gABBY Posted July 9, 2013 ID:700778 Share Posted July 9, 2013 Hello again, So the thing is that my Gpu is a constant high load even when idle. Temp goes up to 60° + idle. Some research brought me here and the knowledge of possible bitcoinminer virusses. So here are the first results of dds: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16618Run by gABBY at 22:08:06 on 2013-07-09Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1033.18.8146.5658 [GMT 2:00].AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\SysWOW64\ASGT.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeC:\Windows\SysWOW64\PnkBstrA.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Origin\Origin.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exeG:\gABBY\Stiem\Steam.exeC:\Users\gABBY\AppData\Local\Akamai\netsession_win.exeC:\Program Files (x86)\Creative\Shared Files\CTSched.exeC:\Users\gABBY\AppData\Local\Akamai\netsession_win.exeC:\Program Files (x86)\Razer\Synapse\RzSynapse.exeC:\Windows\SysWOW64\Ctxfihlp.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Users\gABBY\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Program Files (x86)\Google\Update\1.3.21.149\GoogleCrashHandler.exeC:\Program Files (x86)\Google\Update\1.3.21.149\GoogleCrashHandler64.exeC:\Windows\SysWOW64\CTXFISPI.EXEC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uProxyOverride = <local>mWinlogon: Userinit = userinit.exe,BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dlluRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStartuRun: [steam] "G:\gABBY\Stiem\Steam.exe" -silentuRun: [Akamai NetSession Interface] "C:\Users\gABBY\AppData\Local\Akamai\netsession_win.exe"uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorunuRun: [CreativeTaskScheduler] "C:\Program Files (x86)\Creative\Shared Files\CTSched.exe" /logonmRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"mRun: [CTxfiHlp] CTXFIHLP.EXEStartupFolder: C:\Users\gABBY\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\gABBY\AppData\Roaming\Dropbox\bin\Dropbox.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableLUA = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0TCP: NameServer = 192.168.0.1TCP: Interfaces\{FE940914-2182-427D-ABE4-B20A871B09D3} : DHCPNameServer = 192.168.0.1Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyx64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-6-28 283200]R2 ASGT;ASGT;C:\Windows\SysWOW64\ASGT.exe [2012-1-17 55296]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-6-21 413472]R2 uxpatch;uxpatch;C:\Windows\System32\drivers\uxpatch.sys [2009-7-13 30568]R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-7-7 230488]R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-7-7 1445976]R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-7-7 95320]R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [2010-7-7 1612888]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-6-28 769168]R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2013-6-7 31232]R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2013-6-7 126464]R4 IOMap;IOMap;C:\Windows\System32\drivers\IOMap64.sys [2013-6-28 23680]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 Time;Time;C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe [2013-7-9 10752]S2 UnsignedThemes;Unsigned Themes;C:\Windows\UnsignedThemesSvc.exe [2009-7-13 24168]S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2013-6-29 79360]S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2013-6-28 79360]S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-7-7 230488]S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-7-7 1445976]S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-7-7 95320]S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2013-7-9 32000]S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-28 20992]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-28 59392]S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-28 1255736]S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]S3 XENfiltv;XENfiltv;C:\Windows\System32\drivers\XENfiltv.sys [2009-7-31 25600]SUnknown tsusbhub;tsusbhub; [x].=============== Created Last 30 ================.2013-07-09 20:05:58 15208 ----a-w- C:\Windows\System32\drivers\nvflash.sys2013-07-09 17:03:21 -------- d-----w- C:\Malware removel2013-07-09 15:55:32 32000 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys2013-07-09 15:49:58 -------- d-----w- C:\Program Files\HitmanPro2013-07-09 15:49:45 -------- d-----w- C:\ProgramData\HitmanPro2013-07-09 14:51:19 -------- d-----w- C:\Users\gABBY\AppData\Roaming\Malwarebytes2013-07-09 14:51:07 -------- d-----w- C:\ProgramData\Malwarebytes2013-07-09 14:51:06 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-07-09 14:51:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-07-09 14:39:45 -------- d-----w- C:\ProgramData\NVIDIA_Inspector2013-07-09 14:04:29 -------- d-----w- C:\Users\gABBY\AppData\Roaming\MKKE2013-07-09 12:52:00 569680 ----a-w- C:\ProgramData\Microsoft\Windows\Time\msvcp90.dll2013-07-09 12:52:00 49664 ----a-w- C:\ProgramData\Microsoft\Windows\Time\w9xpopen.exe2013-07-09 12:52:00 24064 ----a-w- C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe2013-07-09 12:52:00 2303488 ----a-w- C:\ProgramData\Microsoft\Windows\Time\python27.dll2013-07-09 12:52:00 219648 ----a-w- C:\ProgramData\Microsoft\Windows\Time\boost_python-vc90-mt-1_48.dll2013-07-09 12:52:00 10752 ----a-w- C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe2013-07-09 12:52:00 10240 ----a-w- C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe2013-07-09 08:18:56 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{38677760-460E-47D2-80AB-ECC8EFC63DC1}\mpengine.dll2013-07-03 08:46:06 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-07-01 14:04:10 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BB094481-049E-4D8E-AB1C-2473ECAA55EA}\gapaengine.dll2013-06-29 16:48:30 -------- d-----r- C:\Users\gABBY\Dropbox2013-06-29 16:47:32 -------- d-----w- C:\Users\gABBY\AppData\Roaming\Dropbox2013-06-29 12:29:33 -------- d-----w- C:\Users\gABBY\AppData\Local\Soulseek Chat Logs2013-06-29 12:25:02 -------- d-----w- C:\Program Files (x86)\SoulseekQt2013-06-29 12:18:08 -------- d-----w- C:\Users\gABBY\AppData\Local\QuickPar2013-06-28 23:15:19 -------- d-----w- C:\Users\gABBY\AppData\Roaming\Wargaming.net2013-06-28 23:03:39 -------- d-----w- C:\Users\gABBY\AppData\Roaming\Windows Live Writer2013-06-28 23:03:39 -------- d-----w- C:\Users\gABBY\AppData\Local\Windows Live Writer2013-06-28 23:03:20 -------- d-----w- C:\Windows\SysWow64\xlive2013-06-28 23:03:17 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE2013-06-28 23:01:21 -------- d-----w- C:\Windows\nl2013-06-28 23:01:06 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition2013-06-28 23:00:52 -------- d-----w- C:\Windows\PCHEALTH2013-06-28 22:57:34 99840 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPAG.DLL2013-06-28 22:57:34 30208 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDAG.DLL2013-06-28 22:57:25 385024 ----a-w- C:\Windows\System32\CNMLMAG.DLL2013-06-28 22:54:04 -------- d-----w- C:\Users\gABBY\AppData\Roaming\NVIDIA2013-06-28 22:40:17 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe2013-06-28 22:40:17 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex02013-06-28 22:39:58 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr2013-06-28 22:39:52 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe2013-06-28 22:39:52 -------- d-----w- C:\Users\gABBY\AppData\Local\PunkBuster2013-06-28 22:39:31 -------- d-----w- C:\ProgramData\EA Core2013-06-28 22:39:20 -------- d-----w- C:\ProgramData\EA Logs2013-06-28 22:30:06 -------- d-----w- C:\Program Files (x86)\Winamp Detect2013-06-28 22:27:25 2906586 ------w- C:\Windows\SysWow64\Sens_oal.dll2013-06-28 22:27:25 1944064 ------w- C:\Windows\System32\Sens_oal.dll2013-06-28 22:27:23 647872 ------w- C:\Windows\SysWow64\Mscomct2.ocx2013-06-28 22:27:23 53248 ------w- C:\Windows\Ctregrun.exe2013-06-28 22:24:11 61440 ------w- C:\Windows\SysWow64\CTChkAud.dll2013-06-28 22:24:11 49664 ------w- C:\Windows\System32\CTChkAud.dll2013-06-28 22:24:11 42496 ------w- C:\Windows\System32\AddCat.exe2013-06-28 22:24:11 183296 ------w- C:\Windows\System32\CTOPT352.dll2013-06-28 22:24:11 166912 ------w- C:\Windows\SysWow64\CTOPT352.dll2013-06-28 21:45:07 -------- d-----w- C:\Users\gABBY\AppData\Local\NVIDIA2013-06-28 21:20:57 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll2013-06-28 21:20:57 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll2013-06-28 21:16:55 -------- d-----w- C:\ProgramData\Blizzard Entertainment2013-06-28 21:16:55 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment2013-06-28 21:15:00 -------- d-----w- C:\ProgramData\Battle.net2013-06-28 21:14:19 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys2013-06-28 21:11:38 564824 ----a-w- C:\Windows\System32\drivers\sptd.sys2013-06-28 21:11:38 -------- d-----w- C:\Users\gABBY\AppData\Roaming\DAEMON Tools Pro2013-06-28 21:11:34 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Pro2013-06-28 21:11:09 -------- d-----w- C:\ProgramData\DAEMON Tools Pro2013-06-28 21:08:53 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-06-28 20:56:55 -------- d-----w- C:\Program Files (x86)\ASUS2013-06-28 20:54:52 2560 ----a-w- C:\Windows\System32\drivers\nl-NL\wdf01000.sys.mui2013-06-28 20:39:12 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll2013-06-28 20:39:12 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll2013-06-28 20:39:11 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll2013-06-28 20:39:11 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll2013-06-28 20:25:30 6656 ----a-w- C:\Windows\System32\drivers\nl-NL\rdvgkmd.sys.mui2013-06-28 20:25:30 2560 ----a-w- C:\Windows\System32\drivers\nl-NL\rdpwd.sys.mui2013-06-28 20:25:29 4608 ----a-w- C:\Windows\System32\drivers\nl-NL\tsusbhub.sys.mui2013-06-28 20:25:29 3584 ----a-w- C:\Windows\System32\drivers\nl-NL\tsusbflt.sys.mui2013-06-28 20:25:27 3072 ----a-w- C:\Windows\System32\drivers\nl-NL\Dot4usb.sys.mui2013-06-28 20:23:22 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-06-28 20:23:21 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys2013-06-28 20:23:21 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys2013-06-28 20:23:21 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys2013-06-28 20:23:21 144384 ----a-w- C:\Windows\System32\cdd.dll2013-06-28 20:23:20 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys2013-06-28 20:23:18 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll2013-06-28 20:23:18 3153920 ----a-w- C:\Windows\System32\win32k.sys2013-06-28 20:23:18 230400 ----a-w- C:\Windows\System32\wwansvc.dll2013-06-28 20:23:17 751104 ----a-w- C:\Windows\System32\win32spl.dll2013-06-28 20:23:17 68608 ----a-w- C:\Windows\System32\taskhost.exe2013-06-28 20:23:17 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll2013-06-28 20:08:10 -------- d-----w- C:\Windows\nl-NL2013-06-28 20:01:50 -------- d-----w- C:\Users\gABBY\AppData\Local\Razer2013-06-28 19:53:16 -------- d-----w- C:\Windows\System32\SPReview2013-06-28 19:53:14 -------- d-----w- C:\Windows\System32\EventProviders2013-06-28 19:53:00 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client2013-06-28 19:52:59 -------- d-----w- C:\Program Files\Microsoft Security Client2013-06-28 19:19:11 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys2013-06-28 18:54:56 9728 ----a-w- C:\Windows\System32\Wdfres.dll2013-06-28 18:54:56 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys2013-06-28 18:54:56 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys2013-06-28 18:54:56 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui2013-06-28 18:49:35 294912 ----a-w- C:\Windows\System32\browserchoice.exe2013-06-28 18:48:59 6219088 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll2013-06-28 18:48:58 9552976 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DB752D9D-BB05-496F-A2BC-BF4933E21717}\mpengine.dll2013-06-28 18:42:42 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll2013-06-28 18:42:42 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll2013-06-28 18:42:38 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine2013-06-28 18:41:02 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll2013-06-28 18:41:02 46080 ----a-w- C:\Windows\System32\atmlib.dll2013-06-28 18:41:02 367616 ----a-w- C:\Windows\System32\atmfd.dll2013-06-28 18:41:02 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll2013-06-28 18:41:02 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll2013-06-28 18:41:02 100864 ----a-w- C:\Windows\System32\fontsub.dll2013-06-28 18:40:20 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys2013-06-28 18:40:20 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll2013-06-28 18:40:20 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys2013-06-28 18:40:20 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll2013-06-28 18:40:19 744448 ----a-w- C:\Windows\System32\WUDFx.dll2013-06-28 18:40:19 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll2013-06-28 18:40:19 229888 ----a-w- C:\Windows\System32\WUDFHost.exe2013-06-28 18:38:05 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll2013-06-28 18:38:05 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll2013-06-28 18:38:05 