009-07-14 05:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-21 22:55 - 2009-07-14 06:13 - 00159100 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-21 22:52 - 2014-09-10 01:23 - 00000000 ____D C:\Users\Ollie\AppData\Local\Adobe
2015-10-21 22:52 - 2012-11-09 17:45 - 01070470 _____ C:\Windows\WindowsUpdate.log
2015-10-21 22:50 - 2013-08-03 00:23 - 00000000 ____D C:\Users\Ollie\AppData\Local\HTC MediaHub
2015-10-21 22:50 - 2013-06-13 20:27 - 00000000 ____D C:\Program Files (x86)\Steam
2015-10-21 22:49 - 2012-11-09 18:23 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-10-21 22:49 - 2012-11-09 17:55 - 00000144 _____ C:\service.log
2015-10-21 22:49 - 2010-11-21 04:47 - 00426282 _____ C:\Windows\PFRO.log
2015-10-21 22:49 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-21 22:44 - 2013-10-19 01:44 - 00000000 ____D C:\ProgramData\Oracle
2015-10-21 22:43 - 2014-10-23 22:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-21 22:43 - 2014-10-23 22:50 - 00000000 ____D C:\Program Files (x86)\Java
2015-10-21 22:43 - 2012-11-09 17:45 - 00000000 ____D C:\Users\Ollie
2015-10-21 22:42 - 2014-10-23 22:51 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-10-21 22:41 - 2015-07-10 23:13 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-10-21 22:41 - 2012-11-10 01:52 - 00000000 ____D C:\ProgramData\Adobe
2015-10-21 22:00 - 2012-11-10 01:52 - 00000000 ____D C:\Users\Ollie\AppData\Roaming\Adobe
2015-10-21 21:58 - 2013-06-02 23:34 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-21 21:58 - 2012-11-10 01:52 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-21 21:58 - 2012-11-10 01:52 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-21 21:57 - 2012-11-10 18:40 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-10-21 21:56 - 2009-07-14 06:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-21 18:57 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2015-10-21 18:52 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2015-10-21 18:41 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2015-10-21 00:35 - 2015-04-21 10:26 - 03132778 _____ C:\Windows\system32\Drivers\fvstore.dat
2015-10-20 19:05 - 2014-11-18 01:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-19 22:34 - 2012-11-09 17:45 - 00001160 _____ C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-18 01:53 - 2013-06-01 01:41 - 00000000 ____D C:\Windows\Minidump
2015-10-18 01:26 - 2015-08-06 20:04 - 00000000 ____D C:\AdwCleaner
2015-10-18 01:15 - 2014-02-23 22:55 - 00000000 ____D C:\Users\Ollie\AppData\LocalLow\Temp
2015-10-17 16:27 - 2013-06-08 17:23 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-10-17 16:27 - 2013-05-28 14:09 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-10-17 16:26 - 2015-08-12 16:03 - 00096528 _____ (Apple Inc.) C:\Windows\system32\dns-sd.exe
2015-10-17 16:26 - 2015-08-12 16:03 - 00084240 _____ (Apple Inc.) C:\Windows\SysWOW64\dns-sd.exe
2015-10-17 16:25 - 2013-05-28 14:09 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-10-17 11:33 - 2015-05-17 13:17 - 00000000 ____D C:\Windows\rescache
2015-10-17 04:35 - 2014-10-21 22:37 - 00001728 _____ C:\Users\Ollie\Desktop\details.txt
2015-10-14 00:05 - 2013-08-15 02:01 - 00000000 ____D C:\Windows\system32\MRT
2015-10-14 00:03 - 2012-11-10 17:17 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-13 20:29 - 2015-07-17 22:36 - 00066544 _____ C:\Users\Lisa\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-13 20:29 - 2015-07-17 22:36 - 00000000 ____D C:\Users\Lisa\AppData\Local\HTC MediaHub
2015-10-11 16:24 - 2015-04-25 19:58 - 00000057 _____ C:\Users\Ollie\Desktop\cooling.txt
2015-10-09 23:33 - 2015-02-21 17:55 - 00000000 ____D C:\Users\Ollie\AppData\Local\Steam
2015-10-06 18:11 - 2012-11-09 20:10 - 00496911 _____ C:\Windows\DirectX.log
2015-10-06 18:10 - 2014-08-05 15:57 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-05 21:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2012-12-19 23:21 - 2012-12-19 23:21 - 0000111 _____ () C:\Users\Ollie\AppData\Roaming\adu.xml
2014-08-05 17:40 - 2014-08-05 17:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-21 19:19

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-10-2015 01
Ran by Ollie (2015-10-22 02:15:21)
Running from C:\Users\Ollie\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-11-09 16:45:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3501653021-3640964384-1111194576-500 - Administrator - Disabled)
Guest (S-1-5-21-3501653021-3640964384-1111194576-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3501653021-3640964384-1111194576-1002 - Limited - Enabled)
Lisa (S-1-5-21-3501653021-3640964384-1111194576-1009 - Limited - Enabled) => C:\Users\Lisa
Ollie (S-1-5-21-3501653021-3640964384-1111194576-1000 - Administrator - Enabled) => C:\Users\Ollie

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: COMODO Antivirus (Enabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}
AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.24 - GIGABYTE)
3DMark 11 (HKLM-x32\...\{f9e83b9c-ab7e-4005-8f32-4ea69703a5e4}) (Version: 1.0.132.0 - Futuremark)
3DMark 11 (Version: 1.0.132.0 - Futuremark) Hidden
7-Zip 15.06 beta (HKLM-x32\...\7-Zip) (Version: 15.06 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{A50679D9-6CBD-4FCD-BACB-62EF3894F6F3}) (Version: 4.0.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{1F72FDD5-A069-45B4-928F-D0F16492DC69}) (Version: 4.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Armored Warfare MyCom Beta (HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\Armored Warfare MyCom Beta) (Version: 1.45 - My.com B.V.)
Aslain's XVM WoT Modpack version 4.6.8 (HKLM-x32\...\ZRwTINhSZfduKONYrSCTiCiGPggQZdcLRvoAVxyCOXXpkHeC~1DC3968F_is1) (Version: 4.6.8 - Aslain)
AutoGreen B12.0206.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B12.0206.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
COMODO Internet Security Premium (HKLM\...\{68BE8BAB-5375-4C99-9116-1808F5968D40}) (Version: 8.1.0.4426 - COMODO Security Solutions Inc.)
Corsair Gaming Headset Software (HKLM-x32\...\{6118E939-08B6-4180-8B5B-97836617813B}) (Version: 2.0.35 - Corsair)
Corsair K70 Firmware Update Application (HKLM-x32\...\{8C9DA353-2101-4658-BAA7-53F88EA0D3AB}_is1) (Version: - )
Corsair M65 Firmware Update Application (HKLM-x32\...\{29484F2D-404A-4EF6-B774-DF5EC5BDF481}_is1) (Version: - )
Corsair M65 Gaming Mouse Driver V1.0 (HKLM-x32\...\{62CC0366-207F-4BC3-97B1-4D4615B5BF0B}_is1) (Version: 1.00.00.11 - )
Corsair M95 Firmware Update Application (HKLM-x32\...\{4E44154D-0699-4D6C-996F-66D47B9A40D2}_is1) (Version: - )
Corsair M95 Gaming Mouse Driver V1.0 (HKLM-x32\...\{9C9EA6B0-2138-4111-BF26-9D0D40D12C0F}_is1) (Version: 1.00.00.14 - )
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Crusader Kings II (HKLM-x32\...\Steam App 203770) (Version: - Paradox Development Studio)
Dokan Library 0.6.0 (HKLM-x32\...\DokanLibrary) (Version: - )
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.04 - Electronic Arts, Inc.)
Easy Tune 6 B12.0509.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B12.0509.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
EasySaver B9.1214.1 (HKLM-x32\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)
Edimax RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.5.0 - Edimax)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Etron USB3.0 Host Controller (x32 Version: 0.104 - Etron Technology) Hidden
Everything 1.3.4.686 (x86) (HKLM-x32\...\Everything) (Version: - )
Futuremark SystemInfo (HKLM-x32\...\{185D7B00-8600-4716-A619-D8CBE689974B}) (Version: 4.40.560.0 - Futuremark)
Gigabyte Raid Configurer (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.63.1 - GIGABYTE Technologies, Inc.)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.3.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{F838C3DD-5785-4F19-AD0F-BD532C8A31F4}) (Version: 2.1.46.0 - HTC)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{96984DE8-1DB8-425C-AC8C-3098BC696F04}) (Version: 12.3.0.44 - Apple Inc.)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version: - Monolith Productions, Inc.)
Mount & Blade (HKLM-x32\...\Steam App 22100) (Version: - TaleWorlds Entertainment)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - TaleWorlds Entertainment)
Mount & Blade: With Fire and Sword (HKLM-x32\...\Steam App 48720) (Version: - TaleWorlds Entertainment)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My.com Game Center (HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\MyComGames) (Version: 3.147 - My.com B.V.)
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
ON_OFF Charge B11.1102.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7106 - Realtek Semiconductor Corp.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.3.1 - Tweaking.com)
Warhammer® 40,000™: Dawn of War® II - Chaos Rising™ (HKLM-x32\...\Steam App 20570) (Version: - Relic Entertainment)
Warhammer® 40,000™: Dawn of War® II (HKLM-x32\...\Steam App 15620) (Version: - Relic Entertainment)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}) (Version: 19.5.11532 - WinZip Computing, S.L. )
World of Tanks (HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net)
World of Warships (HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814eu}_is1) (Version: - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

18-10-2015 19:00:03 Windows Backup
19-10-2015 22:34:24 Restore Point Created by FRST
21-10-2015 18:41:45 ComboFix created restore point

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-10-21 18:52 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {21FD3B25-29C2-447F-93CA-F418B38D494D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-21] (Adobe Systems Incorporated)
Task: {2AE452DD-7663-4C08-86D9-150C6FD9B29D} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-06] (COMODO)
Task: {3FACD55F-1894-47BD-ADAA-04DFE5A5BCFD} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-06] (COMODO)
Task: {4876F49D-22CB-4F76-99FA-369E2AF0EED8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-21] (Adobe Systems Incorporated)
Task: {4DA682FB-99CB-4AEA-AF79-8060720E11A4} - System32\Tasks\{F792DE50-AA36-4F10-8148-9E7EF9D76636} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {633F2494-35E3-4DE2-A618-4E7E55AE10BB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-10-17] (Apple Inc.)
Task: {73C1E663-DBDF-45F2-BAE0-A9C921E39E62} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-06] (COMODO)
Task: {99146579-3923-4B7C-B229-3DA59088957D} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-06] (COMODO)
Task: {B3390CAB-97E0-4E55-B694-1DEB10AD59E3} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-06] (COMODO)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-23 16:47 - 2015-09-23 16:47 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-01-10 13:49 - 2011-01-10 13:49 - 00014848 _____ () C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
2012-11-09 17:55 - 2009-08-24 15:38 - 00068136 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
2012-11-09 18:01 - 2010-09-07 10:46 - 00072280 ____R () C:\Windows\SysWOW64\XSrvSetup.exe
2013-08-03 00:22 - 2012-12-07 17:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2013-08-01 20:33 - 2013-08-01 20:33 - 00169312 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2013-04-15 17:39 - 2015-01-08 23:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2012-11-09 17:55 - 2009-03-13 12:30 - 00109096 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\YCC.DLL
2013-08-01 20:31 - 2013-08-01 20:31 - 00030056 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2013-08-01 20:32 - 2013-08-01 20:32 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2013-08-01 20:32 - 2013-08-01 20:32 - 00044392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2013-08-01 20:32 - 2013-08-01 20:32 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2013-08-01 20:33 - 2013-08-01 20:33 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2013-08-01 20:40 - 2013-08-01 20:40 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2013-05-06 17:05 - 2015-10-09 23:33 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-19 21:59 - 2015-07-22 16:57 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-19 21:59 - 2015-07-22 16:57 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-19 21:59 - 2015-07-22 16:57 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-07-01 22:21 - 2015-10-16 22:34 - 02423376 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-29 20:56 - 2015-10-09 23:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 20:56 - 2015-10-09 23:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-29 20:56 - 2015-10-09 23:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 20:56 - 2015-10-09 23:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-29 20:56 - 2015-10-09 23:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-06-06 14:06 - 2015-10-16 22:34 - 00705104 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-07-22 16:57 - 2015-10-16 22:34 - 00193024 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2012-11-09 18:28 - 2009-10-07 02:35 - 00901120 _____ () C:\Program Files (x86)\Edimax\Common\RaWLAPI.dll
2013-11-14 23:51 - 2013-05-26 15:40 - 00054272 _____ () C:\Program Files (x86)\Corsair\M95 Mouse\hidGetKey.dll
2014-12-28 18:42 - 2012-05-14 13:41 - 00043008 _____ () C:\Program Files (x86)\Corsair\M65 Mouse\hidGetKey.dll
2013-03-26 16:16 - 2015-10-08 23:20 - 45010208 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-01-19 21:59 - 2015-10-09 23:33 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2015-10-01 00:05 - 2015-10-01 00:05 - 00144896 _____ () C:\Users\Ollie\AppData\Local\MyComGames\zlib1.dll
2015-10-01 00:05 - 2015-10-01 00:05 - 00062464 _____ () C:\Users\Ollie\AppData\Local\MyComGames\pxd.dll
2015-10-01 00:05 - 2015-10-01 00:05 - 00179144 _____ () C:\Users\Ollie\AppData\Local\MyComGames\LightUpdate.dll
2015-10-01 00:05 - 2015-10-22 02:10 - 02339784 _____ () C:\Users\Ollie\AppData\Local\MyComGames\BigUp2.dll
2015-08-26 10:18 - 2015-08-26 10:18 - 50425344 _____ () C:\Users\Ollie\AppData\Local\MyComGames\Chrome\3.2454.1317\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\grep.exe:$CmdTcID
AlternateDataStreams: C:\Windows\MBR.exe:$CmdTcID
AlternateDataStreams: C:\Windows\NIRCMD.exe:$CmdTcID
AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\PEV.exe:$CmdTcID
AlternateDataStreams: C:\Windows\sed.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SWREG.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SWSC.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SWXCACLS.exe:$CmdTcID
AlternateDataStreams: C:\Windows\zip.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aaclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdave64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdhcp64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdmantle64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdmmcl6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdocl_as64.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdocl_ld64.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdpcom64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiadlxx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiapfxx.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atibtmon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aticalcl64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aticaldd64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aticalrt64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aticfx64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atidemgy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atidxx64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atieclxx.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiesrxx.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atig6pxx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atig6txx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiglpxx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atimpc64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atimuixx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atio6axx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ATIODCLI.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ATIODE.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atisamu64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atitmm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiu9p64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiumd64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiumd6a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiuxp64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clinfo.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\coinst_14.50.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dns-sd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\GEARAspi64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jnwmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mantle64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mantleaxl64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OpenCL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OpenVideo64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OVDecode64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aaclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdave32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdhcp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdmantle32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdmmcl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdocl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdocl_as32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdocl_ld32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdpcom32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atiadlxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aticalcl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aticaldd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aticalrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aticfx32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atidxx32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atigktxx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atiglpxx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atimpc32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atioglxx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atisamu32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atiu9pag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atiumdag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atiumdva.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atiuxpag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dns-sd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\GEARAspi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mantle32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mantleaxl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\occache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OpenCL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OpenVideo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OVDecode.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\amdacpksd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ati2erec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\atikmdag.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\atikmdag.sys.bak:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\atikmpag.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\atikmpag.sys.bak:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\adwcleaner_5.013.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\adwcleaner_5.013.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Desktop\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Desktop\aswMBR.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\aswMBR.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Desktop\autodetectutility.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\autodetectutility.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Desktop\ComboFix.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\Display Driver Uninstaller.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\esetsmartinstaller_enu.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\esetsmartinstaller_enu.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Desktop\mbar-1.09.3.1001.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\mbar-1.09.3.1001.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Desktop\SecurityCheck.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\SecurityCheck.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\11713829_1223641617661299_793691498209012780_o.jpg:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\11713829_1223641617661299_793691498209012780_o.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\3DMark11-v1-0-132.zip:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\3DMark11-v1-0-132.zip:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\7z1506.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\7z1506.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\adwcleaner_5.013.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\adwcleaner_5.013.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\amd-catalyst-15.7.1-with-dotnet45-win7-64bit.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\amd-catalyst-15.7.1-with-dotnet45-win7-64bit.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-GB.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-GB.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\ArmwarMycomLoader.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\ArmwarMycomLoader.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\Aslains_XVM_WoT_Modpack_Installer_v.4.6.8_910.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\Aslains_XVM_WoT_Modpack_Installer_v.4.6.8_910.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\Firefox Setup 41.0.2.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\Firefox Setup 41.0.2.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\Futuremark_SystemInfo_v440_installer.msi:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\Futuremark_SystemInfo_v440_installer.msi:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\HitmanPro.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\HitmanPro.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\hwmonitor_1.28.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\hwmonitor_1.28.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\install_flash_player_19_plugin.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\install_flash_player_19_plugin.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\JRT.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\JRT.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\jxpiinstall.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\jxpiinstall.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\mbam-setup-2.2.0.1024.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\mbam-setup-2.2.0.1024.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\memtest86-iso.zip:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\memtest86-iso.zip:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\novabench3.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\novabench3.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\template.jpg:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\template.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\tweaking.com_registry_backup_setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\tweaking.com_registry_backup_setup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\WoT_internet_install_eu.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\WoT_internet_install_eu.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\WoWS_internet_install_eu.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\WoWS_internet_install_eu.exe:$CmdZnID

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 15751 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 156.154.70.22 - 156.154.71.22
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{57693123-6D81-46F1-A29B-103A8316E953}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E2D61947-CAAD-42E6-A1B8-CDF82AF738E9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EBCF617F-C492-448B-999A-A3A5844F0E06}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7F56CF5A-97AA-42E1-8D0D-1449B76DE4FD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{073DFCF0-9ED0-4697-8575-3F8EF5288D1C}] => (Allow) C:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{2BEFBC93-C3B9-4AE5-8B4A-8A3313F8E349}] => (Allow) C:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{7BB94A60-90C9-42DD-B8CE-5BD16827DAE2}] => (Allow) C:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe
FirewallRules: [{F515A6CB-144F-4EAE-AF36-D0AD592FB656}] => (Allow) C:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe
FirewallRules: [{B98CEFF2-7C68-4FD7-BD29-3790DA99F7D8}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{A76D94D3-DAC7-434F-A912-06FDFF7FC774}] => (Allow) C:\Windows\Temp\CMC_DRAGON\restart_helper.exe
FirewallRules: [{0DA5898E-0431-4826-A40E-89F18F20D94D}] => (Allow) C:\Windows\Temp\CMC_DRAGON\restart_helper.exe
FirewallRules: [{DE42BB9A-911F-44F5-B4EE-E42122737169}] => (Allow) C:\Windows\Temp\CMC_DRAGON\restart_helper.exe
FirewallRules: [{9419282F-AAF2-477F-872B-79EC07E6036A}] => (Allow) C:\Windows\Temp\CMC_DRAGON\restart_helper.exe
FirewallRules: [{B8E732A2-36CC-4006-8AE7-333546D71017}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{B9DECAD9-B37A-4B88-BA9F-714FE6F5E80F}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{CB4DAA4C-C6F2-46B4-8507-95E95EAA86A2}] => (Allow) C:\ProgramData\eSafe\eGdpSvc.exe
FirewallRules: [{5D2BFE37-EDB7-425E-BAB7-FACC4CB62731}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
FirewallRules: [{CEB19D6D-7926-4B1A-BDC7-D004D0269E3B}] => (Allow) C:\Games\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{EB9C7AA2-1FB6-492F-A16A-79C7F8924DBD}] => (Allow) C:\Games\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{6C70A579-A7B5-4B3F-9F4B-3447D62338AA}] => (Allow) C:\Games\Dragon Age\DAOriginsLauncher.exe
FirewallRules: [{7373ADBF-766D-4311-A551-A4394298A08A}] => (Allow) C:\Games\Dragon Age\DAOriginsLauncher.exe
FirewallRules: [{B2FA87E4-B840-430B-AC2A-03AF545A3923}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
FirewallRules: [{4A5985A9-48CC-4C5F-8375-B9994F4FB513}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{29484216-7ED3-43B7-8B33-491586C04BA2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A4AD10BE-9F9D-4269-9512-A7D7BA8DB95E}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
FirewallRules: [{4DB5D3D0-3D67-4366-8623-623D3546C952}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{99409EE6-9421-4ABF-9664-0EC0859783CD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7D406204-5B22-458E-858D-C7932BE225EA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{C1552EF1-8A93-41E5-9971-B99AE37CFE43}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [TCP Query User{4ADE1AE1-853C-4DD5-B122-72766D01D087}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{1116679B-E214-4A35-9AEF-F20E714CDF90}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{457A1534-EC97-4D86-879B-D1CD6C063DB7}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{CA9F1D8F-3975-4FBC-A10C-06A235CAA980}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [{5799148E-0D9D-492C-B727-C36BB7F3C1B4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A737F16D-97CA-4E74-A822-1609AD4403B6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{25D9FEB8-19DE-4EBA-9B82-F040D52A6FD6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{373E1A11-BD53-4EE1-897B-208B88A47542}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{CBEBAAEA-FA68-4F34-A1A8-A6F72B81794A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{ABDB5590-65E8-48EE-A5CC-9B9551BDD2D6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{56742189-4528-4262-89E7-32B844C978EA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{089EE90C-4194-45C3-BC1C-30BEC35ED335}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{F1F63541-C8CB-4EDD-A100-3A31C55BC1D7}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{29F53783-B4AC-47A5-9AD7-77FC64CCC00E}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{FE627920-BF0F-4AC9-A32D-6AF150A3C4C5}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{0714BF63-3AC9-482C-A9C2-52A3417E87AB}] => (Allow) C:\Program files (x86)\raidxpert2\apache\bin\httpd.exe
FirewallRules: [{D149B3BC-CB0A-4B9B-BB23-E74022673DD2}] => (Allow) E:\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{90C78A4E-7182-413F-8FC8-F38CC5B0A4C9}] => (Allow) E:\World_of_Tanks\WorldofTanks.exe
FirewallRules: [{17C7B4BE-10DF-45D4-9C9D-563A864BBF61}] => (Allow) E:\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{96B1012E-C482-498B-BEF2-29361399D73C}] => (Allow) E:\World_of_Tanks\WorldofTanks.exe
FirewallRules: [{FA4444DB-2D0B-420C-A84A-97E7E3D1D0EA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War 2\DOW2.exe
FirewallRules: [{0BBB55CE-C27E-40B5-ADF0-CC8B2D5687A0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War 2\DOW2.exe
FirewallRules: [{00511F78-33DB-4A77-9F3D-729BEC001482}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mount and Blade\runme.exe
FirewallRules: [{FF2BB3D8-7FB3-47A9-BFC4-DF9D247154F0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mount and Blade\runme.exe
FirewallRules: [{23A3F365-2D78-4926-983C-BE1CEC56B3D1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{D0C0D638-3339-4F3A-B85E-3CA9F6CE2D7C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{A7968FAC-2277-4DB8-97E8-7C2BBA91DEB1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mount & Blade With Fire and Sword\mb_wfas.exe
FirewallRules: [{E3B34F64-938E-4087-A52B-CDC020F56CA4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mount & Blade With Fire and Sword\mb_wfas.exe
FirewallRules: [{AEA1C473-53E1-4111-8B6B-DAA9DE279F72}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{08F133DF-B3AC-476E-BCA6-6CA3E4B95597}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5FA2A8C0-9FDA-40DB-8894-14F77A579E4B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DC5ECE49-934D-4572-AF28-B65E6EC42A35}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{42D7AE02-59D4-49B1-A4AC-5E61BBC7A955}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/21/2015 10:49:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/21/2015 09:56:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/21/2015 07:21:15 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (10/21/2015 06:35:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/21/2015 12:35:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/20/2015 11:23:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/20/2015 11:22:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/20/2015 11:19:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/20/2015 11:07:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/20/2015 10:25:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/21/2015 06:52:33 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/21/2015 06:51:48 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/21/2015 06:48:14 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/20/2015 12:39:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (10/20/2015 12:39:03 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Ollie\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/20/2015 12:39:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (10/20/2015 12:39:02 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Ollie\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/20/2015 12:39:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (10/20/2015 12:39:02 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Ollie\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/20/2015 12:38:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275


CodeIntegrity:
===================================
Date: 2015-10-21 18:51:48.723
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-10-21 18:51:48.676
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD FX(tm)-8120 Eight-Core Processor
Percentage of memory in use: 29%
Total physical RAM: 8173.24 MB
Available physical RAM: 5793.01 MB
Total Virtual: 16344.69 MB
Available Virtual: 13387.01 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:167.58 GB) (Free:13.03 GB) NTFS
Drive e: (Data drive) (Fixed) (Total:931.51 GB) (Free:649.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DEAEFB8F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 167.7 GB) (Disk ID: B8A0EC17)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=167.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Juliet
2015-10-22, 14:29
Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)



start
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
2014-08-05 17:40 - 2014-08-05 17:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
FirewallRules: [{CB4DAA4C-C6F2-46B4-8507-95E95EAA86A2}] => (Allow) C:\ProgramData\eSafe\eGdpSvc.exe
FirewallRules: [{5D2BFE37-EDB7-425E-BAB7-FACC4CB62731}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
FirewallRules: [{B2FA87E4-B840-430B-AC2A-03AF545A3923}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
FirewallRules: [{A4AD10BE-9F9D-4269-9512-A7D7BA8DB95E}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
end


Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~``

Download the latest version of TDSSKiller from here (http://media.kaspersky.com/utilities/VirusUtilities/EN/tdsskiller.exe) and save it to your Desktop.


http://media.kaspersky.com/utilities/VirusUtilities/EN/tdsskiller.exe

http://www.bleepingcomputer.com/download/tdsskiller/dl/4/





Doubleclick on TDSSKiller.exe to run the application
https://dl.dropbox.com/u/73555776/tdss%20start.JPG

Then click on Change parameters.

https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG

Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.

Click the Start Scan button.


If a suspicious object is detected, the default action will be Skip, click on Continue.

https://dl.dropbox.com/u/73555776/tdss%20threat.JPG

If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Get the report by selecting Reports

https://dl.dropbox.com/u/73555776/tdss%20report.JPG

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


Please copy and paste its contents on your next reply.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please post these 2 logs when finished.

