I am pretty sure i have a key-logger can anyone help?

G

generic name xd

New Member
So i have spent some time already trying to understand and figure out my problem.



Firstly, The whole reason i thought i might have a virus or whatever i might have is that, *without me touching my keyboard it would start typing some of my various passwords into whatever area i was already typing in*



Second, I was very worried but let it go for a couple of weeks until my worry grew to much and i went on some google spree's to self diagnose myself. Upon some very simple searches It seems that what i have is a keystroke logger (I am sure you guys here know all about these, hence why i am posting here). I am not positive but i am like 80% sure.



Third, I then after the diagnosis i then tried to run anti-malware(malware bytes) for a threat scan but it came up with nothing and that left me a little stumped on what to do next. Sooooo i went and looked through my task manager and even got a more advanced process inspection tool to really look for something wrong, I identified most things and ruled out a lot of things but it was all to much for my limited knowledge so i stopped.



Fourth, I also in my attempts to oust this horrible virus installed a program called KL-detector, It did not find anything. :(



Finally that lands me here at this forum looking for answers, now i am aware that i could nuke my computer wipe the drives and restart everything and i would not have any problems but i would prefer not to loose all of my game files that took a while to download :p. So if there is a less harsh way of dealing with my problem i would certainly love try it.



I am like 90% sure i still have the key logger installed and cannot for the life of me find nor destroy it so if you guys here have anything to help me out it would be wonderfull. :P



oh and i still have that key logger detector running in the background, seemingly scanning around and waiting for any suspicious activity that a key logger would make? am i right it saying that?(all it does is use a little processing power and some RAM so idk i guess)
 
Run the following and post the logs.

1.

Please download AdwCleaner by Xplode onto your Desktop.



•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

2.

Please download Junkware Removal Tool to your desktop.

•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.

3.

Please download Malwarebytes' Anti-Malware and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.

Please post the log that Malwarebytes displays on your screen.

4.

Download OTL to your Desktop


•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file in your reply.

Then post the logs from the following 4 programs.

1. Adwcleaner
2. Junkware removal tool
3. Malwarebytes
4. OTL
 
# AdwCleaner v5.201 - Logfile created 03/08/2016 at 14:42:37
# Updated 30/06/2016 by ToolsLib
# Database : 2016-08-02.3 [Server]
# Operating system : Windows 10 Pro (X64)
# Username : leosh - LEOSNEATRIG
# Running from : C:\Users\leosh\Downloads\AdwCleaner.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Yahoo!\yset
[-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
[-] Folder Deleted : C:\Users\leosh\AppData\Local\YSearchUtil
[-] Folder Deleted : C:\Users\leosh\AppData\Roaming\RPEng

***** [ Files ] *****

[-] File Deleted : C:\END
[-] File Deleted : C:\Users\leosh\AppData\Local\Temp\Utils.dll

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Key Deleted : HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet

***** [ Web browsers ] *****

[-] [C:\Users\leosh\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\leosh\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2189 bytes] - [03/08/2016 14:42:37]
C:\AdwCleaner\AdwCleaner[S1].txt - [2144 bytes] - [03/08/2016 14:41:31]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2335 bytes] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Pro x64
Ran by leosh (Administrator) on Wed 08/03/2016 at 14:50:11.42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 2

Successfully deleted: C:\ProgramData\Start Menu\Programs\pluto tv (Folder)
Successfully deleted: C:\Users\leosh\AppData\Local\crashrpt (Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 08/03/2016 at 14:52:24.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
OTL logfile created on: 8/3/2016 2:56:40 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\leosh\Desktop
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.10586.0)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.95 Gb Total Physical Memory | 9.67 Gb Available Physical Memory | 80.93% Memory free
13.76 Gb Paging File | 11.58 Gb Available in Paging File | 84.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.02 Gb Total Space | 374.99 Gb Free Space | 40.28% Space Free | Partition Type: NTFS