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll2013-06-28 18:38:05 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll2013-06-28 18:38:05 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll2013-06-28 18:38:05 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll2013-06-28 18:38:05 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll2013-06-28 18:38:05 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll2013-06-28 18:38:05 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll2013-06-28 18:38:05 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll2013-06-28 18:38:01 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll2013-06-28 18:38:01 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll2013-06-28 18:36:46 -------- d-----w- C:\Users\gABBY\AppData\Local\Akamai2013-06-28 18:35:58 -------- d-----w- C:\Program Files (x86)\Common Files\Steam2013-06-28 18:34:23 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll2013-06-28 18:33:59 67072 ----a-w- C:\Windows\splwow64.exe2013-06-28 18:32:36 -------- d-----w- C:\Program Files (x86)\QuickPar2013-06-28 18:31:33 -------- d-----w- C:\Users\gABBY\AppData\Roaming\GrabIt2013-06-28 18:31:08 -------- d-----w- C:\Program Files (x86)\GrabIt2013-06-28 18:30:10 23680 ----a-w- C:\Windows\System32\drivers\IOMap64.sys2013-06-28 18:27:56 -------- d-----w- C:\Windows\Downloaded Installations2013-06-28 18:26:27 -------- d-----w- C:\Program Files\NVIDIA Corporation2013-06-28 18:26:13 -------- d-----w- C:\NVIDIA2013-06-28 18:25:13 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll2013-06-28 18:25:13 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys2013-06-28 18:25:13 20992 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys2013-06-28 18:25:13 162816 ----a-w- C:\Windows\System32\rdpudd.dll2013-06-28 18:25:13 1031680 ----a-w- C:\Windows\System32\rdpcore.dll2013-06-28 18:23:36 -------- d-----w- C:\Users\gABBY\AppData\Local\Google2013-06-28 18:23:32 -------- d-----w- C:\Users\gABBY\AppData\Local\Deployment2013-06-28 18:23:32 -------- d-----w- C:\Users\gABBY\AppData\Local\Apps2013-06-28 18:23:03 2622464 ----a-w- C:\Windows\System32\wucltux.dll2013-06-28 18:21:54 99840 ----a-w- C:\Windows\System32\wudriver.dll2013-06-28 18:21:53 36864 ----a-w- C:\Windows\System32\wuapp.exe2013-06-28 18:21:53 186752 ----a-w- C:\Windows\System32\wuwebv.dll2013-06-28 18:21:18 769168 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys2013-06-28 18:21:18 74344 ----a-w- C:\Windows\System32\RtNicProp64.dll2013-06-28 18:21:18 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll2013-06-28 18:21:14 -------- d-----w- C:\Program Files (x86)\Realtek2013-06-28 18:20:40 -------- d-----w- C:\gABBY2013-06-28 18:12:36 -------- d-sh--we C:\Documents and Settings2013-06-28 18:12:36 -------- d-sh--w- C:\Recovery2013-06-24 11:20:22 768000 ----a-w- C:\Windows\SysWow64\rzdevicedll.dll2013-06-21 03:16:02 566048 ----a-w- C:\Windows\SysWow64\nvStreaming.exe2013-06-17 06:43:32 56832 ----a-w- C:\Windows\SysWow64\rzdevinfo.dll2013-06-17 06:43:32 154112 ----a-w- C:\Windows\SysWow64\rztouchdll.dll2013-06-17 06:43:28 117248 ----a-w- C:\Windows\SysWow64\rzdisplaydll.dll2013-06-17 06:43:26 296448 ----a-w- C:\Windows\SysWow64\rzaudiodll.dll.==================== Find3M ====================.2013-06-28 22:27:26 466520 ----a-w- C:\Windows\System32\wrap_oal.dll2013-06-28 22:27:26 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll2013-06-28 22:27:26 123480 ----a-w- C:\Windows\System32\OpenAL32.dll2013-06-28 22:27:26 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll2013-06-28 21:08:53 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-06-28 20:14:30 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll2013-06-28 20:14:29 175616 ----a-w- C:\Windows\System32\msclmd.dll2013-06-21 10:23:16 6496544 ----a-w- C:\Windows\System32\nvcpl.dll2013-06-21 10:23:16 3514656 ----a-w- C:\Windows\System32\nvsvc64.dll2013-06-21 10:23:11 884512 ----a-w- C:\Windows\System32\nvvsvc.exe2013-06-21 10:23:10 63776 ----a-w- C:\Windows\System32\nvshext.dll2013-06-21 10:23:10 2555680 ----a-w- C:\Windows\System32\nvsvcr.dll2013-06-21 10:23:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll2013-06-20 04:17:49 3253909 ----a-w- C:\Windows\System32\nvcoproc.bin2013-06-07 03:29:52 126464 ----a-w- C:\Windows\System32\drivers\rzudd.sys2013-06-07 03:29:50 31232 ----a-w- C:\Windows\System32\drivers\rzendpt.sys2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys.============= FINISH: 22:08:11,31 =============== Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted July 9, 2013 ID:700781 Share Posted July 9, 2013 Hello gABBY and welcome to Malwarebytes! I am D-FRED-BROWN and I will be helping you. Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps. ----------Step 1---------------- Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Double-click on TDSSKiller.exe to run the tool for known TDSS variants. Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it.To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process. Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.----------Step 2---------------- Please download Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt----------Step 3---------------- Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingc...to-use-combofix ***IMPORTANT: save ComboFix to your Desktop*** * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please go here to see a list of programs that should be disabled. **Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall** Please include the C:\ComboFix.txt in your next reply for further review. NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer. ----------Step 4---------------- Please download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.----------Step 5---------------- In your next reply, please include the following:TDSSKiller's logfileMBAR mbar-log.txt and system-log.txtComboFix's report (C:\ComboFix.txt)Security Check checkup.txtAfter that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Note: Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly" -------> Your topic will be closed if you haven't replied within 3 days! <-------- (If I don't respond within 24 hours, please send me a PM) -DFB Link to post Share on other sites More sharing options...
gABBY Posted July 9, 2013 Author ID:700783 Share Posted July 9, 2013 En here is the zipped attach file: Also a small hint. When I start up Roguekiller X64! The gpu load gets back to normal so thats already a good thing not to damage my new gpu ;-)Attach.rar Link to post Share on other sites More sharing options...
gABBY Posted July 9, 2013 Author ID:700785 Share Posted July 9, 2013 tdsskiller results: 22:14:37.0624 3512 TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:1922:14:37.0701 3512 ============================================================22:14:37.0701 3512 Current date / time: 2013/07/09 22:14:37.070122:14:37.0701 3512 SystemInfo:22:14:37.0702 3512 22:14:37.0702 3512 OS Version: 6.1.7601 ServicePack: 1.022:14:37.0702 3512 Product type: Workstation22:14:37.0702 3512 ComputerName: GABBY-PC22:14:37.0702 3512 UserName: gABBY22:14:37.0702 3512 Windows directory: C:\Windows22:14:37.0702 3512 System windows directory: C:\Windows22:14:37.0702 3512 Running under WOW6422:14:37.0702 3512 Processor architecture: Intel x6422:14:37.0702 3512 Number of processors: 422:14:37.0702 3512 Page size: 0x100022:14:37.0702 3512 Boot type: Normal boot22:14:37.0702 3512 ============================================================22:14:38.0000 3512 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004022:14:38.0000 3512 Drive \Device\Harddisk3\DR3 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004022:14:38.0000 3512 Drive \Device\Harddisk4\DR4 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004022:14:38.0000 3512 Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004022:14:38.0001 3512 Drive \Device\Harddisk2\DR2 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004022:14:38.0008 3512 ============================================================22:14:38.0008 3512 \Device\Harddisk1\DR1:22:14:38.0008 3512 MBR partitions:22:14:38.0008 3512 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3706800022:14:38.0009 3512 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x3709A800, BlocksNum 0x3D66B80022:14:38.0009 3512 \Device\Harddisk3\DR3:22:14:38.0009 3512 MBR partitions:22:14:38.0009 3512 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA8680022:14:38.0009 3512 \Device\Harddisk4\DR4:22:14:38.0009 3512 MBR partitions:22:14:38.0009 3512 \Device\Harddisk4\DR4\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x7470400022:14:38.0009 3512 \Device\Harddisk4\DR4\Partition2: MBR, Type 0x7, StartLBA 0x74704800, BlocksNum 0x7470300022:14:38.0009 3512 \Device\Harddisk0\DR0:22:14:38.0009 3512 MBR partitions:22:14:38.0009 3512 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3200022:14:38.0009 3512 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1DCC000022:14:38.0009 3512 \Device\Harddisk2\DR2:22:14:38.0009 3512 MBR partitions:22:14:38.0009 3512 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x13, BlocksNum 0xAEA85A4D22:14:38.0009 3512 ============================================================22:14:38.0011 3512 C: <-> \Device\Harddisk0\DR0\Partition222:14:38.0031 3512 D: <-> \Device\Harddisk1\DR1\Partition122:14:38.0039 3512 E: <-> \Device\Harddisk3\DR3\Partition122:14:38.0050 3512 F: <-> \Device\Harddisk2\DR2\Partition122:14:38.0076 3512 G: <-> \Device\Harddisk4\DR4\Partition122:14:38.0102 3512 H: <-> \Device\Harddisk1\DR1\Partition222:14:38.0122 3512 I: <-> \Device\Harddisk4\DR4\Partition222:14:38.0122 3512 ============================================================22:14:38.0122 3512 Initialize success22:14:38.0122 3512 ============================================================22:15:11.0901 4196 ============================================================22:15:11.0901 4196 Scan started22:15:11.0901 4196 Mode: Manual; 22:15:11.0901 4196 ============================================================22:15:12.0608 4196 ================ Scan system memory ========================22:15:12.0609 4196 System memory - ok22:15:12.0609 4196 ================ Scan services =============================22:15:12.0660 4196 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys22:15:12.0663 4196 1394ohci - ok22:15:12.0670 4196 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys22:15:12.0674 4196 ACPI - ok22:15:12.0678 4196 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys22:15:12.0679 4196 AcpiPmi - ok22:15:12.0687 4196 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys22:15:12.0692 4196 adp94xx - ok22:15:12.0697 4196 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys22:15:12.0700 4196 adpahci - ok22:15:12.0704 4196 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys22:15:12.0706 4196 adpu320 - ok22:15:12.0710 4196 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll22:15:12.0711 4196 AeLookupSvc - ok22:15:12.0717 4196 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys22:15:12.0721 4196 AFD - ok22:15:12.0724 4196 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys22:15:12.0725 4196 agp440 - ok22:15:12.0727 4196 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe22:15:12.0729 4196 ALG - ok22:15:12.0734 4196 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys22:15:12.0735 4196 aliide - ok22:15:12.0738 4196 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys22:15:12.0738 4196 amdide - ok22:15:12.0741 4196 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys22:15:12.0742 4196 AmdK8 - ok22:15:12.0745 4196 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys22:15:12.0746 4196 AmdPPM - ok22:15:12.0749 4196 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys22:15:12.0751 4196 amdsata - ok22:15:12.0755 4196 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys22:15:12.0757 4196 amdsbs - ok22:15:12.0759 4196 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys22:15:12.0760 4196 amdxata - ok22:15:12.0763 4196 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys22:15:12.0764 4196 AppID - ok22:15:12.0766 4196 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll22:15:12.0767 4196 AppIDSvc - ok22:15:12.0770 4196 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll22:15:12.0771 4196 Appinfo - ok22:15:12.0776 4196 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll22:15:12.0778 4196 AppMgmt - ok22:15:12.0780 4196 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys22:15:12.0781 4196 arc - ok22:15:12.0784 4196 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys22:15:12.0785 4196 arcsas - ok22:15:12.0807 4196 [ E536856E96A7605EBF580D62A868E5FE ] ASGT C:\Windows\SysWOW64\ASGT.exe22:15:12.0807 4196 ASGT - ok22:15:12.0818 4196 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe22:15:12.0819 4196 aspnet_state - ok22:15:12.0821 4196 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys22:15:12.0822 4196 AsyncMac - ok22:15:12.0824 4196 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys22:15:12.0824 4196 atapi - ok22:15:12.0830 4196 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll22:15:12.0834 4196 AudioEndpointBuilder - ok22:15:12.0839 4196 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll22:15:12.0842 4196 AudioSrv - ok22:15:12.0844 4196 