Any improvements?

rudebadger
2015-10-22, 17:57
Ok TDSSkiller did not find anything here is the first log from it:

15:49:17.0005 0x0fb0 TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
15:49:19.0527 0x0fb0 ============================================================
15:49:19.0527 0x0fb0 Current date / time: 2015/10/22 15:49:19.0527
15:49:19.0527 0x0fb0 SystemInfo:
15:49:19.0527 0x0fb0
15:49:19.0527 0x0fb0 OS Version: 6.1.7601 ServicePack: 1.0
15:49:19.0527 0x0fb0 Product type: Workstation
15:49:19.0527 0x0fb0 ComputerName: GAMING-PC
15:49:19.0527 0x0fb0 UserName: Ollie
15:49:19.0527 0x0fb0 Windows directory: C:\Windows
15:49:19.0527 0x0fb0 System windows directory: C:\Windows
15:49:19.0527 0x0fb0 Running under WOW64
15:49:19.0528 0x0fb0 Processor architecture: Intel x64
15:49:19.0528 0x0fb0 Number of processors: 8
15:49:19.0528 0x0fb0 Page size: 0x1000
15:49:19.0528 0x0fb0 Boot type: Normal boot
15:49:19.0528 0x0fb0 ============================================================
15:49:19.0596 0x0fb0 KLMD registered as C:\Windows\system32\drivers\85026493.sys
15:49:19.0771 0x0fb0 System UUID: {ABB56114-858B-C825-6063-BE713EC172DC}
15:49:24.0245 0x0fb0 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:49:24.0245 0x0fb0 Drive \Device\Harddisk1\DR1 - Size: 0x29EB906000 ( 167.68 Gb ), SectorSize: 0x200, Cylinders: 0x5AD9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
15:49:24.0261 0x0fb0 ============================================================
15:49:24.0261 0x0fb0 \Device\Harddisk0\DR0:
15:49:24.0261 0x0fb0 MBR partitions:
15:49:24.0261 0x0fb0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
15:49:24.0261 0x0fb0 \Device\Harddisk1\DR1:
15:49:24.0261 0x0fb0 MBR partitions:
15:49:24.0261 0x0fb0 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:49:24.0261 0x0fb0 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x14F29800
15:49:24.0261 0x0fb0 ============================================================
15:49:24.0261 0x0fb0 C: <-> \Device\Harddisk1\DR1\Partition2
15:49:24.0292 0x0fb0 E: <-> \Device\Harddisk0\DR0\Partition1
15:49:24.0292 0x0fb0 ============================================================
15:49:24.0292 0x0fb0 Initialize success
15:49:24.0292 0x0fb0 ============================================================
15:49:31.0375 0x1448 ============================================================
15:49:31.0375 0x1448 Scan started
15:49:31.0375 0x1448 Mode: Manual; SigCheck; TDLFS;
15:49:31.0375 0x1448 ============================================================
15:49:31.0375 0x1448 KSN ping started
15:49:33.0824 0x1448 KSN ping finished: true
15:49:34.0089 0x1448 ================ Scan system memory ========================
15:49:34.0089 0x1448 System memory - ok
15:49:34.0089 0x1448 ================ Scan services =============================
15:49:34.0105 0x1448 [ 970C70F6B2953ED43822D3797855D84C, CB22723678B514277BC6E6DDDD206F3B2377CD889C9D473A47A7056BE597BC6B ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
15:49:34.0151 0x1448 !SASCORE - ok
15:49:34.0214 0x1448 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
15:49:34.0229 0x1448 1394ohci - ok
15:49:34.0245 0x1448 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:49:34.0261 0x1448 ACPI - ok
15:49:34.0261 0x1448 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:49:34.0276 0x1448 AcpiPmi - ok
15:49:34.0292 0x1448 [ F6CEFEF46986DE02A3AE5D93AE32B5DC, 903EC5A7B40F4F6B2F3378EFFE8DF28667B88061CDF681C44F2E4FE39B62959E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:49:34.0292 0x1448 AdobeARMservice - ok
15:49:34.0323 0x1448 [ 8C194A201698B4B4F77D974549819D1F, 081A2496FE1CE519E48677D99A831FF1FEEB1B33C75224CF288FA52F3E0E5FF0 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:49:34.0339 0x1448 AdobeFlashPlayerUpdateSvc - ok
15:49:34.0354 0x1448 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:49:34.0385 0x1448 adp94xx - ok
15:49:34.0385 0x1448 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:49:34.0401 0x1448 adpahci - ok
15:49:34.0417 0x1448 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:49:34.0432 0x1448 adpu320 - ok
15:49:34.0432 0x1448 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:49:34.0463 0x1448 AeLookupSvc - ok
15:49:34.0479 0x1448 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
15:49:34.0495 0x1448 AFD - ok
15:49:34.0510 0x1448 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
15:49:34.0510 0x1448 agp440 - ok
15:49:34.0526 0x1448 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
15:49:34.0526 0x1448 ALG - ok
15:49:34.0541 0x1448 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
15:49:34.0541 0x1448 aliide - ok
15:49:34.0557 0x1448 [ 2998362D1E550F0C990D77E34415BEB6, 36BBC575DFE0CBD5BC4AF9AD8B54DCEF950E93AF48884D6523457071296514CC ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:49:34.0573 0x1448 AMD External Events Utility - ok
15:49:34.0573 0x1448 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
15:49:34.0588 0x1448 amdide - ok
15:49:34.0588 0x1448 [ 6A2EEB0C4133B20773BB3DD0B7B377B4, E4CB35C6937C70A145A13E5AE5B34A271B49101DA623171ACBFDA8601E5A70EA ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
15:49:34.0604 0x1448 amdiox64 - ok
15:49:34.0619 0x1448 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:49:34.0619 0x1448 AmdK8 - ok
15:49:35.0056 0x1448 [ A87FC6E3670DB55788184FE3A3808712, 2366E7423B4EBC6E12F0C172246E4D2D3BDD702193FA6955A08180FFFCB217B9 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:49:35.0477 0x1448 amdkmdag - ok
15:49:35.0524 0x1448 [ 971F3B12C24BB83B48F8CCA2ED019906, E4757480DFF2678E3C7897F6E720EEFF76D452707FC87401B209FE533BFC3210 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
15:49:35.0555 0x1448 amdkmdap - ok
15:49:35.0571 0x1448 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:49:35.0571 0x1448 AmdPPM - ok
15:49:35.0587 0x1448 [ 6EC6D772EAE38DC17C14AED9B178D24B, B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:49:35.0587 0x1448 amdsata - ok
15:49:35.0602 0x1448 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
15:49:35.0618 0x1448 amdsbs - ok
15:49:35.0618 0x1448 [ 1142A21DB581A84EA5597B03A26EBAA0, F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:49:35.0618 0x1448 amdxata - ok
15:49:35.0633 0x1448 [ B934322C68C30DCECA96C0274A51F7B0, 5A0B10A9E662A0B0EEB951FFD2A82CC71D30939A78DAEBD26B3F58BB24351AC9 ] AODDriver C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys
15:49:35.0633 0x1448 AODDriver - ok
15:49:35.0649 0x1448 [ 27DABFB4A6B0140C34DBEC713469592B, A355170D353AFBF0DE4EF53282F8404788FBBD0E2A1B7282B1B2925923E83141 ] AppID C:\Windows\system32\drivers\appid.sys
15:49:35.0649 0x1448 AppID - ok
15:49:35.0665 0x1448 [ ABC373B9C6275D45F17DB559408FFD1B, 12B355393BEBE2D1D24D7A9DA5E69E03E334899407503BC1CADCF7BE39828223 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:49:35.0665 0x1448 AppIDSvc - ok
15:49:35.0680 0x1448 [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo C:\Windows\System32\appinfo.dll
15:49:35.0680 0x1448 Appinfo - ok
15:49:35.0696 0x1448 [ 3E7C6639E424FD28952C29D66B7E5277, B10AD3FA5CB36328C5DF33AF58F76770E2B54CFBCB70BD84934F925B8E19FA1F ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:49:35.0696 0x1448 Apple Mobile Device Service - ok
15:49:35.0711 0x1448 [ BA957E7ACD2B44FA3B01FAA64F6A9060, 24824B5B50A0F4BD1E41C2A68682E072387E6E4743538A1C72B261430F743597 ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys
15:49:35.0711 0x1448 AppleCharger - ok
15:49:35.0727 0x1448 [ 95EF7247C50C7241FDAE39A9B3AFF4AE, 6E08FB095C04B2E217B139D6431336C0F24C128A2A83082A3085DC8C44AA247D ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
15:49:35.0727 0x1448 AppleChargerSrv - ok
15:49:35.0743 0x1448 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
15:49:35.0743 0x1448 arc - ok
15:49:35.0758 0x1448 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:49:35.0758 0x1448 arcsas - ok
15:49:35.0774 0x1448 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:49:35.0789 0x1448 aspnet_state - ok
15:49:35.0789 0x1448 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:49:35.0821 0x1448 AsyncMac - ok
15:49:35.0821 0x1448 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
15:49:35.0836 0x1448 atapi - ok
15:49:35.0852 0x1448 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:49:35.0883 0x1448 AudioEndpointBuilder - ok
15:49:35.0899 0x1448 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:49:35.0914 0x1448 AudioSrv - ok
15:49:35.0930 0x1448 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:49:35.0945 0x1448 AxInstSV - ok
15:49:35.0961 0x1448 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
15:49:35.0977 0x1448 b06bdrv - ok
15:49:35.0992 0x1448 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:49:36.0008 0x1448 b57nd60a - ok
15:49:36.0008 0x1448 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
15:49:36.0023 0x1448 BDESVC - ok
15:49:36.0023 0x1448 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
15:49:36.0055 0x1448 Beep - ok
15:49:36.0070 0x1448 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
15:49:36.0101 0x1448 BFE - ok
15:49:36.0133 0x1448 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll
15:49:36.0179 0x1448 BITS - ok
15:49:36.0179 0x1448 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:49:36.0195 0x1448 blbdrive - ok
15:49:36.0195 0x1448 [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:49:36.0226 0x1448 Bonjour Service - ok
15:49:36.0226 0x1448 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:49:36.0242 0x1448 bowser - ok
15:49:36.0242 0x1448 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
15:49:36.0257 0x1448 BrFiltLo - ok
15:49:36.0257 0x1448 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
15:49:36.0273 0x1448 BrFiltUp - ok
15:49:36.0273 0x1448 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
15:49:36.0304 0x1448 BridgeMP - ok
15:49:36.0304 0x1448 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
15:49:36.0320 0x1448 Browser - ok
15:49:36.0335 0x1448 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:49:36.0351 0x1448 Brserid - ok
15:49:36.0351 0x1448 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:49:36.0367 0x1448 BrSerWdm - ok
15:49:36.0367 0x1448 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:49:36.0382 0x1448 BrUsbMdm - ok
15:49:36.0382 0x1448 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:49:36.0398 0x1448 BrUsbSer - ok
15:49:36.0398 0x1448 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:49:36.0413 0x1448 BTHMODEM - ok
15:49:36.0429 0x1448 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
15:49:36.0460 0x1448 bthserv - ok
15:49:36.0460 0x1448 catchme - ok
15:49:36.0460 0x1448 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:49:36.0491 0x1448 cdfs - ok
15:49:36.0507 0x1448 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:49:36.0507 0x1448 cdrom - ok
15:49:36.0523 0x1448 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
15:49:36.0554 0x1448 CertPropSvc - ok
15:49:36.0554 0x1448 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
15:49:36.0569 0x1448 circlass - ok
15:49:36.0569 0x1448 cleanhlp - ok
15:49:36.0585 0x1448 [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys
15:49:36.0601 0x1448 CLFS - ok
15:49:36.0601 0x1448 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:49:36.0616 0x1448 clr_optimization_v2.0.50727_32 - ok
15:49:36.0616 0x1448 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:49:36.0632 0x1448 clr_optimization_v2.0.50727_64 - ok
15:49:36.0647 0x1448 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:49:36.0663 0x1448 clr_optimization_v4.0.30319_32 - ok
15:49:36.0663 0x1448 [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:49:36.0679 0x1448 clr_optimization_v4.0.30319_64 - ok
15:49:36.0679 0x1448 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
15:49:36.0694 0x1448 CmBatt - ok
15:49:36.0835 0x1448 [ 848B4EBA6C41F33D8B26B909A612BEBD, 3AC44D6A2B864DA9A17D6AB5581257359E961C4AFC627080C3168C8B5D65A00D ] CmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
15:49:36.0975 0x1448 CmdAgent - ok
15:49:36.0991 0x1448 [ F33404455DBD79B7C85B8969C70537B5, B8975B0F748F02E3178C1148F9F0C5B71726ACBB88ED5C9351779F37001D377A ] cmderd C:\Windows\system32\DRIVERS\cmderd.sys
15:49:37.0006 0x1448 cmderd - ok
15:49:37.0022 0x1448 [ 347C6F4A0A2B51BB651DDDE0CA7E300B, 5722CEBEEF87A7BCFB20C9B5C24C8628130A5FF0BF6F6AB3A19CE60313EF4BBA ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys
15:49:37.0053 0x1448 cmdGuard - ok
15:49:37.0053 0x1448 [ 12944DDE0FBE29DAE48B2FFE740F3C36, 6B8381131AFFCE362D9D9583B35EFB76FD983EF97A939F4EBEF52E167B72F14F ] cmdHlp C:\Windows\system32\DRIVERS\cmdhlp.sys
15:49:37.0069 0x1448 cmdHlp - ok
15:49:37.0069 0x1448 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:49:37.0084 0x1448 cmdide - ok
15:49:37.0131 0x1448 [ 7906367DCA033F747F7F0426A9F7C97E, 855BCFF8F71C692AA9B15B0378C4C257104078F0D435F3649C84A1068B568FAB ] cmdvirth C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
15:49:37.0193 0x1448 cmdvirth - ok
15:49:37.0209 0x1448 [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys
15:49:37.0240 0x1448 CNG - ok
15:49:37.0240 0x1448 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
15:49:37.0240 0x1448 Compbatt - ok
15:49:37.0256 0x1448 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
15:49:37.0271 0x1448 CompositeBus - ok
15:49:37.0271 0x1448 COMSysApp - ok
15:49:37.0271 0x1448 [ 4C51835FCD734DA98262B3800A41BE7C, 48F2921DA0D6382D4AD57D7D5377DEB4FAC960AD9A08C2CF5619D7C3707D1A49 ] CORK70 C:\Windows\system32\drivers\CORK70.sys
15:49:37.0287 0x1448 CORK70 - ok
15:49:37.0287 0x1448 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:49:37.0303 0x1448 crcdisk - ok
15:49:37.0303 0x1448 [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:49:37.0318 0x1448 CryptSvc - ok
15:49:37.0318 0x1448 [ 914A7156B0C0F10BE645A02E13F576B2, C8686CE4DD9C457D56D5535307FD210AE057BFF94AC59665681DA6CF46DBE2E8 ] DAUpdaterSvc C:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
15:49:37.0334 0x1448 DAUpdaterSvc - ok
15:49:37.0349 0x1448 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:49:37.0381 0x1448 DcomLaunch - ok
15:49:37.0396 0x1448 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
15:49:37.0427 0x1448 defragsvc - ok
15:49:37.0443 0x1448 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:49:37.0474 0x1448 DfsC - ok
15:49:37.0474 0x1448 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
15:49:37.0505 0x1448 Dhcp - ok
15:49:37.0521 0x1448 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
15:49:37.0552 0x1448 discache - ok
15:49:37.0552 0x1448 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
15:49:37.0568 0x1448 Disk - ok
15:49:37.0568 0x1448 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:49:37.0583 0x1448 Dnscache - ok
15:49:37.0583 0x1448 [ FA122BC1451B1B35B7814FBE1ACF1924, 4E27B5E6201EC8B02EC578E4D16E8D34AC178081781E70FEA94D9D0A9B4C24D0 ] Dokan C:\Windows\system32\drivers\dokan.sys
15:49:37.0599 0x1448 Dokan - ok
15:49:37.0599 0x1448 [ 8C856E531A1170F53AC6844E89CD0B5F, 64202D7CEF356A1BADE59A8D1F005483B69655D13BCA008110D667855DC6EE89 ] DokanMounter C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
15:49:37.0615 0x1448 DokanMounter - detected UnsignedFile.Multi.Generic ( 1 )
15:49:40.0017 0x1448 Detect skipped due to KSN trusted
15:49:40.0017 0x1448 DokanMounter - ok
15:49:40.0033 0x1448 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
15:49:40.0064 0x1448 dot3svc - ok
15:49:40.0079 0x1448 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
15:49:40.0111 0x1448 DPS - ok
15:49:40.0111 0x1448 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:49:40.0126 0x1448 drmkaud - ok
15:49:40.0126 0x1448 [ 81E4FCAD06C3C770A88F344665CD1000, 736AF1C4A10FAA093FE23124E80ABCCC3169CAB770D17DA9D1011F77FB4BDB3C ] DUKEMS C:\Windows\system32\drivers\DUKEMS.sys
15:49:40.0142 0x1448 DUKEMS - ok
15:49:40.0157 0x1448 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:49:40.0189 0x1448 DXGKrnl - ok
15:49:40.0204 0x1448 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
15:49:40.0220 0x1448 EapHost - ok
15:49:40.0298 0x1448 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
15:49:40.0391 0x1448 ebdrv - ok
15:49:40.0391 0x1448 [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] EFS C:\Windows\System32\lsass.exe
15:49:40.0407 0x1448 EFS - ok
15:49:40.0423 0x1448 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:49:40.0454 0x1448 ehRecvr - ok
15:49:40.0454 0x1448 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
15:49:40.0469 0x1448 ehSched - ok
15:49:40.0485 0x1448 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:49:40.0501 0x1448 elxstor - ok
15:49:40.0516 0x1448 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:49:40.0516 0x1448 ErrDev - ok
15:49:40.0532 0x1448 [ B8FA96995726D1FA58476E352C02AD82, 6BBD49B16A19CC3C3337707EFBEB6BC355CB077CBBBC99D8985A3FBB6E871A89 ] ES lite Service C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
15:49:40.0532 0x1448 ES lite Service - ok
15:49:40.0547 0x1448 [ 84486624268E078255BC7AA47F0960BC, EC2540698B974572F0AC4A93D57C63295BAF66BF50F7416B9DFF5DE790EBDBE7 ] etdrv C:\Windows\etdrv.sys
15:49:40.0547 0x1448 etdrv - ok
15:49:40.0547 0x1448 [ DB6AEC32FAF5BD002D9ED6C38692D42B, 8BB85AE88E783B678B05D5937B7EE261BB6ECC9BF82CCB0D9A4009A1535F62B3 ] EtronHub3 C:\Windows\system32\Drivers\EtronHub3.sys
15:49:40.0563 0x1448 EtronHub3 - ok
15:49:40.0563 0x1448 [ 9CC2F24274741E12F9DF92125EA6D6D8, AC51B2A81A4D285E2E17880597B491EBBFEC533A5009B810E4AD0D9FC589EB22 ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys
15:49:40.0579 0x1448 EtronXHCI - ok
15:49:40.0594 0x1448 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
15:49:40.0625 0x1448 EventSystem - ok
15:49:40.0641 0x1448 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
15:49:40.0672 0x1448 exfat - ok
15:49:40.0672 0x1448 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:49:40.0719 0x1448 fastfat - ok
15:49:40.0735 0x1448 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
15:49:40.0750 0x1448 Fax - ok
15:49:40.0766 0x1448 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
15:49:40.0766 0x1448 fdc - ok
15:49:40.0781 0x1448 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
15:49:40.0797 0x1448 fdPHost - ok
15:49:40.0813 0x1448 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
15:49:40.0844 0x1448 FDResPub - ok
15:49:40.0844 0x1448 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:49:40.0859 0x1448 FileInfo - ok
15:49:40.0859 0x1448 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:49:40.0891 0x1448 Filetrace - ok
15:49:40.0891 0x1448 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
15:49:40.0906 0x1448 flpydisk - ok
15:49:40.0906 0x1448 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:49:40.0922 0x1448 FltMgr - ok
15:49:40.0953 0x1448 [ D5A775990A7C202A037378FDBCDB6141, 27AD242914FAFB7A27B3045C0F0F6AFE6873FE331A51D8BB29A63B5D84C72EFB ] FontCache C:\Windows\system32\FntCache.dll
15:49:41.0000 0x1448 FontCache - ok
15:49:41.0000 0x1448 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:49:41.0015 0x1448 FontCache3.0.0.0 - ok
15:49:41.0015 0x1448 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:49:41.0015 0x1448 FsDepends - ok
15:49:41.0031 0x1448 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:49:41.0031 0x1448 Fs_Rec - ok
15:49:41.0047 0x1448 [ 18AEB680709A01F0FAA74165EE995F39, FBBEDD9A5BA1F620C6F71647550372C0C5A21C342272BB284CF797CC572487E7 ] Futuremark SystemInfo Service C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe
15:49:41.0062 0x1448 Futuremark SystemInfo Service - ok
15:49:41.0062 0x1448 [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:49:41.0078 0x1448 fvevol - ok
15:49:41.0093 0x1448 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:49:41.0093 0x1448 gagp30kx - ok
15:49:41.0109 0x1448 [ 7907E14F9BCF3A4689C9A74A1A873CB6, 17927B93B2D6AB4271C158F039CAE2D60591D6A14458F5A5690AEC86F5D54229 ] gdrv C:\Windows\gdrv.sys
15:49:41.0109 0x1448 gdrv - ok
15:49:41.0109 0x1448 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:49:41.0125 0x1448 GEARAspiWDM - ok
15:49:41.0140 0x1448 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
15:49:41.0187 0x1448 gpsvc - ok
15:49:41.0203 0x1448 [ 8126331FBD4ED29EB3B356F9C905064D, A58BCE904591DD762410E99960FD956FB579C2CE78FA7BF1406075D29537EF82 ] GVTDrv64 C:\Windows\GVTDrv64.sys
15:49:41.0203 0x1448 GVTDrv64 - ok
15:49:41.0203 0x1448 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:49:41.0218 0x1448 hcw85cir - ok
15:49:41.0234 0x1448 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:49:41.0249 0x1448 HdAudAddService - ok
15:49:41.0249 0x1448 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:49:41.0265 0x1448 HDAudBus - ok
15:49:41.0281 0x1448 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
15:49:41.0281 0x1448 HidBatt - ok
15:49:41.0296 0x1448 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:49:41.0312 0x1448 HidBth - ok
15:49:41.0312 0x1448 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
15:49:41.0327 0x1448 HidIr - ok
15:49:41.0327 0x1448 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
15:49:41.0359 0x1448 hidserv - ok
15:49:41.0359 0x1448 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:49:41.0374 0x1448 HidUsb - ok
15:49:41.0374 0x1448 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:49:41.0405 0x1448 hkmsvc - ok
15:49:41.0421 0x1448 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:49:41.0437 0x1448 HomeGroupListener - ok
15:49:41.0437 0x1448 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:49:41.0452 0x1448 HomeGroupProvider - ok
15:49:41.0468 0x1448 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:49:41.0468 0x1448 HpSAMD - ok
15:49:41.0468 0x1448 [ F47CEC45FB85791D4AB237563AD0FA8F, 1035066D48BD179855BCA7F62EFA1B951E6E839D2E29E15A31844E18A126DD41 ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys
15:49:41.0483 0x1448 HTCAND64 - ok
15:49:41.0499 0x1448 [ 5C8BC8A28798FD010E7ABC4E0D588CAA, 622CAFD3DCBB05E15539589FDD4002DA6F24790FC55BDF05AA3D043E8A34E53E ] HTCMonitorService C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
15:49:41.0499 0x1448 HTCMonitorService - ok
15:49:41.0515 0x1448 [ B8B1B284362E1D8135112573395D5DA5, 97BC6A7B2DCD7CC854B912A85BB2FCF199592E8E16A7C405EAF89B02D5DE4AEE ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
15:49:41.0515 0x1448 htcnprot - ok
15:49:41.0546 0x1448 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:49:41.0561 0x1448 HTTP - ok
15:49:41.0561 0x1448 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:49:41.0577 0x1448 hwpolicy - ok
15:49:41.0577 0x1448 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:49:41.0593 0x1448 i8042prt - ok
15:49:41.0608 0x1448 [ 3DF4395A7CF8B7A72A5F4606366B8C2D, 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:49:41.0624 0x1448 iaStorV - ok
15:49:41.0639 0x1448 [ 33D4D4A24791587E83F7EE05A446FB7E, 081E48AF76D7D3A71850A4C910EFBB0B280235E2A5303178B0338230F4BA2DE2 ] ICCS C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
15:49:41.0639 0x1448 ICCS - detected UnsignedFile.Multi.Generic ( 1 )
15:49:44.0026 0x1448 Detect skipped due to KSN trusted
15:49:44.0026 0x1448 ICCS - ok
15:49:44.0026 0x1448 [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:49:44.0042 0x1448 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
15:49:46.0429 0x1448 Detect skipped due to KSN trusted
15:49:46.0429 0x1448 IDriverT - ok
15:49:46.0460 0x1448 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:49:46.0475 0x1448 idsvc - ok
15:49:46.0491 0x1448 IEEtwCollectorService - ok
15:49:46.0491 0x1448 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:49:46.0491 0x1448 iirsp - ok
15:49:46.0522 0x1448 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
15:49:46.0553 0x1448 IKEEXT - ok
15:49:46.0553 0x1448 [ 0FFA95F1171F64F2A51F69A75B1EFF4A, 1F0001D519756DE74477D9398F300187665EBDF1AD902F68A967C2F95C4F85DF ] inspect C:\Windows\system32\DRIVERS\inspect.sys
15:49:46.0569 0x1448 inspect - ok
15:49:46.0663 0x1448 [ 7A3585C4000C8340AE6B7FA08F9EF50F, B93F23464E7D929B90D80650698372128546CFEDA72216823CBE51A08D3368E0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:49:46.0741 0x1448 IntcAzAudAddService - ok
15:49:46.0756 0x1448 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
15:49:46.0772 0x1448 intelide - ok
15:49:46.0772 0x1448 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\drivers\intelppm.sys
15:49:46.0787 0x1448 intelppm - ok
15:49:46.0787 0x1448 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:49:46.0819 0x1448 IPBusEnum - ok
15:49:46.0819 0x1448 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:49:46.0850 0x1448 IpFilterDriver - ok
15:49:46.0865 0x1448 [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:49:46.0912 0x1448 iphlpsvc - ok
15:49:46.0912 0x1448 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:49:46.0928 0x1448 IPMIDRV - ok
15:49:46.0928 0x1448 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:49:46.0959 0x1448 IPNAT - ok
15:49:46.0975 0x1448 [ 57A85230DA22ABCFD9AF2E5A3D946F41, 9E9217FF5AB64D06D79632B9F9CEDABA10F744C40896D7622D0FD397FD0E99BF ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:49:47.0006 0x1448 iPod Service - ok
15:49:47.0006 0x1448 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:49:47.0021 0x1448 IRENUM - ok
15:49:47.0021 0x1448 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:49:47.0037 0x1448 isapnp - ok
15:49:47.0037 0x1448 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:49:47.0053 0x1448 iScsiPrt - ok
15:49:47.0084 0x1448 [ 0D2DA1C6D8ED85F51E3758EAE22455F2, 73DC4CA53C84287B55410582C26F93AC9064C176B134809E8C2D9C86737E8343 ] JMB36X C:\Windows\SysWOW64\XSrvSetup.exe
15:49:47.0099 0x1448 JMB36X - ok
15:49:47.0099 0x1448 [ C0D9BA660A41EE8A269EF804E6CD0D7B, B69B732FA7178F9FA97E16A1F99EED27ABDEDB37FB610F1D7A823BB24D08340B ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
15:49:47.0115 0x1448 JRAID - ok
15:49:47.0115 0x1448 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:49:47.0131 0x1448 kbdclass - ok
15:49:47.0131 0x1448 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:49:47.0146 0x1448 kbdhid - ok
15:49:47.0146 0x1448 [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] KeyIso C:\Windows\system32\lsass.exe
15:49:47.0162 0x1448 KeyIso - ok
15:49:47.0162 0x1448 [ 3A8C03156C3E31E70EF84E48CA179B46, E25E43D53BB6EE1B5F34C95B4FAD111B37A36367B8D047B10FC614DEE13658E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:49:47.0177 0x1448 KSecDD - ok
15:49:47.0177 0x1448 [ C6330F7C2E92A00E6773E82F79078AFC, D8B851BF4FCE85F2A269F0B46BC7EC5A118FCFDACE8460E7B54C1A7CE306774A ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:49:47.0193 0x1448 KSecPkg - ok
15:49:47.0193 0x1448 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:49:47.0224 0x1448 ksthunk - ok
15:49:47.0240 0x1448 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
15:49:47.0271 0x1448 KtmRm - ok
15:49:47.0287 0x1448 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll
15:49:47.0318 0x1448 LanmanServer - ok
15:49:47.0318 0x1448 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:49:47.0349 0x1448 LanmanWorkstation - ok
15:49:47.0349 0x1448 [ FA529FB35694C24BF98A9EF67C1CD9D0, 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
15:49:47.0365 0x1448 LGBusEnum - ok
15:49:47.0365 0x1448 [ 94B29CE153765E768F004FB3440BE2B0, E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
15:49:47.0380 0x1448 LGVirHid - ok
15:49:47.0380 0x1448 [ 241F2648ADF090E2A10095BD6D6F5DCB, D31F50F7A70A62E3CA45071F75C56FFA21464BFAF4CA4A3AD2482D7477D78D4E ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
15:49:47.0396 0x1448 LHidFilt - ok
15:49:47.0396 0x1448 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:49:47.0427 0x1448 lltdio - ok
15:49:47.0427 0x1448 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:49:47.0474 0x1448 lltdsvc - ok
15:49:47.0474 0x1448 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:49:47.0505 0x1448 lmhosts - ok
15:49:47.0505 0x1448 [ 342ED5A4B3326014438F36D22D803737, 45488402BD919D84729A19E618B3595D615EB1F73FB9BC77675A21E7DB80AB6C ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
15:49:47.0521 0x1448 LMouFilt - ok
15:49:47.0521 0x1448 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:49:47.0536 0x1448 LSI_FC - ok
15:49:47.0536 0x1448 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:49:47.0552 0x1448 LSI_SAS - ok
15:49:47.0552 0x1448 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
15:49:47.0567 0x1448 LSI_SAS2 - ok
15:49:47.0567 0x1448 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:49:47.0583 0x1448 LSI_SCSI - ok
15:49:47.0583 0x1448 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
15:49:47.0614 0x1448 luafv - ok
15:49:47.0630 0x1448 [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
15:49:47.0630 0x1448 MBAMProtector - ok
15:49:47.0677 0x1448 [ AB176B9E59C0435499D83047D84EDD59, 85B826A3972CE9AD885313B69B9C60328B850257667D0EB65DDE890D0BB06361 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
15:49:47.0708 0x1448 MBAMScheduler - ok
15:49:47.0739 0x1448 [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
15:49:47.0770 0x1448 MBAMService - ok
15:49:47.0786 0x1448 [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
15:49:47.0801 0x1448 MBAMSwissArmy - ok
15:49:47.0801 0x1448 [ D61070CFAD43038DC56AEAD9BFE9CE2A, BD77AEF60E7FD2015CB14A464799304359547146C14A47F8D25274ACFA2E42D5 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
15:49:47.0817 0x1448 MBAMWebAccessControl - ok
15:49:47.0817 0x1448 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:49:47.0833 0x1448 Mcx2Svc - ok
15:49:47.0833 0x1448 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
15:49:47.0848 0x1448 megasas - ok
15:49:47.0848 0x1448 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
15:49:47.0864 0x1448 MegaSR - ok
15:49:47.0879 0x1448 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
15:49:47.0895 0x1448 MMCSS - ok
15:49:47.0911 0x1448 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
15:49:47.0942 0x1448 Modem - ok
15:49:47.0942 0x1448 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:49:47.0957 0x1448 monitor - ok
15:49:47.0957 0x1448 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:49:47.0973 0x1448 mouclass - ok
15:49:47.0973 0x1448 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:49:47.0973 0x1448 mouhid - ok
15:49:47.0989 0x1448 [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:49:47.0989 0x1448 mountmgr - ok
15:49:48.0004 0x1448 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
15:49:48.0020 0x1448 mpio - ok
15:49:48.0020 0x1448 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:49:48.0051 0x1448 mpsdrv - ok
15:49:48.0067 0x1448 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:49:48.0113 0x1448 MpsSvc - ok
15:49:48.0129 0x1448 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:49:48.0145 0x1448 MRxDAV - ok
15:49:48.0145 0x1448 [ ACB6782973BD93760D597FC7BB37E692, 9B6EC2858D236DCE61FD5E0247F4D947A5DC484C9C0AABFDAF8270ABA392E787 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:49:48.0160 0x1448 mrxsmb - ok
15:49:48.0176 0x1448 [ 262BF7BB7D0E44CFAA9B12A1E0A6EDF1, CCC3A4CE929C7C8B07C1038BBE8425590CE14F5C37E1D5608978A3AD2F41519C ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:49:48.0191 0x1448 mrxsmb10 - ok
15:49:48.0191 0x1448 [ 8C0376974AA28398FF501E78C04ACB30, 81CE67BE933F67F760A72BF9B581F33BC151D98970765FE4425450A2EF450409 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:49:48.0207 0x1448 mrxsmb20 - ok
15:49:48.0207 0x1448 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
15:49:48.0223 0x1448 msahci - ok
15:49:48.0223 0x1448 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:49:48.0238 0x1448 msdsm - ok
15:49:48.0238 0x1448 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
15:49:48.0254 0x1448 MSDTC - ok
15:49:48.0269 0x1448 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:49:48.0285 0x1448 Msfs - ok
15:49:48.0301 0x1448 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:49:48.0316 0x1448 mshidkmdf - ok
15:49:48.0332 0x1448 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:49:48.0332 0x1448 msisadrv - ok
15:49:48.0347 0x1448 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:49:48.0379 0x1448 MSiSCSI - ok
15:49:48.0379 0x1448 msiserver - ok
15:49:48.0379 0x1448 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:49:48.0410 0x1448 MSKSSRV - ok
15:49:48.0410 0x1448 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:49:48.0441 0x1448 MSPCLOCK - ok
15:49:48.0441 0x1448 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:49:48.0472 0x1448 MSPQM - ok
15:49:48.0488 0x1448 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:49:48.0503 0x1448 MsRPC - ok