Computer Name: LEOSNEATRIG | User Name: leosh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found
PRC - C:\Users\leosh\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
PRC - C:\Program Files (x86)\Norton Security with Backup\Engine\22.7.0.76\NSBU.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe ()
PRC - C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe (Advanced Micro Devices)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll ()
MOD - C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe ()
MOD - C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (DiagTrack) -- C:\Windows\SysNative\diagtrack.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (ClipSVC) -- C:\Windows\SysNative\ClipSVC.dll (Microsoft Corporation)
SRV:64bit: - (tzautoupdate) -- C:\Windows\SysNative\tzautoupdate.dll (Microsoft Corporation)
SRV:64bit: - (MapsBroker) -- C:\Windows\SysNative\moshost.dll (Microsoft Corporation)
SRV:64bit: - (UsoSvc) -- C:\Windows\SysNative\usocore.dll (Microsoft Corporation)
SRV:64bit: - (EntAppSvc) -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc) -- C:\Windows\SysNative\APHostService.dll (Microsoft Corporation)
SRV:64bit: - (CDPSvc) -- C:\Windows\SysNative\cdpsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation)
SRV:64bit: - (RetailDemo) -- C:\Windows\SysNative\RDXService.dll (Microsoft Corporation)
SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation)
SRV:64bit: - (DoSvc) -- C:\Windows\SysNative\dosvc.dll (Microsoft Corporation)
SRV:64bit: - (StateRepository) -- C:\Windows\SysNative\Windows.StateRepository.dll (Microsoft Corporation)
SRV:64bit: - (icssvc) -- C:\Windows\SysNative\tetheringservice.dll (Microsoft Corporation)
SRV:64bit: - (NetSetupSvc) -- C:\Windows\SysNative\NetSetupSvc.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (DmEnrollmentSvc) -- C:\Windows\SysNative\Windows.Internal.Management.dll (Microsoft Corporation)
SRV:64bit: - (tiledatamodelsvc) -- C:\Windows\SysNative\tileobjserver.dll (Microsoft Corporation)
SRV:64bit: - (NgcSvc) -- C:\Windows\SysNative\ngcsvc.dll (Microsoft Corporation)
SRV:64bit: - (NgcCtnrSvc) -- C:\Windows\SysNative\NgcCtnrSvc.dll (Microsoft Corporation)
SRV:64bit: - (LogiRegistryService) -- C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe (Logitech Inc.)
SRV:64bit: - (CoreMessagingRegistrar) -- C:\Windows\SysNative\CoreMessaging.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (SensorService) -- C:\Windows\SysNative\SensorService.dll (Microsoft Corporation)
SRV:64bit: - (XblAuthManager) -- C:\Windows\SysNative\XblAuthManager.dll (Microsoft Corporation)
SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (amdacpusrsvc) -- C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe (Advanced Micro Devices)
SRV:64bit: - (nlsvc) -- C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe (Locktime Software)
SRV:64bit: - (DsSvc) -- C:\Windows\SysNative\dssvc.dll (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc) -- C:\Windows\SysNative\PimIndexMaintenance.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc) -- C:\Windows\SysNative\Unistore.dll (Microsoft Corporation)
SRV:64bit: - (UserDataSvc) -- C:\Windows\SysNative\UserDataService.dll (Microsoft Corporation)
SRV:64bit: - (XblGameSave) -- C:\Windows\SysNative\XblGameSave.dll (Microsoft Corporation)
SRV:64bit: - (SmsRouter) -- C:\Windows\SysNative\SmsRouterSvc.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (XboxNetApiSvc) -- C:\Windows\SysNative\XboxNetApiSvc.dll (Microsoft Corporation)
SRV:64bit: - (UserManager) -- C:\Windows\SysNative\usermgr.dll (Microsoft Corporation)
SRV:64bit: - (PhoneSvc) -- C:\Windows\SysNative\PhoneService.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (WalletService) -- C:\Windows\SysNative\WalletService.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (SensorDataService) -- C:\Windows\SysNative\SensorDataService.exe (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (WpnService) -- C:\Windows\SysNative\wpnservice.dll (Microsoft Corporation)
SRV:64bit: - (DevQueryBroker) -- C:\Windows\SysNative\DevQueryBroker.dll (Microsoft Corporation)
SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\lfsvc.dll (Microsoft Corporation)
SRV:64bit: - (LicenseManager) -- C:\Windows\SysNative\LicenseManagerSvc.dll (Microsoft Corporation)
SRV:64bit: - (embeddedmode) -- C:\Windows\SysNative\embeddedmodesvc.dll (Microsoft Corporation)
SRV:64bit: - (AJRouter) -- C:\Windows\SysNative\AJRouter.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation)
SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation)
SRV:64bit: - (diagnosticshub.standardcollector.service) -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_e464b73) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_acb215c) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_9f08389) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_8d163f1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_4a69189) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_47269b8) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_4193869) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_3b737) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_38bfbbc) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_37adba) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_3708b) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_35e28) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_2e09d) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_2c086) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_2bf42) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_2b4e9) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_2b1ff) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_24cfd577) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_13b525d8) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_12c2193a) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_1274c296) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_10868ba6) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_e464b73) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_acb215c) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_9f08389) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_8d163f1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_4a69189) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_47269b8) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_4193869) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_3b737) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_38bfbbc) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_37adba) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_3708b) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_35e28) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_2e09d) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_2c086) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_2bf42) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_2b4e9) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_2b1ff) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_24cfd577) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_13b525d8) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_12c2193a) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_1274c296) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_10868ba6) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_e464b73) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_acb215c) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_9f08389) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_8d163f1