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll22:15:12.0845 4196 AxInstSV - ok22:15:12.0850 4196 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys22:15:12.0853 4196 b06bdrv - ok22:15:12.0857 4196 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys22:15:12.0859 4196 b57nd60a - ok22:15:12.0862 4196 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll22:15:12.0864 4196 BDESVC - ok22:15:12.0865 4196 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys22:15:12.0866 4196 Beep - ok22:15:12.0874 4196 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll22:15:12.0878 4196 BFE - ok22:15:12.0885 4196 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll22:15:12.0891 4196 BITS - ok22:15:12.0893 4196 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys22:15:12.0894 4196 blbdrive - ok22:15:12.0896 4196 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys22:15:12.0897 4196 bowser - ok22:15:12.0899 4196 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys22:15:12.0900 4196 BrFiltLo - ok22:15:12.0902 4196 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys22:15:12.0902 4196 BrFiltUp - ok22:15:12.0905 4196 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll22:15:12.0907 4196 Browser - ok22:15:12.0910 4196 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys22:15:12.0912 4196 Brserid - ok22:15:12.0914 4196 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys22:15:12.0915 4196 BrSerWdm - ok22:15:12.0916 4196 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys22:15:12.0917 4196 BrUsbMdm - ok22:15:12.0919 4196 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys22:15:12.0919 4196 BrUsbSer - ok22:15:12.0921 4196 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys22:15:12.0922 4196 BTHMODEM - ok22:15:12.0925 4196 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll22:15:12.0926 4196 bthserv - ok22:15:12.0928 4196 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys22:15:12.0929 4196 cdfs - ok22:15:12.0931 4196 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys22:15:12.0933 4196 cdrom - ok22:15:12.0936 4196 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll22:15:12.0937 4196 CertPropSvc - ok22:15:12.0939 4196 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys22:15:12.0940 4196 circlass - ok22:15:12.0944 4196 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys22:15:12.0946 4196 CLFS - ok22:15:12.0952 4196 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe22:15:12.0953 4196 clr_optimization_v2.0.50727_32 - ok22:15:12.0958 4196 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe22:15:12.0959 4196 clr_optimization_v2.0.50727_64 - ok22:15:12.0969 4196 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe22:15:12.0970 4196 clr_optimization_v4.0.30319_32 - ok22:15:12.0973 4196 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe22:15:12.0974 4196 clr_optimization_v4.0.30319_64 - ok22:15:12.0976 4196 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys22:15:12.0976 4196 CmBatt - ok22:15:12.0978 4196 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys22:15:12.0979 4196 cmdide - ok22:15:12.0984 4196 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys22:15:12.0987 4196 CNG - ok22:15:12.0989 4196 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys22:15:12.0989 4196 Compbatt - ok22:15:12.0991 4196 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys22:15:12.0992 4196 CompositeBus - ok22:15:12.0993 4196 COMSysApp - ok22:15:12.0995 4196 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys22:15:12.0996 4196 crcdisk - ok22:15:13.0000 4196 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe22:15:13.0001 4196 Creative ALchemy AL6 Licensing Service - ok22:15:13.0003 4196 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe22:15:13.0004 4196 Creative Audio Engine Licensing Service - ok22:15:13.0008 4196 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll22:15:13.0009 4196 CryptSvc - ok22:15:13.0015 4196 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys22:15:13.0018 4196 CSC - ok22:15:13.0024 4196 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll22:15:13.0028 4196 CscService - ok22:15:13.0031 4196 [ 148C9C111291C41D6B2ABFB6FBB43856 ] CT20XUT C:\Windows\system32\drivers\CT20XUT.SYS22:15:13.0032 4196 CT20XUT - ok22:15:13.0035 4196 [ 148C9C111291C41D6B2ABFB6FBB43856 ] CT20XUT.SYS C:\Windows\System32\drivers\CT20XUT.SYS22:15:13.0036 4196 CT20XUT.SYS - ok22:15:13.0041 4196 [ 397FBD4454E5B2FB77E55D1013DF548C ] ctac32k C:\Windows\system32\drivers\ctac32k.sys22:15:13.0044 4196 ctac32k - ok22:15:13.0051 4196 [ 50A8CD4DF066FE57D0C473A2645988CC ] ctaud2k C:\Windows\system32\drivers\ctaud2k.sys22:15:13.0053 4196 ctaud2k - ok22:15:13.0059 4196 [ EDBA1382E5D7D1E71442B43E170CF8D4 ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe22:15:13.0060 4196 CTAudSvcService - ok22:15:13.0071 4196 [ 6F9C3C6C78F5296F4BC7102FB0F7CB65 ] CTEXFIFX C:\Windows\system32\drivers\CTEXFIFX.SYS22:15:13.0075 4196 CTEXFIFX - ok22:15:13.0086 4196 [ 6F9C3C6C78F5296F4BC7102FB0F7CB65 ] CTEXFIFX.SYS C:\Windows\System32\drivers\CTEXFIFX.SYS22:15:13.0091 4196 CTEXFIFX.SYS - ok22:15:13.0093 4196 [ AE78CA7EE865A28AC841211DB655ACF3 ] CTHWIUT C:\Windows\system32\drivers\CTHWIUT.SYS22:15:13.0094 4196 CTHWIUT - ok22:15:13.0096 4196 [ AE78CA7EE865A28AC841211DB655ACF3 ] CTHWIUT.SYS C:\Windows\System32\drivers\CTHWIUT.SYS22:15:13.0096 4196 CTHWIUT.SYS - ok22:15:13.0098 4196 [ 757776E207CA5E71E4A16BD1260AE1F2 ] ctprxy2k C:\Windows\system32\drivers\ctprxy2k.sys22:15:13.0098 4196 ctprxy2k - ok22:15:13.0101 4196 [ 9B111EE2F488A8D9C21A13ED4C777795 ] ctsfm2k C:\Windows\system32\drivers\ctsfm2k.sys22:15:13.0102 4196 ctsfm2k - ok22:15:13.0108 4196 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll22:15:13.0111 4196 DcomLaunch - ok22:15:13.0115 4196 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll22:15:13.0117 4196 defragsvc - ok22:15:13.0120 4196 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys22:15:13.0121 4196 DfsC - ok22:15:13.0124 4196 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll22:15:13.0127 4196 Dhcp - ok22:15:13.0129 4196 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys22:15:13.0129 4196 discache - ok22:15:13.0131 4196 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys22:15:13.0132 4196 Disk - ok22:15:13.0135 4196 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll22:15:13.0136 4196 Dnscache - ok22:15:13.0140 4196 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll22:15:13.0142 4196 dot3svc - ok22:15:13.0145 4196 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll22:15:13.0146 4196 DPS - ok22:15:13.0148 4196 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys22:15:13.0149 4196 drmkaud - ok22:15:13.0152 4196 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys22:15:13.0153 4196 dtsoftbus01 - ok22:15:13.0161 4196 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys22:15:13.0164 4196 DXGKrnl - ok22:15:13.0167 4196 [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys22:15:13.0168 4196 E1G60 - ok22:15:13.0171 4196 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll22:15:13.0172 4196 EapHost - ok22:15:13.0193 4196 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys22:15:13.0210 4196 ebdrv - ok22:15:13.0222 4196 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe22:15:13.0223 4196 EFS - ok22:15:13.0234 4196 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe22:15:13.0238 4196 ehRecvr - ok22:15:13.0241 4196 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe22:15:13.0242 4196 ehSched - ok22:15:13.0247 4196 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys22:15:13.0250 4196 elxstor - ok22:15:13.0253 4196 [ 683DCAF0D4EFC3F95A32E8924849202D ] emupia C:\Windows\system32\drivers\emupia2k.sys22:15:13.0253 4196 emupia - ok22:15:13.0255 4196 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys22:15:13.0256 4196 ErrDev - ok22:15:13.0261 4196 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll22:15:13.0263 4196 EventSystem - ok22:15:13.0266 4196 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys22:15:13.0268 4196 exfat - ok22:15:13.0271 4196 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys22:15:13.0272 4196 fastfat - ok22:15:13.0278 4196 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe22:15:13.0283 4196 Fax - ok22:15:13.0285 4196 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys22:15:13.0285 4196 fdc - ok22:15:13.0287 4196 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll22:15:13.0287 4196 fdPHost - ok22:15:13.0289 4196 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll22:15:13.0290 4196 FDResPub - ok22:15:13.0292 4196 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys22:15:13.0293 4196 FileInfo - ok22:15:13.0294 4196 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys22:15:13.0295 4196 Filetrace - ok22:15:13.0297 4196 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys22:15:13.0297 4196 flpydisk - ok22:15:13.0301 4196 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys22:15:13.0303 4196 FltMgr - ok22:15:13.0311 4196 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll22:15:13.0318 4196 FontCache - ok22:15:13.0321 4196 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe22:15:13.0322 4196 FontCache3.0.0.0 - ok22:15:13.0324 4196 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys22:15:13.0324 4196 FsDepends - ok22:15:13.0326 4196 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys22:15:13.0327 4196 Fs_Rec - ok22:15:13.0330 4196 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys22:15:13.0331 4196 fvevol - ok22:15:13.0334 4196 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys22:15:13.0335 4196 gagp30kx - ok22:15:13.0343 4196 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll22:15:13.0348 4196 gpsvc - ok22:15:13.0352 4196 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe22:15:13.0354 4196 gupdate - ok22:15:13.0355 4196 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe22:15:13.0356 4196 gupdatem - ok22:15:13.0367 4196 [ 076F366B87575ADC7D152C7A34ACB3DC ] ha20x22k C:\Windows\system32\drivers\ha20x22k.sys22:15:13.0372 4196 ha20x22k - ok22:15:13.0383 4196 [ 4A7533EB52DC9D1847E7F78DEE1CE322 ] ha20x2k C:\Windows\system32\drivers\ha20x2k.sys22:15:13.0391 4196 ha20x2k - ok22:15:13.0394 4196 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys22:15:13.0394 4196 hcw85cir - ok22:15:13.0398 4196 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys22:15:13.0401 4196 HdAudAddService - ok22:15:13.0403 4196 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys22:15:13.0404 4196 HDAudBus - ok22:15:13.0406 4196 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys22:15:13.0407 4196 HidBatt - ok22:15:13.0409 4196 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys22:15:13.0410 4196 HidBth - ok22:15:13.0413 4196 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys22:15:13.0413 4196 HidIr - ok22:15:13.0415 4196 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll22:15:13.0416 4196 hidserv - ok22:15:13.0418 4196 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys22:15:13.0419 4196 HidUsb - ok22:15:13.0421 4196 [ 6B415E7AE774B9118360F559F627468E ] hitmanpro37 C:\Windows\system32\drivers\hitmanpro37.sys22:15:13.0421 4196 hitmanpro37 - ok22:15:13.0424 4196 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll22:15:13.0425 4196 hkmsvc - ok22:15:13.0428 4196 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll22:15:13.0430 4196 HomeGroupListener - ok22:15:13.0434 4196 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll22:15:13.0435 4196 HomeGroupProvider - ok22:15:13.0437 4196 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys22:15:13.0438 4196 HpSAMD - ok22:15:13.0444 4196 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys22:15:13.0448 4196 HTTP - ok22:15:13.0450 4196 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys22:15:13.0450 4196 hwpolicy - ok22:15:13.0453 4196 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys22:15:13.0454 4196 i8042prt - ok22:15:13.0458 4196 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys22:15:13.0461 4196 iaStorV - ok22:15:13.0468 4196 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe22:15:13.0473 4196 idsvc - ok22:15:13.0475 4196 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys22:15:13.0476 4196 iirsp - ok22:15:13.0483 4196 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll22:15:13.0488 4196 IKEEXT - ok22:15:13.0491 4196 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys22:15:13.0492 4196 intelide - ok22:15:13.0495 4196 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys22:15:13.0495 4196 intelppm - ok22:15:13.0497 4196 [ A01C412699B6F21645B2885C2BAE4454 ] IOMap C:\Windows\system32\drivers\IOMap64.sys22:15:13.0498 4196 IOMap - ok22:15:13.0500 4196 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll22:15:13.0501 4196 IPBusEnum - ok22:15:13.0504 4196 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys22:15:13.0505 4196 IpFilterDriver - ok22:15:13.0510 4196 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll22:15:13.0513 4196 iphlpsvc - ok22:15:13.0516 4196 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys22:15:13.0517 4196 IPMIDRV - ok22:15:13.0519 4196 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys22:15:13.0520 4196 IPNAT - ok22:15:13.0522 