15:49:48.0503 0x1448 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:49:48.0519 0x1448 mssmbios - ok
15:49:48.0519 0x1448 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:49:48.0550 0x1448 MSTEE - ok
15:49:48.0550 0x1448 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
15:49:48.0550 0x1448 MTConfig - ok
15:49:48.0566 0x1448 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
15:49:48.0566 0x1448 Mup - ok
15:49:48.0581 0x1448 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
15:49:48.0628 0x1448 napagent - ok
15:49:48.0644 0x1448 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:49:48.0659 0x1448 NativeWifiP - ok
15:49:48.0691 0x1448 [ 79B47FD40D9A817E932F9D26FAC0A81C, 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D ] NDIS C:\Windows\system32\drivers\ndis.sys
15:49:48.0706 0x1448 NDIS - ok
15:49:48.0722 0x1448 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:49:48.0737 0x1448 NdisCap - ok
15:49:48.0753 0x1448 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:49:48.0769 0x1448 NdisTapi - ok
15:49:48.0784 0x1448 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:49:48.0815 0x1448 Ndisuio - ok
15:49:48.0815 0x1448 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:49:48.0847 0x1448 NdisWan - ok
15:49:48.0847 0x1448 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:49:48.0878 0x1448 NDProxy - ok
15:49:48.0878 0x1448 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:49:48.0909 0x1448 NetBIOS - ok
15:49:48.0925 0x1448 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:49:48.0956 0x1448 NetBT - ok
15:49:48.0956 0x1448 [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] Netlogon C:\Windows\system32\lsass.exe
15:49:48.0971 0x1448 Netlogon - ok
15:49:48.0987 0x1448 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
15:49:49.0018 0x1448 Netman - ok
15:49:49.0034 0x1448 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:49:49.0049 0x1448 NetMsmqActivator - ok
15:49:49.0049 0x1448 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:49:49.0065 0x1448 NetPipeActivator - ok
15:49:49.0081 0x1448 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
15:49:49.0112 0x1448 netprofm - ok
15:49:49.0127 0x1448 [ D9A089E17112F04F452D22254B959D87, DE6DD970B224A8A59402793C65E6839F88B0206D13CBB20B4E43AF4743DA64C4 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
15:49:49.0159 0x1448 netr28x - ok
15:49:49.0174 0x1448 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:49:49.0174 0x1448 NetTcpActivator - ok
15:49:49.0190 0x1448 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:49:49.0205 0x1448 NetTcpPortSharing - ok
15:49:49.0205 0x1448 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:49:49.0221 0x1448 nfrd960 - ok
15:49:49.0221 0x1448 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
15:49:49.0237 0x1448 NlaSvc - ok
15:49:49.0237 0x1448 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:49:49.0268 0x1448 Npfs - ok
15:49:49.0283 0x1448 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
15:49:49.0299 0x1448 nsi - ok
15:49:49.0315 0x1448 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:49:49.0346 0x1448 nsiproxy - ok
15:49:49.0377 0x1448 [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:49:49.0424 0x1448 Ntfs - ok
15:49:49.0439 0x1448 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
15:49:49.0455 0x1448 Null - ok
15:49:49.0471 0x1448 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48, 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:49:49.0486 0x1448 nvraid - ok
15:49:49.0486 0x1448 [ F7CD50FE7139F07E77DA8AC8033D1832, DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:49:49.0502 0x1448 nvstor - ok
15:49:49.0502 0x1448 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:49:49.0517 0x1448 nv_agp - ok
15:49:49.0517 0x1448 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:49:49.0533 0x1448 ohci1394 - ok
15:49:49.0549 0x1448 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:49:49.0564 0x1448 p2pimsvc - ok
15:49:49.0580 0x1448 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
15:49:49.0595 0x1448 p2psvc - ok
15:49:49.0595 0x1448 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
15:49:49.0611 0x1448 Parport - ok
15:49:49.0611 0x1448 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:49:49.0627 0x1448 partmgr - ok
15:49:49.0642 0x1448 [ 3CAE2BBC86FCF7F94C9696994AF30386, 4DA063A60523567272CFB35DF5D7CA142B100EF9123B1F23A6F11AB89DB83486 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
15:49:49.0642 0x1448 PassThru Service - detected UnsignedFile.Multi.Generic ( 1 )
15:49:52.0045 0x1448 Detect skipped due to KSN trusted
15:49:52.0045 0x1448 PassThru Service - ok
15:49:52.0060 0x1448 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:49:52.0060 0x1448 PcaSvc - ok
15:49:52.0076 0x1448 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
15:49:52.0091 0x1448 pci - ok
15:49:52.0091 0x1448 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
15:49:52.0107 0x1448 pciide - ok
15:49:52.0107 0x1448 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:49:52.0123 0x1448 pcmcia - ok
15:49:52.0123 0x1448 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
15:49:52.0138 0x1448 pcw - ok
15:49:52.0154 0x1448 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:49:52.0185 0x1448 PEAUTH - ok
15:49:52.0185 0x1448 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:49:52.0201 0x1448 PerfHost - ok
15:49:52.0232 0x1448 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
15:49:52.0294 0x1448 pla - ok
15:49:52.0310 0x1448 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:49:52.0325 0x1448 PlugPlay - ok
15:49:52.0341 0x1448 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:49:52.0341 0x1448 PNRPAutoReg - ok
15:49:52.0357 0x1448 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:49:52.0372 0x1448 PNRPsvc - ok
15:49:52.0388 0x1448 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:49:52.0435 0x1448 PolicyAgent - ok
15:49:52.0435 0x1448 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
15:49:52.0466 0x1448 Power - ok
15:49:52.0481 0x1448 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:49:52.0513 0x1448 PptpMiniport - ok
15:49:52.0513 0x1448 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
15:49:52.0528 0x1448 Processor - ok
15:49:52.0528 0x1448 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
15:49:52.0544 0x1448 ProfSvc - ok
15:49:52.0559 0x1448 [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:49:52.0559 0x1448 ProtectedStorage - ok
15:49:52.0575 0x1448 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:49:52.0606 0x1448 Psched - ok
15:49:52.0637 0x1448 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:49:52.0684 0x1448 ql2300 - ok
15:49:52.0684 0x1448 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:49:52.0700 0x1448 ql40xx - ok
15:49:52.0715 0x1448 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
15:49:52.0731 0x1448 QWAVE - ok
15:49:52.0731 0x1448 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:49:52.0747 0x1448 QWAVEdrv - ok
15:49:52.0762 0x1448 [ 720FEA3AAA15FE7E0BEAB10AC2E6D2B0, E1E6A79751B7CAA86F4C7F9DD2A835D5C30FBD433644F916B8E54CD8105D00D2 ] RalinkRegistryWriter C:\Program Files (x86)\Edimax\Common\RaRegistry.exe
15:49:52.0762 0x1448 RalinkRegistryWriter - ok
15:49:52.0778 0x1448 [ 178CEF55E09DC320FF6561D4EEB4F632, 0B11CE080341CAD324F6A46ABE30D71E3BD2C27EA9188A0C9574ED757706E8A7 ] RalinkRegistryWriter64 C:\Program Files (x86)\Edimax\Common\RaRegistry64.exe
15:49:52.0778 0x1448 RalinkRegistryWriter64 - ok
15:49:52.0793 0x1448 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:49:52.0809 0x1448 RasAcd - ok
15:49:52.0825 0x1448 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:49:52.0856 0x1448 RasAgileVpn - ok
15:49:52.0856 0x1448 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
15:49:52.0887 0x1448 RasAuto - ok
15:49:52.0887 0x1448 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:49:52.0918 0x1448 Rasl2tp - ok
15:49:52.0934 0x1448 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
15:49:52.0965 0x1448 RasMan - ok
15:49:52.0981 0x1448 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:49:53.0012 0x1448 RasPppoe - ok
15:49:53.0012 0x1448 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:49:53.0043 0x1448 RasSstp - ok
15:49:53.0043 0x1448 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:49:53.0090 0x1448 rdbss - ok
15:49:53.0090 0x1448 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
15:49:53.0105 0x1448 rdpbus - ok
15:49:53.0105 0x1448 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:49:53.0137 0x1448 RDPCDD - ok
15:49:53.0137 0x1448 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:49:53.0168 0x1448 RDPENCDD - ok
15:49:53.0168 0x1448 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:49:53.0199 0x1448 RDPREFMP - ok
15:49:53.0199 0x1448 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:49:53.0215 0x1448 RDPWD - ok
15:49:53.0230 0x1448 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:49:53.0246 0x1448 rdyboost - ok
15:49:53.0246 0x1448 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:49:53.0277 0x1448 RemoteAccess - ok
15:49:53.0277 0x1448 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:49:53.0308 0x1448 RemoteRegistry - ok
15:49:53.0324 0x1448 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:49:53.0355 0x1448 RpcEptMapper - ok
15:49:53.0355 0x1448 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
15:49:53.0371 0x1448 RpcLocator - ok
15:49:53.0386 0x1448 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
15:49:53.0417 0x1448 RpcSs - ok
15:49:53.0433 0x1448 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:49:53.0464 0x1448 rspndr - ok
15:49:53.0464 0x1448 [ C435AC77704EB16E85C9D630F4D4B4F7, DA508641AC9DFEDEE7E025B13CE0629C316742C4E95765FEDEF1A24112F45435 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
15:49:53.0480 0x1448 RTHDMIAzAudService - ok
15:49:53.0495 0x1448 [ 9140DB0911DE035FED0A9A77A2D156EA, 07C9D7E2978062ABD84B58B390360D4C0F72C6A5A2310444579DC095943BD008 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
15:49:53.0511 0x1448 RTL8167 - ok
15:49:53.0527 0x1448 [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] SamSs C:\Windows\system32\lsass.exe
15:49:53.0527 0x1448 SamSs - ok
15:49:53.0542 0x1448 [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
15:49:53.0542 0x1448 SASDIFSV - ok
15:49:53.0542 0x1448 [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
15:49:53.0558 0x1448 SASKUTIL - ok
15:49:53.0558 0x1448 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:49:53.0573 0x1448 sbp2port - ok
15:49:53.0589 0x1448 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:49:53.0620 0x1448 SCardSvr - ok
15:49:53.0620 0x1448 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:49:53.0651 0x1448 scfilter - ok
15:49:53.0667 0x1448 [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule C:\Windows\system32\schedsvc.dll
15:49:53.0714 0x1448 Schedule - ok
15:49:53.0714 0x1448 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
15:49:53.0745 0x1448 SCPolicySvc - ok
15:49:53.0745 0x1448 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:49:53.0761 0x1448 SDRSVC - ok
15:49:53.0776 0x1448 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:49:53.0776 0x1448 secdrv - ok
15:49:53.0792 0x1448 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
15:49:53.0807 0x1448 seclogon - ok
15:49:53.0823 0x1448 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
15:49:53.0854 0x1448 SENS - ok
15:49:53.0854 0x1448 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:49:53.0870 0x1448 SensrSvc - ok
15:49:53.0870 0x1448 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:49:53.0885 0x1448 Serenum - ok
15:49:53.0885 0x1448 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:49:53.0901 0x1448 Serial - ok
15:49:53.0901 0x1448 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:49:53.0917 0x1448 sermouse - ok
15:49:53.0917 0x1448 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
15:49:53.0948 0x1448 SessionEnv - ok
15:49:53.0963 0x1448 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:49:53.0963 0x1448 sffdisk - ok
15:49:53.0979 0x1448 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:49:53.0979 0x1448 sffp_mmc - ok
15:49:53.0995 0x1448 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:49:54.0010 0x1448 sffp_sd - ok
15:49:54.0010 0x1448 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:49:54.0010 0x1448 sfloppy - ok
15:49:54.0026 0x1448 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:49:54.0057 0x1448 SharedAccess - ok
15:49:54.0073 0x1448 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:49:54.0104 0x1448 ShellHWDetection - ok
15:49:54.0119 0x1448 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
15:49:54.0119 0x1448 SiSRaid2 - ok
15:49:54.0135 0x1448 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:49:54.0135 0x1448 SiSRaid4 - ok
15:49:54.0151 0x1448 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:49:54.0182 0x1448 Smb - ok
15:49:54.0182 0x1448 [ 9E8987EC160B9BFEBEE236D475CD4D43, 63830705A5EFFB4E75C86D088C2863601D85ADC3738648599C53BE91548216E5 ] SnakeEyes C:\Windows\system32\drivers\SnakeEyes.sys
15:49:54.0197 0x1448 SnakeEyes - ok
15:49:54.0197 0x1448 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:49:54.0213 0x1448 SNMPTRAP - ok
15:49:54.0213 0x1448 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
15:49:54.0229 0x1448 spldr - ok
15:49:54.0244 0x1448 [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler C:\Windows\System32\spoolsv.exe
15:49:54.0275 0x1448 Spooler - ok
15:49:54.0385 0x1448 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
15:49:54.0478 0x1448 sppsvc - ok
15:49:54.0494 0x1448 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:49:54.0525 0x1448 sppuinotify - ok
15:49:54.0541 0x1448 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:49:54.0556 0x1448 srv - ok
15:49:54.0572 0x1448 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:49:54.0587 0x1448 srv2 - ok
15:49:54.0603 0x1448 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:49:54.0603 0x1448 srvnet - ok
15:49:54.0619 0x1448 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:49:54.0650 0x1448 SSDPSRV - ok
15:49:54.0650 0x1448 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:49:54.0681 0x1448 SstpSvc - ok
15:49:54.0712 0x1448 [ D31201BD8782752BD69DBE1E5DDF9AC5, 98B72690B4E6CC1B694C655DD31CB1FB56B76B62A32CFB748AF78F4C072D9740 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
15:49:54.0743 0x1448 Steam Client Service - ok
15:49:54.0743 0x1448 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
15:49:54.0759 0x1448 stexstor - ok
15:49:54.0775 0x1448 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
15:49:54.0790 0x1448 stisvc - ok
15:49:54.0806 0x1448 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:49:54.0806 0x1448 swenum - ok
15:49:54.0821 0x1448 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
15:49:54.0868 0x1448 swprv - ok
15:49:54.0915 0x1448 [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain C:\Windows\system32\sysmain.dll
15:49:54.0977 0x1448 SysMain - ok
15:49:54.0977 0x1448 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:49:55.0009 0x1448 TabletInputService - ok
15:49:55.0009 0x1448 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
15:49:55.0040 0x1448 TapiSrv - ok
15:49:55.0055 0x1448 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
15:49:55.0087 0x1448 TBS - ok
15:49:55.0133 0x1448 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:49:55.0180 0x1448 Tcpip - ok
15:49:55.0227 0x1448 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:49:55.0289 0x1448 TCPIP6 - ok
15:49:55.0289 0x1448 [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:49:55.0321 0x1448 tcpipreg - ok
15:49:55.0336 0x1448 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:49:55.0352 0x1448 TDPIPE - ok
15:49:55.0352 0x1448 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:49:55.0367 0x1448 TDTCP - ok
15:49:55.0367 0x1448 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:49:55.0399 0x1448 tdx - ok
15:49:55.0399 0x1448 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:49:55.0414 0x1448 TermDD - ok
15:49:55.0430 0x1448 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
15:49:55.0461 0x1448 TermService - ok
15:49:55.0477 0x1448 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
15:49:55.0492 0x1448 Themes - ok
15:49:55.0492 0x1448 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
15:49:55.0523 0x1448 THREADORDER - ok
15:49:55.0539 0x1448 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
15:49:55.0570 0x1448 TrkWks - ok
15:49:55.0570 0x1448 [ FD44FA80DA03EA144153A76DEBBB61B4, 0C46717F489A415A583470DAE8CF58E47BC307B9CB0F9DB6C4EDF33B7525475C ] TrueSight C:\Windows\System32\drivers\TrueSight.sys
15:49:55.0586 0x1448 TrueSight - ok
15:49:55.0601 0x1448 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:49:55.0633 0x1448 TrustedInstaller - ok
15:49:55.0633 0x1448 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:49:55.0648 0x1448 tssecsrv - ok
15:49:55.0648 0x1448 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:49:55.0664 0x1448 TsUsbFlt - ok
15:49:55.0664 0x1448 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
15:49:55.0679 0x1448 TsUsbGD - ok
15:49:55.0679 0x1448 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:49:55.0726 0x1448 tunnel - ok
15:49:55.0726 0x1448 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:49:55.0742 0x1448 uagp35 - ok
15:49:55.0742 0x1448 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:49:55.0789 0x1448 udfs - ok
15:49:55.0789 0x1448 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:49:55.0804 0x1448 UI0Detect - ok
15:49:55.0820 0x1448 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:49:55.0820 0x1448 uliagpkx - ok
15:49:55.0820 0x1448 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:49:55.0835 0x1448 umbus - ok
15:49:55.0851 0x1448 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
15:49:55.0851 0x1448 UmPass - ok
15:49:55.0867 0x1448 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
15:49:55.0913 0x1448 upnphost - ok
15:49:55.0913 0x1448 [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
15:49:55.0913 0x1448 USBAAPL64 - detected UnsignedFile.Multi.Generic ( 1 )
15:49:58.0316 0x1448 Detect skipped due to KSN trusted
15:49:58.0316 0x1448 USBAAPL64 - ok
15:49:58.0316 0x1448 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
15:49:58.0331 0x1448 usbaudio - ok
15:49:58.0347 0x1448 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:49:58.0347 0x1448 usbccgp - ok
15:49:58.0363 0x1448 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:49:58.0378 0x1448 usbcir - ok
15:49:58.0378 0x1448 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:49:58.0394 0x1448 usbehci - ok
15:49:58.0394 0x1448 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:49:58.0425 0x1448 usbhub - ok
15:49:58.0425 0x1448 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
15:49:58.0441 0x1448 usbohci - ok
15:49:58.0441 0x1448 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:49:58.0456 0x1448 usbprint - ok
15:49:58.0472 0x1448 [ D76510CFA0FC09023077F22C2F979D86, 5662281C6D515423255D3C262EA368DBAFC250235E535FBFA3E59D3487695439 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:49:58.0487 0x1448 USBSTOR - ok
15:49:58.0487 0x1448 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:49:58.0503 0x1448 usbuhci - ok
15:49:58.0503 0x1448 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
15:49:58.0539 0x1448 UxSms - ok
15:49:58.0539 0x1448 [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] VaultSvc C:\Windows\system32\lsass.exe
15:49:58.0559 0x1448 VaultSvc - ok
15:49:58.0559 0x1448 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:49:58.0569 0x1448 vdrvroot - ok
15:49:58.0589 0x1448 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
15:49:58.0629 0x1448 vds - ok
15:49:58.0639 0x1448 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:49:58.0649 0x1448 vga - ok
15:49:58.0659 0x1448 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
15:49:58.0689 0x1448 VgaSave - ok
15:49:58.0689 0x1448 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:49:58.0709 0x1448 vhdmp - ok
15:49:58.0709 0x1448 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
15:49:58.0719 0x1448 viaide - ok
15:49:58.0729 0x1448 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:49:58.0739 0x1448 volmgr - ok
15:49:58.0749 0x1448 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:49:58.0769 0x1448 volmgrx - ok
15:49:58.0779 0x1448 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:49:58.0789 0x1448 volsnap - ok
15:49:58.0799 0x1448 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:49:58.0809 0x1448 vsmraid - ok
15:49:58.0859 0x1448 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
15:49:58.0921 0x1448 VSS - ok
15:49:58.0921 0x1448 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:49:58.0937 0x1448 vwifibus - ok
15:49:58.0952 0x1448 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:49:58.0968 0x1448 vwififlt - ok
15:49:58.0968 0x1448 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
15:49:58.0983 0x1448 vwifimp - ok
15:49:58.0999 0x1448 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
15:49:59.0030 0x1448 W32Time - ok
15:49:59.0046 0x1448 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:49:59.0046 0x1448 WacomPen - ok
15:49:59.0061 0x1448 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:49:59.0093 0x1448 WANARP - ok
15:49:59.0093 0x1448 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:49:59.0124 0x1448 Wanarpv6 - ok
15:49:59.0171 0x1448 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:49:59.0202 0x1448 WatAdminSvc - ok
15:49:59.0249 0x1448 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
15:49:59.0295 0x1448 wbengine - ok
15:49:59.0311 0x1448 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:49:59.0327 0x1448 WbioSrvc - ok
15:49:59.0342 0x1448 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:49:59.0373 0x1448 wcncsvc - ok
15:49:59.0373 0x1448 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:49:59.0389 0x1448 WcsPlugInService - ok
15:49:59.0389 0x1448 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
15:49:59.0405 0x1448 Wd - ok
15:49:59.0420 0x1448 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:49:59.0451 0x1448 Wdf01000 - ok
15:49:59.0467 0x1448 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:49:59.0483 0x1448 WdiServiceHost - ok
15:49:59.0483 0x1448 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:49:59.0514 0x1448 WdiSystemHost - ok
15:49:59.0514 0x1448 [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient C:\Windows\System32\webclnt.dll
15:49:59.0529 0x1448 WebClient - ok
15:49:59.0545 0x1448 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:49:59.0592 0x1448 Wecsvc - ok
15:49:59.0592 0x1448 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:49:59.0623 0x1448 wercplsupport - ok
15:49:59.0639 0x1448 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
15:49:59.0670 0x1448 WerSvc - ok
15:49:59.0670 0x1448 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:49:59.0701 0x1448 WfpLwf - ok
15:49:59.0701 0x1448 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:49:59.0717 0x1448 WIMMount - ok
15:49:59.0717 0x1448 WinDefend - ok
15:49:59.0732 0x1448 WinHttpAutoProxySvc - ok
15:49:59.0748 0x1448 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:49:59.0779 0x1448 Winmgmt - ok
15:49:59.0826 0x1448 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
15:49:59.0904 0x1448 WinRM - ok
15:49:59.0919 0x1448 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:49:59.0935 0x1448 WinUsb - ok
15:49:59.0966 0x1448 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:49:59.0997 0x1448 Wlansvc - ok
15:50:00.0060 0x1448 [ 98F138897EF4246381D197CB81846D62, A9FA88475AFBB8883297708608EC7C1AC29F229C3299A84D557172604813A18C ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:50:00.0107 0x1448 wlidsvc - ok
15:50:00.0122 0x1448 [ 680A7846370000D20D7E74917D5B7936, 55B77B358039672845D361CA4205F3482D1F30A4654B610FD785A1337EFDC316 ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys
15:50:00.0138 0x1448 WmBEnum - ok
15:50:00.0138 0x1448 [ 14C35BA8189C6F65D839163AA285E954, 8981AA488320C75E26E1ABDF884B721A4065F5D28F54782598B03F21B8CDC020 ] WmFilter C:\Windows\system32\drivers\WmFilter.sys
15:50:00.0153 0x1448 WmFilter - ok
15:50:00.0153 0x1448 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
15:50:00.0153 0x1448 WmiAcpi - ok
15:50:00.0169 0x1448 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:50:00.0185 0x1448 wmiApSrv - ok
15:50:00.0185 0x1448 WMPNetworkSvc - ok
15:50:00.0200 0x1448 [ 8488DD91A3EE54A8E29F02AD7BB8201E, D428ED991D9E4A8765C240B21884A262854278698D60862117AC5949713231F9 ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys
15:50:00.0200 0x1448 WmVirHid - ok
15:50:00.0216 0x1448 [ 14802B3A30AA849C97CB968CCC813BF3, 330AD828ABD040ECDBF58F7162978CD61BFC093CAD404FD2BCAC74E3F2EC542A ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys
15:50:00.0216 0x1448 WmXlCore - ok
15:50:00.0216 0x1448 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:50:00.0231 0x1448 WPCSvc - ok
15:50:00.0247 0x1448 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:50:00.0263 0x1448 WPDBusEnum - ok
15:50:00.0263 0x1448 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:50:00.0294 0x1448 ws2ifsl - ok
15:50:00.0294 0x1448 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll
15:50:00.0325 0x1448 wscsvc - ok
15:50:00.0325 0x1448 WSearch - ok
15:50:00.0403 0x1448 [ 291778E1A36716182AFBC1731B2DFEAB, C0B928CCCE8C496C90C42E0D294BAB51DC67C02B0D20CFB6A16B0AE1F51CC497 ] wuauserv C:\Windows\system32\wuaueng.dll
15:50:00.0481 0x1448 wuauserv - ok
15:50:00.0481 0x1448 [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:50:00.0512 0x1448 WudfPf - ok
15:50:00.0528 0x1448 [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:50:00.0559 0x1448 WUDFRd - ok
15:50:00.0575 0x1448 [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:50:00.0606 0x1448 wudfsvc - ok
15:50:00.0606 0x1448 [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc C:\Windows\System32\wwansvc.dll
15:50:00.0637 0x1448 WwanSvc - ok
15:50:00.0637 0x1448 ================ Scan global ===============================
15:50:00.0653 0x1448 [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
15:50:00.0653 0x1448 [ 4AD1C61152A0199E3D7F9A82C07AC629, A4A42C7757EB084EE368A6BC4EBAB0C47BE41B0B4119A6AECD1B8E3332A7C5D5 ] C:\Windows\system32\winsrv.dll
15:50:00.0668 0x1448 [ 4AD1C61152A0199E3D7F9A82C07AC629, A4A42C7757EB084EE368A6BC4EBAB0C47BE41B0B4119A6AECD1B8E3332A7C5D5 ] C:\Windows\system32\winsrv.dll
15:50:00.0684 0x1448 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
15:50:00.0684 0x1448 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
15:50:00.0699 0x1448 [ Global ] - ok
15:50:00.0699 0x1448 ================ Scan MBR ==================================
15:50:00.0699 0x1448 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:50:00.0777 0x1448 \Device\Harddisk0\DR0 - ok
15:50:00.0777 0x1448 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
15:50:00.0887 0x1448 \Device\Harddisk1\DR1 - ok
15:50:00.0887 0x1448 ================ Scan VBR ==================================
15:50:00.0902 0x1448 [ D6DBDA310CBB27542F338A2EF923286B ] \Device\Harddisk0\DR0\Partition1
15:50:00.0933 0x1448 \Device\Harddisk0\DR0\Partition1 - ok
15:50:00.0933 0x1448 [ E5FB75926EBD98286A45B254D7E1683D ] \Device\Harddisk1\DR1\Partition1
15:50:00.0933 0x1448 \Device\Harddisk1\DR1\Partition1 - ok
15:50:00.0933 0x1448 [ F3F20BA4C7C8E2FAE6A795D7EAF1D872 ] \Device\Harddisk1\DR1\Partition2
15:50:00.0933 0x1448 \Device\Harddisk1\DR1\Partition2 - ok
15:50:00.0933 0x1448 ================ Scan generic autorun ======================
15:50:01.0277 0x1448 [ 16438B000BF56F2CD7FDB5E6C3B38C7E, 32D6E69E6367D3ADB2189DA89103CB9910CE791EFB0879515DDD380A96D85BAE ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
15:50:01.0604 0x1448 RtHDVCpl - ok
15:50:01.0651 0x1448 [ F31CDC26F3624750C2AE2DEFF1E598DA, 06B606E849FB946A9E4CFC8E6799A6B18C4E3233A77ED62DEBCC375649F3D7A8 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
15:50:01.0698 0x1448 RtHDVBg_Dolby - ok
15:50:01.0729 0x1448 [ C2C935DB4D88C5CFF1F4C8DCF940743B, 2457C7EC9273BC59051EA0D2DF1013F71E4C1E2A8469C02653E4215EC062C43E ] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
15:50:01.0776 0x1448 COMODO Internet Security - ok
15:50:01.0776 0x1448 [ 6D44DE61A0BC7EE359D65992665C6432, 5A3C2D57A293B9BDD7CB1A4AA0ACF19374866F8A88EF132E350E5973CB4F7662 ] C:\Program Files\iTunes\iTunesHelper.exe
15:50:01.0791 0x1448 iTunesHelper - ok
15:50:01.0791 0x1448 [ 881EBEAB57FD063DBF73C9085A00A5A5, 5079808A2648C37DA73979A6DFCC1768D0CCF32AD1ED43EBD49C80552732FC08 ] C:\Windows\RaidTool\xInsIDE.exe
15:50:01.0807 0x1448 JMB36X IDE Setup - ok
15:50:01.0807 0x1448 [ 5AC3EE6985E71C5CA9AF2E4CAA3F7693, ED27AE0FEF951DDC51EFBAA77E4DCB180E65E8C2352535F830CEA3937F0127BE ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
15:50:01.0807 0x1448 APSDaemon - ok
15:50:01.0854 0x1448 [ 9E00E2C97447EA29E896B6A3F71443A2, 389768C385A85B58BCD5EBB1C3FCFA0FEAA5121A17D0E3907E95E4A70F706358 ] C:\Program Files (x86)\Corsair\M95 Mouse\M95Hid.exe
15:50:01.0901 0x1448 Corsair Duke - detected UnsignedFile.Multi.Generic ( 1 )
15:50:04.0303 0x1448 Detect skipped due to KSN trusted
15:50:04.0303 0x1448 Corsair Duke - ok
15:50:04.0319 0x1448 [ EE864CD35936E4AAD8120321907DA8F5, D4A37E70302DF0A76E20F1AC1CD427A831BA80A8E1729E0E5637DC48E7A85DF3 ] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
15:50:04.0334 0x1448 Dolby Home Theater v4 - ok
15:50:04.0381 0x1448 [ 6AAE25010EB22659B0A65E419370F817, 26B9C51CA59E90B05D2B6F0BF36E572C4D418B9361839E062DAFF344A1196A3A ] C:\Program Files (x86)\Corsair\M65 Mouse\M65Hid.exe
15:50:04.0428 0x1448 Corsair M65 Mouse - detected UnsignedFile.Multi.Generic ( 1 )
15:50:06.0830 0x1448 Detect skipped due to KSN trusted
15:50:06.0830 0x1448 Corsair M65 Mouse - ok
15:50:06.0893 0x1448 [ 618FE6488D7FA07504D45E4BED54A051, CD4987307245B79BBFEE85A91DF5372299EC8A49DE1BE53B27F58AC0F5587CDB ] C:\Program Files (x86)\Corsair\Corsair Gaming Headset Software\HeadsetControlPanel.exe
15:50:06.0971 0x1448 Corsair Gaming Headset Software - ok
15:50:06.0986 0x1448 [ FCEC6F664FA7E5FE323165FBC9314470, 4E5AB1E6C3D2881D95E74F2F28649A7DBC4919CA249829A0E4CD9804E401A025 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
15:50:07.0002 0x1448 SunJavaUpdateSched - ok
15:50:07.0189 0x1448 [ EE9CA8192A975011FB41231330AACF73, 61E19AAFC351149AD3C24853FFCB53684D41188650F7D22D4F9D228E68742D63 ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
15:50:07.0345 0x1448 SUPERAntiSpyware - ok
15:50:07.0423 0x1448 [ D5218EE66173405B26B716EBA68133F6, 265820925538A075E753701DC36F89702B3E4C0BE73B8166138495092F339E43 ] C:\Program Files (x86)\Steam\Steam.exe
15:50:07.0501 0x1448 Steam - ok
15:50:07.0532 0x1448 [ F51BB12D8977D26C1A4CDA348770D9F1, DDA35CD8F8A6591B83821B5180D457740E0B820CCE000BC7FB1B78FB4AEAD3BA ] C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe
15:50:07.0548 0x1448 SpybotPostWindows10UpgradeReInstall - detected UnsignedFile.Multi.Generic ( 1 )
15:50:09.0950 0x1448 Detect skipped due to KSN trusted
15:50:09.0950 0x1448 SpybotPostWindows10UpgradeReInstall - ok
15:50:10.0044 0x1448 [ C9B84FCB98AE5DE951C1AA468AA9C96C, C2E860EDD7A6EF8B5F4F74B42032B4C389CE70BCFD8F1C8BD0547A1B3D5F34A7 ] C:\Users\Ollie\AppData\Local\MyComGames\MyComGames.exe
15:50:10.0153 0x1448 MyComGames - ok
15:50:10.0153 0x1448 Waiting for KSN requests completion. In queue: 5
15:50:11.0167 0x1448 Waiting for KSN requests completion. In queue: 5
15:50:12.0181 0x1448 Waiting for KSN requests completion. In queue: 5
15:50:12.0540 0x0ce0 Object required for P2P: [ D5218EE66173405B26B716EBA68133F6 ] C:\Program Files (x86)\Steam\Steam.exe
15:50:13.0195 0x1448 Waiting for KSN requests completion. In queue: 2
15:50:14.0209 0x1448 Waiting for KSN requests completion. In queue: 2
15:50:15.0036 0x0ce0 Object send P2P result: true
15:50:15.0239 0x1448 AV detected via SS2: COMODO Antivirus, C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe ( 8.2.0.4674 ), 0x61000 ( enabled : updated )
15:50:15.0239 0x1448 FW detected via SS2: COMODO Firewall, C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe ( 8.2.0.4674 ), 0x61010 ( enabled )
15:50:17.0641 0x1448 ============================================================
15:50:17.0641 0x1448 Scan finished
15:50:17.0641 0x1448 ============================================================
15:50:17.0641 0x0f84 Detected object count: 0
15:50:17.0641 0x0f84 Actual detected object count: 0