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_4a69189) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_47269b8) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_4193869) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_3b737) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_38bfbbc) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_37adba) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_3708b) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_35e28) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_2e09d) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_2c086) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_2bf42) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_2b4e9) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_2b1ff) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_24cfd577) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_13b525d8) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_12c2193a) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_1274c296) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_10868ba6) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_e464b73) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_acb215c) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_9f08389) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_8d163f1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_4a69189) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_47269b8) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_4193869) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_3b737) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_38bfbbc) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_37adba) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_3708b) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_35e28) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_2e09d) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_2c086) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_2bf42) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_2b4e9) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_2b1ff) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_24cfd577) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_13b525d8) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_12c2193a) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_1274c296) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_10868ba6) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_e464b73) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_acb215c) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_9f08389) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_8d163f1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_4a69189) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_47269b8) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_4193869) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_3b737) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_38bfbbc) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_37adba) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_3708b) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_35e28) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_2e09d) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_2c086) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_2bf42) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_2b4e9) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_2b1ff) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_24cfd577) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_13b525d8) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_12c2193a) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_1274c296) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_10868ba6) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation)
SRV:64bit: - (TieringEngineService) -- C:\Windows\SysNative\TieringEngineService.exe (Microsoft Corporation)
SRV:64bit: - (DcpSvc) -- C:\Windows\SysNative\dcpsvc.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (dmwappushservice) -- C:\Windows\SysNative\dmwappushsvc.dll (Microsoft Corporation)
SRV:64bit: - (MessagingService) -- C:\Windows\SysNative\MessagingService.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (WdNisSvc) -- C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicvmsession) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (BthHFSrv) -- C:\Windows\SysNative\BthHFSrv.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PlaysService) -- C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe (Plays.tv, LLC)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe (LogMeIn Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (OverwolfUpdater) -- C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe (Overwolf LTD)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (PrintNotify) -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (StateRepository) -- C:\Windows\SysWOW64\Windows.StateRepository.dll (Microsoft Corporation)
SRV - (NSBU) -- C:\Program Files (x86)\Norton Security with Backup\Engine\22.7.0.76\NSBU.exe (Symantec Corporation)
SRV - (DmEnrollmentSvc) -- C:\Windows\SysWOW64\Windows.Internal.Management.dll (Microsoft Corporation)
SRV - (c2cpnrsvc) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)
SRV - (c2cautoupdatesvc) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BRSptStub) -- C:\ProgramData\BitRaider\BRSptStub.exe (BitRaider, LLC)
SRV - (CoreMessagingRegistrar) -- C:\Windows\SysWOW64\CoreMessaging.dll (Microsoft Corporation)
SRV - (BEService) -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes)
SRV - (UnistoreSvc) -- C:\Windows\SysWOW64\Unistore.dll (Microsoft Corporation)
SRV - (lfsvc) -- C:\Windows\SysWOW64\lfsvc.dll (Microsoft Corporation)
SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NSBUx64\1607000.04C\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (SymELAM) -- C:\Windows\SysNative\drivers\NSBUx64\1607000.04C\SymELAM.sys (Symantec Corporation)
DRV:64bit: - (SymEFASI) -- C:\Windows\SysNative\drivers\NSBUx64\1607000.04C\SymEFASI64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NSBUx64\1607000.04C\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NSBUx64\1607000.04C\Ironx64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NSBU) -- C:\Windows\SysNative\drivers\NSBUx64\1607000.04C\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NSBUx64\1607000.04C\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (Ufx01000) -- C:\Windows\SysNative\drivers\ufx01000.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (ufxsynopsys) -- C:\Windows\SysNative\drivers\ufxsynopsys.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (UcmCx0101) -- C:\Windows\SysNative\drivers\UcmCx.sys (Microsoft Corporation)
DRV:64bit: - (FileCrypt) -- C:\Windows\SysNative\drivers\filecrypt.sys (Microsoft Corporation)
DRV:64bit: - (LGJoyXlCore) -- C:\Windows\SysNative\drivers\LGJoyXlCore.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (xinputhid) -- C:\Windows\SysNative\drivers\xinputhid.sys (Microsoft Corporation)
DRV:64bit: - (wdiwifi) -- C:\Windows\SysNative\drivers\WdiWiFi.sys (Microsoft Corporation)
DRV:64bit: - (amdacpksd) -- C:\Windows\SysNative\drivers\amdacpksd.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmafd) -- C:\Windows\SysNative\drivers\amdkmafd.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdWT6.sys (Advanced Micro Devices)
DRV:64bit: - (nldrv) -- C:\Program Files\Locktime Software\NetLimiter 4\nldrv.sys (Locktime Software)
DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes)