4196 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys22:15:13.0523 4196 IRENUM - ok22:15:13.0525 4196 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys22:15:13.0525 4196 isapnp - ok22:15:13.0529 4196 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys22:15:13.0531 4196 iScsiPrt - ok22:15:13.0533 4196 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys22:15:13.0533 4196 kbdclass - ok22:15:13.0535 4196 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys22:15:13.0536 4196 kbdhid - ok22:15:13.0537 4196 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe22:15:13.0538 4196 KeyIso - ok22:15:13.0540 4196 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys22:15:13.0541 4196 KSecDD - ok22:15:13.0544 4196 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys22:15:13.0545 4196 KSecPkg - ok22:15:13.0547 4196 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys22:15:13.0547 4196 ksthunk - ok22:15:13.0551 4196 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll22:15:13.0554 4196 KtmRm - ok22:15:13.0557 4196 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll22:15:13.0560 4196 LanmanServer - ok22:15:13.0562 4196 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll22:15:13.0564 4196 LanmanWorkstation - ok22:15:13.0567 4196 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys22:15:13.0567 4196 lltdio - ok22:15:13.0571 4196 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll22:15:13.0574 4196 lltdsvc - ok22:15:13.0575 4196 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll22:15:13.0576 4196 lmhosts - ok22:15:13.0579 4196 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys22:15:13.0580 4196 LSI_FC - ok22:15:13.0582 4196 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys22:15:13.0583 4196 LSI_SAS - ok22:15:13.0585 4196 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys22:15:13.0586 4196 LSI_SAS2 - ok22:15:13.0588 4196 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys22:15:13.0589 4196 LSI_SCSI - ok22:15:13.0591 4196 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys22:15:13.0592 4196 luafv - ok22:15:13.0595 4196 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll22:15:13.0596 4196 Mcx2Svc - ok22:15:13.0597 4196 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys22:15:13.0598 4196 megasas - ok22:15:13.0602 4196 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys22:15:13.0604 4196 MegaSR - ok22:15:13.0606 4196 [ 2BB3EAE2EA641515D4B205CAB29E1624 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys22:15:13.0607 4196 MEIx64 - ok22:15:13.0609 4196 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll22:15:13.0610 4196 MMCSS - ok22:15:13.0612 4196 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys22:15:13.0613 4196 Modem - ok22:15:13.0615 4196 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys22:15:13.0615 4196 monitor - ok22:15:13.0617 4196 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys22:15:13.0617 4196 mouclass - ok22:15:13.0619 4196 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys22:15:13.0620 4196 mouhid - ok22:15:13.0623 4196 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys22:15:13.0624 4196 mountmgr - ok22:15:13.0628 4196 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys22:15:13.0629 4196 MpFilter - ok22:15:13.0632 4196 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys22:15:13.0634 4196 mpio - ok22:15:13.0636 4196 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys22:15:13.0637 4196 mpsdrv - ok22:15:13.0643 4196 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll22:15:13.0649 4196 MpsSvc - ok22:15:13.0652 4196 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys22:15:13.0654 4196 MRxDAV - ok22:15:13.0657 4196 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys22:15:13.0658 4196 mrxsmb - ok22:15:13.0661 4196 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys22:15:13.0663 4196 mrxsmb10 - ok22:15:13.0666 4196 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys22:15:13.0667 4196 mrxsmb20 - ok22:15:13.0669 4196 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys22:15:13.0669 4196 msahci - ok22:15:13.0672 4196 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys22:15:13.0673 4196 msdsm - ok22:15:13.0675 4196 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe22:15:13.0677 4196 MSDTC - ok22:15:13.0680 4196 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys22:15:13.0681 4196 Msfs - ok22:15:13.0683 4196 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys22:15:13.0683 4196 mshidkmdf - ok22:15:13.0685 4196 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys22:15:13.0685 4196 msisadrv - ok22:15:13.0688 4196 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll22:15:13.0690 4196 MSiSCSI - ok22:15:13.0692 4196 msiserver - ok22:15:13.0694 4196 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys22:15:13.0694 4196 MSKSSRV - ok22:15:13.0698 4196 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe22:15:13.0699 4196 MsMpSvc - ok22:15:13.0700 4196 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys22:15:13.0701 4196 MSPCLOCK - ok22:15:13.0702 4196 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys22:15:13.0703 4196 MSPQM - ok22:15:13.0707 4196 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys22:15:13.0709 4196 MsRPC - ok22:15:13.0712 4196 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys22:15:13.0712 4196 mssmbios - ok22:15:13.0714 4196 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys22:15:13.0714 4196 MSTEE - ok22:15:13.0716 4196 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys22:15:13.0716 4196 MTConfig - ok22:15:13.0718 4196 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys22:15:13.0719 4196 Mup - ok22:15:13.0723 4196 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll22:15:13.0727 4196 napagent - ok22:15:13.0731 4196 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys22:15:13.0733 4196 NativeWifiP - ok22:15:13.0741 4196 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys22:15:13.0746 4196 NDIS - ok22:15:13.0749 4196 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys22:15:13.0749 4196 NdisCap - ok22:15:13.0751 4196 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys22:15:13.0752 4196 NdisTapi - ok22:15:13.0754 4196 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys22:15:13.0755 4196 Ndisuio - ok22:15:13.0758 4196 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys22:15:13.0759 4196 NdisWan - ok22:15:13.0761 4196 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys22:15:13.0762 4196 NDProxy - ok22:15:13.0764 4196 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys22:15:13.0765 4196 NetBIOS - ok22:15:13.0768 4196 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys22:15:13.0770 4196 NetBT - ok22:15:13.0771 4196 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe22:15:13.0772 4196 Netlogon - ok22:15:13.0777 4196 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll22:15:13.0780 4196 Netman - ok22:15:13.0782 4196 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe22:15:13.0783 4196 NetMsmqActivator - ok22:15:13.0785 4196 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe22:15:13.0786 4196 NetPipeActivator - ok22:15:13.0790 4196 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll22:15:13.0792 4196 netprofm - ok22:15:13.0794 4196 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe22:15:13.0795 4196 NetTcpActivator - ok22:15:13.0797 4196 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe22:15:13.0797 4196 NetTcpPortSharing - ok22:15:13.0800 4196 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys22:15:13.0801 4196 nfrd960 - ok22:15:13.0804 4196 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys22:15:13.0804 4196 NisDrv - ok22:15:13.0808 4196 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe22:15:13.0809 4196 NisSrv - ok22:15:13.0813 4196 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll22:15:13.0815 4196 NlaSvc - ok22:15:13.0817 4196 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys22:15:13.0818 4196 Npfs - ok22:15:13.0821 4196 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll22:15:13.0822 4196 nsi - ok22:15:13.0824 4196 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys22:15:13.0824 4196 nsiproxy - ok22:15:13.0836 4196 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys22:15:13.0845 4196 Ntfs - ok22:15:13.0847 4196 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys22:15:13.0848 4196 Null - ok22:15:13.0851 4196 [ 805F0C2B9C07E4C0F74D0EF70E9E827A ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys22:15:13.0852 4196 NVHDA - ok22:15:13.0941 4196 [ EE6B7B6A54BCAFF516E30B1C15467495 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys22:15:13.0976 4196 nvlddmkm - ok22:15:13.0981 4196 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys22:15:13.0983 4196 nvraid - ok22:15:13.0985 4196 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys22:15:13.0987 4196 nvstor - ok22:15:13.0993 4196 [ 25626309AD2F81D47C829CCB5E46E478 ] nvsvc C:\Windows\system32\nvvsvc.exe22:15:13.0997 4196 nvsvc - ok22:15:14.0009 4196 [ A9AFE5B0648C8D7A411A72D8222F7F6E ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe22:15:14.0015 4196 nvUpdatusService - ok22:15:14.0018 4196 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys22:15:14.0019 4196 nv_agp - ok22:15:14.0021 4196 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys22:15:14.0022 4196 ohci1394 - ok22:15:14.0024 4196 [ A29A80A1CF63D0DC27EEFCAF27D34664 ] ossrv C:\Windows\system32\drivers\ctoss2k.sys22:15:14.0025 4196 ossrv - ok22:15:14.0029 4196 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll22:15:14.0032 4196 p2pimsvc - ok22:15:14.0036 4196 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll22:15:14.0040 4196 p2psvc - ok22:15:14.0042 4196 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys22:15:14.0043 4196 Parport - ok22:15:14.0045 4196 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys22:15:14.0046 4196 partmgr - ok22:15:14.0049 4196 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll22:15:14.0050 4196 PcaSvc - ok22:15:14.0053 4196 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys22:15:14.0054 4196 pci - ok22:15:14.0056 4196 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys22:15:14.0057 4196 pciide - ok22:15:14.0060 4196 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys22:15:14.0061 4196 pcmcia - ok22:15:14.0063 4196 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys22:15:14.0063 4196 pcw - ok22:15:14.0069 4196 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys22:15:14.0072 4196 PEAUTH - ok22:15:14.0082 4196 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll22:15:14.0089 4196 PeerDistSvc - ok22:15:14.0107 4196 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe22:15:14.0108 4196 PerfHost - ok22:15:14.0120 4196 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll22:15:14.0128 4196 pla - ok22:15:14.0132 4196 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll22:15:14.0135 4196 PlugPlay - ok22:15:14.0137 4196 PnkBstrA - ok22:15:14.0139 4196 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll22:15:14.0140 4196 PNRPAutoReg - ok22:15:14.0144 4196 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll22:15:14.0145 4196 PNRPsvc - ok22:15:14.0150 4196 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll22:15:14.0153 4196 PolicyAgent - ok22:15:14.0157 4196 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll22:15:14.0159 4196 Power - ok22:15:14.0161 4196 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys22:15:14.0162 4196 PptpMiniport - ok22:15:14.0164 4196 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys22:15:14.0165 4196 Processor - ok22:15:14.0168 4196 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll22:15:14.0170 4196 ProfSvc - ok22:15:14.0171 4196 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe22:15:14.0172 4196 ProtectedStorage - ok22:15:14.0175 4196 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys22:15:14.0175 4196 Psched - ok22:15:14.0186 4196 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys22:15:14.0194 4196 ql2300 - ok22:15:14.0197 4196 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys22:15:14.0198 4196 ql40xx - ok22:15:14.0201 4196 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll22:15:14.0203 4196 QWAVE - ok22:15:14.0205 4196 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys22:15:14.0206 4196 QWAVEdrv - ok22:15:14.0208 4196 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys22:15:14.0208 4196 RasAcd - ok22:15:14.0210 4196 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys22:15:14.0211 4196 RasAgileVpn - ok22:15:14.0220 4196 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll22:15:14.0223 4196 RasAuto - ok22:15:14.0235 4196 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys22:15:14.0239 4196 Rasl2tp - ok22:15:14.0247 4196 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll22:15:14.0250 4196 RasMan - ok22:15:14.0252 4196 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys22:15:14.0253 4196 RasPppoe - ok22:15:14.0256 4196 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys22:15:14.0257 4196 RasSstp - ok22:15:14.0260 4196 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys22:15:14.0262 4196 rdbss - ok22:15:14.0264 4196 