The logs are to big to fit in one post so will continue to next post...

rudebadger
2015-10-22, 17:58
Here is the second TDSSkiller log:

15:49:17.0005 0x0fb0 TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
15:49:19.0527 0x0fb0 ============================================================
15:49:19.0527 0x0fb0 Current date / time: 2015/10/22 15:49:19.0527
15:49:19.0527 0x0fb0 SystemInfo:
15:49:19.0527 0x0fb0
15:49:19.0527 0x0fb0 OS Version: 6.1.7601 ServicePack: 1.0
15:49:19.0527 0x0fb0 Product type: Workstation
15:49:19.0527 0x0fb0 ComputerName: GAMING-PC
15:49:19.0527 0x0fb0 UserName: Ollie
15:49:19.0527 0x0fb0 Windows directory: C:\Windows
15:49:19.0527 0x0fb0 System windows directory: C:\Windows
15:49:19.0527 0x0fb0 Running under WOW64
15:49:19.0528 0x0fb0 Processor architecture: Intel x64
15:49:19.0528 0x0fb0 Number of processors: 8
15:49:19.0528 0x0fb0 Page size: 0x1000
15:49:19.0528 0x0fb0 Boot type: Normal boot
15:49:19.0528 0x0fb0 ============================================================
15:49:19.0596 0x0fb0 KLMD registered as C:\Windows\system32\drivers\85026493.sys
15:49:19.0771 0x0fb0 System UUID: {ABB56114-858B-C825-6063-BE713EC172DC}
15:49:24.0245 0x0fb0 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:49:24.0245 0x0fb0 Drive \Device\Harddisk1\DR1 - Size: 0x29EB906000 ( 167.68 Gb ), SectorSize: 0x200, Cylinders: 0x5AD9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
15:49:24.0261 0x0fb0 ============================================================
15:49:24.0261 0x0fb0 \Device\Harddisk0\DR0:
15:49:24.0261 0x0fb0 MBR partitions:
15:49:24.0261 0x0fb0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
15:49:24.0261 0x0fb0 \Device\Harddisk1\DR1:
15:49:24.0261 0x0fb0 MBR partitions:
15:49:24.0261 0x0fb0 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:49:24.0261 0x0fb0 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x14F29800
15:49:24.0261 0x0fb0 ============================================================
15:49:24.0261 0x0fb0 C: <-> \Device\Harddisk1\DR1\Partition2
15:49:24.0292 0x0fb0 E: <-> \Device\Harddisk0\DR0\Partition1
15:49:24.0292 0x0fb0 ============================================================
15:49:24.0292 0x0fb0 Initialize success
15:49:24.0292 0x0fb0 ============================================================
15:49:31.0375 0x1448 ============================================================
15:49:31.0375 0x1448 Scan started
15:49:31.0375 0x1448 Mode: Manual; SigCheck; TDLFS;
15:49:31.0375 0x1448 ============================================================
15:49:31.0375 0x1448 KSN ping started
15:49:33.0824 0x1448 KSN ping finished: true
15:49:34.0089 0x1448 ================ Scan system memory ========================
15:49:34.0089 0x1448 System memory - ok
15:49:34.0089 0x1448 ================ Scan services =============================
15:49:34.0105 0x1448 [ 970C70F6B2953ED43822D3797855D84C, CB22723678B514277BC6E6DDDD206F3B2377CD889C9D473A47A7056BE597BC6B ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
15:49:34.0151 0x1448 !SASCORE - ok
15:49:34.0214 0x1448 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
15:49:34.0229 0x1448 1394ohci - ok
15:49:34.0245 0x1448 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:49:34.0261 0x1448 ACPI - ok
15:49:34.0261 0x1448 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:49:34.0276 0x1448 AcpiPmi - ok
15:49:34.0292 0x1448 [ F6CEFEF46986DE02A3AE5D93AE32B5DC, 903EC5A7B40F4F6B2F3378EFFE8DF28667B88061CDF681C44F2E4FE39B62959E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:49:34.0292 0x1448 AdobeARMservice - ok
15:49:34.0323 0x1448 [ 8C194A201698B4B4F77D974549819D1F, 081A2496FE1CE519E48677D99A831FF1FEEB1B33C75224CF288FA52F3E0E5FF0 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:49:34.0339 0x1448 AdobeFlashPlayerUpdateSvc - ok
15:49:34.0354 0x1448 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:49:34.0385 0x1448 adp94xx - ok
15:49:34.0385 0x1448 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:49:34.0401 0x1448 adpahci - ok
15:49:34.0417 0x1448 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:49:34.0432 0x1448 adpu320 - ok
15:49:34.0432 0x1448 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:49:34.0463 0x1448 AeLookupSvc - ok
15:49:34.0479 0x1448 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
15:49:34.0495 0x1448 AFD - ok
15:49:34.0510 0x1448 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
15:49:34.0510 0x1448 agp440 - ok
15:49:34.0526 0x1448 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
15:49:34.0526 0x1448 ALG - ok
15:49:34.0541 0x1448 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
15:49:34.0541 0x1448 aliide - ok
15:49:34.0557 0x1448 [ 2998362D1E550F0C990D77E34415BEB6, 36BBC575DFE0CBD5BC4AF9AD8B54DCEF950E93AF48884D6523457071296514CC ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:49:34.0573 0x1448 AMD External Events Utility - ok
15:49:34.0573 0x1448 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
15:49:34.0588 0x1448 amdide - ok
15:49:34.0588 0x1448 [ 6A2EEB0C4133B20773BB3DD0B7B377B4, E4CB35C6937C70A145A13E5AE5B34A271B49101DA623171ACBFDA8601E5A70EA ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
15:49:34.0604 0x1448 amdiox64 - ok
15:49:34.0619 0x1448 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:49:34.0619 0x1448 AmdK8 - ok
15:49:35.0056 0x1448 [ A87FC6E3670DB55788184FE3A3808712, 2366E7423B4EBC6E12F0C172246E4D2D3BDD702193FA6955A08180FFFCB217B9 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:49:35.0477 0x1448 amdkmdag - ok
15:49:35.0524 0x1448 [ 971F3B12C24BB83B48F8CCA2ED019906, E4757480DFF2678E3C7897F6E720EEFF76D452707FC87401B209FE533BFC3210 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
15:49:35.0555 0x1448 amdkmdap - ok
15:49:35.0571 0x1448 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:49:35.0571 0x1448 AmdPPM - ok
15:49:35.0587 0x1448 [ 6EC6D772EAE38DC17C14AED9B178D24B, B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:49:35.0587 0x1448 amdsata - ok
15:49:35.0602 0x1448 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
15:49:35.0618 0x1448 amdsbs - ok
15:49:35.0618 0x1448 [ 1142A21DB581A84EA5597B03A26EBAA0, F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:49:35.0618 0x1448 amdxata - ok
15:49:35.0633 0x1448 [ B934322C68C30DCECA96C0274A51F7B0, 5A0B10A9E662A0B0EEB951FFD2A82CC71D30939A78DAEBD26B3F58BB24351AC9 ] AODDriver C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys
15:49:35.0633 0x1448 AODDriver - ok
15:49:35.0649 0x1448 [ 27DABFB4A6B0140C34DBEC713469592B, A355170D353AFBF0DE4EF53282F8404788FBBD0E2A1B7282B1B2925923E83141 ] AppID C:\Windows\system32\drivers\appid.sys
15:49:35.0649 0x1448 AppID - ok
15:49:35.0665 0x1448 [ ABC373B9C6275D45F17DB559408FFD1B, 12B355393BEBE2D1D24D7A9DA5E69E03E334899407503BC1CADCF7BE39828223 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:49:35.0665 0x1448 AppIDSvc - ok
15:49:35.0680 0x1448 [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo C:\Windows\System32\appinfo.dll
15:49:35.0680 0x1448 Appinfo - ok
15:49:35.0696 0x1448 [ 3E7C6639E424FD28952C29D66B7E5277, B10AD3FA5CB36328C5DF33AF58F76770E2B54CFBCB70BD84934F925B8E19FA1F ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:49:35.0696 0x1448 Apple Mobile Device Service - ok
15:49:35.0711 0x1448 [ BA957E7ACD2B44FA3B01FAA64F6A9060, 24824B5B50A0F4BD1E41C2A68682E072387E6E4743538A1C72B261430F743597 ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys
15:49:35.0711 0x1448 AppleCharger - ok
15:49:35.0727 0x1448 [ 95EF7247C50C7241FDAE39A9B3AFF4AE, 6E08FB095C04B2E217B139D6431336C0F24C128A2A83082A3085DC8C44AA247D ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
15:49:35.0727 0x1448 AppleChargerSrv - ok
15:49:35.0743 0x1448 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
15:49:35.0743 0x1448 arc - ok
15:49:35.0758 0x1448 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:49:35.0758 0x1448 arcsas - ok
15:49:35.0774 0x1448 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:49:35.0789 0x1448 aspnet_state - ok
15:49:35.0789 0x1448 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:49:35.0821 0x1448 AsyncMac - ok
15:49:35.0821 0x1448 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
15:49:35.0836 0x1448 atapi - ok
15:49:35.0852 0x1448 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:49:35.0883 0x1448 AudioEndpointBuilder - ok
15:49:35.0899 0x1448 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:49:35.0914 0x1448 AudioSrv - ok
15:49:35.0930 0x1448 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:49:35.0945 0x1448 AxInstSV - ok
15:49:35.0961 0x1448 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
15:49:35.0977 0x1448 b06bdrv - ok
15:49:35.0992 0x1448 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:49:36.0008 0x1448 b57nd60a - ok
15:49:36.0008 0x1448 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
15:49:36.0023 0x1448 BDESVC - ok
15:49:36.0023 0x1448 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
15:49:36.0055 0x1448 Beep - ok
15:49:36.0070 0x1448 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
15:49:36.0101 0x1448 BFE - ok
15:49:36.0133 0x1448 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll
15:49:36.0179 0x1448 BITS - ok
15:49:36.0179 0x1448 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:49:36.0195 0x1448 blbdrive - ok
15:49:36.0195 0x1448 [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:49:36.0226 0x1448 Bonjour Service - ok
15:49:36.0226 0x1448 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:49:36.0242 0x1448 bowser - ok
15:49:36.0242 0x1448 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
15:49:36.0257 0x1448 BrFiltLo - ok
15:49:36.0257 0x1448 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
15:49:36.0273 0x1448 BrFiltUp - ok
15:49:36.0273 0x1448 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
15:49:36.0304 0x1448 BridgeMP - ok
15:49:36.0304 0x1448 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
15:49:36.0320 0x1448 Browser - ok
15:49:36.0335 0x1448 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:49:36.0351 0x1448 Brserid - ok
15:49:36.0351 0x1448 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:49:36.0367 0x1448 BrSerWdm - ok
15:49:36.0367 0x1448 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:49:36.0382 0x1448 BrUsbMdm - ok
15:49:36.0382 0x1448 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:49:36.0398 0x1448 BrUsbSer - ok
15:49:36.0398 0x1448 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:49:36.0413 0x1448 BTHMODEM - ok
15:49:36.0429 0x1448 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
15:49:36.0460 0x1448 bthserv - ok
15:49:36.0460 0x1448 catchme - ok
15:49:36.0460 0x1448 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:49:36.0491 0x1448 cdfs - ok
15:49:36.0507 0x1448 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:49:36.0507 0x1448 cdrom - ok
15:49:36.0523 0x1448 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
15:49:36.0554 0x1448 CertPropSvc - ok
15:49:36.0554 0x1448 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
15:49:36.0569 0x1448 circlass - ok
15:49:36.0569 0x1448 cleanhlp - ok
15:49:36.0585 0x1448 [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys
15:49:36.0601 0x1448 CLFS - ok
15:49:36.0601 0x1448 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:49:36.0616 0x1448 clr_optimization_v2.0.50727_32 - ok
15:49:36.0616 0x1448 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:49:36.0632 0x1448 clr_optimization_v2.0.50727_64 - ok
15:49:36.0647 0x1448 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:49:36.0663 0x1448 clr_optimization_v4.0.30319_32 - ok
15:49:36.0663 0x1448 [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:49:36.0679 0x1448 clr_optimization_v4.0.30319_64 - ok
15:49:36.0679 0x1448 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
15:49:36.0694 0x1448 CmBatt - ok
15:49:36.0835 0x1448 [ 848B4EBA6C41F33D8B26B909A612BEBD, 3AC44D6A2B864DA9A17D6AB5581257359E961C4AFC627080C3168C8B5D65A00D ] CmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
15:49:36.0975 0x1448 CmdAgent - ok
15:49:36.0991 0x1448 [ F33404455DBD79B7C85B8969C70537B5, B8975B0F748F02E3178C1148F9F0C5B71726ACBB88ED5C9351779F37001D377A ] cmderd C:\Windows\system32\DRIVERS\cmderd.sys
15:49:37.0006 0x1448 cmderd - ok
15:49:37.0022 0x1448 [ 347C6F4A0A2B51BB651DDDE0CA7E300B, 5722CEBEEF87A7BCFB20C9B5C24C8628130A5FF0BF6F6AB3A19CE60313EF4BBA ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys
15:49:37.0053 0x1448 cmdGuard - ok
15:49:37.0053 0x1448 [ 12944DDE0FBE29DAE48B2FFE740F3C36, 6B8381131AFFCE362D9D9583B35EFB76FD983EF97A939F4EBEF52E167B72F14F ] cmdHlp C:\Windows\system32\DRIVERS\cmdhlp.sys
15:49:37.0069 0x1448 cmdHlp - ok
15:49:37.0069 0x1448 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:49:37.0084 0x1448 cmdide - ok
15:49:37.0131 0x1448 [ 7906367DCA033F747F7F0426A9F7C97E, 855BCFF8F71C692AA9B15B0378C4C257104078F0D435F3649C84A1068B568FAB ] cmdvirth C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
15:49:37.0193 0x1448 cmdvirth - ok
15:49:37.0209 0x1448 [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys
15:49:37.0240 0x1448 CNG - ok
15:49:37.0240 0x1448 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
15:49:37.0240 0x1448 Compbatt - ok
15:49:37.0256 0x1448 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
15:49:37.0271 0x1448 CompositeBus - ok
15:49:37.0271 0x1448 COMSysApp - ok
15:49:37.0271 0x1448 [ 4C51835FCD734DA98262B3800A41BE7C, 48F2921DA0D6382D4AD57D7D5377DEB4FAC960AD9A08C2CF5619D7C3707D1A49 ] CORK70 C:\Windows\system32\drivers\CORK70.sys
15:49:37.0287 0x1448 CORK70 - ok
15:49:37.0287 0x1448 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:49:37.0303 0x1448 crcdisk - ok
15:49:37.0303 0x1448 [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:49:37.0318 0x1448 CryptSvc - ok
15:49:37.0318 0x1448 [ 914A7156B0C0F10BE645A02E13F576B2, C8686CE4DD9C457D56D5535307FD210AE057BFF94AC59665681DA6CF46DBE2E8 ] DAUpdaterSvc C:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
15:49:37.0334 0x1448 DAUpdaterSvc - ok
15:49:37.0349 0x1448 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:49:37.0381 0x1448 DcomLaunch - ok
15:49:37.0396 0x1448 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
15:49:37.0427 0x1448 defragsvc - ok
15:49:37.0443 0x1448 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:49:37.0474 0x1448 DfsC - ok
15:49:37.0474 0x1448 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
15:49:37.0505 0x1448 Dhcp - ok
15:49:37.0521 0x1448 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
15:49:37.0552 0x1448 discache - ok
15:49:37.0552 0x1448 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
15:49:37.0568 0x1448 Disk - ok
15:49:37.0568 0x1448 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:49:37.0583 0x1448 Dnscache - ok
15:49:37.0583 0x1448 [ FA122BC1451B1B35B7814FBE1ACF1924, 4E27B5E6201EC8B02EC578E4D16E8D34AC178081781E70FEA94D9D0A9B4C24D0 ] Dokan C:\Windows\system32\drivers\dokan.sys
15:49:37.0599 0x1448 Dokan - ok
15:49:37.0599 0x1448 [ 8C856E531A1170F53AC6844E89CD0B5F, 64202D7CEF356A1BADE59A8D1F005483B69655D13BCA008110D667855DC6EE89 ] DokanMounter C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
15:49:37.0615 0x1448 DokanMounter - detected UnsignedFile.Multi.Generic ( 1 )
15:49:40.0017 0x1448 Detect skipped due to KSN trusted
15:49:40.0017 0x1448 DokanMounter - ok
15:49:40.0033 0x1448 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
15:49:40.0064 0x1448 dot3svc - ok
15:49:40.0079 0x1448 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
15:49:40.0111 0x1448 DPS - ok
15:49:40.0111 0x1448 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:49:40.0126 0x1448 drmkaud - ok
15:49:40.0126 0x1448 [ 81E4FCAD06C3C770A88F344665CD1000, 736AF1C4A10FAA093FE23124E80ABCCC3169CAB770D17DA9D1011F77FB4BDB3C ] DUKEMS C:\Windows\system32\drivers\DUKEMS.sys
15:49:40.0142 0x1448 DUKEMS - ok
15:49:40.0157 0x1448 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:49:40.0189 0x1448 DXGKrnl - ok
15:49:40.0204 0x1448 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
15:49:40.0220 0x1448 EapHost - ok
15:49:40.0298 0x1448 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
15:49:40.0391 0x1448 ebdrv - ok
15:49:40.0391 0x1448 [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] EFS C:\Windows\System32\lsass.exe
15:49:40.0407 0x1448 EFS - ok
15:49:40.0423 0x1448 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:49:40.0454 0x1448 ehRecvr - ok
15:49:40.0454 0x1448 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
15:49:40.0469 0x1448 ehSched - ok
15:49:40.0485 0x1448 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:49:40.0501 0x1448 elxstor - ok
15:49:40.0516 0x1448 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:49:40.0516 0x1448 ErrDev - ok
15:49:40.0532 0x1448 [ B8FA96995726D1FA58476E352C02AD82, 6BBD49B16A19CC3C3337707EFBEB6BC355CB077CBBBC99D8985A3FBB6E871A89 ] ES lite Service C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
15:49:40.0532 0x1448 ES lite Service - ok
15:49:40.0547 0x1448 [ 84486624268E078255BC7AA47F0960BC, EC2540698B974572F0AC4A93D57C63295BAF66BF50F7416B9DFF5DE790EBDBE7 ] etdrv C:\Windows\etdrv.sys
15:49:40.0547 0x1448 etdrv - ok
15:49:40.0547 0x1448 [ DB6AEC32FAF5BD002D9ED6C38692D42B, 8BB85AE88E783B678B05D5937B7EE261BB6ECC9BF82CCB0D9A4009A1535F62B3 ] EtronHub3 C:\Windows\system32\Drivers\EtronHub3.sys
15:49:40.0563 0x1448 EtronHub3 - ok
15:49:40.0563 0x1448 [ 9CC2F24274741E12F9DF92125EA6D6D8, AC51B2A81A4D285E2E17880597B491EBBFEC533A5009B810E4AD0D9FC589EB22 ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys
15:49:40.0579 0x1448 EtronXHCI - ok
15:49:40.0594 0x1448 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
15:49:40.0625 0x1448 EventSystem - ok
15:49:40.0641 0x1448 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
15:49:40.0672 0x1448 exfat - ok
15:49:40.0672 0x1448 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:49:40.0719 0x1448 fastfat - ok
15:49:40.0735 0x1448 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
15:49:40.0750 0x1448 Fax - ok
15:49:40.0766 0x1448 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
15:49:40.0766 0x1448 fdc - ok
15:49:40.0781 0x1448 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
15:49:40.0797 0x1448 fdPHost - ok
15:49:40.0813 0x1448 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
15:49:40.0844 0x1448 FDResPub - ok
15:49:40.0844 0x1448 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:49:40.0859 0x1448 FileInfo - ok
15:49:40.0859 0x1448 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:49:40.0891 0x1448 Filetrace - ok
15:49:40.0891 0x1448 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
15:49:40.0906 0x1448 flpydisk - ok
15:49:40.0906 0x1448 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:49:40.0922 0x1448 FltMgr - ok
15:49:40.0953 0x1448 [ D5A775990A7C202A037378FDBCDB6141, 27AD242914FAFB7A27B3045C0F0F6AFE6873FE331A51D8BB29A63B5D84C72EFB ] FontCache C:\Windows\system32\FntCache.dll
15:49:41.0000 0x1448 FontCache - ok
15:49:41.0000 0x1448 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:49:41.0015 0x1448 FontCache3.0.0.0 - ok
15:49:41.0015 0x1448 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:49:41.0015 0x1448 FsDepends - ok
15:49:41.0031 0x1448 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:49:41.0031 0x1448 Fs_Rec - ok
15:49:41.0047 0x1448 [ 18AEB680709A01F0FAA74165EE995F39, FBBEDD9A5BA1F620C6F71647550372C0C5A21C342272BB284CF797CC572487E7 ] Futuremark SystemInfo Service C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe
15:49:41.0062 0x1448 Futuremark SystemInfo Service - ok
15:49:41.0062 0x1448 [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:49:41.0078 0x1448 fvevol - ok
15:49:41.0093 0x1448 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:49:41.0093 0x1448 gagp30kx - ok
15:49:41.0109 0x1448 [ 7907E14F9BCF3A4689C9A74A1A873CB6, 17927B93B2D6AB4271C158F039CAE2D60591D6A14458F5A5690AEC86F5D54229 ] gdrv C:\Windows\gdrv.sys
15:49:41.0109 0x1448 gdrv - ok
15:49:41.0109 0x1448 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:49:41.0125 0x1448 GEARAspiWDM - ok
15:49:41.0140 0x1448 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
15:49:41.0187 0x1448 gpsvc - ok
15:49:41.0203 0x1448 [ 8126331FBD4ED29EB3B356F9C905064D, A58BCE904591DD762410E99960FD956FB579C2CE78FA7BF1406075D29537EF82 ] GVTDrv64 C:\Windows\GVTDrv64.sys
15:49:41.0203 0x1448 GVTDrv64 - ok
15:49:41.0203 0x1448 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:49:41.0218 0x1448 hcw85cir - ok
15:49:41.0234 0x1448 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:49:41.0249 0x1448 HdAudAddService - ok
15:49:41.0249 0x1448 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:49:41.0265 0x1448 HDAudBus - ok
15:49:41.0281 0x1448 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
15:49:41.0281 0x1448 HidBatt - ok
15:49:41.0296 0x1448 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:49:41.0312 0x1448 HidBth - ok
15:49:41.0312 0x1448 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
15:49:41.0327 0x1448 HidIr - ok
15:49:41.0327 0x1448 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
15:49:41.0359 0x1448 hidserv - ok
15:49:41.0359 0x1448 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:49:41.0374 0x1448 HidUsb - ok
15:49:41.0374 0x1448 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:49:41.0405 0x1448 hkmsvc - ok
15:49:41.0421 0x1448 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:49:41.0437 0x1448 HomeGroupListener - ok
15:49:41.0437 0x1448 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:49:41.0452 0x1448 HomeGroupProvider - ok
15:49:41.0468 0x1448 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:49:41.0468 0x1448 HpSAMD - ok
15:49:41.0468 0x1448 [ F47CEC45FB85791D4AB237563AD0FA8F, 1035066D48BD179855BCA7F62EFA1B951E6E839D2E29E15A31844E18A126DD41 ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys
15:49:41.0483 0x1448 HTCAND64 - ok
15:49:41.0499 0x1448 [ 5C8BC8A28798FD010E7ABC4E0D588CAA, 622CAFD3DCBB05E15539589FDD4002DA6F24790FC55BDF05AA3D043E8A34E53E ] HTCMonitorService C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
15:49:41.0499 0x1448 HTCMonitorService - ok
15:49:41.0515 0x1448 [ B8B1B284362E1D8135112573395D5DA5, 97BC6A7B2DCD7CC854B912A85BB2FCF199592E8E16A7C405EAF89B02D5DE4AEE ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
15:49:41.0515 0x1448 htcnprot - ok
15:49:41.0546 0x1448 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:49:41.0561 0x1448 HTTP - ok
15:49:41.0561 0x1448 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:49:41.0577 0x1448 hwpolicy - ok
15:49:41.0577 0x1448 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:49:41.0593 0x1448 i8042prt - ok
15:49:41.0608 0x1448 [ 3DF4395A7CF8B7A72A5F4606366B8C2D, 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:49:41.0624 0x1448 iaStorV - ok
15:49:41.0639 0x1448 [ 33D4D4A24791587E83F7EE05A446FB7E, 081E48AF76D7D3A71850A4C910EFBB0B280235E2A5303178B0338230F4BA2DE2 ] ICCS C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
15:49:41.0639 0x1448 ICCS - detected UnsignedFile.Multi.Generic ( 1 )
15:49:44.0026 0x1448 Detect skipped due to KSN trusted
15:49:44.0026 0x1448 ICCS - ok
15:49:44.0026 0x1448 [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:49:44.0042 0x1448 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
15:49:46.0429 0x1448 Detect skipped due to KSN trusted
15:49:46.0429 0x1448 IDriverT - ok
15:49:46.0460 0x1448 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:49:46.0475 0x1448 idsvc - ok
15:49:46.0491 0x1448 IEEtwCollectorService - ok
15:49:46.0491 0x1448 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:49:46.0491 0x1448 iirsp - ok
15:49:46.0522 0x1448 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
15:49:46.0553 0x1448 IKEEXT - ok
15:49:46.0553 0x1448 [ 0FFA95F1171F64F2A51F69A75B1EFF4A, 1F0001D519756DE74477D9398F300187665EBDF1AD902F68A967C2F95C4F85DF ] inspect C:\Windows\system32\DRIVERS\inspect.sys
15:49:46.0569 0x1448 inspect - ok
15:49:46.0663 0x1448 [ 7A3585C4000C8340AE6B7FA08F9EF50F, B93F23464E7D929B90D80650698372128546CFEDA72216823CBE51A08D3368E0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:49:46.0741 0x1448 IntcAzAudAddService - ok
15:49:46.0756 0x1448 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
15:49:46.0772 0x1448 intelide - ok
15:49:46.0772 0x1448 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\drivers\intelppm.sys
15:49:46.0787 0x1448 intelppm - ok
15:49:46.0787 0x1448 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:49:46.0819 0x1448 IPBusEnum - ok
15:49:46.0819 0x1448 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:49:46.0850 0x1448 IpFilterDriver - ok
15:49:46.0865 0x1448 [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:49:46.0912 0x1448 iphlpsvc - ok
15:49:46.0912 0x1448 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:49:46.0928 0x1448 IPMIDRV - ok
15:49:46.0928 0x1448 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:49:46.0959 0x1448 IPNAT - ok
15:49:46.0975 0x1448 [ 57A85230DA22ABCFD9AF2E5A3D946F41, 9E9217FF5AB64D06D79632B9F9CEDABA10F744C40896D7622D0FD397FD0E99BF ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:49:47.0006 0x1448 iPod Service - ok
15:49:47.0006 0x1448 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:49:47.0021 0x1448 IRENUM - ok
15:49:47.0021 0x1448 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:49:47.0037 0x1448 isapnp - ok
15:49:47.0037 0x1448 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:49:47.0053 0x1448 iScsiPrt - ok
15:49:47.0084 0x1448 [ 0D2DA1C6D8ED85F51E3758EAE22455F2, 73DC4CA53C84287B55410582C26F93AC9064C176B134809E8C2D9C86737E8343 ] JMB36X C:\Windows\SysWOW64\XSrvSetup.exe
15:49:47.0099 0x1448 JMB36X - ok
15:49:47.0099 0x1448 [ C0D9BA660A41EE8A269EF804E6CD0D7B, B69B732FA7178F9FA97E16A1F99EED27ABDEDB37FB610F1D7A823BB24D08340B ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
15:49:47.0115 0x1448 JRAID - ok
15:49:47.0115 0x1448 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:49:47.0131 0x1448 kbdclass - ok
15:49:47.0131 0x1448 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:49:47.0146 0x1448 kbdhid - ok
15:49:47.0146 0x1448 [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] KeyIso C:\Windows\system32\lsass.exe
15:49:47.0162 0x1448 KeyIso - ok
15:49:47.0162 0x1448 [ 3A8C03156C3E31E70EF84E48CA179B46, E25E43D53BB6EE1B5F34C95B4FAD111B37A36367B8D047B10FC614DEE13658E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:49:47.0177 0x1448 KSecDD - ok
15:49:47.0177 0x1448 [ C6330F7C2E92A00E6773E82F79078AFC, D8B851BF4FCE85F2A269F0B46BC7EC5A118FCFDACE8460E7B54C1A7CE306774A ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:49:47.0193 0x1448 KSecPkg - ok
15:49:47.0193 0x1448 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:49:47.0224 0x1448 ksthunk - ok
15:49:47.0240 0x1448 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
15:49:47.0271 0x1448 KtmRm - ok
15:49:47.0287 0x1448 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll
15:49:47.0318 0x1448 LanmanServer - ok
15:49:47.0318 0x1448 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:49:47.0349 0x1448 LanmanWorkstation - ok
15:49:47.0349 0x1448 [ FA529FB35694C24BF98A9EF67C1CD9D0, 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
15:49:47.0365 0x1448 LGBusEnum - ok
15:49:47.0365 0x1448 [ 94B29CE153765E768F004FB3440BE2B0, E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
15:49:47.0380 0x1448 LGVirHid - ok
15:49:47.0380 0x1448 [ 241F2648ADF090E2A10095BD6D6F5DCB, D31F50F7A70A62E3CA45071F75C56FFA21464BFAF4CA4A3AD2482D7477D78D4E ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
15:49:47.0396 0x1448 LHidFilt - ok
15:49:47.0396 0x1448 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:49:47.0427 0x1448 lltdio - ok
15:49:47.0427 0x1448 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:49:47.0474 0x1448 lltdsvc - ok
15:49:47.0474 0x1448 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:49:47.0505 0x1448 lmhosts - ok
15:49:47.0505 0x1448 [ 342ED5A4B3326014438F36D22D803737, 45488402BD919D84729A19E618B3595D615EB1F73FB9BC77675A21E7DB80AB6C ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
15:49:47.0521 0x1448 LMouFilt - ok
15:49:47.0521 0x1448 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:49:47.0536 0x1448 LSI_FC - ok
15:49:47.0536 0x1448 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:49:47.0552 0x1448 LSI_SAS - ok
15:49:47.0552 0x1448 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
15:49:47.0567 0x1448 LSI_SAS2 - ok
15:49:47.0567 0x1448 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:49:47.0583 0x1448 LSI_SCSI - ok
15:49:47.0583 0x1448 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
15:49:47.0614 0x1448 luafv - ok
15:49:47.0630 0x1448 [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
15:49:47.0630 0x1448 MBAMProtector - ok
15:49:47.0677 0x1448 [ AB176B9E59C0435499D83047D84EDD59, 85B826A3972CE9AD885313B69B9C60328B850257667D0EB65DDE890D0BB06361 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
15:49:47.0708 0x1448 MBAMScheduler - ok
15:49:47.0739 0x1448 [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
15:49:47.0770 0x1448 MBAMService - ok
15:49:47.0786 0x1448 [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
15:49:47.0801 0x1448 MBAMSwissArmy - ok
15:49:47.0801 0x1448 [ D61070CFAD43038DC56AEAD9BFE9CE2A, BD77AEF60E7FD2015CB14A464799304359547146C14A47F8D25274ACFA2E42D5 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
15:49:47.0817 0x1448 MBAMWebAccessControl - ok
15:49:47.0817 0x1448 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:49:47.0833 0x1448 Mcx2Svc - ok
15:49:47.0833 0x1448 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
15:49:47.0848 0x1448 megasas - ok
15:49:47.0848 0x1448 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
15:49:47.0864 0x1448 MegaSR - ok
15:49:47.0879 0x1448 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
15:49:47.0895 0x1448 MMCSS - ok
15:49:47.0911 0x1448 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
15:49:47.0942 0x1448 Modem - ok
15:49:47.0942 0x1448 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:49:47.0957 0x1448 monitor - ok
15:49:47.0957 0x1448 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:49:47.0973 0x1448 mouclass - ok
15:49:47.0973 0x1448 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:49:47.0973 0x1448 mouhid - ok
15:49:47.0989 0x1448 [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:49:47.0989 0x1448 mountmgr - ok
15:49:48.0004 0x1448 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
15:49:48.0020 0x1448 mpio - ok
15:49:48.0020 0x1448 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:49:48.0051 0x1448 mpsdrv - ok
15:49:48.0067 0x1448 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:49:48.0113 0x1448 MpsSvc - ok
15:49:48.0129 0x1448 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:49:48.0145 0x1448 MRxDAV - ok
15:49:48.0145 0x1448 [ ACB6782973BD93760D597FC7BB37E692, 9B6EC2858D236DCE61FD5E0247F4D947A5DC484C9C0AABFDAF8270ABA392E787 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:49:48.0160 0x1448 mrxsmb - ok
15:49:48.0176 0x1448 [ 262BF7BB7D0E44CFAA9B12A1E0A6EDF1, CCC3A4CE929C7C8B07C1038BBE8425590CE14F5C37E1D5608978A3AD2F41519C ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:49:48.0191 0x1448 mrxsmb10 - ok
15:49:48.0191 0x1448 [ 8C0376974AA28398FF501E78C04ACB30, 81CE67BE933F67F760A72BF9B581F33BC151D98970765FE4425450A2EF450409 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:49:48.0207 0x1448 mrxsmb20 - ok
15:49:48.0207 0x1448 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
15:49:48.0223 0x1448 msahci - ok
15:49:48.0223 0x1448 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:49:48.0238 0x1448 msdsm - ok
15:49:48.0238 0x1448 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
15:49:48.0254 0x1448 MSDTC - ok
15:49:48.0269 0x1448 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:49:48.0285 0x1448 Msfs - ok
15:49:48.0301 0x1448 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:49:48.0316 0x1448 mshidkmdf - ok
15:49:48.0332 0x1448 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:49:48.0332 0x1448 msisadrv - ok
15:49:48.0347 0x1448 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:49:48.0379 0x1448 MSiSCSI - ok
15:49:48.0379 0x1448 msiserver - ok
15:49:48.0379 0x1448 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:49:48.0410 0x1448 MSKSSRV - ok
15:49:48.0410 0x1448 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:49:48.0441 0x1448 MSPCLOCK - ok
15:49:48.0441 0x1448 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:49:48.0472 0x1448 MSPQM - ok
15:49:48.0488 0x1448 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:49:48.0503 0x1448 MsRPC - ok