DRV:64bit: - (xboxgip) -- C:\Windows\SysNative\drivers\xboxgip.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (CapImg) -- C:\Windows\SysNative\drivers\capimg.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\TeeDriverW8x64.sys (Intel Corporation)
DRV:64bit: - (Hamachi) -- C:\Windows\SysNative\drivers\Hamdrv.sys (LogMeIn Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (ReFSv1) -- C:\Windows\SysNative\drivers\refsv1.sys (Microsoft Corporation)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (WindowsTrustedRT) -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys (Microsoft Corporation)
DRV:64bit: - (storqosflt) -- C:\Windows\SysNative\drivers\storqosflt.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (IoQos) -- C:\Windows\SysNative\drivers\ioqos.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (MMCSS) -- C:\Windows\SysNative\drivers\mmcss.sys (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (UrsCx01000) -- C:\Windows\SysNative\drivers\urscx01000.sys (Microsoft Corporation)
DRV:64bit: - (cnghwassist) -- C:\Windows\SysNative\drivers\cnghwassist.sys (Microsoft Corporation)
DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (Wof) -- C:\Windows\SysNative\drivers\wof.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (GpuEnergyDrv) -- C:\Windows\SysNative\drivers\gpuenergydrv.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (Ucx01000) -- C:\Windows\SysNative\drivers\Ucx01000.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation)
DRV:64bit: - (tsusbflt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (UdeCx) -- C:\Windows\SysNative\drivers\Udecx.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (vhf) -- C:\Windows\SysNative\drivers\vhf.sys (Microsoft Corporation)
DRV:64bit: - (WindowsTrustedRTProxy) -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (UrsChipidea) -- C:\Windows\SysNative\drivers\urschipidea.sys (Microsoft Corporation)
DRV:64bit: - (UrsSynopsys) -- C:\Windows\SysNative\drivers\urssynopsys.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (mlx4_bus) -- C:\Windows\SysNative\drivers\mlx4_bus.sys (Mellanox)
DRV:64bit: - (rt640x64) -- C:\Windows\SysNative\drivers\rt640x64.sys (Realtek )
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (ibbus) -- C:\Windows\SysNative\drivers\ibbus.sys (Mellanox)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (LSI_SAS2i) -- C:\Windows\SysNative\drivers\lsi_sas2i.sys (LSI Corporation)
DRV:64bit: - (LSI_SAS3i) -- C:\Windows\SysNative\drivers\lsi_sas3i.sys (Avago Technologies)
DRV:64bit: - (UfxChipidea) -- C:\Windows\SysNative\drivers\UfxChipidea.sys (Microsoft Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (ndfltr) -- C:\Windows\SysNative\drivers\ndfltr.sys (Mellanox)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (WinVerbs) -- C:\Windows\SysNative\drivers\winverbs.sys (Mellanox)
DRV:64bit: - (percsas3i) -- C:\Windows\SysNative\drivers\percsas3i.sys (Avago Technologies)
DRV:64bit: - (percsas2i) -- C:\Windows\SysNative\drivers\percsas2i.sys (LSI Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (UcmUcsi) -- C:\Windows\SysNative\drivers\UcmUcsi.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (storufs) -- C:\Windows\SysNative\drivers\storufs.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (WinMad) -- C:\Windows\SysNative\drivers\winmad.sys (Mellanox)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (QLogic Corporation)
DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra)
DRV:64bit: - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (hidinterrupt) -- C:\Windows\SysNative\drivers\hidinterrupt.sys (Microsoft Corporation)
DRV:64bit: - (buttonconverter) -- C:\Windows\SysNative\drivers\buttonconverter.sys (Microsoft Corporation)
DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (genericusbfn) -- C:\Windows\SysNative\drivers\genericusbfn.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (bcmfn) -- C:\Windows\SysNative\drivers\bcmfn.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (iaLPSS2i_I2C) -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C.sys (Intel Corporation)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc.sys (Microsoft Corporation)
DRV:64bit: - (iai2c) -- C:\Windows\SysNative\drivers\iai2c.sys (Intel(R) Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (LGCoreTemp) -- C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys (Logitech)
DRV:64bit: - (ISCT) -- C:\Windows\SysNative\drivers\ISCTD64.sys ()
DRV:64bit: - (Linksys_adapter_H) -- C:\Windows\SysNative\drivers\AE1200w764.sys (Broadcom Corporation)
DRV - (ESEADriver2) -- C:\Users\leosh\AppData\Local\Temp\ESEADriver2.sys ()
DRV - (cpuz138) -- C:\Users\leosh\AppData\Local\Temp\cpuz138\cpuz138_x64.sys (CPUID)
DRV - (IDSVia64) -- C:\Program Files (x86)\Norton Security with Backup\NortonData\22.7.0.76\Definitions\IPSDefs\20160524.004\IDSVia64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\Program Files (x86)\Norton Security with Backup\NortonData\22.7.0.76\Definitions\BASHDefs\20160521.001\BHDrvx64.sys (Symantec Corporation)
DRV - (BRDriver64_1_3_3_E02B25FC) -- C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys (BitRaider)
DRV - (CompositeBus) -- C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/SKY2_FRPage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = E0 00 42 38 A1 7D D1 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = 01 00 00 00 33 00 00 00 A5 66 BB 01 BC 4A 53 86 7D 1D F2 21 81 CD D3 EA 9A 58 50 A6 B7 27 CA E6 58 56 9C DB 74 E8 5B 89 E3 E2 D9 72 33 49 3F 79 01 C7 36 B8 4B 27 F7 6C 50 82 C4 02 00 00 00 0E 00 00 00 42 43 66 6D 70 44 69 47 72 46 51 25 33 64 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\..\SearchScopes\{7507B89A-B936-49C0-A495-743666526DCF}: "URL" = https://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.91.2: C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2: C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.91.2: C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2: C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1A2A613-35F1-4FCF-B27F-2840527B6556}: C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.7.0.76\COFFADDON\ [2016/08/02 20:39:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1A2A613-35F1-4FCF-B27F-2840527B6556}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.7.0.76\coFFAddon\ [2016/08/02 20:39:31 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - Extension: No name found = C:\Users\leosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\leosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\leosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\leosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\leosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe\2015.7.0.69_0\
CHR - Extension: No name found = C:\Users\leosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe\1.1.4_0\
CHR - Extension: No name found = C:\Users\leosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\leosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\leosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\
CHR - Extension: No name found = C:\Users\leosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0\
CHR - Extension: No name found = C:\Users\leosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl\1.1.0_0\
CHR - Extension: No name found = C:\Users\leosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\leosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pccckmaobkjjboncdfnnofkonhgpceea\1.0.88_0\
CHR - Extension: No name found = C:\Users\leosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\leosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5116.418.1.13_0\