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys22:15:14.0265 4196 rdpbus - ok22:15:14.0266 4196 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys22:15:14.0266 4196 RDPCDD - ok22:15:14.0270 4196 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys22:15:14.0272 4196 RDPDR - ok22:15:14.0273 4196 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys22:15:14.0274 4196 RDPENCDD - ok22:15:14.0276 4196 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys22:15:14.0276 4196 RDPREFMP - ok22:15:14.0279 4196 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys22:15:14.0279 4196 RdpVideoMiniport - ok22:15:14.0283 4196 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys22:15:14.0284 4196 RDPWD - ok22:15:14.0287 4196 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys22:15:14.0289 4196 rdyboost - ok22:15:14.0291 4196 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll22:15:14.0293 4196 RemoteAccess - ok22:15:14.0296 4196 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll22:15:14.0297 4196 RemoteRegistry - ok22:15:14.0302 4196 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll22:15:14.0304 4196 RpcEptMapper - ok22:15:14.0305 4196 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe22:15:14.0306 4196 RpcLocator - ok22:15:14.0311 4196 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll22:15:14.0313 4196 RpcSs - ok22:15:14.0315 4196 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys22:15:14.0316 4196 rspndr - ok22:15:14.0323 4196 [ B358C047E081AC70035017BD1D7ED818 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys22:15:14.0325 4196 RTL8167 - ok22:15:14.0328 4196 [ D1EC7582EBB4EF184B432C3167EF0466 ] rzendpt C:\Windows\system32\DRIVERS\rzendpt.sys22:15:14.0328 4196 rzendpt - ok22:15:14.0330 4196 [ 2A4CAD463AC2B03CC110EFB1B043099B ] rzudd C:\Windows\system32\DRIVERS\rzudd.sys22:15:14.0331 4196 rzudd - ok22:15:14.0333 4196 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys22:15:14.0333 4196 s3cap - ok22:15:14.0335 4196 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe22:15:14.0335 4196 SamSs - ok22:15:14.0338 4196 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys22:15:14.0339 4196 sbp2port - ok22:15:14.0342 4196 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll22:15:14.0344 4196 SCardSvr - ok22:15:14.0346 4196 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys22:15:14.0346 4196 scfilter - ok22:15:14.0354 4196 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll22:15:14.0361 4196 Schedule - ok22:15:14.0364 4196 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll22:15:14.0364 4196 SCPolicySvc - ok22:15:14.0367 4196 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll22:15:14.0369 4196 SDRSVC - ok22:15:14.0371 4196 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys22:15:14.0372 4196 secdrv - ok22:15:14.0374 4196 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll22:15:14.0375 4196 seclogon - ok22:15:14.0377 4196 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll22:15:14.0378 4196 SENS - ok22:15:14.0380 4196 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll22:15:14.0381 4196 SensrSvc - ok22:15:14.0383 4196 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys22:15:14.0383 4196 Serenum - ok22:15:14.0385 4196 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys22:15:14.0386 4196 Serial - ok22:15:14.0389 4196 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys22:15:14.0390 4196 sermouse - ok22:15:14.0394 4196 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll22:15:14.0396 4196 SessionEnv - ok22:15:14.0398 4196 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys22:15:14.0399 4196 sffdisk - ok22:15:14.0400 4196 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys22:15:14.0401 4196 sffp_mmc - ok22:15:14.0402 4196 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys22:15:14.0403 4196 sffp_sd - ok22:15:14.0405 4196 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys22:15:14.0406 4196 sfloppy - ok22:15:14.0410 4196 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll22:15:14.0412 4196 SharedAccess - ok22:15:14.0416 4196 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll22:15:14.0419 4196 ShellHWDetection - ok22:15:14.0421 4196 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys22:15:14.0422 4196 SiSRaid2 - ok22:15:14.0424 4196 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys22:15:14.0425 4196 SiSRaid4 - ok22:15:14.0428 4196 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys22:15:14.0429 4196 Smb - ok22:15:14.0432 4196 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe22:15:14.0433 4196 SNMPTRAP - ok22:15:14.0434 4196 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys22:15:14.0435 4196 spldr - ok22:15:14.0440 4196 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe22:15:14.0443 4196 Spooler - ok22:15:14.0465 4196 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe22:15:14.0476 4196 sppsvc - ok22:15:14.0480 4196 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll22:15:14.0481 4196 sppuinotify - ok22:15:14.0487 4196 [ D6AB7C13FCDD2E4CAC35244D2C172D9A ] sptd C:\Windows\System32\Drivers\sptd.sys22:15:14.0491 4196 sptd - ok22:15:14.0496 4196 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys22:15:14.0498 4196 srv - ok22:15:14.0502 4196 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys22:15:14.0505 4196 srv2 - ok22:15:14.0508 4196 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys22:15:14.0510 4196 srvnet - ok22:15:14.0513 4196 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll22:15:14.0515 4196 SSDPSRV - ok22:15:14.0517 4196 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll22:15:14.0518 4196 SstpSvc - ok22:15:14.0520 4196 Steam Client Service - ok22:15:14.0525 4196 [ 2222073BE0232E70A397B8302293AA9D ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe22:15:14.0527 4196 Stereo Service - ok22:15:14.0529 4196 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys22:15:14.0530 4196 stexstor - ok22:15:14.0535 4196 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll22:15:14.0539 4196 stisvc - ok22:15:14.0541 4196 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys22:15:14.0541 4196 storflt - ok22:15:14.0543 4196 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys22:15:14.0544 4196 storvsc - ok22:15:14.0546 4196 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys22:15:14.0546 4196 swenum - ok22:15:14.0551 4196 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll22:15:14.0554 4196 swprv - ok22:15:14.0556 4196 Synth3dVsc - ok22:15:14.0568 4196 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll22:15:14.0578 4196 SysMain - ok22:15:14.0581 4196 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll22:15:14.0582 4196 TabletInputService - ok22:15:14.0586 4196 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll22:15:14.0588 4196 TapiSrv - ok22:15:14.0590 4196 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll22:15:14.0591 4196 TBS - ok22:15:14.0604 4196 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys22:15:14.0613 4196 Tcpip - ok22:15:14.0626 4196 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys22:15:14.0632 4196 TCPIP6 - ok22:15:14.0635 4196 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys22:15:14.0636 4196 tcpipreg - ok22:15:14.0639 4196 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys22:15:14.0639 4196 TDPIPE - ok22:15:14.0641 4196 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys22:15:14.0641 4196 TDTCP - ok22:15:14.0644 4196 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys22:15:14.0645 4196 tdx - ok22:15:14.0648 4196 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys22:15:14.0648 4196 TermDD - ok22:15:14.0654 4196 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll22:15:14.0659 4196 TermService - ok22:15:14.0661 4196 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll22:15:14.0662 4196 Themes - ok22:15:14.0664 4196 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll22:15:14.0665 4196 THREADORDER - ok22:15:14.0668 4196 [ E0267493FB897F96DF28D4023EB4E0DA ] Time C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe22:15:14.0668 4196 Time - ok22:15:14.0671 4196 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll22:15:14.0672 4196 TrkWks - ok22:15:14.0675 4196 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe22:15:14.0676 4196 TrustedInstaller - ok22:15:14.0678 4196 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys22:15:14.0679 4196 tssecsrv - ok22:15:14.0681 4196 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys22:15:14.0682 4196 TsUsbFlt - ok22:15:14.0683 4196 tsusbhub - ok22:15:14.0686 4196 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys22:15:14.0687 4196 tunnel - ok22:15:14.0689 4196 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys22:15:14.0690 4196 uagp35 - ok22:15:14.0694 4196 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys22:15:14.0696 4196 udfs - ok22:15:14.0699 4196 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe22:15:14.0701 4196 UI0Detect - ok22:15:14.0703 4196 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys22:15:14.0703 4196 uliagpkx - ok22:15:14.0706 4196 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys22:15:14.0707 4196 umbus - ok22:15:14.0709 4196 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys22:15:14.0710 4196 UmPass - ok22:15:14.0713 4196 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll22:15:14.0715 4196 UmRdpService - ok22:15:14.0716 4196 [ 8F387A1CC015A3F5020700C657A0FC85 ] UnsignedThemes C:\Windows\UnsignedThemesSvc.exe22:15:14.0717 4196 UnsignedThemes - ok22:15:14.0721 4196 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll22:15:14.0723 4196 upnphost - ok22:15:14.0726 4196 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys22:15:14.0727 4196 usbaudio - ok22:15:14.0729 4196 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys22:15:14.0730 4196 usbccgp - ok22:15:14.0732 4196 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys22:15:14.0733 4196 usbcir - ok22:15:14.0736 4196 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys22:15:14.0736 4196 usbehci - ok22:15:14.0740 4196 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys22:15:14.0742 4196 usbhub - ok22:15:14.0744 4196 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys22:15:14.0745 4196 usbohci - ok22:15:14.0747 4196 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys22:15:14.0748 4196 usbprint - ok22:15:14.0750 4196 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS22:15:14.0751 4196 USBSTOR - ok22:15:14.0752 4196 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys22:15:14.0753 4196 usbuhci - ok22:15:14.0755 4196 [ 297EE9C666FC8BB96A232DB0DDBA1E49 ] uxpatch C:\Windows\system32\drivers\uxpatch.sys22:15:14.0756 4196 uxpatch - ok22:15:14.0758 4196 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll22:15:14.0759 4196 UxSms - ok22:15:14.0760 4196 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe22:15:14.0761 4196 VaultSvc - ok22:15:14.0763 4196 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys22:15:14.0763 4196 vdrvroot - ok22:15:14.0768 4196 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe22:15:14.0772 4196 vds - ok22:15:14.0774 4196 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys22:15:14.0775 4196 vga - ok22:15:14.0776 4196 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys22:15:14.0777 4196 VgaSave - ok22:15:14.0778 4196 VGPU - ok22:15:14.0782 4196 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys22:15:14.0784 4196 vhdmp - ok22:15:14.0786 4196 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys22:15:14.0786 4196 viaide - ok22:15:14.0789 4196 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys22:15:14.0790 4196 vmbus - ok22:15:14.0792 4196 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys22:15:14.0793 4196 VMBusHID - ok22:15:14.0795 4196 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys22:15:14.0795 4196 volmgr - ok22:15:14.0814 4196 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys22:15:14.0817 4196 volmgrx - ok22:15:14.0821 4196 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys22:15:14.0823 4196 volsnap - ok22:15:14.0826 4196 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys22:15:14.0827 4196 vsmraid - ok22:15:14.0839 4196 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe22:15:14.0848 4196 VSS - ok22:15:14.0851 4196 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys22:15:14.0852 4196 vwifibus - ok22:15:14.0857 4196 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll22:15:14.0860 4196 W32Time - ok22:15:14.0863 4196 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys22:15:14.0863 4196 WacomPen - ok22:15:14.0866 4196 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys22:15:14.0866 4196 WANARP - ok22:15:14.0868 4196 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys22:15:14.0868 4196 Wanarpv6 - ok22:15:14.0878 4196 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe22:15:14.0885 4196 WatAdminSvc - ok22:15:14.0896 4196 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe22:15:14.0905 4196 wbengine - ok22:15:14.0908 4196 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll22:15:14.0910 4196 WbioSrvc - ok22:15:14.0914 4196 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll22:15:14.0917 4196 wcncsvc - ok22:15:14.0919 4196 