15:49:48.0503 0x1448 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:49:48.0519 0x1448 mssmbios - ok
15:49:48.0519 0x1448 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:49:48.0550 0x1448 MSTEE - ok
15:49:48.0550 0x1448 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
15:49:48.0550 0x1448 MTConfig - ok
15:49:48.0566 0x1448 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
15:49:48.0566 0x1448 Mup - ok
15:49:48.0581 0x1448 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
15:49:48.0628 0x1448 napagent - ok
15:49:48.0644 0x1448 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:49:48.0659 0x1448 NativeWifiP - ok
15:49:48.0691 0x1448 [ 79B47FD40D9A817E932F9D26FAC0A81C, 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D ] NDIS C:\Windows\system32\drivers\ndis.sys
15:49:48.0706 0x1448 NDIS - ok
15:49:48.0722 0x1448 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:49:48.0737 0x1448 NdisCap - ok
15:49:48.0753 0x1448 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:49:48.0769 0x1448 NdisTapi - ok
15:49:48.0784 0x1448 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:49:48.0815 0x1448 Ndisuio - ok
15:49:48.0815 0x1448 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:49:48.0847 0x1448 NdisWan - ok
15:49:48.0847 0x1448 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:49:48.0878 0x1448 NDProxy - ok
15:49:48.0878 0x1448 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:49:48.0909 0x1448 NetBIOS - ok
15:49:48.0925 0x1448 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:49:48.0956 0x1448 NetBT - ok
15:49:48.0956 0x1448 [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] Netlogon C:\Windows\system32\lsass.exe
15:49:48.0971 0x1448 Netlogon - ok
15:49:48.0987 0x1448 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
15:49:49.0018 0x1448 Netman - ok
15:49:49.0034 0x1448 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:49:49.0049 0x1448 NetMsmqActivator - ok
15:49:49.0049 0x1448 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:49:49.0065 0x1448 NetPipeActivator - ok
15:49:49.0081 0x1448 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
15:49:49.0112 0x1448 netprofm - ok
15:49:49.0127 0x1448 [ D9A089E17112F04F452D22254B959D87, DE6DD970B224A8A59402793C65E6839F88B0206D13CBB20B4E43AF4743DA64C4 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
15:49:49.0159 0x1448 netr28x - ok
15:49:49.0174 0x1448 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:49:49.0174 0x1448 NetTcpActivator - ok
15:49:49.0190 0x1448 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:49:49.0205 0x1448 NetTcpPortSharing - ok
15:49:49.0205 0x1448 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:49:49.0221 0x1448 nfrd960 - ok
15:49:49.0221 0x1448 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
15:49:49.0237 0x1448 NlaSvc - ok
15:49:49.0237 0x1448 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:49:49.0268 0x1448 Npfs - ok
15:49:49.0283 0x1448 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
15:49:49.0299 0x1448 nsi - ok
15:49:49.0315 0x1448 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:49:49.0346 0x1448 nsiproxy - ok
15:49:49.0377 0x1448 [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:49:49.0424 0x1448 Ntfs - ok
15:49:49.0439 0x1448 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
15:49:49.0455 0x1448 Null - ok
15:49:49.0471 0x1448 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48, 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:49:49.0486 0x1448 nvraid - ok
15:49:49.0486 0x1448 [ F7CD50FE7139F07E77DA8AC8033D1832, DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:49:49.0502 0x1448 nvstor - ok
15:49:49.0502 0x1448 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:49:49.0517 0x1448 nv_agp - ok
15:49:49.0517 0x1448 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:49:49.0533 0x1448 ohci1394 - ok
15:49:49.0549 0x1448 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:49:49.0564 0x1448 p2pimsvc - ok
15:49:49.0580 0x1448 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
15:49:49.0595 0x1448 p2psvc - ok
15:49:49.0595 0x1448 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
15:49:49.0611 0x1448 Parport - ok
15:49:49.0611 0x1448 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:49:49.0627 0x1448 partmgr - ok
15:49:49.0642 0x1448 [ 3CAE2BBC86FCF7F94C9696994AF30386, 4DA063A60523567272CFB35DF5D7CA142B100EF9123B1F23A6F11AB89DB83486 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
15:49:49.0642 0x1448 PassThru Service - detected UnsignedFile.Multi.Generic ( 1 )
15:49:52.0045 0x1448 Detect skipped due to KSN trusted
15:49:52.0045 0x1448 PassThru Service - ok
15:49:52.0060 0x1448 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:49:52.0060 0x1448 PcaSvc - ok
15:49:52.0076 0x1448 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
15:49:52.0091 0x1448 pci - ok
15:49:52.0091 0x1448 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
15:49:52.0107 0x1448 pciide - ok
15:49:52.0107 0x1448 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:49:52.0123 0x1448 pcmcia - ok
15:49:52.0123 0x1448 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
15:49:52.0138 0x1448 pcw - ok
15:49:52.0154 0x1448 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:49:52.0185 0x1448 PEAUTH - ok
15:49:52.0185 0x1448 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:49:52.0201 0x1448 PerfHost - ok
15:49:52.0232 0x1448 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
15:49:52.0294 0x1448 pla - ok
15:49:52.0310 0x1448 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:49:52.0325 0x1448 PlugPlay - ok
15:49:52.0341 0x1448 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:49:52.0341 0x1448 PNRPAutoReg - ok
15:49:52.0357 0x1448 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:49:52.0372 0x1448 PNRPsvc - ok
15:49:52.0388 0x1448 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:49:52.0435 0x1448 PolicyAgent - ok
15:49:52.0435 0x1448 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
15:49:52.0466 0x1448 Power - ok
15:49:52.0481 0x1448 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:49:52.0513 0x1448 PptpMiniport - ok
15:49:52.0513 0x1448 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
15:49:52.0528 0x1448 Processor - ok
15:49:52.0528 0x1448 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
15:49:52.0544 0x1448 ProfSvc - ok
15:49:52.0559 0x1448 [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:49:52.0559 0x1448 ProtectedStorage - ok
15:49:52.0575 0x1448 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:49:52.0606 0x1448 Psched - ok
15:49:52.0637 0x1448 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:49:52.0684 0x1448 ql2300 - ok
15:49:52.0684 0x1448 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:49:52.0700 0x1448 ql40xx - ok
15:49:52.0715 0x1448 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
15:49:52.0731 0x1448 QWAVE - ok
15:49:52.0731 0x1448 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:49:52.0747 0x1448 QWAVEdrv - ok
15:49:52.0762 0x1448 [ 720FEA3AAA15FE7E0BEAB10AC2E6D2B0, E1E6A79751B7CAA86F4C7F9DD2A835D5C30FBD433644F916B8E54CD8105D00D2 ] RalinkRegistryWriter C:\Program Files (x86)\Edimax\Common\RaRegistry.exe
15:49:52.0762 0x1448 RalinkRegistryWriter - ok
15:49:52.0778 0x1448 [ 178CEF55E09DC320FF6561D4EEB4F632, 0B11CE080341CAD324F6A46ABE30D71E3BD2C27EA9188A0C9574ED757706E8A7 ] RalinkRegistryWriter64 C:\Program Files (x86)\Edimax\Common\RaRegistry64.exe
15:49:52.0778 0x1448 RalinkRegistryWriter64 - ok
15:49:52.0793 0x1448 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:49:52.0809 0x1448 RasAcd - ok
15:49:52.0825 0x1448 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:49:52.0856 0x1448 RasAgileVpn - ok
15:49:52.0856 0x1448 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
15:49:52.0887 0x1448 RasAuto - ok
15:49:52.0887 0x1448 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:49:52.0918 0x1448 Rasl2tp - ok
15:49:52.0934 0x1448 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
15:49:52.0965 0x1448 RasMan - ok
15:49:52.0981 0x1448 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:49:53.0012 0x1448 RasPppoe - ok
15:49:53.0012 0x1448 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:49:53.0043 0x1448 RasSstp - ok
15:49:53.0043 0x1448 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:49:53.0090 0x1448 rdbss - ok
15:49:53.0090 0x1448 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
15:49:53.0105 0x1448 rdpbus - ok
15:49:53.0105 0x1448 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:49:53.0137 0x1448 RDPCDD - ok
15:49:53.0137 0x1448 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:49:53.0168 0x1448 RDPENCDD - ok
15:49:53.0168 0x1448 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:49:53.0199 0x1448 RDPREFMP - ok
15:49:53.0199 0x1448 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:49:53.0215 0x1448 RDPWD - ok
15:49:53.0230 0x1448 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:49:53.0246 0x1448 rdyboost - ok
15:49:53.0246 0x1448 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:49:53.0277 0x1448 RemoteAccess - ok
15:49:53.0277 0x1448 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:49:53.0308 0x1448 RemoteRegistry - ok
15:49:53.0324 0x1448 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:49:53.0355 0x1448 RpcEptMapper - ok
15:49:53.0355 0x1448 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
15:49:53.0371 0x1448 RpcLocator - ok
15:49:53.0386 0x1448 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
15:49:53.0417 0x1448 RpcSs - ok
15:49:53.0433 0x1448 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:49:53.0464 0x1448 rspndr - ok
15:49:53.0464 0x1448 [ C435AC77704EB16E85C9D630F4D4B4F7, DA508641AC9DFEDEE7E025B13CE0629C316742C4E95765FEDEF1A24112F45435 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
15:49:53.0480 0x1448 RTHDMIAzAudService - ok
15:49:53.0495 0x1448 [ 9140DB0911DE035FED0A9A77A2D156EA, 07C9D7E2978062ABD84B58B390360D4C0F72C6A5A2310444579DC095943BD008 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
15:49:53.0511 0x1448 RTL8167 - ok
15:49:53.0527 0x1448 [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] SamSs C:\Windows\system32\lsass.exe
15:49:53.0527 0x1448 SamSs - ok
15:49:53.0542 0x1448 [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
15:49:53.0542 0x1448 SASDIFSV - ok
15:49:53.0542 0x1448 [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
15:49:53.0558 0x1448 SASKUTIL - ok
15:49:53.0558 0x1448 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:49:53.0573 0x1448 sbp2port - ok
15:49:53.0589 0x1448 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:49:53.0620 0x1448 SCardSvr - ok
15:49:53.0620 0x1448 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:49:53.0651 0x1448 scfilter - ok
15:49:53.0667 0x1448 [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule C:\Windows\system32\schedsvc.dll
15:49:53.0714 0x1448 Schedule - ok
15:49:53.0714 0x1448 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
15:49:53.0745 0x1448 SCPolicySvc - ok
15:49:53.0745 0x1448 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:49:53.0761 0x1448 SDRSVC - ok
15:49:53.0776 0x1448 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:49:53.0776 0x1448 secdrv - ok
15:49:53.0792 0x1448 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
15:49:53.0807 0x1448 seclogon - ok
15:49:53.0823 0x1448 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
15:49:53.0854 0x1448 SENS - ok
15:49:53.0854 0x1448 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:49:53.0870 0x1448 SensrSvc - ok
15:49:53.0870 0x1448 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:49:53.0885 0x1448 Serenum - ok
15:49:53.0885 0x1448 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:49:53.0901 0x1448 Serial - ok
15:49:53.0901 0x1448 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:49:53.0917 0x1448 sermouse - ok
15:49:53.0917 0x1448 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
15:49:53.0948 0x1448 SessionEnv - ok
15:49:53.0963 0x1448 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:49:53.0963 0x1448 sffdisk - ok
15:49:53.0979 0x1448 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:49:53.0979 0x1448 sffp_mmc - ok
15:49:53.0995 0x1448 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:49:54.0010 0x1448 sffp_sd - ok
15:49:54.0010 0x1448 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:49:54.0010 0x1448 sfloppy - ok
15:49:54.0026 0x1448 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:49:54.0057 0x1448 SharedAccess - ok
15:49:54.0073 0x1448 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:49:54.0104 0x1448 ShellHWDetection - ok
15:49:54.0119 0x1448 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
15:49:54.0119 0x1448 SiSRaid2 - ok
15:49:54.0135 0x1448 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:49:54.0135 0x1448 SiSRaid4 - ok
15:49:54.0151 0x1448 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:49:54.0182 0x1448 Smb - ok
15:49:54.0182 0x1448 [ 9E8987EC160B9BFEBEE236D475CD4D43, 63830705A5EFFB4E75C86D088C2863601D85ADC3738648599C53BE91548216E5 ] SnakeEyes C:\Windows\system32\drivers\SnakeEyes.sys
15:49:54.0197 0x1448 SnakeEyes - ok
15:49:54.0197 0x1448 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:49:54.0213 0x1448 SNMPTRAP - ok
15:49:54.0213 0x1448 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
15:49:54.0229 0x1448 spldr - ok
15:49:54.0244 0x1448 [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler C:\Windows\System32\spoolsv.exe
15:49:54.0275 0x1448 Spooler - ok
15:49:54.0385 0x1448 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
15:49:54.0478 0x1448 sppsvc - ok
15:49:54.0494 0x1448 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:49:54.0525 0x1448 sppuinotify - ok
15:49:54.0541 0x1448 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:49:54.0556 0x1448 srv - ok
15:49:54.0572 0x1448 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:49:54.0587 0x1448 srv2 - ok
15:49:54.0603 0x1448 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:49:54.0603 0x1448 srvnet - ok
15:49:54.0619 0x1448 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:49:54.0650 0x1448 SSDPSRV - ok
15:49:54.0650 0x1448 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:49:54.0681 0x1448 SstpSvc - ok
15:49:54.0712 0x1448 [ D31201BD8782752BD69DBE1E5DDF9AC5, 98B72690B4E6CC1B694C655DD31CB1FB56B76B62A32CFB748AF78F4C072D9740 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
15:49:54.0743 0x1448 Steam Client Service - ok
15:49:54.0743 0x1448 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
15:49:54.0759 0x1448 stexstor - ok
15:49:54.0775 0x1448 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
15:49:54.0790 0x1448 stisvc - ok
15:49:54.0806 0x1448 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:49:54.0806 0x1448 swenum - ok
15:49:54.0821 0x1448 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
15:49:54.0868 0x1448 swprv - ok
15:49:54.0915 0x1448 [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain C:\Windows\system32\sysmain.dll
15:49:54.0977 0x1448 SysMain - ok
15:49:54.0977 0x1448 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:49:55.0009 0x1448 TabletInputService - ok
15:49:55.0009 0x1448 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
15:49:55.0040 0x1448 TapiSrv - ok
15:49:55.0055 0x1448 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
15:49:55.0087 0x1448 TBS - ok
15:49:55.0133 0x1448 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:49:55.0180 0x1448 Tcpip - ok
15:49:55.0227 0x1448 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:49:55.0289 0x1448 TCPIP6 - ok
15:49:55.0289 0x1448 [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:49:55.0321 0x1448 tcpipreg - ok
15:49:55.0336 0x1448 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:49:55.0352 0x1448 TDPIPE - ok
15:49:55.0352 0x1448 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:49:55.0367 0x1448 TDTCP - ok
15:49:55.0367 0x1448 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:49:55.0399 0x1448 tdx - ok
15:49:55.0399 0x1448 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:49:55.0414 0x1448 TermDD - ok
15:49:55.0430 0x1448 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
15:49:55.0461 0x1448 TermService - ok
15:49:55.0477 0x1448 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
15:49:55.0492 0x1448 Themes - ok
15:49:55.0492 0x1448 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
15:49:55.0523 0x1448 THREADORDER - ok
15:49:55.0539 0x1448 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
15:49:55.0570 0x1448 TrkWks - ok
15:49:55.0570 0x1448 [ FD44FA80DA03EA144153A76DEBBB61B4, 0C46717F489A415A583470DAE8CF58E47BC307B9CB0F9DB6C4EDF33B7525475C ] TrueSight C:\Windows\System32\drivers\TrueSight.sys
15:49:55.0586 0x1448 TrueSight - ok
15:49:55.0601 0x1448 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:49:55.0633 0x1448 TrustedInstaller - ok
15:49:55.0633 0x1448 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:49:55.0648 0x1448 tssecsrv - ok
15:49:55.0648 0x1448 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:49:55.0664 0x1448 TsUsbFlt - ok
15:49:55.0664 0x1448 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
15:49:55.0679 0x1448 TsUsbGD - ok
15:49:55.0679 0x1448 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:49:55.0726 0x1448 tunnel - ok
15:49:55.0726 0x1448 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:49:55.0742 0x1448 uagp35 - ok
15:49:55.0742 0x1448 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:49:55.0789 0x1448 udfs - ok
15:49:55.0789 0x1448 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:49:55.0804 0x1448 UI0Detect - ok
15:49:55.0820 0x1448 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:49:55.0820 0x1448 uliagpkx - ok
15:49:55.0820 0x1448 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:49:55.0835 0x1448 umbus - ok
15:49:55.0851 0x1448 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
15:49:55.0851 0x1448 UmPass - ok
15:49:55.0867 0x1448 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
15:49:55.0913 0x1448 upnphost - ok
15:49:55.0913 0x1448 [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
15:49:55.0913 0x1448 USBAAPL64 - detected UnsignedFile.Multi.Generic ( 1 )
15:49:58.0316 0x1448 Detect skipped due to KSN trusted
15:49:58.0316 0x1448 USBAAPL64 - ok
15:49:58.0316 0x1448 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
15:49:58.0331 0x1448 usbaudio - ok
15:49:58.0347 0x1448 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:49:58.0347 0x1448 usbccgp - ok
15:49:58.0363 0x1448 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:49:58.0378 0x1448 usbcir - ok
15:49:58.0378 0x1448 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:49:58.0394 0x1448 usbehci - ok
15:49:58.0394 0x1448 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:49:58.0425 0x1448 usbhub - ok
15:49:58.0425 0x1448 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
15:49:58.0441 0x1448 usbohci - ok
15:49:58.0441 0x1448 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:49:58.0456 0x1448 usbprint - ok
15:49:58.0472 0x1448 [ D76510CFA0FC09023077F22C2F979D86, 5662281C6D515423255D3C262EA368DBAFC250235E535FBFA3E59D3487695439 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:49:58.0487 0x1448 USBSTOR - ok
15:49:58.0487 0x1448 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:49:58.0503 0x1448 usbuhci - ok
15:49:58.0503 0x1448 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
15:49:58.0539 0x1448 UxSms - ok
15:49:58.0539 0x1448 [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] VaultSvc C:\Windows\system32\lsass.exe
15:49:58.0559 0x1448 VaultSvc - ok
15:49:58.0559 0x1448 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:49:58.0569 0x1448 vdrvroot - ok
15:49:58.0589 0x1448 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
15:49:58.0629 0x1448 vds - ok
15:49:58.0639 0x1448 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:49:58.0649 0x1448 vga - ok
15:49:58.0659 0x1448 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
15:49:58.0689 0x1448 VgaSave - ok
15:49:58.0689 0x1448 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:49:58.0709 0x1448 vhdmp - ok
15:49:58.0709 0x1448 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
15:49:58.0719 0x1448 viaide - ok
15:49:58.0729 0x1448 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:49:58.0739 0x1448 volmgr - ok
15:49:58.0749 0x1448 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:49:58.0769 0x1448 volmgrx - ok
15:49:58.0779 0x1448 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:49:58.0789 0x1448 volsnap - ok
15:49:58.0799 0x1448 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:49:58.0809 0x1448 vsmraid - ok
15:49:58.0859 0x1448 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
15:49:58.0921 0x1448 VSS - ok
15:49:58.0921 0x1448 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:49:58.0937 0x1448 vwifibus - ok
15:49:58.0952 0x1448 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:49:58.0968 0x1448 vwififlt - ok
15:49:58.0968 0x1448 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
15:49:58.0983 0x1448 vwifimp - ok
15:49:58.0999 0x1448 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
15:49:59.0030 0x1448 W32Time - ok
15:49:59.0046 0x1448 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:49:59.0046 0x1448 WacomPen - ok
15:49:59.0061 0x1448 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:49:59.0093 0x1448 WANARP - ok
15:49:59.0093 0x1448 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:49:59.0124 0x1448 Wanarpv6 - ok
15:49:59.0171 0x1448 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:49:59.0202 0x1448 WatAdminSvc - ok
15:49:59.0249 0x1448 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
15:49:59.0295 0x1448 wbengine - ok
15:49:59.0311 0x1448 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:49:59.0327 0x1448 WbioSrvc - ok
15:49:59.0342 0x1448 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:49:59.0373 0x1448 wcncsvc - ok
15:49:59.0373 0x1448 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:49:59.0389 0x1448 WcsPlugInService - ok
15:49:59.0389 0x1448 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
15:49:59.0405 0x1448 Wd - ok
15:49:59.0420 0x1448 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:49:59.0451 0x1448 Wdf01000 - ok
15:49:59.0467 0x1448 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:49:59.0483 0x1448 WdiServiceHost - ok
15:49:59.0483 0x1448 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:49:59.0514 0x1448 WdiSystemHost - ok
15:49:59.0514 0x1448 [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient C:\Windows\System32\webclnt.dll
15:49:59.0529 0x1448 WebClient - ok
15:49:59.0545 0x1448 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:49:59.0592 0x1448 Wecsvc - ok
15:49:59.0592 0x1448 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:49:59.0623 0x1448 wercplsupport - ok
15:49:59.0639 0x1448 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
15:49:59.0670 0x1448 WerSvc - ok
15:49:59.0670 0x1448 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:49:59.0701 0x1448 WfpLwf - ok
15:49:59.0701 0x1448 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:49:59.0717 0x1448 WIMMount - ok
15:49:59.0717 0x1448 WinDefend - ok
15:49:59.0732 0x1448 WinHttpAutoProxySvc - ok
15:49:59.0748 0x1448 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:49:59.0779 0x1448 Winmgmt - ok
15:49:59.0826 0x1448 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
15:49:59.0904 0x1448 WinRM - ok
15:49:59.0919 0x1448 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:49:59.0935 0x1448 WinUsb - ok
15:49:59.0966 0x1448 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:49:59.0997 0x1448 Wlansvc - ok
15:50:00.0060 0x1448 [ 98F138897EF4246381D197CB81846D62, A9FA88475AFBB8883297708608EC7C1AC29F229C3299A84D557172604813A18C ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:50:00.0107 0x1448 wlidsvc - ok
15:50:00.0122 0x1448 [ 680A7846370000D20D7E74917D5B7936, 55B77B358039672845D361CA4205F3482D1F30A4654B610FD785A1337EFDC316 ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys
15:50:00.0138 0x1448 WmBEnum - ok
15:50:00.0138 0x1448 [ 14C35BA8189C6F65D839163AA285E954, 8981AA488320C75E26E1ABDF884B721A4065F5D28F54782598B03F21B8CDC020 ] WmFilter C:\Windows\system32\drivers\WmFilter.sys
15:50:00.0153 0x1448 WmFilter - ok
15:50:00.0153 0x1448 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
15:50:00.0153 0x1448 WmiAcpi - ok
15:50:00.0169 0x1448 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:50:00.0185 0x1448 wmiApSrv - ok
15:50:00.0185 0x1448 WMPNetworkSvc - ok
15:50:00.0200 0x1448 [ 8488DD91A3EE54A8E29F02AD7BB8201E, D428ED991D9E4A8765C240B21884A262854278698D60862117AC5949713231F9 ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys
15:50:00.0200 0x1448 WmVirHid - ok
15:50:00.0216 0x1448 [ 14802B3A30AA849C97CB968CCC813BF3, 330AD828ABD040ECDBF58F7162978CD61BFC093CAD404FD2BCAC74E3F2EC542A ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys
15:50:00.0216 0x1448 WmXlCore - ok
15:50:00.0216 0x1448 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:50:00.0231 0x1448 WPCSvc - ok
15:50:00.0247 0x1448 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:50:00.0263 0x1448 WPDBusEnum - ok
15:50:00.0263 0x1448 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:50:00.0294 0x1448 ws2ifsl - ok
15:50:00.0294 0x1448 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll
15:50:00.0325 0x1448 wscsvc - ok
15:50:00.0325 0x1448 WSearch - ok
15:50:00.0403 0x1448 [ 291778E1A36716182AFBC1731B2DFEAB, C0B928CCCE8C496C90C42E0D294BAB51DC67C02B0D20CFB6A16B0AE1F51CC497 ] wuauserv C:\Windows\system32\wuaueng.dll
15:50:00.0481 0x1448 wuauserv - ok
15:50:00.0481 0x1448 [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:50:00.0512 0x1448 WudfPf - ok
15:50:00.0528 0x1448 [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:50:00.0559 0x1448 WUDFRd - ok
15:50:00.0575 0x1448 [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:50:00.0606 0x1448 wudfsvc - ok
15:50:00.0606 0x1448 [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc C:\Windows\System32\wwansvc.dll
15:50:00.0637 0x1448 WwanSvc - ok
15:50:00.0637 0x1448 ================ Scan global ===============================
15:50:00.0653 0x1448 [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
15:50:00.0653 0x1448 [ 4AD1C61152A0199E3D7F9A82C07AC629, A4A42C7757EB084EE368A6BC4EBAB0C47BE41B0B4119A6AECD1B8E3332A7C5D5 ] C:\Windows\system32\winsrv.dll
15:50:00.0668 0x1448 [ 4AD1C61152A0199E3D7F9A82C07AC629, A4A42C7757EB084EE368A6BC4EBAB0C47BE41B0B4119A6AECD1B8E3332A7C5D5 ] C:\Windows\system32\winsrv.dll
15:50:00.0684 0x1448 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
15:50:00.0684 0x1448 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
15:50:00.0699 0x1448 [ Global ] - ok
15:50:00.0699 0x1448 ================ Scan MBR ==================================
15:50:00.0699 0x1448 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:50:00.0777 0x1448 \Device\Harddisk0\DR0 - ok
15:50:00.0777 0x1448 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
15:50:00.0887 0x1448 \Device\Harddisk1\DR1 - ok
15:50:00.0887 0x1448 ================ Scan VBR ==================================
15:50:00.0902 0x1448 [ D6DBDA310CBB27542F338A2EF923286B ] \Device\Harddisk0\DR0\Partition1
15:50:00.0933 0x1448 \Device\Harddisk0\DR0\Partition1 - ok
15:50:00.0933 0x1448 [ E5FB75926EBD98286A45B254D7E1683D ] \Device\Harddisk1\DR1\Partition1
15:50:00.0933 0x1448 \Device\Harddisk1\DR1\Partition1 - ok
15:50:00.0933 0x1448 [ F3F20BA4C7C8E2FAE6A795D7EAF1D872 ] \Device\Harddisk1\DR1\Partition2
15:50:00.0933 0x1448 \Device\Harddisk1\DR1\Partition2 - ok
15:50:00.0933 0x1448 ================ Scan generic autorun ======================
15:50:01.0277 0x1448 [ 16438B000BF56F2CD7FDB5E6C3B38C7E, 32D6E69E6367D3ADB2189DA89103CB9910CE791EFB0879515DDD380A96D85BAE ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
15:50:01.0604 0x1448 RtHDVCpl - ok
15:50:01.0651 0x1448 [ F31CDC26F3624750C2AE2DEFF1E598DA, 06B606E849FB946A9E4CFC8E6799A6B18C4E3233A77ED62DEBCC375649F3D7A8 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
15:50:01.0698 0x1448 RtHDVBg_Dolby - ok
15:50:01.0729 0x1448 [ C2C935DB4D88C5CFF1F4C8DCF940743B, 2457C7EC9273BC59051EA0D2DF1013F71E4C1E2A8469C02653E4215EC062C43E ] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
15:50:01.0776 0x1448 COMODO Internet Security - ok
15:50:01.0776 0x1448 [ 6D44DE61A0BC7EE359D65992665C6432, 5A3C2D57A293B9BDD7CB1A4AA0ACF19374866F8A88EF132E350E5973CB4F7662 ] C:\Program Files\iTunes\iTunesHelper.exe
15:50:01.0791 0x1448 iTunesHelper - ok
15:50:01.0791 0x1448 [ 881EBEAB57FD063DBF73C9085A00A5A5, 5079808A2648C37DA73979A6DFCC1768D0CCF32AD1ED43EBD49C80552732FC08 ] C:\Windows\RaidTool\xInsIDE.exe
15:50:01.0807 0x1448 JMB36X IDE Setup - ok
15:50:01.0807 0x1448 [ 5AC3EE6985E71C5CA9AF2E4CAA3F7693, ED27AE0FEF951DDC51EFBAA77E4DCB180E65E8C2352535F830CEA3937F0127BE ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
15:50:01.0807 0x1448 APSDaemon - ok
15:50:01.0854 0x1448 [ 9E00E2C97447EA29E896B6A3F71443A2, 389768C385A85B58BCD5EBB1C3FCFA0FEAA5121A17D0E3907E95E4A70F706358 ] C:\Program Files (x86)\Corsair\M95 Mouse\M95Hid.exe
15:50:01.0901 0x1448 Corsair Duke - detected UnsignedFile.Multi.Generic ( 1 )
15:50:04.0303 0x1448 Detect skipped due to KSN trusted
15:50:04.0303 0x1448 Corsair Duke - ok
15:50:04.0319 0x1448 [ EE864CD35936E4AAD8120321907DA8F5, D4A37E70302DF0A76E20F1AC1CD427A831BA80A8E1729E0E5637DC48E7A85DF3 ] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
15:50:04.0334 0x1448 Dolby Home Theater v4 - ok
15:50:04.0381 0x1448 [ 6AAE25010EB22659B0A65E419370F817, 26B9C51CA59E90B05D2B6F0BF36E572C4D418B9361839E062DAFF344A1196A3A ] C:\Program Files (x86)\Corsair\M65 Mouse\M65Hid.exe
15:50:04.0428 0x1448 Corsair M65 Mouse - detected UnsignedFile.Multi.Generic ( 1 )
15:50:06.0830 0x1448 Detect skipped due to KSN trusted
15:50:06.0830 0x1448 Corsair M65 Mouse - ok
15:50:06.0893 0x1448 [ 618FE6488D7FA07504D45E4BED54A051, CD4987307245B79BBFEE85A91DF5372299EC8A49DE1BE53B27F58AC0F5587CDB ] C:\Program Files (x86)\Corsair\Corsair Gaming Headset Software\HeadsetControlPanel.exe
15:50:06.0971 0x1448 Corsair Gaming Headset Software - ok
15:50:06.0986 0x1448 [ FCEC6F664FA7E5FE323165FBC9314470, 4E5AB1E6C3D2881D95E74F2F28649A7DBC4919CA249829A0E4CD9804E401A025 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
15:50:07.0002 0x1448 SunJavaUpdateSched - ok
15:50:07.0189 0x1448 [ EE9CA8192A975011FB41231330AACF73, 61E19AAFC351149AD3C24853FFCB53684D41188650F7D22D4F9D228E68742D63 ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
15:50:07.0345 0x1448 SUPERAntiSpyware - ok
15:50:07.0423 0x1448 [ D5218EE66173405B26B716EBA68133F6, 265820925538A075E753701DC36F89702B3E4C0BE73B8166138495092F339E43 ] C:\Program Files (x86)\Steam\Steam.exe
15:50:07.0501 0x1448 Steam - ok
15:50:07.0532 0x1448 [ F51BB12D8977D26C1A4CDA348770D9F1, DDA35CD8F8A6591B83821B5180D457740E0B820CCE000BC7FB1B78FB4AEAD3BA ] C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe
15:50:07.0548 0x1448 SpybotPostWindows10UpgradeReInstall - detected UnsignedFile.Multi.Generic ( 1 )
15:50:09.0950 0x1448 Detect skipped due to KSN trusted
15:50:09.0950 0x1448 SpybotPostWindows10UpgradeReInstall - ok
15:50:10.0044 0x1448 [ C9B84FCB98AE5DE951C1AA468AA9C96C, C2E860EDD7A6EF8B5F4F74B42032B4C389CE70BCFD8F1C8BD0547A1B3D5F34A7 ] C:\Users\Ollie\AppData\Local\MyComGames\MyComGames.exe
15:50:10.0153 0x1448 MyComGames - ok
15:50:10.0153 0x1448 Waiting for KSN requests completion. In queue: 5
15:50:11.0167 0x1448 Waiting for KSN requests completion. In queue: 5
15:50:12.0181 0x1448 Waiting for KSN requests completion. In queue: 5
15:50:12.0540 0x0ce0 Object required for P2P: [ D5218EE66173405B26B716EBA68133F6 ] C:\Program Files (x86)\Steam\Steam.exe
15:50:13.0195 0x1448 Waiting for KSN requests completion. In queue: 2
15:50:14.0209 0x1448 Waiting for KSN requests completion. In queue: 2
15:50:15.0036 0x0ce0 Object send P2P result: true
15:50:15.0239 0x1448 AV detected via SS2: COMODO Antivirus, C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe ( 8.2.0.4674 ), 0x61000 ( enabled : updated )
15:50:15.0239 0x1448 FW detected via SS2: COMODO Firewall, C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe ( 8.2.0.4674 ), 0x61010 ( enabled )
15:50:17.0641 0x1448 ============================================================
15:50:17.0641 0x1448 Scan finished
15:50:17.0641 0x1448 ============================================================
15:50:17.0641 0x0f84 Detected object count: 0
15:50:17.0641 0x0f84 Actual detected object count: 0
15:51:08.0204 0x046c Deinitialize success