O1 HOSTS File: ([2016/03/18 13:37:41 | 000,000,826 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security with Backup\Engine64\22.7.0.76\CoIEPlg.dll (Symantec Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security with Backup\Engine\22.7.0.76\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine64\22.7.0.76\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine\22.7.0.76\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [StartCN] C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [PlaysTV] C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe (Plays.tv, LLC)
O4 - HKLM..\Run: [Raptr] C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe (Raptr, Inc)
O4 - HKCU..\Run: [BingSvc] C:\Users\leosh\AppData\Local\Microsoft\BingSvc\BingSvc.exe (© 2015 Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent] C:\Users\leosh\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
O4 - HKCU..\Run: [Discord] C:\Users\leosh\AppData\Local\Discord\app-0.0.295\Discord.exe (Hammer & Chisel, Inc.)
O4 - HKCU..\Run: [NetLimiter] C:\Program Files\Locktime Software\NetLimiter 4\nlclientapp.exe (Locktime Software)
O4 - HKCU..\Run: [OneDrive] C:\Users\leosh\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Spotify] C:\Users\leosh\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\leosh\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{c1e96545-b12e-4b91-9b37-fd7b3908034e}: DhcpNameServer = 64.222.165.243 64.222.84.243
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2016/08/03 14:56:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\leosh\Desktop\OTL.exe
[2016/08/03 14:40:34 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2016/08/03 14:34:36 | 000,000,000 | -H-D | C] -- C:\OneDriveTemp
[2016/08/02 23:40:24 | 000,773,368 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NSBUx64\1607000.04C\srtsp64.sys
[2016/08/02 21:13:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AV
[2016/08/02 20:51:30 | 000,042,168 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Windows\SysNative\drivers\PROCEXP152.SYS
[2016/08/02 20:38:05 | 000,101,112 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2016/08/02 20:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2016/08/02 20:37:19 | 001,627,352 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NSBUx64\1607000.04C\SymEFASI64.sys
[2016/08/02 20:37:19 | 000,567,536 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NSBUx64\1607000.04C\symnets.sys
[2016/08/02 20:37:19 | 000,291,056 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NSBUx64\1607000.04C\Ironx64.sys
[2016/08/02 20:37:19 | 000,174,328 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NSBUx64\1607000.04C\ccSetx64.sys
[2016/08/02 20:37:19 | 000,048,888 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NSBUx64\1607000.04C\srtspx64.sys
[2016/08/02 20:37:19 | 000,024,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NSBUx64\1607000.04C\SymELAM.sys
[2016/08/02 20:36:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSBUx64
[2016/08/02 20:36:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSBUx64\1607000.04C
[2016/08/02 20:36:13 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security with Backup
[2016/08/02 20:36:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security with Backup
[2016/08/02 20:35:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2016/08/02 20:35:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2016/08/02 20:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2016/08/02 19:55:08 | 000,000,000 | ---D | C] -- C:\Users\leosh\Desktop\New folder (2)
[2016/07/28 14:01:30 | 000,000,000 | ---D | C] -- C:\Users\leosh\Desktop\New folder
[2016/07/24 16:38:42 | 000,000,000 | ---D | C] -- C:\Users\leosh\AppData\Roaming\Build and Shoot
[2016/07/24 16:38:38 | 000,000,000 | ---D | C] -- C:\Users\leosh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Build and Shoot
[2016/07/24 16:38:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Build and Shoot
[2016/07/20 15:55:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2016/07/20 15:55:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2016/07/19 18:01:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
[2016/07/19 18:01:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios
[2016/07/19 18:01:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios
[2016/07/19 18:01:19 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2016/07/16 15:25:31 | 000,000,000 | ---D | C] -- C:\Users\leosh\AppData\Roaming\Factorio
[2016/07/15 15:04:45 | 000,000,000 | ---D | C] -- C:\Users\leosh\AppData\Roaming\HeroesAndGeneralsDesktop
[2016/07/14 11:11:37 | 000,000,000 | ---D | C] -- C:\Users\leosh\AppData\Local\PunkBuster
[2016/07/14 11:02:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Chart Controls
[2016/07/13 02:47:28 | 000,000,000 | ---D | C] -- C:\Program Files\CMAK
[2016/07/13 02:47:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CMAK
[2016/07/07 14:52:07 | 000,000,000 | ---D | C] -- C:\Users\leosh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESEA
[2016/07/07 14:51:56 | 000,000,000 | ---D | C] -- C:\Program Files\ESEA
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[3 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[11 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2016/08/03 14:56:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\leosh\Desktop\OTL.exe