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll22:15:14.0920 4196 WcsPlugInService - ok22:15:14.0922 4196 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys22:15:14.0923 4196 Wd - ok22:15:14.0929 4196 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys22:15:14.0933 4196 Wdf01000 - ok22:15:14.0935 4196 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll22:15:14.0937 4196 WdiServiceHost - ok22:15:14.0938 4196 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll22:15:14.0939 4196 WdiSystemHost - ok22:15:14.0943 4196 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll22:15:14.0945 4196 WebClient - ok22:15:14.0948 4196 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll22:15:14.0950 4196 Wecsvc - ok22:15:14.0953 4196 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll22:15:14.0954 4196 wercplsupport - ok22:15:14.0956 4196 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll22:15:14.0958 4196 WerSvc - ok22:15:14.0960 4196 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys22:15:14.0960 4196 WfpLwf - ok22:15:14.0962 4196 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys22:15:14.0962 4196 WIMMount - ok22:15:14.0964 4196 WinDefend - ok22:15:14.0966 4196 WinHttpAutoProxySvc - ok22:15:14.0973 4196 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll22:15:14.0974 4196 Winmgmt - ok22:15:14.0988 4196 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll22:15:14.0999 4196 WinRM - ok22:15:15.0008 4196 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll22:15:15.0014 4196 Wlansvc - ok22:15:15.0029 4196 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE22:15:15.0037 4196 wlidsvc - ok22:15:15.0039 4196 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys22:15:15.0040 4196 WmiAcpi - ok22:15:15.0044 4196 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe22:15:15.0045 4196 wmiApSrv - ok22:15:15.0047 4196 WMPNetworkSvc - ok22:15:15.0049 4196 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll22:15:15.0050 4196 WPCSvc - ok22:15:15.0053 4196 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll22:15:15.0055 4196 WPDBusEnum - ok22:15:15.0057 4196 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys22:15:15.0057 4196 ws2ifsl - ok22:15:15.0060 4196 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll22:15:15.0061 4196 wscsvc - ok22:15:15.0063 4196 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys22:15:15.0064 4196 WSDPrintDevice - ok22:15:15.0067 4196 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys22:15:15.0068 4196 WSDScan - ok22:15:15.0069 4196 WSearch - ok22:15:15.0086 4196 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll22:15:15.0099 4196 wuauserv - ok22:15:15.0105 4196 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys22:15:15.0106 4196 WudfPf - ok22:15:15.0109 4196 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys22:15:15.0111 4196 WUDFRd - ok22:15:15.0113 4196 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll22:15:15.0115 4196 wudfsvc - ok22:15:15.0119 4196 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll22:15:15.0121 4196 WwanSvc - ok22:15:15.0123 4196 [ 754C8BF43F0DD4B54865F174A62761E9 ] XENfiltv C:\Windows\system32\drivers\XENfiltv.sys22:15:15.0124 4196 XENfiltv - ok22:15:15.0131 4196 [ 4A5CE13408945E525503B5F73D29B9C5 ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys22:15:15.0134 4196 xnacc - ok22:15:15.0137 4196 [ 38F55D07B1D3391065C40EC065F984E2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys22:15:15.0138 4196 xusb21 - ok22:15:15.0139 4196 ================ Scan global ===============================22:15:15.0140 4196 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll22:15:15.0144 4196 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll22:15:15.0148 4196 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll22:15:15.0151 4196 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll22:15:15.0155 4196 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe22:15:15.0157 4196 [Global] - ok22:15:15.0157 4196 ================ Scan MBR ==================================22:15:15.0177 4196 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR122:15:15.0179 4196 \Device\Harddisk1\DR1 - ok22:15:15.0181 4196 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk3\DR322:15:15.0182 4196 \Device\Harddisk3\DR3 - ok22:15:15.0183 4196 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk4\DR422:15:15.0185 4196 \Device\Harddisk4\DR4 - ok22:15:15.0186 4196 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR022:15:15.0420 4196 \Device\Harddisk0\DR0 - ok22:15:15.0422 4196 [ 3051207086651214E435112E51817DC5 ] \Device\Harddisk2\DR222:15:15.0423 4196 \Device\Harddisk2\DR2 - ok22:15:15.0423 4196 ================ Scan VBR ==================================22:15:15.0428 4196 [ D7DD73D4EA8CAF00212F304696585AC4 ] \Device\Harddisk1\DR1\Partition122:15:15.0429 4196 \Device\Harddisk1\DR1\Partition1 - ok22:15:15.0444 4196 [ D04A9C62BFE6B7B702CE5C922C7726C3 ] \Device\Harddisk1\DR1\Partition222:15:15.0444 4196 \Device\Harddisk1\DR1\Partition2 - ok22:15:15.0446 4196 [ A8D12E1BFDD180BDB75C444DBA996646 ] \Device\Harddisk3\DR3\Partition122:15:15.0446 4196 \Device\Harddisk3\DR3\Partition1 - ok22:15:15.0447 4196 [ 67D03F05E3E056858AD371AB16AE62C3 ] \Device\Harddisk4\DR4\Partition122:15:15.0448 4196 \Device\Harddisk4\DR4\Partition1 - ok22:15:15.0449 4196 [ 68387BADA517CA609C46559969E15310 ] \Device\Harddisk4\DR4\Partition222:15:15.0449 4196 \Device\Harddisk4\DR4\Partition2 - ok22:15:15.0450 4196 [ 7C64B3655AE89EEB331DEC02A504E07E ] \Device\Harddisk0\DR0\Partition122:15:15.0451 4196 \Device\Harddisk0\DR0\Partition1 - ok22:15:15.0452 4196 [ 9F0FE16BBA29052D75A5BBA61556F315 ] \Device\Harddisk0\DR0\Partition222:15:15.0453 4196 \Device\Harddisk0\DR0\Partition2 - ok22:15:15.0454 4196 [ BC7145DAEB28EBA210D6AE03572C99AD ] \Device\Harddisk2\DR2\Partition122:15:15.0455 4196 \Device\Harddisk2\DR2\Partition1 - ok22:15:15.0455 4196 ============================================================22:15:15.0455 4196 Scan finished22:15:15.0455 4196 ============================================================22:15:15.0460 1364 Detected object count: 022:15:15.0460 1364 Actual detected object count: 022:15:27.0686 1184 Deinitialize success Link to post Share on other sites More sharing options...
gABBY Posted July 9, 2013 Author ID:700788 Share Posted July 9, 2013 Results of the MBAR test scan: Malwarebytes Anti-Rootkit BETA 1.06.0.1004www.malwarebytes.org Database version: v2013.07.09.08 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16618gABBY :: GABBY-PC [administrator] 9/07/2013 22:25:01mbar-log-2013-07-09 (22-25-01).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2PScan options disabled: PUPKernel memory modifications detected. Deep Anti-Rootkit Scan engaged.Objects scanned: 246401Time elapsed: 3 minute(s), 59 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) Physical Sectors Detected: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
gABBY Posted July 9, 2013 Author ID:700790 Share Posted July 9, 2013 The Combo FIX report: ComboFix 13-07-09.01 - gABBY 09/07/2013 22:31:22.1.4 - x64Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1033.18.8146.6165 [GMT 2:00]Gestart vanuit: c:\users\gABBY\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\SysWow64\frapsvid.dll..(((((((((((((((((((( Bestanden Gemaakt van 2013-06-09 to 2013-07-09 ))))))))))))))))))))))))))))))..2013-07-09 20:33 . 2013-07-09 20:33 -------- d-----w- c:\users\Default\AppData\Local\temp2013-07-09 20:18 . 2013-07-09 20:29 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2013-07-09 20:05 . 2012-07-27 00:33 15208 ----a-w- c:\windows\system32\drivers\nvflash.sys2013-07-09 17:03 . 2013-07-09 20:17 -------- d-----w- C:\Malware removel2013-07-09 15:55 . 2013-07-09 15:55 32000 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys2013-07-09 15:49 . 2013-07-09 15:50 -------- d-----w- c:\program files\HitmanPro2013-07-09 15:49 . 2013-07-09 15:54 -------- d-----w- c:\programdata\HitmanPro2013-07-09 14:51 . 2013-07-09 14:51 -------- d-----w- c:\programdata\Malwarebytes2013-07-09 14:51 . 2013-07-09 14:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-07-09 14:51 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2013-07-09 12:52 . 2013-07-09 12:52 569680 ----a-w- c:\programdata\Microsoft\Windows\Time\msvcp90.dll2013-07-09 12:52 . 2013-07-09 12:52 49664 ----a-w- c:\programdata\Microsoft\Windows\Time\w9xpopen.exe2013-07-09 12:52 . 2013-07-09 12:52 24064 ----a-w- c:\programdata\Microsoft\Windows\Time\TimeServer.exe2013-07-09 12:52 . 2013-07-09 12:52 2303488 ----a-w- c:\programdata\Microsoft\Windows\Time\python27.dll2013-07-09 12:52 . 2013-07-09 12:52 219648 ----a-w- c:\programdata\Microsoft\Windows\Time\boost_python-vc90-mt-1_48.dll2013-07-09 12:52 . 2013-07-09 12:52 10752 ----a-w- c:\programdata\Microsoft\Windows\Time\Time-svc.exe2013-07-09 12:52 . 2013-07-09 12:52 10240 ----a-w- c:\programdata\Microsoft\Windows\Time\WindowsTime.exe2013-07-09 08:18 . 2013-06-17 00:10 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38677760-460E-47D2-80AB-ECC8EFC63DC1}\mpengine.dll2013-07-03 08:46 . 2013-06-17 00:10 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-07-01 14:04 . 2013-07-01 14:04 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB094481-049E-4D8E-AB1C-2473ECAA55EA}\gapaengine.dll2013-06-29 12:25 . 2013-06-29 12:25 -------- d-----w- c:\program files (x86)\SoulseekQt2013-06-28 23:03 . 2013-06-28 23:03 -------- d-----w- c:\windows\SysWow64\xlive2013-06-28 23:03 . 2013-06-28 23:03 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE2013-06-28 23:01 . 2013-06-28 23:01 -------- d-----w- c:\windows\nl2013-06-28 23:01 . 2013-06-28 23:01 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition2013-06-28 23:00 . 2013-06-28 23:00 -------- d-----w- c:\program files\Windows Live2013-06-28 23:00 . 2013-06-28 23:00 -------- d-----w- c:\windows\PCHEALTH2013-06-28 23:00 . 2013-06-28 23:01 -------- d-----w- c:\program files (x86)\Windows Live2013-06-28 22:57 . 2013-06-28 22:57 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information2013-06-28 22:57 . 2013-06-28 22:57 -------- d--h--w- c:\programdata\CanonBJ2013-06-28 22:57 . 2012-03-14 03:00 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPAG.DLL2013-06-28 22:57 . 2012-03-14 03:00 30208 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDAG.DLL2013-06-28 22:57 . 2012-03-14 03:00 385024 ----a-w- c:\windows\system32\CNMLMAG.DLL2013-06-28 22:40 . 2013-07-09 17:30 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.exe2013-06-28 22:40 . 2013-07-09 17:29 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex02013-06-28 22:39 . 2013-07-09 17:30 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr2013-06-28 22:39 . 2013-06-28 22:44 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe2013-06-28 22:39 . 2013-06-28 22:39 -------- d-----w- c:\programdata\EA Core2013-06-28 22:39 . 2013-07-09 17:29 -------- d-----w- c:\programdata\EA Logs2013-06-28 22:30 . 2013-06-28 22:30 -------- d-----w- c:\program files (x86)\Winamp Detect2013-06-28 22:29 . 2013-06-28 22:30 -------- d-----w- c:\program files (x86)\Winamp2013-06-28 22:27 . 2012-01-13 09:23 1944064 ------w- c:\windows\system32\Sens_oal.dll2013-06-28 22:27 . 2012-01-13 09:21 2906586 ------w- c:\windows\SysWow64\Sens_oal.dll2013-06-28 22:27 . 2006-10-06 12:17 53248 ------w- c:\windows\Ctregrun.exe2013-06-28 22:27 . 2000-05-22 14:58 647872 ------w- c:\windows\SysWow64\Mscomct2.ocx2013-06-28 22:24 . 2009-09-11 09:06 166912 ------w- c:\windows\SysWow64\CTOPT352.dll2013-06-28 22:24 . 2009-09-11 09:06 183296 ------w- c:\windows\system32\CTOPT352.dll2013-06-28 22:24 . 2008-12-22 18:13 61440 ------w- c:\windows\SysWow64\CTChkAud.dll2013-06-28 22:24 . 2008-12-22 18:13 49664 ------w- c:\windows\system32\CTChkAud.dll2013-06-28 22:24 . 2006-12-05 11:53 42496 ------w- c:\windows\system32\AddCat.exe2013-06-28 21:20 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll2013-06-28 21:20 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll2013-06-28 21:16 . 2013-06-28 21:31 -------- d-----w- c:\programdata\Blizzard Entertainment2013-06-28 21:16 . 2013-06-28 21:31 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment2013-06-28 21:15 . 2013-06-28 21:15 -------- d-----w- c:\programdata\Battle.net2013-06-28 21:14 . 2013-06-28 21:14 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys2013-06-28 21:11 . 2013-06-28 21:11 564824 ----a-w- c:\windows\system32\drivers\sptd.sys2013-06-28 21:11 . 2013-06-28 21:17 -------- d-----w- c:\program files (x86)\DAEMON Tools Pro2013-06-28 21:11 . 2013-07-09 11:44 -------- d-----w- c:\programdata\DAEMON Tools Pro2013-06-28 21:08 . 2013-06-28 21:08 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-06-28 20:56 . 