And the fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version:21-10-2015 01
Ran by Ollie (2015-10-22 13:11:01) Run:4
Running from C:\Users\Ollie\Desktop
Loaded Profiles: Ollie (Available Profiles: Ollie & Lisa)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
2014-08-05 17:40 - 2014-08-05 17:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
FirewallRules: [{CB4DAA4C-C6F2-46B4-8507-95E95EAA86A2}] => (Allow) C:\ProgramData\eSafe\eGdpSvc.exe
FirewallRules: [{5D2BFE37-EDB7-425E-BAB7-FACC4CB62731}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
FirewallRules: [{B2FA87E4-B840-430B-AC2A-03AF545A3923}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
FirewallRules: [{A4AD10BE-9F9D-4269-9512-A7D7BA8DB95E}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
end
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => key removed successfully
C:\ProgramData\DP45977C.lfl => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CB4DAA4C-C6F2-46B4-8507-95E95EAA86A2} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5D2BFE37-EDB7-425E-BAB7-FACC4CB62731} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B2FA87E4-B840-430B-AC2A-03AF545A3923} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A4AD10BE-9F9D-4269-9512-A7D7BA8DB95E} => value removed successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset all =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ipv4 reset =========

Reseting Global, OK!
Reseting Interface, OK!
Reseting Subinterface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========

EmptyTemp: => 382.1 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 13:11:19 ====

I have been browsing for a couple of hours now and no redirects so far :) Maybe it is fixed?

Juliet
2015-10-22, 18:47
I have been browsing for a couple of hours now and no redirects so far Maybe it is fixed?

it's my prayer that last FRST script took it out... phew!
I went over all logs again this morning I think for near 2 hours researching, so I hope it's all paid off.

I feel intimidated, and kinda scared to say we may have got it now.

Use the machine today, then, if all is still ok we will need to remove the tools and quarantine folders because future scans will alert to those.

rudebadger
2015-10-22, 19:37
So far so good, fingers crossed that it is resolved, I will keep using it for the rest of the day & check back tomorrow.

Thanks very much for all your time & effort, I can't enough how appreciated it is :)

Juliet
2015-10-22, 21:24
So far so good, fingers crossed that it is resolved, I will keep using it for the rest of the day & check back tomorrow.

Thanks very much for all your time & effort, I can't enough how appreciated it is :)

Myself and the other members here are glad to help :)

rudebadger
2015-10-23, 17:08
Well it seemed to be ok, but then I got a popup from Comodo saying a malicious file had been active & said it was a Trojan. I scanned with Comodo, Superantispyware & Malwarebytes but they did not find anything. I tried eset but all it found was the files that it had been reporting before. Do you think it may have been a false positive?