[2016/08/03 14:50:00 | 000,879,220 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2016/08/03 14:50:00 | 000,743,336 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2016/08/03 14:50:00 | 000,138,962 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2016/08/03 14:45:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016/08/03 14:44:54 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016/08/03 14:44:42 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016/08/03 14:43:49 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2016/08/03 14:43:48 | 838,504,447 | -HS- | M] () -- C:\hiberfil.sys
[2016/08/03 14:43:45 | 000,000,000 | ---- | M] () -- C:\Windows\cd_127
[2016/08/03 14:43:28 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\spu_storage.bin
[2016/08/03 14:25:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2016/08/03 14:01:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016/08/03 11:35:05 | 000,001,032 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2016/08/02 20:51:30 | 000,042,168 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Windows\SysNative\drivers\PROCEXP152.SYS
[2016/08/02 20:43:28 | 001,270,466 | ---- | M] () -- C:\Users\leosh\Desktop\ProcessExplorer.zip
[2016/08/02 20:39:19 | 003,179,901 | ---- | M] () -- C:\Windows\SysNative\drivers\NSBUx64\1607000.04C\Cat.DB
[2016/08/02 20:38:05 | 000,101,112 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2016/08/02 20:38:05 | 000,008,270 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2016/08/02 20:38:05 | 000,000,856 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2016/08/02 20:38:02 | 000,002,609 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security with Backup.lnk
[2016/08/02 20:29:10 | 000,001,322 | ---- | M] () -- C:\Users\leosh\Desktop\Norton Installation Files.lnk
[2016/08/02 20:27:05 | 000,001,171 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016/08/02 20:00:02 | 000,010,357 | ---- | M] () -- C:\Users\leosh\Desktop\Untitled.png
[2016/08/01 16:46:06 | 000,002,233 | ---- | M] () -- C:\Users\leosh\Desktop\Discord.lnk
[2016/07/24 16:38:38 | 000,001,125 | ---- | M] () -- C:\Users\leosh\Desktop\Build and Shoot Launcher.lnk
[2016/07/23 19:19:51 | 000,112,331 | ---- | M] () -- C:\Users\leosh\Desktop\eJwFwVEOgyAMANC7cAAqUDrmbQgSNFNKaI0fy-6-977mnqdZza46ZAXYDik8NyvKM7dqG3M7ax6H2MIXZNVc9qt2FXBv9C4ivihQQEwhgF8oxiVR8ok8-uQI7v7p_HQ7ejO_Pwd7IuA.gTYnn544wMN_JfV44yMBQxOUH70.png
[2016/07/22 18:49:16 | 000,000,222 | ---- | M] () -- C:\Users\leosh\Desktop\Starbound.url
[2016/07/20 18:24:01 | 000,154,887 | ---- | M] () -- C:\Users\leosh\Desktop\JfOtMTU.jpg
[2016/07/20 17:25:14 | 000,086,955 | ---- | M] () -- C:\Users\leosh\Desktop\Pj6cOon.jpg
[2016/07/20 10:59:37 | 000,773,368 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NSBUx64\1607000.04C\srtsp64.sys
[2016/07/20 10:59:36 | 000,008,240 | ---- | M] () -- C:\Windows\SysNative\drivers\NSBUx64\1607000.04C\srtsp64.cat
[2016/07/20 10:59:36 | 000,001,439 | ---- | M] () -- C:\Windows\SysNative\drivers\NSBUx64\1607000.04C\srtsp64.inf
[2016/07/16 15:03:14 | 000,000,222 | ---- | M] () -- C:\Users\leosh\Desktop\Factorio.url
[2016/07/14 11:11:40 | 000,281,032 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2016/07/14 11:11:40 | 000,281,032 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2016/07/14 11:06:48 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2016/07/14 11:06:42 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2016/07/12 18:07:22 | 000,000,220 | ---- | M] () -- C:\Users\leosh\Desktop\Red Orchestra Ostfront 41-45.url
[2016/07/11 21:41:31 | 000,070,654 | ---- | M] () -- C:\Users\leosh\Desktop\Qwertyuiopasdfghjklzxcvbnm.jpg
[2016/07/07 14:52:08 | 000,000,987 | ---- | M] () -- C:\Users\leosh\Desktop\ESEA Client.lnk
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[3 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[11 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2016/08/03 14:43:45 | 000,000,000 | ---- | C] () -- C:\Windows\cd_127
[2016/08/02 23:40:24 | 000,008,240 | ---- | C] () -- C:\Windows\SysNative\drivers\NSBUx64\1607000.04C\srtsp64.cat
[2016/08/02 23:40:24 | 000,001,439 | ---- | C] () -- C:\Windows\SysNative\drivers\NSBUx64\1607000.04C\srtsp64.inf
[2016/08/02 20:45:00 | 001,270,466 | ---- | C] () -- C:\Users\leosh\Desktop\ProcessExplorer.zip
[2016/08/02 20:38:09 | 003,179,901 | ---- | C] () -- C:\Windows\SysNative\drivers\NSBUx64\1607000.04C\Cat.DB
[2016/08/02 20:38:05 | 000,008,270 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2016/08/02 20:38:05 | 000,000,856 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2016/08/02 20:38:02 | 000,002,609 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security with Backup.lnk
[2016/08/02 20:36:32 | 000,003,466 | R--- | C] () -- C:\Windows\SysNative\drivers\NSBUx64\1607000.04C\symefasi.inf
[2016/08/02 20:36:32 | 000,001,441 | R--- | C] () -- C:\Windows\SysNative\drivers\NSBUx64\1607000.04C\SymNet.inf
[2016/08/02 20:36:32 | 000,001,421 | R--- | C] () -- C:\Windows\SysNative\drivers\NSBUx64\1607000.04C\srtspx64.inf
[2016/08/02 20:36:32 | 000,001,098 | R--- | C] () -- C:\Windows\SysNative\drivers\NSBUx64\1607000.04C\symELAM.inf
[2016/08/02 20:36:32 | 000,000,854 | R--- | C] () -- C:\Windows\SysNative\drivers\NSBUx64\1607000.04C\ccSetx64.inf
[2016/08/02 20:36:32 | 000,000,768 | R--- | C] () -- C:\Windows\SysNative\drivers\NSBUx64\1607000.04C\Iron.inf
[2016/08/02 20:36:24 | 000,265,178 | R--- | C] () -- C:\Windows\SysNative\drivers\NSBUx64\1607000.04C\SymVTcer.dat
[2016/08/02 20:36:20 | 000,009,959 | R--- | C] () -- C:\Windows\SysNative\drivers\NSBUx64\1607000.04C\SymELAM64.cat
[2016/08/02 20:36:20 | 000,008,254 | R--- | C] () -- C:\Windows\SysNative\drivers\NSBUx64\1607000.04C\SymEFASI64.cat
[2016/08/02 20:36:20 | 000,008,250 | R--- | C] () -- C:\Windows\SysNative\drivers\NSBUx64\1607000.04C\ccsetx64.cat
[2016/08/02 20:36:20 | 000,008,244 | R--- | C] () -- C:\Windows\SysNative\drivers\NSBUx64\1607000.04C\srtspx64.cat
[2016/08/02 20:36:20 | 000,008,240 | R--- | C] () -- C:\Windows\SysNative\drivers\NSBUx64\1607000.04C\symnet64.cat
[2016/08/02 20:36:20 | 000,008,232 | R--- | C] () -- C:\Windows\SysNative\drivers\NSBUx64\1607000.04C\iron.cat
[2016/08/02 20:36:18 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSBUx64\1607000.04C\isolate.ini
[2016/08/02 20:29:10 | 000,001,322 | ---- | C] () -- C:\Users\leosh\Desktop\Norton Installation Files.lnk
[2016/08/02 20:00:02 | 000,010,357 | ---- | C] () -- C:\Users\leosh\Desktop\Untitled.png
[2016/07/24 16:38:38 | 000,001,125 | ---- | C] () -- C:\Users\leosh\Desktop\Build and Shoot Launcher.lnk
[2016/07/23 19:19:51 | 000,112,331 | ---- | C] () -- C:\Users\leosh\Desktop\eJwFwVEOgyAMANC7cAAqUDrmbQgSNFNKaI0fy-6-977mnqdZza46ZAXYDik8NyvKM7dqG3M7ax6H2MIXZNVc9qt2FXBv9C4ivihQQEwhgF8oxiVR8ok8-uQI7v7p_HQ7ejO_Pwd7IuA.gTYnn544wMN_JfV44yMBQxOUH70.png
[2016/07/22 18:49:16 | 000,000,222 | ---- | C] () -- C:\Users\leosh\Desktop\Starbound.url
[2016/07/20 18:23:59 | 000,154,887 | ---- | C] () -- C:\Users\leosh\Desktop\JfOtMTU.jpg
[2016/07/20 17:25:11 | 000,086,955 | ---- | C] () -- C:\Users\leosh\Desktop\Pj6cOon.jpg
[2016/07/16 15:03:14 | 000,000,222 | ---- | C] () -- C:\Users\leosh\Desktop\Factorio.url
[2016/07/14 11:11:40 | 000,281,032 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2016/07/14 11:06:43 | 000,281,032 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2016/07/14 11:06:43 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2016/07/14 11:06:42 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2016/07/12 18:07:22 | 000,000,220 | ---- | C] () -- C:\Users\leosh\Desktop\Red Orchestra Ostfront 41-45.url
[2016/07/12 17:57:51 | 001,862,008 | ---- | C] () -- C:\Windows\SysWow64\CoreUIComponents.dll
[2016/07/12 17:56:49 | 002,656,408 | ---- | C] () -- C:\Windows\SysNative\CoreUIComponents.dll
[2016/07/11 21:41:29 | 000,070,654 | ---- | C] () -- C:\Users\leosh\Desktop\Qwertyuiopasdfghjklzxcvbnm.jpg
[2016/07/07 14:52:08 | 000,000,987 | ---- | C] () -- C:\Users\leosh\Desktop\ESEA Client.lnk
[2016/06/12 14:35:40 | 000,053,299 | R--- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2016/04/21 09:22:57 | 000,000,013 | ---- | C] () -- C:\Users\leosh\.pluto.tv
[2016/04/12 18:10:35 | 000,162,816 | ---- | C] () -- C:\Windows\SysWow64\MTF.dll
[2016/03/29 18:19:16 | 000,125,720 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1.dll
[2016/03/29 18:19:16 | 000,042,264 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo.exe
[2016/03/27 13:05:00 | 000,183,312 | ---- | C] () -- C:\Windows\SysWow64\hsa-thunk.dll
[2016/03/27 13:02:38 | 000,154,128 | ---- | C] () -- C:\Windows\SysWow64\atieah32.exe
[2016/03/27 12:59:28 | 000,198,672 | ---- | C] () -- C:\Windows\SysWow64\amdgfxinfo32.dll
[2016/03/27 12:56:44 | 000,195,088 | ---- | C] () -- C:\Windows\SysWow64\GameManager32.dll
[2016/03/27 12:56:40 | 000,132,112 | ---- | C] () -- C:\Windows\SysWow64\amdhdl32.dll
[2016/03/14 20:33:55 | 000,000,044 | ---- | C] () -- C:\Users\leosh\jagex_cl_runescape_LIVE.dat
[2016/03/14 20:33:55 | 000,000,024 | ---- | C] () -- C:\Users\leosh\random.dat
[2016/03/14 20:30:51 | 000,000,024 | ---- | C] () -- C:\Users\leosh\jagexappletviewer.preferences
[2016/03/13 23:08:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2016/02/15 19:27:00 | 000,125,720 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1-1-0-3-1.dll
[2016/02/15 19:25:40 | 000,042,264 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-3-1.exe
[2016/02/13 09:13:11 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2015/12/16 23:07:38 | 001,004,032 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2015/12/16 23:07:36 | 000,807,424 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2015/11/05 00:24:18 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2015/11/05 00:24:18 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2015/10/30 03:24:43 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2015/10/30 03:24:43 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2015/10/30 03:18:39 | 000,164,224 | ---- | C] () -- C:\Windows\SysWow64\weretw.dll
[2015/10/30 03:18:36 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2015/10/30 03:18:36 | 000,047,104 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2015/10/30 03:18:34 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\GamePanelExternalHook.dll
[2015/10/30 03:18:31 | 000,252,928 | ---- | C] () -- C:\Windows\SysWow64\Windows.Perception.Stub.dll
[2015/10/30 03:18:31 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\dtdump.exe
[2015/10/30 03:18:29 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2015/10/30 03:18:29 | 000,293,376 | ---- | C] () -- C:\Windows\SysWow64\HrtfApo.dll
[2015/10/30 03:18:26 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\efsext.dll
[2015/10/30 03:18:25 | 000,002,269 | ---- | C] () -- C:\Windows\SysWow64\WimBootCompress.ini
[2015/10/30 03:18:23 | 000,167,640 | ---- | C] () -- C:\Windows\SysWow64\chs_singlechar_pinyin.dat
[2015/10/30 03:17:40 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== ZeroAccess Check ==========

[2016/06/22 10:40:50 | 000,302,632 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1838204639-1766994442-36710114-1001\$RNULG4D\ROGame\BrewedPC\Core.u
[2016/06/22 10:40:58 | 024,036,648 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1838204639-1766994442-36710114-1001\$RNULG4D\ROGame\BrewedPC\Engine.u
[2016/06/22 10:40:23 | 000,950,995 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1838204639-1766994442-36710114-1001\$RNULG4D\ROGame\BrewedPC\GameFramework.u
[2016/06/22 10:39:43 | 000,189,248 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1838204639-1766994442-36710114-1001\$RNULG4D\ROGame\BrewedPC\GFxUI.u
[2016/06/22 10:41:26 | 000,011,956 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1838204639-1766994442-36710114-1001\$RNULG4D\ROGame\BrewedPC\GFxUIEditor.u
[2016/06/22 10:40:23 | 000,259,203 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1838204639-1766994442-36710114-1001\$RNULG4D\ROGame\BrewedPC\Grip.u
[2016/06/22 10:39:43 | 000,396,918 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1838204639-1766994442-36710114-1001\$RNULG4D\ROGame\BrewedPC\IpDrv.u
[2016/06/22 11:38:36 | 000,243,068 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1838204639-1766994442-36710114-1001\$RNULG4D\ROGame\BrewedPC\OnlineSubsystemGameSpy.u
[2016/06/22 11:41:22 | 000,372,444 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1838204639-1766994442-36710114-1001\$RNULG4D\ROGame\BrewedPC\OnlineSubsystemLive.u
[2016/06/22 11:44:26 | 000,162,353 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1838204639-1766994442-36710114-1001\$RNULG4D\ROGame\BrewedPC\OnlineSubsystemPC.u
[2016/06/22 11:41:22 | 000,325,039 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1838204639-1766994442-36710114-1001\$RNULG4D\ROGame\BrewedPC\OnlineSubsystemSteamworks.u
[2016/06/22 17:51:26 | 020,837,279 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1838204639-1766994442-36710114-1001\$RNULG4D\ROGame\BrewedPC\ROGame.u
[2016/06/22 17:46:48 | 006,210,464 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1838204639-1766994442-36710114-1001\$RNULG4D\ROGame\BrewedPC\ROGameContent.u
[2016/06/22 17:46:48 | 005,144,259 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1838204639-1766994442-36710114-1001\$RNULG4D\ROGame\BrewedPC\RSGame.u
[2016/06/22 17:46:49 | 004,327,318 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1838204639-1766994442-36710114-1001\$RNULG4D\ROGame\BrewedPC\RSGameContent.u
[2016/06/21 13:54:56 | 000,788,563 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1838204639-1766994442-36710114-1001\$RNULG4D\ROGame\BrewedPC\UnrealEd.u
[2016/06/21 13:54:56 | 001,288,387 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1838204639-1766994442-36710114-1001\$RNULG4D\ROGame\BrewedPC\WebAdmin.u
[2016/03/18 18:42:12 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2016/07/01 00:32:57 | 006,605,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2016/07/01 00:19:46 | 005,240,960 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2015/10/30 03:17:43 | 000,987,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2015/10/30 03:18:21 | 000,765,440 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2015/10/30 03:17:45 | 000,518,656 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2016/07/30 11:58:02 | 000,000,000 | ---D | M] -- C:\Users\leosh\AppData\Roaming\.minecraft
[2016/03/27 15:04:01 | 000,000,000 | ---D | M] -- C:\Users\leosh\AppData\Roaming\.technic
[2016/04/27 19:21:48 | 000,000,000 | ---D | M] -- C:\Users\leosh\AppData\Roaming\Battle.net
[2016/08/03 14:45:14 | 000,000,000 | ---D | M] -- C:\Users\leosh\AppData\Roaming\BitTorrent
[2016/07/24 16:38:42 | 000,000,000 | ---D | M] -- C:\Users\leosh\AppData\Roaming\Build and Shoot
[2016/05/28 12:58:01 | 000,000,000 | ---D | M] -- C:\Users\leosh\AppData\Roaming\com.freakinware.wormis
[2016/08/03 11:01:21 | 000,000,000 | ---D | M] -- C:\Users\leosh\AppData\Roaming\discord
[2016/07/18 15:55:39 | 000,000,000 | ---D | M] -- C:\Users\leosh\AppData\Roaming\Factorio
[2016/03/27 16:36:27 | 000,000,000 | ---D | M] -- C:\Users\leosh\AppData\Roaming\ftblauncher
[2016/07/15 15:04:47 | 000,000,000 | ---D | M] -- C:\Users\leosh\AppData\Roaming\HeroesAndGeneralsDesktop
[2016/03/14 20:14:14 | 000,000,000 | ---D | M] -- C:\Users\leosh\AppData\Roaming\java
[2016/03/14 00:10:28 | 000,000,000 | ---D | M] -- C:\Users\leosh\AppData\Roaming\library_dir
[2016/05/09 17:02:28 | 000,000,000 | ---D | M] -- C:\Users\leosh\AppData\Roaming\Locktime
[2016/05/09 17:01:48 | 000,000,000 | ---D | M] -- C:\Users\leosh\AppData\Roaming\Locktime Software
[2016/04/30 12:37:22 | 000,000,000 | ---D | M] -- C:\Users\leosh\AppData\Roaming\LolClient
[2016/04/23 18:16:23 | 000,000,000 | ---D | M] -- C:\Users\leosh\AppData\Roaming\Mount&Blade Warband
[2016/08/03 14:45:50 | 000,000,000 | ---D | M] -- C:\Users\leosh\AppData\Roaming\PlaysTV
[2016/08/03 14:45:37 | 000,000,000 | ---D | M] -- C:\Users\leosh\AppData\Roaming\Raptr
[2016/04/27 18:48:07 | 000,000,000 | ---D | M] -- C:\Users\leosh\AppData\Roaming\Riot Games
[2016/03/16 23:36:04 | 000,000,000 | ---D | M] -- C:\Users\leosh\AppData\Roaming\SpaceEngineers
[2016/08/03 14:40:26 | 000,000,000 | ---D | M] -- C:\Users\leosh\AppData\Roaming\Spotify
[2016/07/22 16:48:19 | 000,000,000 | ---D | M] -- C:\Users\leosh\AppData\Roaming\TS3Client

========== Purity Check ==========



< End of report >
 
You must log in or register to reply here.
Back
Top