2013-06-28 20:56 -------- d-----w- c:\program files (x86)\ASUS2013-06-28 20:39 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll2013-06-28 20:39 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll2013-06-28 20:39 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll2013-06-28 20:39 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll2013-06-28 20:23 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-06-28 20:23 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys2013-06-28 20:23 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys2013-06-28 20:23 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys2013-06-28 20:23 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll2013-06-28 20:23 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys2013-06-28 20:23 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys2013-06-28 20:23 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll2013-06-28 20:23 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll2013-06-28 20:23 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll2013-06-28 20:23 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll2013-06-28 20:23 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe2013-06-28 20:08 . 2013-06-28 20:48 -------- d-----w- c:\windows\nl-NL2013-06-28 20:07 . 2003-06-12 21:25 7062 ----a-w- c:\windows\SysWow64\audiopid.vxd2013-06-28 20:07 . 2013-06-28 20:07 -------- d-----w- c:\program files (x86)\Common Files\Creative2013-06-28 20:07 . 2013-06-28 22:27 -------- d--h--w- c:\program files (x86)\Creative Installation Information2013-06-28 20:07 . 2013-06-28 20:07 -------- d-----w- c:\program files (x86)\Common Files\Creative Labs Shared2013-06-28 20:07 . 2013-06-28 22:27 -------- d-----w- c:\program files\Creative2013-06-28 20:07 . 2013-06-28 22:27 -------- d-----w- c:\program files (x86)\Creative2013-06-28 20:03 . 2013-06-28 20:24 -------- d-----w- c:\program files\Microsoft Silverlight2013-06-28 20:03 . 2013-06-28 20:24 -------- d-----w- c:\program files (x86)\Microsoft Silverlight2013-06-28 20:01 . 2013-06-28 20:04 -------- d-----w- c:\program files (x86)\Razer2013-06-28 20:01 . 2013-06-28 20:01 -------- d-----w- c:\programdata\Razer2013-06-28 19:57 . 2009-07-13 16:55 3584 ----a-w- c:\windows\system32\Spool\prtprocs\x64\nl-NL\LXKPTPRC.DLL.mui2013-06-28 19:53 . 2013-06-28 19:53 -------- d-----w- c:\windows\system32\SPReview2013-06-28 19:53 . 2013-06-28 19:53 -------- d-----w- c:\windows\system32\EventProviders2013-06-28 19:53 . 2013-06-28 19:53 -------- d-----w- c:\program files (x86)\Microsoft Security Client2013-06-28 19:52 . 2013-06-28 19:53 -------- d-----w- c:\program files\Microsoft Security Client2013-06-28 19:19 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys2013-06-28 18:54 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys2013-06-28 18:54 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys2013-06-28 18:54 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui2013-06-28 18:54 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll2013-06-28 18:49 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe2013-06-28 18:48 . 2013-06-17 00:10 9552976 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DB752D9D-BB05-496F-A2BC-BF4933E21717}\mpengine.dll2013-06-28 18:42 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll2013-06-28 18:42 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll2013-06-28 18:42 . 2013-06-28 22:30 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine2013-06-28 18:41 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll2013-06-28 18:41 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll2013-06-28 18:41 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll2013-06-28 18:41 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll2013-06-28 18:41 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll2013-06-28 18:41 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll2013-06-28 18:40 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll2013-06-28 18:40 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll2013-06-28 18:40 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys2013-06-28 18:40 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys2013-06-28 18:40 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe2013-06-28 18:40 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll2013-06-28 18:40 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll2013-06-28 18:38 . 2010-06-02 02:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll2013-06-28 18:38 . 2010-06-02 02:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll2013-06-28 18:38 . 2010-06-02 02:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll2013-06-28 18:38 . 2010-06-02 02:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll2013-06-28 18:38 . 2010-05-26 09:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll2013-06-28 18:38 . 2010-05-26 09:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll2013-06-28 18:38 . 2010-05-26 09:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll2013-06-28 18:38 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll2013-06-28 18:38 . 2009-09-04 15:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll..((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-06-28 20:14 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll2013-06-28 20:14 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll2013-06-28 18:41 . 2012-07-17 12:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2013-06-07 03:29 . 2013-06-07 03:29 126464 ----a-w- c:\windows\system32\drivers\rzudd.sys2013-06-07 03:29 . 2013-06-07 03:29 31232 ----a-w- c:\windows\system32\drivers\rzendpt.sys2013-06-02 15:11 . 2010-02-10 06:16 75825640 ----a-w- c:\windows\system32\MRT.exe2013-05-02 15:29 . 2010-02-10 06:18 278800 ------w- c:\windows\system32\MpSigStub.exe2013-04-13 05:49 . 2013-06-28 20:23 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll2013-04-13 05:49 . 2013-06-28 20:23 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll2013-04-13 05:49 . 2013-06-28 20:23 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll2013-04-13 05:49 . 2013-06-28 20:23 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll2013-04-13 04:45 . 2013-06-28 20:23 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll2013-04-13 04:45 . 2013-06-28 20:23 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll..((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))..*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-06-21 23:34 130736 ----a-w- c:\users\gABBY\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-06-21 23:34 130736 ----a-w- c:\users\gABBY\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-06-21 23:34 130736 ----a-w- c:\users\gABBY\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-06-21 23:34 130736 ----a-w- c:\users\gABBY\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"EADM"="c:\program files (x86)\Origin\Origin.exe" [2013-06-28 3456080]"Steam"="g:\gabby\Stiem\Steam.exe" [2013-07-08 1672616]"Akamai NetSession Interface"="c:\users\gABBY\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-10-23 3108480]"CreativeTaskScheduler"="c:\program files (x86)\Creative\Shared Files\CTSched.exe" [2006-11-17 53341].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2013-06-21 610152]"CTxfiHlp"="CTXFIHLP.EXE" [2010-07-07 24576].c:\users\gABBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\gABBY\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-6-22 27995640].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe;c:\windows\SysWOW64\ASGT.exe [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 Time;Time;c:\programdata\Microsoft\Windows\Time\Time-svc.exe;c:\programdata\Microsoft\Windows\Time\Time-svc.exe [x]R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 tsusbhub;tsusbhub;tsusbhub [x]S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys;c:\windows\SYSNATIVE\drivers\ha20x22k.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-06-28 18:23 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe.Inhoud van de 'Gedeelde Taken' map.2013-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-28 18:23].2013-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-28 18:23]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-06-21 23:34 164016 ----a-w- c:\users\gABBY\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-06-21 23:34 164016 ----a-w- c:\users\gABBY\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-06-21 23:34 164016 ----a-w- c:\users\gABBY\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-06-21 23:34 164016 ----a-w- c:\users\gABBY\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512].------- Bijkomende Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = <local>TCP: DhcpNameServer = 192.168.0.1.- - - - ORPHANS VERWIJDERD - - - -.Wow6432Node-HKLM-Run-<NO NAME> - (no file)HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start...--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------.[HKEY_USERS\S-1-5-21-3720129460-3011277818-515422470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.Email.1".[HKEY_USERS\S-1-5-21-3720129460-3011277818-515422470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.VCard.1".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Voltooingstijd: 2013-07-09 22:34:50ComboFix-quarantined-files.txt 2013-07-09 20:34.Pre-Run: 159.555.026.944 bytes beschikbaarPost-Run: 160.358.301.696 bytes beschikbaar.- - End Of File - - FEDEFDCB4DBA6DB3184CBCD6C415DEAEA36C5E4F47E84449FF07ED3517B43A31 Link to post Share on other sites More sharing options...
gABBY Posted July 9, 2013 Author ID:700791 Share Posted July 9, 2013 Security Check report: Results of screen317's Security Check version 0.99.68 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Microsoft Security Essentials (On Access scanning disabled!) Error obtaining update status for antivirus! `````````Anti-malware/Other Utilities Check:````````` Google Chrome 27.0.1453.116 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
gABBY Posted July 9, 2013 Author ID:700792 Share Posted July 9, 2013 And here are the rest of the reports: Reports.rar Link to post Share on other sites More sharing options...
gABBY Posted July 9, 2013 Author ID:700794 Share Posted July 9, 2013 Reboot of the PC Still overloads my GPU. So far the problem is NOT fixed. Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted July 9, 2013 ID:700795 Share Posted July 9, 2013 Let's do some more scanning:----------Step 1----------------Please download AdwCleaner by Xplode onto your desktop.Double click on AdwCleaner.exe to run the tool.Click on Search.A logfile will automatically open after the scan has finished.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[R1].txt as well.----------Step 2----------------Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.----------Step 3----------------We need to create a New FULL OTL ReportPlease download OTL from here if you have not done so already:Main MirrorSave it to your desktop.Double click on the OTL icon on your desktop.Click the "Scan All Users" checkbox.Change the "Extra Registry" option to "SafeList"Push the Run Scan button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimized----------Step 4 (note: this scan may take a little time)----------------I'd like us to scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window.ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check Click the button.Accept any security warnings from your browser.Check Push the Start button.ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, push Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Push the button.Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt----------Step 5----------------Please post the AdwCleaner logfile, the JRT.txt, the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.Let me know how things go. Link to post Share on other sites More sharing options...
gABBY Posted July 9, 2013 Author ID:700800 Share Posted July 9, 2013 ADW LOG: # AdwCleaner v2.304 - Logfile created 07/09/2013 at 22:56:09# Updated 03/07/2013 by Xplode# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)# User : gABBY - GABBY-PC# Boot Mode : Normal# Running from : C:\Users\gABBY\Desktop\AdwCleaner.exe# Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Found : HKCU\Software\Softonic ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16618 [OK] Registry is clean. -\\ Google Chrome v27.0.1453.116 File : C:\Users\gABBY\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [690 octets] - [09/07/2013 22:56:09] ########## EOF - C:\AdwCleaner[R1].txt - [749 octets] ########## Link to post Share on other sites More sharing options...
gABBY Posted July 9, 2013 Author ID:700802 Share Posted July 9, 2013 JRT LOG RESULTS: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 5.0.2 (07.09.2013:1)OS: Windows 7 Ultimate x64Ran by gABBY on di 09/07/2013 at 23:00:03,95~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on di 09/07/2013 at 23:02:00,04End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
gABBY Posted July 9, 2013 Author ID:700804 Share Posted July 9, 2013 The Two OTL FILES. PS: can't post them. Extras.TxtOTL.Txt Link to post Share on other sites More sharing options...
gABBY Posted July 9, 2013 Author ID:700806 Share Posted July 9, 2013 ESET Online scanner is running now. As I would like to say first of all, many thanks for the help. Second of it, So far the only program that fixed the GPU Load has been Roguekiller X64. When I run a scan with Roguekiller, my GPU Load instanly drops back to normal and the card cools down. Can you find this information usefull? Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted July 9, 2013 ID:700812 Share Posted July 9, 2013 No problem. As for Roguekiller, I have taken note of that. I have a hunch that those scans will reveal what we're looking for. Link to post Share on other sites More sharing options...