Juliet
2015-10-23, 17:14
popup from Comodo saying a malicious file had been active & said it was a Trojan
Would be good if you can find the file COMODO is reporting on?

With the tools and quarantine folders that are still on the machine it's hard to say but, they wouldn't be active.

rudebadger
2015-10-23, 18:09
This is the virus that was reported TrojWare.Win32.VBObfus.LWG

rudebadger
2015-10-23, 20:11
:( Sorry to say, also got a popup on steam earlier, still none on firefox though.

Juliet
2015-10-23, 21:25
This is the virus that was reported TrojWare.Win32.VBObfus.LWG

This is the name attached to what it found. By chance, can you locate the file it was scanning or quarantined?


Delete your copy of FRST (and all fixlogs that were created), I would like for you to download a fresh copy.

http://i.imgur.com/xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

Please download Farbar Recovery Scan Tool (x32) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/) or Farbar Recovery Scan Tool (x64) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/) and save the file to your Desktop.
Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
Right-Click FRST.exe / FRST64.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

rudebadger
2015-10-23, 22:28
The file was C:\Windows\Skin Pack System Installer\NewFiles\calc.exe.

Here are the logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-10-2015 01
Ran by Ollie (administrator) on GAMING-PC (23-10-2015 19:55:26)
Running from C:\Users\Ollie\Desktop
Loaded Profiles: Ollie (Available Profiles: Ollie & Lisa)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
() C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Edimax\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Edimax\Common\RaRegistry64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(MY.COM B.V.) C:\Users\Ollie\AppData\Local\MyComGames\MyComGames.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Edimax Technology Co.) C:\Program Files (x86)\Edimax\Common\RaUI.exe
(Corsair Components Inc) C:\Program Files (x86)\Corsair\M95 Mouse\M95Hid.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Corsair Components Inc) C:\Program Files (x86)\Corsair\M65 Mouse\M65Hid.exe
(Corsair Components Inc) C:\Program Files (x86)\Corsair\M95 Mouse\CorsTra.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Gaming Headset Software\HeadsetControlPanel.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2014-08-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2014-08-05] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-08-06] (COMODO)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-17] (Apple Inc.)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43608 2010-09-07] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-17] (Apple Inc.)
HKLM-x32\...\Run: [Corsair Duke] => C:\Program Files (x86)\Corsair\M95 Mouse\M95Hid.exe [1771520 2013-08-15] (Corsair Components Inc)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Corsair M65 Mouse] => C:\Program Files (x86)\Corsair\M65 Mouse\M65Hid.exe [1766912 2013-08-15] (Corsair Components Inc)
HKLM-x32\...\Run: [Corsair Gaming Headset Software] => C:\Program Files (x86)\Corsair\Corsair Gaming Headset Software\HeadsetControlPanel.exe [2918152 2014-08-18] (Corsair Components, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-21] (Oracle Corporation)
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7777560 2014-11-13] (SUPERAntiSpyware)
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2901584 2015-10-16] (Valve Corporation)
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-30] (Safer-Networking Ltd.)
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\Run: [MyComGames] => C:\Users\Ollie\AppData\Local\MyComGames\MyComGames.exe [4235208 2015-10-22] (MY.COM B.V.)
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-21] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-10-17]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RocketDock.lnk [2015-10-22]
ShortcutTarget: RocketDock.lnk -> C:\Windows\Skin Pack System Installer\RocketDock\RocketDock.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-10-17]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Utility.lnk [2012-11-09]
ShortcutTarget: Wireless Utility.lnk -> C:\Program Files (x86)\Edimax\Common\RaUI.exe (Edimax Technology Co.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{023BED95-0A6C-4A68-8987-05741C533FF6}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{603A00DB-9D40-47FE-A688-300242898DC5}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{603A00DB-9D40-47FE-A688-300242898DC5}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3501653021-3640964384-1111194576-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-21] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-21] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Ollie\AppData\Roaming\Mozilla\Firefox\Profiles\utkgrewf.default-1445277530700
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-21] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-25] (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3501653021-3640964384-1111194576-1000: @my.com/Games -> C:\Users\Ollie\AppData\Local\MyComGames\NPMyComDetector.dll [2015-10-01] (My.com, Inc)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-17] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-09-07] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-06] (COMODO)
S3 DAUpdaterSvc; C:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare)
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () [File not signed]
R2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342240 2015-10-06] (Futuremark)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-04-12] (Nero AG)
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72280 2010-09-07] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-17] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-17] (Malwarebytes)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AODDriver; C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21184 2015-08-05] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [806032 2015-08-05] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45856 2015-08-05] (COMODO)
R3 CORK70; C:\Windows\System32\drivers\CORK70.sys [25600 2012-10-31] ( )
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider)
S3 DUKEMS; C:\Windows\System32\drivers\DUKEMS.sys [25600 2012-08-16] ( )
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-08-02] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105096 2015-08-05] (COMODO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-17] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-23] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-17] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SnakeEyes; C:\Windows\System32\drivers\SnakeEyes.sys [25600 2012-09-05] ( )
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-10-22] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-23 19:55 - 2015-10-23 19:55 - 00015794 _____ C:\Users\Ollie\Desktop\FRST.txt
2015-10-23 19:52 - 2015-10-23 19:52 - 02196480 _____ (Farbar) C:\Users\Ollie\Desktop\FRST64.exe
2015-10-23 12:01 - 2015-10-23 12:01 - 00000000 ____D C:\Program Files (x86)\ESET
2015-10-22 23:35 - 2015-10-22 23:40 - 00000000 ____D C:\Program Files (x86)\Skin Pack
2015-10-22 23:35 - 2015-10-22 23:35 - 06376960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspaint.exe
2015-10-22 23:35 - 2015-10-22 23:35 - 02872320 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-10-22 23:35 - 2015-10-22 23:35 - 02755072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll.tmp
2015-10-22 23:35 - 2015-10-22 23:35 - 00776192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2015-10-22 23:35 - 2015-10-22 23:35 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll.tmp
2015-10-22 23:35 - 2015-10-22 23:35 - 00227328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskmgr.exe
2015-10-22 23:35 - 2015-10-13 20:38 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-22 23:35 - 2015-10-13 20:38 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-22 23:35 - 2015-08-12 20:24 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-10-22 23:35 - 2015-07-15 22:25 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-10-22 23:35 - 2010-11-21 04:25 - 00744448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActionCenter.dll
2015-10-22 23:35 - 2010-11-21 04:24 - 02755072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll.backup
2015-10-22 23:35 - 2010-11-21 04:24 - 01750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pnidui.dll
2015-10-22 23:35 - 2010-11-21 04:24 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVolSSO.dll
2015-10-22 23:35 - 2010-11-21 04:23 - 00740864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\batmeter.dll
2015-10-22 23:35 - 2009-07-14 02:11 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll.backup
2015-10-22 23:35 - 2009-07-14 02:06 - 20268032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imageres.dll
2015-10-22 23:32 - 2015-10-22 23:33 - 00000000 ____D C:\Themes
2015-10-22 23:28 - 2015-10-22 23:28 - 28145672 _____ C:\Users\Ollie\Downloads\death_art_by_devildeathart0-d57aw55.rar
2015-10-22 13:24 - 2015-10-22 13:24 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Ollie\Desktop\tdsskiller.exe
2015-10-22 13:23 - 2015-10-22 13:23 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-10-22 02:30 - 2015-10-22 02:30 - 00003308 _____ C:\Users\Ollie\Desktop\RogueKillerreport.txt
2015-10-22 02:18 - 2015-10-22 02:27 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-10-22 02:18 - 2015-10-22 02:26 - 00000000 ____D C:\ProgramData\RogueKiller
2015-10-22 02:17 - 2015-10-22 02:17 - 18838088 _____ C:\Users\Ollie\Desktop\RogueKiller.exe
2015-10-21 22:55 - 2015-10-21 23:05 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-10-21 22:54 - 2015-10-21 23:05 - 00000000 ____D C:\Users\Ollie\Desktop\mbar
2015-10-21 22:43 - 2015-10-21 22:43 - 00000000 ____D C:\Users\Ollie\AppData\Roaming\Sun
2015-10-21 22:43 - 2015-10-21 22:43 - 00000000 ____D C:\Users\Ollie\.oracle_jre_usage
2015-10-21 22:42 - 2015-10-21 22:42 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-21 22:42 - 2015-10-21 22:42 - 00000000 ____D C:\Users\Ollie\AppData\LocalLow\Oracle
2015-10-21 22:41 - 2015-10-21 22:41 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-21 22:41 - 2015-10-21 22:41 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-10-21 22:40 - 2015-10-21 22:40 - 00584288 _____ (Oracle Corporation) C:\Users\Ollie\Downloads\jxpiinstall.exe
2015-10-21 22:37 - 2015-10-21 22:37 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Ollie\Desktop\mbar-1.09.3.1001.exe
2015-10-21 22:00 - 2015-10-21 22:00 - 00000000 ____D C:\Users\Ollie\AppData\LocalLow\Adobe
2015-10-21 21:57 - 2015-10-21 21:57 - 18833096 _____ (Adobe Systems Incorporated) C:\Users\Ollie\Downloads\install_flash_player_19_plugin.exe
2015-10-21 18:56 - 2015-10-21 18:56 - 00022798 _____ C:\ComboFix.txt
2015-10-21 18:41 - 2015-10-21 18:36 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-10-21 18:41 - 2015-10-21 18:36 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-10-21 18:41 - 2015-10-21 18:36 - 00256000 _____ C:\Windows\PEV.exe
2015-10-21 18:41 - 2015-10-21 18:36 - 00208896 _____ C:\Windows\MBR.exe
2015-10-21 18:41 - 2015-10-21 18:36 - 00098816 _____ C:\Windows\sed.exe
2015-10-21 18:41 - 2015-10-21 18:36 - 00080412 _____ C:\Windows\grep.exe
2015-10-21 18:41 - 2015-10-21 18:36 - 00068096 _____ C:\Windows\zip.exe
2015-10-21 18:41 - 2015-10-21 18:36 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-10-21 18:37 - 2015-10-21 18:57 - 00000000 ____D C:\Qoobox
2015-10-21 18:36 - 2015-10-21 18:53 - 00000000 ____D C:\Windows\erdnt
2015-10-20 23:13 - 2015-10-20 23:13 - 00000877 _____ C:\Users\Ollie\Desktop\checkup.txt
2015-10-20 22:42 - 2015-10-21 18:36 - 05637184 ____R (Swearware) C:\Users\Ollie\Desktop\ComboFix.exe
2015-10-20 22:41 - 2015-10-20 22:41 - 00852720 _____ C:\Users\Ollie\Desktop\SecurityCheck.exe
2015-10-20 19:10 - 2015-10-20 19:10 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-20 19:10 - 2015-10-20 19:10 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-10-20 19:10 - 2015-10-20 19:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-20 19:04 - 2015-10-20 19:04 - 42710448 _____ C:\Users\Ollie\Downloads\Firefox Setup 41.0.2.exe
2015-10-20 07:45 - 2015-10-20 07:45 - 00002388 _____ C:\Users\Ollie\Desktop\esetscan.txt
2015-10-18 18:04 - 2015-10-18 18:04 - 00001936 _____ C:\Users\Ollie\Desktop\esetresults.txt
2015-10-18 11:37 - 2015-10-18 11:37 - 00001050 _____ C:\Users\Ollie\Desktop\mbam.txt
2015-10-18 01:53 - 2015-10-18 01:53 - 00319952 _____ C:\Windows\Minidump\101815-13088-01.dmp
2015-10-18 01:45 - 2015-10-18 01:45 - 00000736 _____ C:\Users\Ollie\Desktop\JRT.txt
2015-10-18 01:31 - 2015-10-18 01:31 - 01801288 _____ (Malwarebytes) C:\Users\Ollie\Downloads\JRT.exe
2015-10-18 01:28 - 2015-10-18 01:28 - 00001245 _____ C:\Users\Ollie\Desktop\AdwCleaner[C3].txt
2015-10-18 01:23 - 2015-10-17 02:15 - 01682432 _____ C:\Users\Ollie\Desktop\adwcleaner_5.013.exe
2015-10-18 01:14 - 2015-10-22 02:14 - 00000000 ____D C:\Users\Ollie\Desktop\FRST-OlderVersion
2015-10-17 17:05 - 2015-10-18 01:55 - 00001438 _____ C:\Users\Ollie\Desktop\bsod.txt
2015-10-17 17:03 - 2015-10-17 17:03 - 00276880 _____ C:\Windows\Minidump\101715-13603-01.dmp
2015-10-17 16:27 - 2015-10-17 16:27 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-10-17 16:27 - 2015-10-17 16:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-10-17 16:27 - 2015-10-17 16:27 - 00000000 ____D C:\Program Files\iTunes
2015-10-17 16:27 - 2015-10-17 16:27 - 00000000 ____D C:\Program Files\iPod
2015-10-17 16:26 - 2015-10-17 16:26 - 00000000 ____D C:\Program Files\Bonjour
2015-10-17 16:26 - 2015-10-17 16:26 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-10-17 16:25 - 2015-10-17 16:25 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2015-10-17 16:25 - 2015-10-17 16:25 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-10-17 12:34 - 2015-10-17 12:43 - 00000000 ____D C:\Users\Ollie\AppData\Local\WinZip
2015-10-17 12:34 - 2015-10-17 12:42 - 00000000 ____D C:\ProgramData\WinZip
2015-10-17 12:34 - 2015-10-17 12:34 - 00002287 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-10-17 12:34 - 2015-10-17 12:34 - 00002281 _____ C:\Users\Public\Desktop\WinZip.lnk
2015-10-17 12:34 - 2015-10-17 12:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-10-17 12:34 - 2015-10-17 12:34 - 00000000 ____D C:\Program Files\WinZip
2015-10-17 04:45 - 2015-10-17 04:45 - 00002301 _____ C:\Users\Ollie\Desktop\aswMBR.txt
2015-10-17 04:45 - 2015-10-17 04:45 - 00000512 _____ C:\Users\Ollie\Desktop\MBR.dat
2015-10-17 04:20 - 2015-10-17 04:20 - 05198336 _____ (AVAST Software) C:\Users\Ollie\Desktop\aswMBR.exe
2015-10-17 04:18 - 2015-10-23 19:55 - 00000000 ____D C:\FRST
2015-10-17 04:16 - 2015-10-18 01:12 - 00000000 ____D C:\Springclean
2015-10-17 04:15 - 2015-10-17 04:15 - 00000207 _____ C:\Windows\tweaking.com-regbackup-GAMING-PC-Windows-7-Home-Premium-(64-bit).dat
2015-10-17 04:15 - 2015-10-17 04:15 - 00000000 ____D C:\RegBackup
2015-10-17 04:14 - 2015-10-17 04:14 - 00002239 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-10-17 04:14 - 2015-10-17 04:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-10-17 04:14 - 2015-10-17 04:14 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-10-17 04:13 - 2015-10-17 04:13 - 04777232 _____ (Tweaking.com) C:\Users\Ollie\Downloads\tweaking.com_registry_backup_setup.exe
2015-10-17 03:50 - 2015-10-17 03:50 - 10357568 _____ (SurfRight B.V.) C:\Users\Ollie\Downloads\HitmanPro.exe
2015-10-17 02:56 - 2015-10-17 02:56 - 02870984 _____ (ESET) C:\Users\Ollie\Desktop\esetsmartinstaller_enu.exe
2015-10-17 02:22 - 2015-10-21 23:05 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-17 02:22 - 2015-10-17 02:22 - 22908888 _____ (Malwarebytes ) C:\Users\Ollie\Downloads\mbam-setup-2.2.0.1024.exe
2015-10-17 02:22 - 2015-10-17 02:22 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-17 02:22 - 2015-10-17 02:22 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-17 02:22 - 2015-10-17 02:22 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-17 02:22 - 2015-10-17 02:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-17 02:22 - 2015-10-17 02:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-17 02:15 - 2015-10-17 02:15 - 01682432 _____ C:\Users\Ollie\Downloads\adwcleaner_5.013.exe
2015-10-17 01:52 - 2015-10-17 01:53 - 00000874 _____ C:\AdwCleaner[S5].txt
2015-10-13 20:38 - 2015-10-13 20:38 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-13 20:38 - 2015-10-13 20:38 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-13 20:38 - 2015-10-13 20:38 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-13 20:38 - 2015-10-13 20:38 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-13 20:38 - 2015-10-13 20:38 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-13 20:38 - 2015-10-13 20:38 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-13 20:38 - 2015-10-13 20:38 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-13 20:38 - 2015-10-13 20:38 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-13 20:38 - 2015-10-13 20:38 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-13 20:38 - 2015-10-13 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-13 20:38 - 2015-09-16 05:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-13 20:38 - 2015-09-16 05:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-13 20:38 - 2015-09-16 04:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-13 20:38 - 2015-09-16 04:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-13 20:37 - 2015-10-13 20:37 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-13 20:37 - 2015-10-13 20:37 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-13 20:37 - 2015-10-13 20:37 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-13 20:37 - 2015-10-13 20:37 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-13 20:37 - 2015-10-13 20:37 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-13 20:37 - 2015-10-13 20:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-13 20:37 - 2015-10-13 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-10 12:33 - 2015-10-10 12:33 - 00000812 _____ C:\AdwCleaner[S4].txt
2015-10-06 18:23 - 2015-10-06 18:23 - 00000022 _____ C:\Windows\GPU-Z.INI
2015-10-06 18:22 - 2015-10-06 18:22 - 00000000 ____D C:\Program Files (x86)\Futuremark
2015-10-06 18:21 - 2015-10-06 18:23 - 00000000 ____D C:\Users\Ollie\Documents\3DMark 11
2015-10-06 18:21 - 2015-10-06 18:21 - 02883584 _____ C:\Users\Ollie\Downloads\Futuremark_SystemInfo_v440_installer.msi
2015-10-06 18:21 - 2015-10-06 18:21 - 00000000 ____D C:\Users\Ollie\AppData\Local\IsolatedStorage
2015-10-06 18:21 - 2015-10-06 18:21 - 00000000 ____D C:\Users\Ollie\AppData\Local\Futuremark
2015-10-06 18:11 - 2015-10-06 18:11 - 00001227 _____ C:\Users\Public\Desktop\3DMark 11.lnk
2015-10-06 18:11 - 2015-10-06 18:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
2015-10-06 18:11 - 2015-10-06 18:11 - 00000000 ____D C:\Program Files\Futuremark
2015-10-06 18:05 - 2015-10-06 18:08 - 271860249 _____ C:\Users\Ollie\Downloads\3DMark11-v1-0-132.zip
2015-10-06 18:04 - 2015-10-06 18:05 - 12261072 _____ (Novawave Inc. ) C:\Users\Ollie\Downloads\novabench3.exe
2015-10-05 23:30 - 2015-10-05 23:30 - 01199856 _____ ( ) C:\Users\Ollie\Downloads\hwmonitor_1.28.exe
2015-10-05 23:30 - 2015-10-05 23:30 - 00000930 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2015-10-05 23:30 - 2015-10-05 23:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-10-05 23:30 - 2015-10-05 23:30 - 00000000 ____D C:\Program Files\CPUID
2015-10-02 22:04 - 2015-10-02 22:06 - 300806184 _____ (AMD Inc.) C:\Users\Ollie\Downloads\amd-catalyst-15.7.1-with-dotnet45-win7-64bit.exe
2015-10-02 21:57 - 2015-10-02 21:57 - 04288048 _____ C:\Users\Ollie\Downloads\memtest86-iso.zip
2015-10-02 00:54 - 2015-10-02 06:50 - 00000137 _____ C:\Users\Ollie\Desktop\Armored Warfare Open Beta.url
2015-10-02 00:54 - 2015-10-02 00:54 - 00000000 ____D C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Armored Warfare MyCom Beta
2015-10-01 00:06 - 2015-10-01 00:06 - 00002017 _____ C:\Users\Ollie\Desktop\My.com Game Center.lnk
2015-10-01 00:06 - 2015-10-01 00:06 - 00000000 ____D C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games
2015-10-01 00:05 - 2015-10-23 17:31 - 00000000 ____D C:\Users\Ollie\AppData\Local\MyComGames
2015-10-01 00:05 - 2015-10-01 00:05 - 05481456 _____ (MY.COM B.V.) C:\Users\Ollie\Downloads\ArmwarMycomLoader.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-23 19:55 - 2015-04-21 10:26 - 03184556 _____ C:\Windows\system32\Drivers\fvstore.dat
2015-10-23 19:49 - 2015-03-30 19:20 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2015-10-23 18:59 - 2013-06-02 23:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-23 18:37 - 2012-11-09 17:45 - 01207257 _____ C:\Windows\WindowsUpdate.log
2015-10-23 18:25 - 2014-04-12 13:03 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-23 17:32 - 2015-05-02 00:44 - 00021701 _____ C:\Windows\setupact.log
2015-10-23 12:07 - 2009-07-14 05:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-23 12:07 - 2009-07-14 05:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-23 12:06 - 2009-07-14 06:13 - 00159100 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-23 12:00 - 2013-08-03 00:23 - 00000000 ____D C:\Users\Ollie\AppData\Local\HTC MediaHub
2015-10-23 12:00 - 2013-06-13 20:27 - 00000000 ____D C:\Program Files (x86)\Steam
2015-10-23 11:59 - 2012-11-09 18:23 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-10-23 11:59 - 2012-11-09 17:55 - 00000144 _____ C:\service.log
2015-10-23 11:59 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-22 23:43 - 2012-11-10 18:40 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-10-22 23:41 - 2010-11-21 04:47 - 00435060 _____ C:\Windows\PFRO.log
2015-10-22 23:40 - 2015-03-11 23:23 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-10-22 23:40 - 2014-10-14 21:14 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-10-22 23:35 - 2009-07-14 04:20 - 00000000 __RSD C:\Windows\Media
2015-10-22 23:35 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Cursors
2015-10-22 16:17 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
2015-10-21 22:52 - 2014-09-10 01:23 - 00000000 ____D C:\Users\Ollie\AppData\Local\Adobe
2015-10-21 22:44 - 2013-10-19 01:44 - 00000000 ____D C:\ProgramData\Oracle
2015-10-21 22:43 - 2014-10-23 22:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-21 22:43 - 2014-10-23 22:50 - 00000000 ____D C:\Program Files (x86)\Java
2015-10-21 22:43 - 2012-11-09 17:45 - 00000000 ____D C:\Users\Ollie
2015-10-21 22:42 - 2014-10-23 22:51 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-10-21 22:41 - 2015-07-10 23:13 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-10-21 22:41 - 2012-11-10 01:52 - 00000000 ____D C:\ProgramData\Adobe
2015-10-21 22:00 - 2012-11-10 01:52 - 00000000 ____D C:\Users\Ollie\AppData\Roaming\Adobe
2015-10-21 21:58 - 2013-06-02 23:34 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-21 21:58 - 2012-11-10 01:52 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-21 21:58 - 2012-11-10 01:52 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-21 21:56 - 2009-07-14 06:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-21 18:57 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2015-10-21 18:52 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2015-10-21 18:41 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2015-10-20 19:05 - 2014-11-18 01:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-19 22:34 - 2012-11-09 17:45 - 00001160 _____ C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-18 01:53 - 2013-06-01 01:41 - 00000000 ____D C:\Windows\Minidump
2015-10-18 01:26 - 2015-08-06 20:04 - 00000000 ____D C:\AdwCleaner
2015-10-18 01:15 - 2014-02-23 22:55 - 00000000 ____D C:\Users\Ollie\AppData\LocalLow\Temp
2015-10-17 16:27 - 2013-06-08 17:23 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-10-17 16:27 - 2013-05-28 14:09 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-10-17 16:26 - 2015-08-12 16:03 - 00096528 _____ (Apple Inc.) C:\Windows\system32\dns-sd.exe
2015-10-17 16:26 - 2015-08-12 16:03 - 00084240 _____ (Apple Inc.) C:\Windows\SysWOW64\dns-sd.exe
2015-10-17 16:25 - 2013-05-28 14:09 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-10-17 11:33 - 2015-05-17 13:17 - 00000000 ____D C:\Windows\rescache
2015-10-17 04:35 - 2014-10-21 22:37 - 00001728 _____ C:\Users\Ollie\Desktop\details.txt
2015-10-14 00:05 - 2013-08-15 02:01 - 00000000 ____D C:\Windows\system32\MRT
2015-10-14 00:03 - 2012-11-10 17:17 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-13 20:29 - 2015-07-17 22:36 - 00066544 _____ C:\Users\Lisa\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-13 20:29 - 2015-07-17 22:36 - 00000000 ____D C:\Users\Lisa\AppData\Local\HTC MediaHub
2015-10-11 16:24 - 2015-04-25 19:58 - 00000057 _____ C:\Users\Ollie\Desktop\cooling.txt
2015-10-09 23:33 - 2015-02-21 17:55 - 00000000 ____D C:\Users\Ollie\AppData\Local\Steam
2015-10-06 18:11 - 2012-11-09 20:10 - 00496911 _____ C:\Windows\DirectX.log
2015-10-06 18:10 - 2014-08-05 15:57 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-05 21:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2012-12-19 23:21 - 2012-12-19 23:21 - 0000111 _____ () C:\Users\Ollie\AppData\Roaming\adu.xml
2015-10-22 13:23 - 2015-10-22 13:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-21 19:19

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-10-2015 01
Ran by Ollie (2015-10-23 19:55:54)
Running from C:\Users\Ollie\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-11-09 16:45:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3501653021-3640964384-1111194576-500 - Administrator - Disabled)
Guest (S-1-5-21-3501653021-3640964384-1111194576-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3501653021-3640964384-1111194576-1002 - Limited - Enabled)
Lisa (S-1-5-21-3501653021-3640964384-1111194576-1009 - Limited - Enabled) => C:\Users\Lisa
Ollie (S-1-5-21-3501653021-3640964384-1111194576-1000 - Administrator - Enabled) => C:\Users\Ollie

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: COMODO Antivirus (Enabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}
AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.24 - GIGABYTE)
3DMark 11 (HKLM-x32\...\{f9e83b9c-ab7e-4005-8f32-4ea69703a5e4}) (Version: 1.0.132.0 - Futuremark)
3DMark 11 (Version: 1.0.132.0 - Futuremark) Hidden
7-Zip 15.06 beta (HKLM-x32\...\7-Zip) (Version: 15.06 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{A50679D9-6CBD-4FCD-BACB-62EF3894F6F3}) (Version: 4.0.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{1F72FDD5-A069-45B4-928F-D0F16492DC69}) (Version: 4.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Armored Warfare MyCom Beta (HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\Armored Warfare MyCom Beta) (Version: 1.47 - My.com B.V.)
Aslain's XVM WoT Modpack version 4.6.8 (HKLM-x32\...\ZRwTINhSZfduKONYrSCTiCiGPggQZdcLRvoAVxyCOXXpkHeC~1DC3968F_is1) (Version: 4.6.8 - Aslain)
AutoGreen B12.0206.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B12.0206.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
COMODO Internet Security Premium (HKLM\...\{68BE8BAB-5375-4C99-9116-1808F5968D40}) (Version: 8.1.0.4426 - COMODO Security Solutions Inc.)
Corsair Gaming Headset Software (HKLM-x32\...\{6118E939-08B6-4180-8B5B-97836617813B}) (Version: 2.0.35 - Corsair)
Corsair K70 Firmware Update Application (HKLM-x32\...\{8C9DA353-2101-4658-BAA7-53F88EA0D3AB}_is1) (Version: - )
Corsair M65 Firmware Update Application (HKLM-x32\...\{29484F2D-404A-4EF6-B774-DF5EC5BDF481}_is1) (Version: - )
Corsair M65 Gaming Mouse Driver V1.0 (HKLM-x32\...\{62CC0366-207F-4BC3-97B1-4D4615B5BF0B}_is1) (Version: 1.00.00.11 - )
Corsair M95 Firmware Update Application (HKLM-x32\...\{4E44154D-0699-4D6C-996F-66D47B9A40D2}_is1) (Version: - )
Corsair M95 Gaming Mouse Driver V1.0 (HKLM-x32\...\{9C9EA6B0-2138-4111-BF26-9D0D40D12C0F}_is1) (Version: 1.00.00.14 - )
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Crusader Kings II (HKLM-x32\...\Steam App 203770) (Version: - Paradox Development Studio)
Dokan Library 0.6.0 (HKLM-x32\...\DokanLibrary) (Version: - )
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.04 - Electronic Arts, Inc.)
Easy Tune 6 B12.0509.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B12.0509.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
EasySaver B9.1214.1 (HKLM-x32\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)
Edimax RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.5.0 - Edimax)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Etron USB3.0 Host Controller (x32 Version: 0.104 - Etron Technology) Hidden
Everything 1.3.4.686 (x86) (HKLM-x32\...\Everything) (Version: - )
Futuremark SystemInfo (HKLM-x32\...\{185D7B00-8600-4716-A619-D8CBE689974B}) (Version: 4.40.560.0 - Futuremark)
Gigabyte Raid Configurer (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.63.1 - GIGABYTE Technologies, Inc.)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.3.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{F838C3DD-5785-4F19-AD0F-BD532C8A31F4}) (Version: 2.1.46.0 - HTC)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{96984DE8-1DB8-425C-AC8C-3098BC696F04}) (Version: 12.3.0.44 - Apple Inc.)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version: - Monolith Productions, Inc.)
Mount & Blade (HKLM-x32\...\Steam App 22100) (Version: - TaleWorlds Entertainment)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - TaleWorlds Entertainment)
Mount & Blade: With Fire and Sword (HKLM-x32\...\Steam App 48720) (Version: - TaleWorlds Entertainment)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My.com Game Center (HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\MyComGames) (Version: 3.147 - My.com B.V.)
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
ON_OFF Charge B11.1102.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7106 - Realtek Semiconductor Corp.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.3.1 - Tweaking.com)
Warhammer® 40,000™: Dawn of War® II - Chaos Rising™ (HKLM-x32\...\Steam App 20570) (Version: - Relic Entertainment)
Warhammer® 40,000™: Dawn of War® II (HKLM-x32\...\Steam App 15620) (Version: - Relic Entertainment)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}) (Version: 19.5.11532 - WinZip Computing, S.L. )
World of Tanks (HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net)
World of Warships (HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814eu}_is1) (Version: - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

19-10-2015 22:34:24 Restore Point Created by FRST
21-10-2015 18:41:45 ComboFix created restore point
22-10-2015 13:11:02 Restore Point Created by FRST

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-10-21 18:52 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {21FD3B25-29C2-447F-93CA-F418B38D494D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-21] (Adobe Systems Incorporated)
Task: {2AE452DD-7663-4C08-86D9-150C6FD9B29D} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-06] (COMODO)
Task: {3FACD55F-1894-47BD-ADAA-04DFE5A5BCFD} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-06] (COMODO)
Task: {4876F49D-22CB-4F76-99FA-369E2AF0EED8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-21] (Adobe Systems Incorporated)
Task: {4DA682FB-99CB-4AEA-AF79-8060720E11A4} - System32\Tasks\{F792DE50-AA36-4F10-8148-9E7EF9D76636} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {633F2494-35E3-4DE2-A618-4E7E55AE10BB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-10-17] (Apple Inc.)
Task: {73C1E663-DBDF-45F2-BAE0-A9C921E39E62} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-06] (COMODO)
Task: {99146579-3923-4B7C-B229-3DA59088957D} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-06] (COMODO)
Task: {B3390CAB-97E0-4E55-B694-1DEB10AD59E3} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-06] (COMODO)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-23 16:47 - 2015-09-23 16:47 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-01-10 13:49 - 2011-01-10 13:49 - 00014848 _____ () C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
2012-11-09 17:55 - 2009-08-24 15:38 - 00068136 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
2012-11-09 18:01 - 2010-09-07 10:46 - 00072280 ____R () C:\Windows\SysWOW64\XSrvSetup.exe
2013-08-03 00:22 - 2012-12-07 17:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2013-08-01 20:33 - 2013-08-01 20:33 - 00169312 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2013-04-15 17:39 - 2015-01-08 23:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2012-11-09 17:55 - 2009-03-13 12:30 - 00109096 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\YCC.DLL
2013-08-01 20:31 - 2013-08-01 20:31 - 00030056 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2013-08-01 20:32 - 2013-08-01 20:32 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2013-08-01 20:32 - 2013-08-01 20:32 - 00044392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2013-08-01 20:32 - 2013-08-01 20:32 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2013-08-01 20:33 - 2013-08-01 20:33 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2013-08-01 20:40 - 2013-08-01 20:40 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2013-05-06 17:05 - 2015-10-09 23:33 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-19 21:59 - 2015-07-22 16:57 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-19 21:59 - 2015-07-22 16:57 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-19 21:59 - 2015-07-22 16:57 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-07-01 22:21 - 2015-10-16 22:34 - 02423376 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-29 20:56 - 2015-10-09 23:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 20:56 - 2015-10-09 23:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-29 20:56 - 2015-10-09 23:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 20:56 - 2015-10-09 23:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-29 20:56 - 2015-10-09 23:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-06-06 14:06 - 2015-10-16 22:34 - 00705104 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-07-22 16:57 - 2015-10-16 22:34 - 00193024 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2015-10-01 00:05 - 2015-10-01 00:05 - 00144896 _____ () C:\Users\Ollie\AppData\Local\MyComGames\zlib1.dll
2015-10-01 00:05 - 2015-10-01 00:05 - 00062464 _____ () C:\Users\Ollie\AppData\Local\MyComGames\pxd.dll
2015-10-01 00:05 - 2015-10-01 00:05 - 00179144 _____ () C:\Users\Ollie\AppData\Local\MyComGames\LightUpdate.dll
2015-10-01 00:05 - 2015-10-22 02:10 - 02339784 _____ () C:\Users\Ollie\AppData\Local\MyComGames\BigUp2.dll
2015-08-26 10:18 - 2015-08-26 10:18 - 50425344 _____ () C:\Users\Ollie\AppData\Local\MyComGames\Chrome\3.2454.1317\libcef.dll
2012-11-09 18:28 - 2009-10-07 02:35 - 00901120 _____ () C:\Program Files (x86)\Edimax\Common\RaWLAPI.dll
2013-11-14 23:51 - 2013-05-26 15:40 - 00054272 _____ () C:\Program Files (x86)\Corsair\M95 Mouse\hidGetKey.dll
2014-12-28 18:42 - 2012-05-14 13:41 - 00043008 _____ () C:\Program Files (x86)\Corsair\M65 Mouse\hidGetKey.dll
2013-03-26 16:16 - 2015-10-08 23:20 - 45010208 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-01-19 21:59 - 2015-10-09 23:33 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\grep.exe:$CmdTcID
AlternateDataStreams: C:\Windows\MBR.exe:$CmdTcID
AlternateDataStreams: C:\Windows\NIRCMD.exe:$CmdTcID
AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\PEV.exe:$CmdTcID
AlternateDataStreams: C:\Windows\sed.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SWREG.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SWSC.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SWXCACLS.exe:$CmdTcID
AlternateDataStreams: C:\Windows\zip.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aaclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdave64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdhcp64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdmantle64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdmmcl6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdocl_as64.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdocl_ld64.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdpcom64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiadlxx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiapfxx.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atibtmon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aticalcl64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aticaldd64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aticalrt64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aticfx64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atidemgy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atidxx64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atieclxx.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiesrxx.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atig6pxx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atig6txx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiglpxx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atimpc64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atimuixx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atio6axx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ATIODCLI.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ATIODE.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atisamu64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atitmm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiu9p64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiumd64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiumd6a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiuxp64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clinfo.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\coinst_14.50.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dns-sd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\GEARAspi64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jnwmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mantle64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mantleaxl64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OpenCL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OpenVideo64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OVDecode64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aaclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdave32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdhcp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdmantle32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdmmcl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdocl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdocl_as32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdocl_ld32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdpcom32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atiadlxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aticalcl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aticaldd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aticalrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aticfx32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atidxx32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atigktxx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atiglpxx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atimpc32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atioglxx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atisamu32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atiu9pag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atiumdag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atiumdva.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atiuxpag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\calc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dns-sd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\GEARAspi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mantle32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mantleaxl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mspaint.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\occache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OpenCL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OpenVideo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OVDecode.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\taskmgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\amdacpksd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ati2erec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\atikmdag.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\atikmdag.sys.bak:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\atikmpag.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\atikmpag.sys.bak:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\adwcleaner_5.013.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\adwcleaner_5.013.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Desktop\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Desktop\aswMBR.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\aswMBR.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Desktop\autodetectutility.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\autodetectutility.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Desktop\ComboFix.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\Display Driver Uninstaller.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\esetsmartinstaller_enu.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\esetsmartinstaller_enu.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Desktop\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Desktop\mbar-1.09.3.1001.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\mbar-1.09.3.1001.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Desktop\RogueKiller.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\RogueKiller.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Desktop\SecurityCheck.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\SecurityCheck.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Desktop\tdsskiller.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Desktop\tdsskiller.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\11713829_1223641617661299_793691498209012780_o.jpg:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\11713829_1223641617661299_793691498209012780_o.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\3DMark11-v1-0-132.zip:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\3DMark11-v1-0-132.zip:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\7z1506.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\7z1506.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\adwcleaner_5.013.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\adwcleaner_5.013.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\amd-catalyst-15.7.1-with-dotnet45-win7-64bit.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\amd-catalyst-15.7.1-with-dotnet45-win7-64bit.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-GB.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-GB.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\ArmwarMycomLoader.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\ArmwarMycomLoader.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\Aslains_XVM_WoT_Modpack_Installer_v.4.6.8_910.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\Aslains_XVM_WoT_Modpack_Installer_v.4.6.8_910.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\death_art_by_devildeathart0-d57aw55.rar:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\death_art_by_devildeathart0-d57aw55.rar:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\Firefox Setup 41.0.2.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\Firefox Setup 41.0.2.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\Futuremark_SystemInfo_v440_installer.msi:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\Futuremark_SystemInfo_v440_installer.msi:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\HitmanPro.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\HitmanPro.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\hwmonitor_1.28.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\hwmonitor_1.28.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\install_flash_player_19_plugin.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\install_flash_player_19_plugin.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\JRT.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\JRT.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\jxpiinstall.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\jxpiinstall.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\mbam-setup-2.2.0.1024.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\mbam-setup-2.2.0.1024.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\memtest86-iso.zip:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\memtest86-iso.zip:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\novabench3.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\novabench3.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\template.jpg:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\template.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\tweaking.com_registry_backup_setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\tweaking.com_registry_backup_setup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\WoT_internet_install_eu.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\WoT_internet_install_eu.exe:$CmdZnID
AlternateDataStreams: C:\Users\Ollie\Downloads\WoWS_internet_install_eu.exe:$CmdTcID
AlternateDataStreams: C:\Users\Ollie\Downloads\WoWS_internet_install_eu.exe:$CmdZnID

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 15751 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 156.154.70.22 - 156.154.71.22
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{57693123-6D81-46F1-A29B-103A8316E953}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E2D61947-CAAD-42E6-A1B8-CDF82AF738E9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EBCF617F-C492-448B-999A-A3A5844F0E06}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7F56CF5A-97AA-42E1-8D0D-1449B76DE4FD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{073DFCF0-9ED0-4697-8575-3F8EF5288D1C}] => (Allow) C:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{2BEFBC93-C3B9-4AE5-8B4A-8A3313F8E349}] => (Allow) C:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{7BB94A60-90C9-42DD-B8CE-5BD16827DAE2}] => (Allow) C:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe
FirewallRules: [{F515A6CB-144F-4EAE-AF36-D0AD592FB656}] => (Allow) C:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe
FirewallRules: [{B98CEFF2-7C68-4FD7-BD29-3790DA99F7D8}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{A76D94D3-DAC7-434F-A912-06FDFF7FC774}] => (Allow) C:\Windows\Temp\CMC_DRAGON\restart_helper.exe
FirewallRules: [{0DA5898E-0431-4826-A40E-89F18F20D94D}] => (Allow) C:\Windows\Temp\CMC_DRAGON\restart_helper.exe
FirewallRules: [{DE42BB9A-911F-44F5-B4EE-E42122737169}] => (Allow) C:\Windows\Temp\CMC_DRAGON\restart_helper.exe
FirewallRules: [{9419282F-AAF2-477F-872B-79EC07E6036A}] => (Allow) C:\Windows\Temp\CMC_DRAGON\restart_helper.exe
FirewallRules: [{B8E732A2-36CC-4006-8AE7-333546D71017}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{B9DECAD9-B37A-4B88-BA9F-714FE6F5E80F}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{CEB19D6D-7926-4B1A-BDC7-D004D0269E3B}] => (Allow) C:\Games\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{EB9C7AA2-1FB6-492F-A16A-79C7F8924DBD}] => (Allow) C:\Games\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{6C70A579-A7B5-4B3F-9F4B-3447D62338AA}] => (Allow) C:\Games\Dragon Age\DAOriginsLauncher.exe
FirewallRules: [{7373ADBF-766D-4311-A551-A4394298A08A}] => (Allow) C:\Games\Dragon Age\DAOriginsLauncher.exe
FirewallRules: [{4A5985A9-48CC-4C5F-8375-B9994F4FB513}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{29484216-7ED3-43B7-8B33-491586C04BA2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4DB5D3D0-3D67-4366-8623-623D3546C952}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{99409EE6-9421-4ABF-9664-0EC0859783CD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7D406204-5B22-458E-858D-C7932BE225EA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{C1552EF1-8A93-41E5-9971-B99AE37CFE43}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [TCP Query User{4ADE1AE1-853C-4DD5-B122-72766D01D087}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{1116679B-E214-4A35-9AEF-F20E714CDF90}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{457A1534-EC97-4D86-879B-D1CD6C063DB7}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{CA9F1D8F-3975-4FBC-A10C-06A235CAA980}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [{5799148E-0D9D-492C-B727-C36BB7F3C1B4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A737F16D-97CA-4E74-A822-1609AD4403B6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{25D9FEB8-19DE-4EBA-9B82-F040D52A6FD6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{373E1A11-BD53-4EE1-897B-208B88A47542}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{CBEBAAEA-FA68-4F34-A1A8-A6F72B81794A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{ABDB5590-65E8-48EE-A5CC-9B9551BDD2D6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{56742189-4528-4262-89E7-32B844C978EA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{089EE90C-4194-45C3-BC1C-30BEC35ED335}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{F1F63541-C8CB-4EDD-A100-3A31C55BC1D7}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{29F53783-B4AC-47A5-9AD7-77FC64CCC00E}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{FE627920-BF0F-4AC9-A32D-6AF150A3C4C5}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{0714BF63-3AC9-482C-A9C2-52A3417E87AB}] => (Allow) C:\Program files (x86)\raidxpert2\apache\bin\httpd.exe
FirewallRules: [{D149B3BC-CB0A-4B9B-BB23-E74022673DD2}] => (Allow) E:\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{90C78A4E-7182-413F-8FC8-F38CC5B0A4C9}] => (Allow) E:\World_of_Tanks\WorldofTanks.exe
FirewallRules: [{17C7B4BE-10DF-45D4-9C9D-563A864BBF61}] => (Allow) E:\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{96B1012E-C482-498B-BEF2-29361399D73C}] => (Allow) E:\World_of_Tanks\WorldofTanks.exe
FirewallRules: [{FA4444DB-2D0B-420C-A84A-97E7E3D1D0EA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War 2\DOW2.exe
FirewallRules: [{0BBB55CE-C27E-40B5-ADF0-CC8B2D5687A0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War 2\DOW2.exe
FirewallRules: [{00511F78-33DB-4A77-9F3D-729BEC001482}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mount and Blade\runme.exe
FirewallRules: [{FF2BB3D8-7FB3-47A9-BFC4-DF9D247154F0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mount and Blade\runme.exe
FirewallRules: [{23A3F365-2D78-4926-983C-BE1CEC56B3D1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{D0C0D638-3339-4F3A-B85E-3CA9F6CE2D7C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{A7968FAC-2277-4DB8-97E8-7C2BBA91DEB1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mount & Blade With Fire and Sword\mb_wfas.exe
FirewallRules: [{E3B34F64-938E-4087-A52B-CDC020F56CA4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mount & Blade With Fire and Sword\mb_wfas.exe
FirewallRules: [{AEA1C473-53E1-4111-8B6B-DAA9DE279F72}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{08F133DF-B3AC-476E-BCA6-6CA3E4B95597}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5FA2A8C0-9FDA-40DB-8894-14F77A579E4B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DC5ECE49-934D-4572-AF28-B65E6EC42A35}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{42D7AE02-59D4-49B1-A4AC-5E61BBC7A955}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/23/2015 01:10:50 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (10/23/2015 12:01:16 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (10/23/2015 12:01:13 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (10/23/2015 12:01:13 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (10/23/2015 12:01:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (10/23/2015 12:01:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (10/23/2015 11:59:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/22/2015 11:41:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (10/22/2015 11:41:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/22/2015 11:36:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.


System errors:
=============
Error: (10/23/2015 12:43:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (10/23/2015 12:43:20 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Ollie\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/23/2015 12:43:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (10/23/2015 12:43:20 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Ollie\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/23/2015 12:43:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (10/23/2015 12:43:20 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Ollie\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/23/2015 12:43:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (10/23/2015 12:43:20 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Ollie\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/23/2015 12:43:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (10/23/2015 12:43:19 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Ollie\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


CodeIntegrity:
===================================
Date: 2015-10-21 18:51:48.723
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-10-21 18:51:48.676
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD FX(tm)-8120 Eight-Core Processor
Percentage of memory in use: 33%
Total physical RAM: 8173.24 MB
Available physical RAM: 5430.09 MB
Total Virtual: 16344.69 MB
Available Virtual: 13149.69 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:167.58 GB) (Free:12.15 GB) NTFS
Drive e: (Data drive) (Fixed) (Total:931.51 GB) (Free:649.2 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DEAEFB8F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 167.7 GB) (Disk ID: B8A0EC17)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=167.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Juliet
2015-10-23, 23:31
C:\Windows\Skin Pack System Installer
Is this something you installed or did it come pre-loaded on your computer.
Looking on the internet there appears to be places where this can be downloaded?

We can take that file out then it's possible your computers calculator wont work?

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


start
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3501653021-3640964384-1111194576-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
2015-10-22 13:23 - 2015-10-22 13:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
EmptyTemp:
End


Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

rudebadger
2015-10-23, 23:53
It was a windows theme that I downloaded, I scanned the downloaded files with Comodo & Superantispyware both of which cleared them. Then after I installed the theme I got the Comodo warning. At that point I uninstalled the whole theme, the directory and file are no longer on my computer.

Here is the fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version:21-10-2015 01
Ran by Ollie (2015-10-23 21:44:52) Run:5
Running from C:\Users\Ollie\Desktop
Loaded Profiles: Ollie (Available Profiles: Ollie & Lisa)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3501653021-3640964384-1111194576-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
2015-10-22 13:23 - 2015-10-22 13:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\S-1-5-21-3501653021-3640964384-1111194576-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}" => key removed successfully
HKCR\CLSID\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A} => key not found.
C:\ProgramData\DP45977C.lfl => moved successfully
EmptyTemp: => 514.2 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 21:45:06 ====

Juliet
2015-10-24, 00:00
Then after I installed the theme I got the Comodo warning. At that point I uninstalled the whole theme, the directory and file are no longer on my computer.

So, after posting what Comodo found you have deleted?
C:\Windows\Skin Pack System Installer\NewFiles\calc.exe

If not let me know and we'll try to get FRST to take it out.

Whats the computer doing now?

rudebadger
2015-10-24, 01:10
Yes I uninstalled it.

I still get the popups in steam but don't seem to be getting any in firefox.

Juliet
2015-10-24, 01:50
Short of uninstalling and reinstalling Steam we're kinda running out of options.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)



start
CloseProcesses:
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
End


Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Delete your version of AdwCleaner and JRT

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) and save the file to your Desktop.
Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[SX].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[SX].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/)
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

please post
Fixlog.txt
AdwCleaner[CX].txt
JRT.txt

rudebadger
2015-10-24, 02:41
Adwcleaner & JRT did not find anything, but here are the logs:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Home Premium x64
Ran by Ollie on 24/10/2015 at 0:19:44.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24/10/2015 at 0:32:31.27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v5.014 - Logfile created 24/10/2015 at 00:15:31
# Updated 18/10/2015 by Xplode
# Database : 2015-10-18.5 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Ollie - GAMING-PC
# Running from : C:\Users\Ollie\Desktop\adwcleaner_5.014.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

C:\AdwCleaner[C2].txt - [841 bytes] - [15/08/2015 14:39:36]
C:\AdwCleaner[S3].txt - [688 bytes] - [15/08/2015 14:30:10]
C:\AdwCleaner[S4].txt - [812 bytes] - [10/10/2015 12:33:14]
C:\AdwCleaner[S5].txt - [874 bytes] - [17/10/2015 01:52:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S9].txt - [865 bytes] ##########

Fix result of Farbar Recovery Scan Tool (x64) Version:21-10-2015 01
Ran by Ollie (2015-10-24 00:09:44) Run:6
Running from C:\Users\Ollie\Desktop
Loaded Profiles: Ollie (Available Profiles: Ollie & Lisa)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
End
*****************

Processes closed successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset all =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ipv4 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= netsh int ipv6 reset =========

There's no user specified settings to be reset.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 00:09:47 ====

I have just got another blue screen as I was typing up this reply.

But no popup in steam :)

Juliet
2015-10-24, 03:39
I have just got another blue screen as I was typing up this reply.

But no popup in steam

Are you sure!, last time I heard that, one run up and surprised us LOL


Download BlueScreenView (http://www.nirsoft.net/utils/blue_screen_view.html)
No installation required.
Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.


let's see if we can figure out why it did that.

rudebadger
2015-10-24, 21:38
Hopefully no more this time :)

They generally just happened the first time I opened steam & clicked on a link. None so far today, so fingers crossed it stays that way :)

Here is the bsod log:

==================================================
Dump File : 102415-13166-01.dmp
Crash Time : 24/10/2015 00:36:28
Bug Check String : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x0000001e
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000000
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`00000000
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+1ee1
File Description : ATAPI IDE Miniport Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor : x64
Crash Address : ntoskrnl.exe+741d0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\102415-13166-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7601
Dump File Size : 319,952
Dump File Time : 24/10/2015 00:37:28
==================================================

==================================================
Dump File : 101815-13088-01.dmp
Crash Time : 18/10/2015 01:51:15
Bug Check String : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x0000001e
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000000
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`00000000
Caused By Driver : tcpip.sys
Caused By Address : tcpip.sys+16d9a0
File Description : TCP/IP Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor : x64
Crash Address : ntoskrnl.exe+741d0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\101815-13088-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7601
Dump File Size : 319,952
Dump File Time : 18/10/2015 01:53:53
==================================================

==================================================
Dump File : 101715-13603-01.dmp
Crash Time : 17/10/2015 17:01:45
Bug Check String : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x0000001e
Parameter 1 : ffffffff`c000001d
Parameter 2 : fffff880`0a614f20
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+74200
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.19018 (win7sp1_gdr.150928-1507)
Processor : x64
Crash Address : ntoskrnl.exe+74200
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\101715-13603-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7601
Dump File Size : 276,880
Dump File Time : 17/10/2015 17:03:04
==================================================

==================================================
Dump File : 070515-13634-01.dmp
Crash Time : 05/07/2015 20:49:11
Bug Check String :
Bug Check Code : 0x00000116
Parameter 1 : fffffa80`0b25b010
Parameter 2 : fffff880`03d71848
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`00000002
Caused By Driver : dxgkrnl.sys
Caused By Address : dxgkrnl.sys+5d134
File Description : DirectX Graphics Kernel
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18510 (win7sp1_gdr.140615-1511)
Processor : x64
Crash Address : ntoskrnl.exe+72a40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\070515-13634-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7601
Dump File Size : 917,240
Dump File Time : 05/07/2015 20:50:05
==================================================

Juliet
2015-10-25, 01:43
If none have happened to day or since your last post, then thats good news.



From the log you posted

ntoskrnl.exe = the Windows NT Kernel & Executive
ntoskrnl.exe. ntoskrnl.exe (ntoskrnl stands for Windows Boot-Up Kernel)
Often used as a generic description


tcpip.sys = Microsoft TCP/IP networking related driver
Caused By Address : tcpip.sys+16d9a0
guess would be that your networking drivers need to be updated, But hold off on that and run the 2 onboard tools below.


How to Repair Windows 7 System Files with System File Checker
http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html

How to Run Check Disk at Startup in Windows 7
http://www.sevenforums.com/tutorials/433-disk-check.html

rudebadger
2015-10-26, 02:51
Well still no popups :)

I tried the 2 system tools, chkdsk ran through but only found some unused index entries which it cleaned up. Unfortunately SFC /scannow does not not run either through an administrator command prompt in windows where it gets to 21% of the verification process then stops & reports that it cannot perform the requested operation or on booting up when it gives me the cannot perform the requested operation straight away.

I tried sfc /verifyonly which ran all the way through then reports that there are integrity violations for which I have text file of verification data.

Do you have any more suggestions or maybe I should see if I can get help on a site more dedicated to dealing with BSOD?

Juliet
2015-10-26, 03:25
Well still no popups
I'm tickled pink!


Do you have any more suggestions or maybe I should see if I can get help on a site more dedicated to dealing with BSOD?
Yes. I'd like to recommend a site. I'm a member here to.
You'll have to join and start a new topic. Include the link from here so if any information we have already uncovered might be of assistance.

http://forums.whatthetech.com/index.php?showforum=119
Here we have tech's who deal with these errors or maybe can help diagnose to help with the BSOD.

Before you go let's remove tools and quarantine folders.
~~~~~~~~~~~~~~~~~~~~~`

Don't miss or skip this next step, this will remove malicious files from quarantine and set a clean restore point.

Go to Start > Run > copy and paste the full text path in the run box

ComboFix /Uninstall

Note the space between the x and the /U, it needs to be there.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

http://i.imgur.com/AFZxnZc.jpg DelFix

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.

Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:

Activate UAC
Remove disinfection tools

Click the Run button.
-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

rudebadger
2015-10-27, 00:19
Ok cool I will start a thread over there.

I cannot thank you enough for all your help :) you and all the other helpers on this site are heroes for giving up your time to help others :)

Juliet
2015-10-27, 01:31
Myself and the other helpers here at SpyBot/SaferNetworking are glad to help.

And, when someone says thank you, it goes a long way :)

Safe Surfing.

Juliet
2015-10-30, 00:05
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.