gABBY Posted July 10, 2013 Author ID:701025 Share Posted July 10, 2013 ESET ONLINE: E:\Games\ISO\PC\Assassins.Creed.II-SKIDROW\sr-acii.iso a variant of Win32/Packed.VMProtect.AAA trojan deleted - quarantinedE:\Games\ISO\PC\Assassins.Creed.III.Proper.RELOADED(diff-group) (1)\rld-aiii.iso a variant of Win32/Packed.VMProtect.AAD trojan deleted - quarantinedE:\Games\ISO\PC\Dirt 3 Skidrow\sr-dirt3.iso a variant of Win32/Packed.VMProtect.AAA trojan deleted - quarantinedE:\Games\ISO\PC\Hitman Sniper Challenge SKIDROW\sr-hmsc.iso multiple threats deleted - quarantinedE:\Games\ISO\PC\LEGO.Lord.of.the.Rings-RELOADED\rld-legolotr.iso a variant of Win32/Packed.VMProtect.AAH trojan deleted - quarantinedE:\Games\ISO\PC\The.Settlers.7-Razor1911\rzr-set7.iso a variant of Win32/Packed.VMProtect.AAA trojan deleted - quarantinedE:\Games\ISO\PC\The.Witcher.2.Assassins.of.Kings-SKIDROW\sr-tw2b.iso a variant of Win32/Packed.VMProtect.AAA trojan deleted - quarantinedE:\Games\ISO\PC\Tom.Clancys.Splinter.Cell.Conviction-SKIDROW (1)\sr-tcscc.iso a variant of Win32/Packed.VMProtect.AAA trojan deleted - quarantinedF:\ISO II\Games\Age.of.Empires.II.HD-RELOADED (1)\rld-aoe2hd.iso a variant of Win32/Packed.VMProtect.AAH trojan deleted - quarantinedF:\ISO II\Games\Brutal.Legend-RELOADED\rld-brutal.iso a variant of Win32/Packed.VMProtect.AAH trojan deleted - quarantinedF:\ISO II\Games\Lords.of.Football-RELOADED\rld-lof.iso a variant of Win32/Packed.VMProtect.AAH trojan deleted - quarantinedF:\ISO II\Games\Sniper.Elite.V2-SKIDROW\Sniper.Elite.V2-SKIDROW\sr-sev2.iso Win32/CoinMiner.BX trojan deleted - quarantinedF:\ISO II\Games\Tom.Clancys.Splinter.Cell.Conviction-SKIDROW\sr-tcscc.iso a variant of Win32/Packed.VMProtect.AAA trojan deleted - quarantinedG:\gABBY\Dirt 3\paul.dll a variant of Win32/Packed.VMProtect.AAA trojan cleaned by deleting - quarantinedG:\gABBY\Nfs Hp\NFSHP_Activator.exe a variant of Win32/Packed.VMProtect.AAD trojan cleaned by deleting - quarantinedG:\gABBY\Splinter Cell Conviction\src\system\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan cleaned by deleting - quarantined Link to post Share on other sites More sharing options...
gABBY Posted July 10, 2013 Author ID:701026 Share Posted July 10, 2013 There are all the reportsAdwCleanerR2.txtJRT.txtOTL.TxtExtras.Txtesset.txt Link to post Share on other sites More sharing options...
gABBY Posted July 10, 2013 Author ID:701027 Share Posted July 10, 2013 Just for the record, this is the inforeport of Roguekiller X64 that fixes the problem: RogueKiller V8.6.2 _x64_ [Jul 2 2013] by Tigzymail : tigzyRK<at>gmail<dot>comBlog : http://tigzyrk.blogspot.com/ besturingssysteem : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionGestart vanuit : Normale modusGebruiker : gABBY [Administrator rechten]Modus : Scan -- Datum : 07/10/2013 10:09:03| ARK || FAK || MBR | ¤¤¤ Kwaadaardige processen : 4 ¤¤¤[sUSP PATH] UnsignedThemesSvc.exe -- C:\Windows\UnsignedThemesSvc.exe [7] -> BEEINDIGD [TermProc][sUSP PATH] Time-svc.exe -- C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe [-] -> BEEINDIGD [TermProc][sUSP PATH] WindowsTime.exe -- C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe [-] -> BEEINDIGD [TermProc][sUSP PATH] TimeServer.exe -- C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe [-] -> BEEINDIGD [TermProc] ¤¤¤ Register verwijzingen : 6 ¤¤¤[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> gevonden[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> gevonden[HJ POL] HKLM\[...]\System : EnableLUA (0) -> gevonden[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> gevonden[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> gevonden[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> gevonden ¤¤¤ geplande taken : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ webbrowsers : 0 ¤¤¤ ¤¤¤ Speciale Files / Folders: ¤¤¤ ¤¤¤ Driver : [Niet geladen 0x0] ¤¤¤ ¤¤¤ Externe Hives: ¤¤¤ ¤¤¤ Infectie : ¤¤¤ ¤¤¤ HOSTS Bestand: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Controle: ¤¤¤ +++++ PhysicalDrive0: M4-CT256M4SSD2 ATA Device +++++--- User ---[MBR] 0d23b348d2c1cfda0f1d717ef1b7f29b[bSP] 69140a9e103c56ab9d8e3ee25e42471f : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 244096 MoUser = LL1 ... OK!User = LL2 ... OK! +++++ PhysicalDrive1: M4-CT256M4SSD2 ATA Device +++++--- User ---[MBR] 5057a53b6e9d493b07bca0896b95a165[bSP] e8de17188eb462e47d80e0b88d796f9b : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 450768 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 923379712 | Size: 502999 MoUser = LL1 ... OK!User = LL2 ... OK! +++++ PhysicalDrive2: M4-CT256M4SSD2 ATA Device +++++--- User ---[MBR] 6299662023e0323980a547460e6f7732[bSP] 28c086086aa4cef0d125a0e022edd09a : Windows XP MBR CodePartition table:0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 19 | Size: 1430795 MoUser = LL1 ... OK!User = LL2 ... OK! +++++ PhysicalDrive3: M4-CT256M4SSD2 ATA Device +++++--- User ---[MBR] 69cbf972354c8b7942556662812a0fe2[bSP] 69a6da2fe57410061c998d8e1c106d69 : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1430797 MoUser = LL1 ... OK!User = LL2 ... OK! +++++ PhysicalDrive4: M4-CT256M4SSD2 ATA Device +++++--- User ---[MBR] 9dcba7316fa7add442e1197eff5d1d14[bSP] 389a9930ab67a8fb9ac643c102198d19 : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953864 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1953515520 | Size: 953862 MoUser = LL1 ... OK!User = LL2 ... OK! Gereed : << RKreport[0]_S_07102013_100903.txt >>RKreport[0]_D_07092013_184058.txt;RKreport[0]_D_07092013_185523.txt;RKreport[0]_S_07092013_183701.txtRKreport[0]_S_07092013_184443.txt;RKreport[0]_S_07092013_224607.txt Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted July 10, 2013 ID:701209 Share Posted July 10, 2013 Sorry for the delay. Please do the following: ----------Step 1----------------We need to run an OTL FixPlease reopen on your desktop.Copy and Paste the following code into the textbox. :OTL[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32][HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32][HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]PRC - [2013/07/09 14:52:00 | 000,024,064 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Time\TimeServer.exePRC - [2013/07/09 14:52:00 | 000,010,752 | ---- | M] (Microsoft) -- C:\ProgramData\Microsoft\Windows\Time\Time-svc.exePRC - [2013/07/09 14:52:00 | 000,010,240 | ---- | M] (Microsoft) -- C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exeMOD - [2013/07/09 14:52:00 | 002,382,083 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Time\numpy.linalg.lapack_lite.pydMOD - [2013/07/09 14:52:00 | 002,222,455 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Time\numpy.core._dotblas.pydMOD - [2013/07/09 14:52:00 | 001,311,275 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Time\numpy.core.multiarray.pydMOD - [2013/07/09 14:52:00 | 000,577,536 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Time\pyopencl._cl.pydMOD - [2013/07/09 14:52:00 | 000,515,437 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Time\numpy.random.mtrand.pydMOD - [2013/07/09 14:52:00 | 000,410,432 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Time\numpy.core.umath.pydMOD - [2013/07/09 14:52:00 | 000,285,184 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Time\_hashlib.pydMOD - [2013/07/09 14:52:00 | 000,219,648 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Time\boost_python-vc90-mt-1_48.dllMOD - [2013/07/09 14:52:00 | 000,174,793 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Time\numpy.core.scalarmath.pydMOD - [2013/07/09 14:52:00 | 000,074,240 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Time\_ctypes.pydMOD - [2013/07/09 14:52:00 | 000,046,383 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Time\numpy.fft.fftpack_lite.pydMOD - [2013/07/09 14:52:00 | 000,041,019 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Time\numpy.lib._compiled_base.pydMOD - [2013/07/09 14:52:00 | 000,040,960 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Time\_socket.pydMOD - [2013/07/09 14:52:00 | 000,024,064 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Time\TimeServer.exeMOD - [2013/07/09 14:52:00 | 000,009,728 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Time\select.pydSRV - [2013/07/09 14:52:00 | 000,010,752 | ---- | M] (Microsoft) [Auto | Running] -- C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe -- (Time):FilesC:\ProgramData\Microsoft\Windows\Time:Commands[purity][emptytemp][emptyjava][emptyflash][Reboot]Push OTL may ask to reboot the machine. Please do so if asked.Click the OK button.A report will open. Copy and Paste that report in your next reply.----------Step 2----------------Instructions for DELETE:Close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.You will be prompted to restart your computer. A text file will open after the restart.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[s1].txt as well.Afterwards, please reboot the computer.----------Step 3----------------Please post the OTL and AdwCleaner reports in your next reply. How are things running now? Link to post Share on other sites More sharing options...
gABBY Posted July 10, 2013 Author ID:701250 Share Posted July 10, 2013 Hi! No problem for the delay! As I tried to fix it myself with some research in some other threads I foudn out that Roguekiller X64 did the job when I hit FIX. I then deleted the TIME map en restarted the time service of windows through services.msc. Al is working well now! Not a single error or alarm in any antimalware programs so far Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted July 10, 2013 ID:701274 Share Posted July 10, 2013 The instructions I have provided above should take care of the remaining pieces of the BitCoin miner . Link to post Share on other sites More sharing options...
gABBY Posted July 10, 2013 Author ID:701308 Share Posted July 10, 2013 OTL Report: All processes killed========== OTL ==========C:\Windows\assembly\Desktop.ini moved successfully.File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.No active process named TimeServer.exe was found!No active process named Time-svc.exe was found!No active process named WindowsTime.exe was found!Service Time stopped successfully!Service Time deleted successfully!File C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe not found.========== FILES ==========File\Folder C:\ProgramData\Microsoft\Windows\Time not found.========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: gABBY->Temp folder emptied: 103712517 bytes->Temporary Internet Files folder emptied: 8738215 bytes->Google Chrome cache emptied: 415430875 bytes User: Public->Temp folder emptied: 0 bytes User: UpdatusUser->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 40655914 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytesRecycleBin emptied: 0 bytes Total Files Cleaned = 542,00 mb [EMPTYJAVA] User: All Users User: Default User: Default User User: gABBY User: Public User: UpdatusUser Total Java Files Cleaned = 0,00 mb [EMPTYFLASH] User: All Users User: Default User: Default User User: gABBY User: Public User: UpdatusUser Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 07102013_231433 Files\Folders moved on Reboot...C:\Users\gABBY\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.C:\Users\gABBY\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted July 10, 2013 ID:701309 Share Posted July 10, 2013 Looks like that got the last of it. Your logs appear to be clean now. ------------- Unless there are any other issues, I will now provide you with some steps to better protect your computer.First, we need to remove ComboFix.The following will implement some cleanup procedures as well as reset System Restore points:Click Start > Run and copy/paste the following bolded text into the Run box and click OK:ComboFix /Uninstall -------------------Let's remove OTL and the other tools we used as well:Reopen on your desktop. Click on You will be prompted to reboot your system. Please do so.-------------------Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.-------------------It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.avast!.AntiVirAVGMicrosoft Security Essentials-------------------Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:Spybot-Search & DestroyA tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.SpywareBlasterA tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.SpywareGuardA tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.-------------------Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too. A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.These firewalls are good and do have free versions availableOutpost Firewall FreeOnline Armor FirewallA tutorial on understanding and using firewalls may be found here.-------------------Please keep your security programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time.-------------------Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:http://www.spywarewa...nti-spyware.htmA similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.-------------------Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.If you are interested, Firefox may be downloaded from hereOpera is available here: http://www.opera.com/download/-------------------For more useful information, please also read Tony Klein's excellent article: How did I get infected in the first placeHopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.-------------------I would grateful if you could reply to this post so that I know you have read it and, if you have no other questions, the thread can then be closed.I will leave the thread open for a few more days. If you need anything, just come back here and let me know. After that time you will have to send me a PM.---------------------------------------------------------My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against malware, then click here: Every little bit helps. -DFB Link to post Share on other sites More sharing options...
gABBY Posted July 10, 2013 Author ID:701310 Share Posted July 10, 2013 Yeah, bought me already an liscene to the pro version for real time protection! Anyway Mr D Fred Brown! All Hail to you! This topic may be closed and marked as FIXXXXXXXED! YAHOO! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 10, 2013 Root Admin ID:701317 Share Posted July 10, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts