Jump to content

Got a bitcoin mining virus on my PC. Gpu is under full load when idle.


Recommended Posts

Hello again, 

 

So the thing is that my Gpu is a constant high load even when idle. Temp goes up to 60° + idle. 

 

Some research brought me here and the knowledge of possible bitcoinminer virusses. 

 

So here are the first results of dds: 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16618
Run by gABBY at 22:08:06 on 2013-07-09
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.32.1033.18.8146.5658 [GMT 2:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\ASGT.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
G:\gABBY\Stiem\Steam.exe
C:\Users\gABBY\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Creative\Shared Files\CTSched.exe
C:\Users\gABBY\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\gABBY\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleCrashHandler64.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [steam] "G:\gABBY\Stiem\Steam.exe" -silent
uRun: [Akamai NetSession Interface] "C:\Users\gABBY\AppData\Local\Akamai\netsession_win.exe"
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
uRun: [CreativeTaskScheduler] "C:\Program Files (x86)\Creative\Shared Files\CTSched.exe" /logon
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
StartupFolder: C:\Users\gABBY\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\gABBY\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{FE940914-2182-427D-ABE4-B20A871B09D3} : DHCPNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-6-28 283200]
R2 ASGT;ASGT;C:\Windows\SysWOW64\ASGT.exe [2012-1-17 55296]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-6-21 413472]
R2 uxpatch;uxpatch;C:\Windows\System32\drivers\uxpatch.sys [2009-7-13 30568]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-7-7 230488]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-7-7 1445976]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-7-7 95320]
R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [2010-7-7 1612888]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-6-28 769168]
R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2013-6-7 31232]
R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2013-6-7 126464]
R4 IOMap;IOMap;C:\Windows\System32\drivers\IOMap64.sys [2013-6-28 23680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Time;Time;C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe [2013-7-9 10752]
S2 UnsignedThemes;Unsigned Themes;C:\Windows\UnsignedThemesSvc.exe [2009-7-13 24168]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2013-6-29 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2013-6-28 79360]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-7-7 230488]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-7-7 1445976]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-7-7 95320]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2013-7-9 32000]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-28 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-28 59392]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-28 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
S3 XENfiltv;XENfiltv;C:\Windows\System32\drivers\XENfiltv.sys [2009-7-31 25600]
SUnknown tsusbhub;tsusbhub; [x]
.
=============== Created Last 30 ================
.
2013-07-09 20:05:58 15208 ----a-w- C:\Windows\System32\drivers\nvflash.sys
2013-07-09 17:03:21 -------- d-----w- C:\Malware removel
2013-07-09 15:55:32 32000 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys
2013-07-09 15:49:58 -------- d-----w- C:\Program Files\HitmanPro
2013-07-09 15:49:45 -------- d-----w- C:\ProgramData\HitmanPro
2013-07-09 14:51:19 -------- d-----w- C:\Users\gABBY\AppData\Roaming\Malwarebytes
2013-07-09 14:51:07 -------- d-----w- C:\ProgramData\Malwarebytes
2013-07-09 14:51:06 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-07-09 14:51:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-09 14:39:45 -------- d-----w- C:\ProgramData\NVIDIA_Inspector
2013-07-09 14:04:29 -------- d-----w- C:\Users\gABBY\AppData\Roaming\MKKE
2013-07-09 12:52:00 569680 ----a-w- C:\ProgramData\Microsoft\Windows\Time\msvcp90.dll
2013-07-09 12:52:00 49664 ----a-w- C:\ProgramData\Microsoft\Windows\Time\w9xpopen.exe
2013-07-09 12:52:00 24064 ----a-w- C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe
2013-07-09 12:52:00 2303488 ----a-w- C:\ProgramData\Microsoft\Windows\Time\python27.dll
2013-07-09 12:52:00 219648 ----a-w- C:\ProgramData\Microsoft\Windows\Time\boost_python-vc90-mt-1_48.dll
2013-07-09 12:52:00 10752 ----a-w- C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe
2013-07-09 12:52:00 10240 ----a-w- C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe
2013-07-09 08:18:56 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{38677760-460E-47D2-80AB-ECC8EFC63DC1}\mpengine.dll
2013-07-03 08:46:06 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-01 14:04:10 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BB094481-049E-4D8E-AB1C-2473ECAA55EA}\gapaengine.dll
2013-06-29 16:48:30 -------- d-----r- C:\Users\gABBY\Dropbox
2013-06-29 16:47:32 -------- d-----w- C:\Users\gABBY\AppData\Roaming\Dropbox
2013-06-29 12:29:33 -------- d-----w- C:\Users\gABBY\AppData\Local\Soulseek Chat Logs
2013-06-29 12:25:02 -------- d-----w- C:\Program Files (x86)\SoulseekQt
2013-06-29 12:18:08 -------- d-----w- C:\Users\gABBY\AppData\Local\QuickPar
2013-06-28 23:15:19 -------- d-----w- C:\Users\gABBY\AppData\Roaming\Wargaming.net
2013-06-28 23:03:39 -------- d-----w- C:\Users\gABBY\AppData\Roaming\Windows Live Writer
2013-06-28 23:03:39 -------- d-----w- C:\Users\gABBY\AppData\Local\Windows Live Writer
2013-06-28 23:03:20 -------- d-----w- C:\Windows\SysWow64\xlive
2013-06-28 23:03:17 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-06-28 23:01:21 -------- d-----w- C:\Windows\nl
2013-06-28 23:01:06 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-06-28 23:00:52 -------- d-----w- C:\Windows\PCHEALTH
2013-06-28 22:57:34 99840 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPAG.DLL
2013-06-28 22:57:34 30208 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDAG.DLL
2013-06-28 22:57:25 385024 ----a-w- C:\Windows\System32\CNMLMAG.DLL
2013-06-28 22:54:04 -------- d-----w- C:\Users\gABBY\AppData\Roaming\NVIDIA
2013-06-28 22:40:17 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-06-28 22:40:17 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-06-28 22:39:58 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-06-28 22:39:52 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-06-28 22:39:52 -------- d-----w- C:\Users\gABBY\AppData\Local\PunkBuster
2013-06-28 22:39:31 -------- d-----w- C:\ProgramData\EA Core
2013-06-28 22:39:20 -------- d-----w- C:\ProgramData\EA Logs
2013-06-28 22:30:06 -------- d-----w- C:\Program Files (x86)\Winamp Detect
2013-06-28 22:27:25 2906586 ------w- C:\Windows\SysWow64\Sens_oal.dll
2013-06-28 22:27:25 1944064 ------w- C:\Windows\System32\Sens_oal.dll
2013-06-28 22:27:23 647872 ------w- C:\Windows\SysWow64\Mscomct2.ocx
2013-06-28 22:27:23 53248 ------w- C:\Windows\Ctregrun.exe
2013-06-28 22:24:11 61440 ------w- C:\Windows\SysWow64\CTChkAud.dll
2013-06-28 22:24:11 49664 ------w- C:\Windows\System32\CTChkAud.dll
2013-06-28 22:24:11 42496 ------w- C:\Windows\System32\AddCat.exe
2013-06-28 22:24:11 183296 ------w- C:\Windows\System32\CTOPT352.dll
2013-06-28 22:24:11 166912 ------w- C:\Windows\SysWow64\CTOPT352.dll
2013-06-28 21:45:07 -------- d-----w- C:\Users\gABBY\AppData\Local\NVIDIA
2013-06-28 21:20:57 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-06-28 21:20:57 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-06-28 21:16:55 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2013-06-28 21:16:55 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2013-06-28 21:15:00 -------- d-----w- C:\ProgramData\Battle.net
2013-06-28 21:14:19 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2013-06-28 21:11:38 564824 ----a-w- C:\Windows\System32\drivers\sptd.sys
2013-06-28 21:11:38 -------- d-----w- C:\Users\gABBY\AppData\Roaming\DAEMON Tools Pro
2013-06-28 21:11:34 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Pro
2013-06-28 21:11:09 -------- d-----w- C:\ProgramData\DAEMON Tools Pro
2013-06-28 21:08:53 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-28 20:56:55 -------- d-----w- C:\Program Files (x86)\ASUS
2013-06-28 20:54:52 2560 ----a-w- C:\Windows\System32\drivers\nl-NL\wdf01000.sys.mui
2013-06-28 20:39:12 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2013-06-28 20:39:12 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2013-06-28 20:39:11 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2013-06-28 20:39:11 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2013-06-28 20:25:30 6656 ----a-w- C:\Windows\System32\drivers\nl-NL\rdvgkmd.sys.mui
2013-06-28 20:25:30 2560 ----a-w- C:\Windows\System32\drivers\nl-NL\rdpwd.sys.mui
2013-06-28 20:25:29 4608 ----a-w- C:\Windows\System32\drivers\nl-NL\tsusbhub.sys.mui
2013-06-28 20:25:29 3584 ----a-w- C:\Windows\System32\drivers\nl-NL\tsusbflt.sys.mui
2013-06-28 20:25:27 3072 ----a-w- C:\Windows\System32\drivers\nl-NL\Dot4usb.sys.mui
2013-06-28 20:23:22 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-28 20:23:21 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-06-28 20:23:21 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2013-06-28 20:23:21 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-06-28 20:23:21 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-06-28 20:23:20 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2013-06-28 20:23:18 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-06-28 20:23:18 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-28 20:23:18 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-06-28 20:23:17 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-06-28 20:23:17 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-06-28 20:23:17 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-06-28 20:08:10 -------- d-----w- C:\Windows\nl-NL
2013-06-28 20:01:50 -------- d-----w- C:\Users\gABBY\AppData\Local\Razer
2013-06-28 19:53:16 -------- d-----w- C:\Windows\System32\SPReview
2013-06-28 19:53:14 -------- d-----w- C:\Windows\System32\EventProviders
2013-06-28 19:53:00 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-06-28 19:52:59 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-06-28 19:19:11 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-06-28 18:54:56 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-06-28 18:54:56 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-06-28 18:54:56 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-06-28 18:54:56 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-06-28 18:49:35 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2013-06-28 18:48:59 6219088 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-06-28 18:48:58 9552976 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DB752D9D-BB05-496F-A2BC-BF4933E21717}\mpengine.dll
2013-06-28 18:42:42 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll
2013-06-28 18:42:42 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2013-06-28 18:42:38 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2013-06-28 18:41:02 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2013-06-28 18:41:02 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-06-28 18:41:02 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-06-28 18:41:02 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-06-28 18:41:02 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-06-28 18:41:02 100864 ----a-w- C:\Windows\System32\fontsub.dll
2013-06-28 18:40:20 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-06-28 18:40:20 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-06-28 18:40:20 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-06-28 18:40:20 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-06-28 18:40:19 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-06-28 18:40:19 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-06-28 18:40:19 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-06-28 18:38:05 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2013-06-28 18:38:05 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
2013-06-28 18:38:05 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
2013-06-28 18:38:05 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2013-06-28 18:38:05 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
2013-06-28 18:38:05 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2013-06-28 18:38:05 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2013-06-28 18:38:05 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
2013-06-28 18:38:05 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2013-06-28 18:38:05 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2013-06-28 18:38:01 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2013-06-28 18:38:01 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2013-06-28 18:36:46 -------- d-----w- C:\Users\gABBY\AppData\Local\Akamai
2013-06-28 18:35:58 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2013-06-28 18:34:23 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-06-28 18:33:59 67072 ----a-w- C:\Windows\splwow64.exe
2013-06-28 18:32:36 -------- d-----w- C:\Program Files (x86)\QuickPar
2013-06-28 18:31:33 -------- d-----w- C:\Users\gABBY\AppData\Roaming\GrabIt
2013-06-28 18:31:08 -------- d-----w- C:\Program Files (x86)\GrabIt
2013-06-28 18:30:10 23680 ----a-w- C:\Windows\System32\drivers\IOMap64.sys
2013-06-28 18:27:56 -------- d-----w- C:\Windows\Downloaded Installations
2013-06-28 18:26:27 -------- d-----w- C:\Program Files\NVIDIA Corporation
2013-06-28 18:26:13 -------- d-----w- C:\NVIDIA
2013-06-28 18:25:13 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-06-28 18:25:13 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-06-28 18:25:13 20992 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2013-06-28 18:25:13 162816 ----a-w- C:\Windows\System32\rdpudd.dll
2013-06-28 18:25:13 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-06-28 18:23:36 -------- d-----w- C:\Users\gABBY\AppData\Local\Google
2013-06-28 18:23:32 -------- d-----w- C:\Users\gABBY\AppData\Local\Deployment
2013-06-28 18:23:32 -------- d-----w- C:\Users\gABBY\AppData\Local\Apps
2013-06-28 18:23:03 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-06-28 18:21:54 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-06-28 18:21:53 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-06-28 18:21:53 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-06-28 18:21:18 769168 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2013-06-28 18:21:18 74344 ----a-w- C:\Windows\System32\RtNicProp64.dll
2013-06-28 18:21:18 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2013-06-28 18:21:14 -------- d-----w- C:\Program Files (x86)\Realtek
2013-06-28 18:20:40 -------- d-----w- C:\gABBY
2013-06-28 18:12:36 -------- d-sh--we C:\Documents and Settings
2013-06-28 18:12:36 -------- d-sh--w- C:\Recovery
2013-06-24 11:20:22 768000 ----a-w- C:\Windows\SysWow64\rzdevicedll.dll
2013-06-21 03:16:02 566048 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-06-17 06:43:32 56832 ----a-w- C:\Windows\SysWow64\rzdevinfo.dll
2013-06-17 06:43:32 154112 ----a-w- C:\Windows\SysWow64\rztouchdll.dll
2013-06-17 06:43:28 117248 ----a-w- C:\Windows\SysWow64\rzdisplaydll.dll
2013-06-17 06:43:26 296448 ----a-w- C:\Windows\SysWow64\rzaudiodll.dll
.
==================== Find3M  ====================
.
2013-06-28 22:27:26 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
2013-06-28 22:27:26 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2013-06-28 22:27:26 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
2013-06-28 22:27:26 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2013-06-28 21:08:53 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-28 20:14:30 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-06-28 20:14:29 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-06-21 10:23:16 6496544 ----a-w- C:\Windows\System32\nvcpl.dll
2013-06-21 10:23:16 3514656 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-06-21 10:23:11 884512 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-06-21 10:23:10 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-06-21 10:23:10 2555680 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-06-21 10:23:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll
2013-06-20 04:17:49 3253909 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-06-07 03:29:52 126464 ----a-w- C:\Windows\System32\drivers\rzudd.sys
2013-06-07 03:29:50 31232 ----a-w- C:\Windows\System32\drivers\rzendpt.sys
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
.
============= FINISH: 22:08:11,31 ===============
 
Link to post
Share on other sites

Hello gABBY and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.

----------Step 1----------------

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.

    Vista/Windows 7 users right-click and select Run As Administrator.

  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.

  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
----------Step 2----------------

Please download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
----------Step 3----------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

----------Step 4----------------

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
----------Step 5----------------

In your next reply, please include the following:

  • TDSSKiller's logfile
  • MBAR mbar-log.txt and system-log.txt
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt
After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

 

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

Link to post
Share on other sites

tdsskiller results: 

 

22:14:37.0624 3512  TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
22:14:37.0701 3512  ============================================================
22:14:37.0701 3512  Current date / time: 2013/07/09 22:14:37.0701
22:14:37.0701 3512  SystemInfo:
22:14:37.0702 3512  
22:14:37.0702 3512  OS Version: 6.1.7601 ServicePack: 1.0
22:14:37.0702 3512  Product type: Workstation
22:14:37.0702 3512  ComputerName: GABBY-PC
22:14:37.0702 3512  UserName: gABBY
22:14:37.0702 3512  Windows directory: C:\Windows
22:14:37.0702 3512  System windows directory: C:\Windows
22:14:37.0702 3512  Running under WOW64
22:14:37.0702 3512  Processor architecture: Intel x64
22:14:37.0702 3512  Number of processors: 4
22:14:37.0702 3512  Page size: 0x1000
22:14:37.0702 3512  Boot type: Normal boot
22:14:37.0702 3512  ============================================================
22:14:38.0000 3512  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:14:38.0000 3512  Drive \Device\Harddisk3\DR3 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:14:38.0000 3512  Drive \Device\Harddisk4\DR4 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:14:38.0000 3512  Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:14:38.0001 3512  Drive \Device\Harddisk2\DR2 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:14:38.0008 3512  ============================================================
22:14:38.0008 3512  \Device\Harddisk1\DR1:
22:14:38.0008 3512  MBR partitions:
22:14:38.0008 3512  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x37068000
22:14:38.0009 3512  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x3709A800, BlocksNum 0x3D66B800
22:14:38.0009 3512  \Device\Harddisk3\DR3:
22:14:38.0009 3512  MBR partitions:
22:14:38.0009 3512  \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
22:14:38.0009 3512  \Device\Harddisk4\DR4:
22:14:38.0009 3512  MBR partitions:
22:14:38.0009 3512  \Device\Harddisk4\DR4\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74704000
22:14:38.0009 3512  \Device\Harddisk4\DR4\Partition2: MBR, Type 0x7, StartLBA 0x74704800, BlocksNum 0x74703000
22:14:38.0009 3512  \Device\Harddisk0\DR0:
22:14:38.0009 3512  MBR partitions:
22:14:38.0009 3512  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:14:38.0009 3512  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1DCC0000
22:14:38.0009 3512  \Device\Harddisk2\DR2:
22:14:38.0009 3512  MBR partitions:
22:14:38.0009 3512  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x13, BlocksNum 0xAEA85A4D
22:14:38.0009 3512  ============================================================
22:14:38.0011 3512  C: <-> \Device\Harddisk0\DR0\Partition2
22:14:38.0031 3512  D: <-> \Device\Harddisk1\DR1\Partition1
22:14:38.0039 3512  E: <-> \Device\Harddisk3\DR3\Partition1
22:14:38.0050 3512  F: <-> \Device\Harddisk2\DR2\Partition1
22:14:38.0076 3512  G: <-> \Device\Harddisk4\DR4\Partition1
22:14:38.0102 3512  H: <-> \Device\Harddisk1\DR1\Partition2
22:14:38.0122 3512  I: <-> \Device\Harddisk4\DR4\Partition2
22:14:38.0122 3512  ============================================================
22:14:38.0122 3512  Initialize success
22:14:38.0122 3512  ============================================================
22:15:11.0901 4196  ============================================================
22:15:11.0901 4196  Scan started
22:15:11.0901 4196  Mode: Manual; 
22:15:11.0901 4196  ============================================================
22:15:12.0608 4196  ================ Scan system memory ========================
22:15:12.0609 4196  System memory - ok
22:15:12.0609 4196  ================ Scan services =============================
22:15:12.0660 4196  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
22:15:12.0663 4196  1394ohci - ok
22:15:12.0670 4196  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:15:12.0674 4196  ACPI - ok
22:15:12.0678 4196  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:15:12.0679 4196  AcpiPmi - ok
22:15:12.0687 4196  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
22:15:12.0692 4196  adp94xx - ok
22:15:12.0697 4196  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
22:15:12.0700 4196  adpahci - ok
22:15:12.0704 4196  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
22:15:12.0706 4196  adpu320 - ok
22:15:12.0710 4196  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:15:12.0711 4196  AeLookupSvc - ok
22:15:12.0717 4196  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
22:15:12.0721 4196  AFD - ok
22:15:12.0724 4196  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
22:15:12.0725 4196  agp440 - ok
22:15:12.0727 4196  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
22:15:12.0729 4196  ALG - ok
22:15:12.0734 4196  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:15:12.0735 4196  aliide - ok
22:15:12.0738 4196  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
22:15:12.0738 4196  amdide - ok
22:15:12.0741 4196  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
22:15:12.0742 4196  AmdK8 - ok
22:15:12.0745 4196  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
22:15:12.0746 4196  AmdPPM - ok
22:15:12.0749 4196  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:15:12.0751 4196  amdsata - ok
22:15:12.0755 4196  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
22:15:12.0757 4196  amdsbs - ok
22:15:12.0759 4196  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:15:12.0760 4196  amdxata - ok
22:15:12.0763 4196  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
22:15:12.0764 4196  AppID - ok
22:15:12.0766 4196  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:15:12.0767 4196  AppIDSvc - ok
22:15:12.0770 4196  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
22:15:12.0771 4196  Appinfo - ok
22:15:12.0776 4196  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
22:15:12.0778 4196  AppMgmt - ok
22:15:12.0780 4196  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
22:15:12.0781 4196  arc - ok
22:15:12.0784 4196  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
22:15:12.0785 4196  arcsas - ok
22:15:12.0807 4196  [ E536856E96A7605EBF580D62A868E5FE ] ASGT            C:\Windows\SysWOW64\ASGT.exe
22:15:12.0807 4196  ASGT - ok
22:15:12.0818 4196  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:15:12.0819 4196  aspnet_state - ok
22:15:12.0821 4196  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:15:12.0822 4196  AsyncMac - ok
22:15:12.0824 4196  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
22:15:12.0824 4196  atapi - ok
22:15:12.0830 4196  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:15:12.0834 4196  AudioEndpointBuilder - ok
22:15:12.0839 4196  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
22:15:12.0842 4196  AudioSrv - ok
22:15:12.0844 4196  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:15:12.0845 4196  AxInstSV - ok
22:15:12.0850 4196  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
22:15:12.0853 4196  b06bdrv - ok
22:15:12.0857 4196  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
22:15:12.0859 4196  b57nd60a - ok
22:15:12.0862 4196  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:15:12.0864 4196  BDESVC - ok
22:15:12.0865 4196  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:15:12.0866 4196  Beep - ok
22:15:12.0874 4196  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
22:15:12.0878 4196  BFE - ok
22:15:12.0885 4196  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
22:15:12.0891 4196  BITS - ok
22:15:12.0893 4196  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:15:12.0894 4196  blbdrive - ok
22:15:12.0896 4196  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:15:12.0897 4196  bowser - ok
22:15:12.0899 4196  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:15:12.0900 4196  BrFiltLo - ok
22:15:12.0902 4196  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:15:12.0902 4196  BrFiltUp - ok
22:15:12.0905 4196  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
22:15:12.0907 4196  Browser - ok
22:15:12.0910 4196  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:15:12.0912 4196  Brserid - ok
22:15:12.0914 4196  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:15:12.0915 4196  BrSerWdm - ok
22:15:12.0916 4196  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:15:12.0917 4196  BrUsbMdm - ok
22:15:12.0919 4196  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:15:12.0919 4196  BrUsbSer - ok
22:15:12.0921 4196  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
22:15:12.0922 4196  BTHMODEM - ok
22:15:12.0925 4196  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
22:15:12.0926 4196  bthserv - ok
22:15:12.0928 4196  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:15:12.0929 4196  cdfs - ok
22:15:12.0931 4196  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:15:12.0933 4196  cdrom - ok
22:15:12.0936 4196  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
22:15:12.0937 4196  CertPropSvc - ok
22:15:12.0939 4196  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
22:15:12.0940 4196  circlass - ok
22:15:12.0944 4196  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
22:15:12.0946 4196  CLFS - ok
22:15:12.0952 4196  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:15:12.0953 4196  clr_optimization_v2.0.50727_32 - ok
22:15:12.0958 4196  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:15:12.0959 4196  clr_optimization_v2.0.50727_64 - ok
22:15:12.0969 4196  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:15:12.0970 4196  clr_optimization_v4.0.30319_32 - ok
22:15:12.0973 4196  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:15:12.0974 4196  clr_optimization_v4.0.30319_64 - ok
22:15:12.0976 4196  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:15:12.0976 4196  CmBatt - ok
22:15:12.0978 4196  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:15:12.0979 4196  cmdide - ok
22:15:12.0984 4196  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
22:15:12.0987 4196  CNG - ok
22:15:12.0989 4196  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:15:12.0989 4196  Compbatt - ok
22:15:12.0991 4196  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
22:15:12.0992 4196  CompositeBus - ok
22:15:12.0993 4196  COMSysApp - ok
22:15:12.0995 4196  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
22:15:12.0996 4196  crcdisk - ok
22:15:13.0000 4196  [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
22:15:13.0001 4196  Creative ALchemy AL6 Licensing Service - ok
22:15:13.0003 4196  [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
22:15:13.0004 4196  Creative Audio Engine Licensing Service - ok
22:15:13.0008 4196  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:15:13.0009 4196  CryptSvc - ok
22:15:13.0015 4196  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
22:15:13.0018 4196  CSC - ok
22:15:13.0024 4196  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
22:15:13.0028 4196  CscService - ok
22:15:13.0031 4196  [ 148C9C111291C41D6B2ABFB6FBB43856 ] CT20XUT         C:\Windows\system32\drivers\CT20XUT.SYS
22:15:13.0032 4196  CT20XUT - ok
22:15:13.0035 4196  [ 148C9C111291C41D6B2ABFB6FBB43856 ] CT20XUT.SYS     C:\Windows\System32\drivers\CT20XUT.SYS
22:15:13.0036 4196  CT20XUT.SYS - ok
22:15:13.0041 4196  [ 397FBD4454E5B2FB77E55D1013DF548C ] ctac32k         C:\Windows\system32\drivers\ctac32k.sys
22:15:13.0044 4196  ctac32k - ok
22:15:13.0051 4196  [ 50A8CD4DF066FE57D0C473A2645988CC ] ctaud2k         C:\Windows\system32\drivers\ctaud2k.sys
22:15:13.0053 4196  ctaud2k - ok
22:15:13.0059 4196  [ EDBA1382E5D7D1E71442B43E170CF8D4 ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
22:15:13.0060 4196  CTAudSvcService - ok
22:15:13.0071 4196  [ 6F9C3C6C78F5296F4BC7102FB0F7CB65 ] CTEXFIFX        C:\Windows\system32\drivers\CTEXFIFX.SYS
22:15:13.0075 4196  CTEXFIFX - ok
22:15:13.0086 4196  [ 6F9C3C6C78F5296F4BC7102FB0F7CB65 ] CTEXFIFX.SYS    C:\Windows\System32\drivers\CTEXFIFX.SYS
22:15:13.0091 4196  CTEXFIFX.SYS - ok
22:15:13.0093 4196  [ AE78CA7EE865A28AC841211DB655ACF3 ] CTHWIUT         C:\Windows\system32\drivers\CTHWIUT.SYS
22:15:13.0094 4196  CTHWIUT - ok
22:15:13.0096 4196  [ AE78CA7EE865A28AC841211DB655ACF3 ] CTHWIUT.SYS     C:\Windows\System32\drivers\CTHWIUT.SYS
22:15:13.0096 4196  CTHWIUT.SYS - ok
22:15:13.0098 4196  [ 757776E207CA5E71E4A16BD1260AE1F2 ] ctprxy2k        C:\Windows\system32\drivers\ctprxy2k.sys
22:15:13.0098 4196  ctprxy2k - ok
22:15:13.0101 4196  [ 9B111EE2F488A8D9C21A13ED4C777795 ] ctsfm2k         C:\Windows\system32\drivers\ctsfm2k.sys
22:15:13.0102 4196  ctsfm2k - ok
22:15:13.0108 4196  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:15:13.0111 4196  DcomLaunch - ok
22:15:13.0115 4196  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
22:15:13.0117 4196  defragsvc - ok
22:15:13.0120 4196  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:15:13.0121 4196  DfsC - ok
22:15:13.0124 4196  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:15:13.0127 4196  Dhcp - ok
22:15:13.0129 4196  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
22:15:13.0129 4196  discache - ok
22:15:13.0131 4196  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
22:15:13.0132 4196  Disk - ok
22:15:13.0135 4196  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:15:13.0136 4196  Dnscache - ok
22:15:13.0140 4196  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:15:13.0142 4196  dot3svc - ok
22:15:13.0145 4196  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
22:15:13.0146 4196  DPS - ok
22:15:13.0148 4196  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:15:13.0149 4196  drmkaud - ok
22:15:13.0152 4196  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
22:15:13.0153 4196  dtsoftbus01 - ok
22:15:13.0161 4196  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:15:13.0164 4196  DXGKrnl - ok
22:15:13.0167 4196  [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
22:15:13.0168 4196  E1G60 - ok
22:15:13.0171 4196  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
22:15:13.0172 4196  EapHost - ok
22:15:13.0193 4196  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
22:15:13.0210 4196  ebdrv - ok
22:15:13.0222 4196  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
22:15:13.0223 4196  EFS - ok
22:15:13.0234 4196  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:15:13.0238 4196  ehRecvr - ok
22:15:13.0241 4196  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
22:15:13.0242 4196  ehSched - ok
22:15:13.0247 4196  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
22:15:13.0250 4196  elxstor - ok
22:15:13.0253 4196  [ 683DCAF0D4EFC3F95A32E8924849202D ] emupia          C:\Windows\system32\drivers\emupia2k.sys
22:15:13.0253 4196  emupia - ok
22:15:13.0255 4196  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:15:13.0256 4196  ErrDev - ok
22:15:13.0261 4196  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
22:15:13.0263 4196  EventSystem - ok
22:15:13.0266 4196  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
22:15:13.0268 4196  exfat - ok
22:15:13.0271 4196  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:15:13.0272 4196  fastfat - ok
22:15:13.0278 4196  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
22:15:13.0283 4196  Fax - ok
22:15:13.0285 4196  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
22:15:13.0285 4196  fdc - ok
22:15:13.0287 4196  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
22:15:13.0287 4196  fdPHost - ok
22:15:13.0289 4196  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:15:13.0290 4196  FDResPub - ok
22:15:13.0292 4196  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:15:13.0293 4196  FileInfo - ok
22:15:13.0294 4196  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:15:13.0295 4196  Filetrace - ok
22:15:13.0297 4196  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:15:13.0297 4196  flpydisk - ok
22:15:13.0301 4196  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:15:13.0303 4196  FltMgr - ok
22:15:13.0311 4196  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
22:15:13.0318 4196  FontCache - ok
22:15:13.0321 4196  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:15:13.0322 4196  FontCache3.0.0.0 - ok
22:15:13.0324 4196  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:15:13.0324 4196  FsDepends - ok
22:15:13.0326 4196  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:15:13.0327 4196  Fs_Rec - ok
22:15:13.0330 4196  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:15:13.0331 4196  fvevol - ok
22:15:13.0334 4196  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
22:15:13.0335 4196  gagp30kx - ok
22:15:13.0343 4196  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
22:15:13.0348 4196  gpsvc - ok
22:15:13.0352 4196  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:15:13.0354 4196  gupdate - ok
22:15:13.0355 4196  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:15:13.0356 4196  gupdatem - ok
22:15:13.0367 4196  [ 076F366B87575ADC7D152C7A34ACB3DC ] ha20x22k        C:\Windows\system32\drivers\ha20x22k.sys
22:15:13.0372 4196  ha20x22k - ok
22:15:13.0383 4196  [ 4A7533EB52DC9D1847E7F78DEE1CE322 ] ha20x2k         C:\Windows\system32\drivers\ha20x2k.sys
22:15:13.0391 4196  ha20x2k - ok
22:15:13.0394 4196  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:15:13.0394 4196  hcw85cir - ok
22:15:13.0398 4196  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:15:13.0401 4196  HdAudAddService - ok
22:15:13.0403 4196  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
22:15:13.0404 4196  HDAudBus - ok
22:15:13.0406 4196  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
22:15:13.0407 4196  HidBatt - ok
22:15:13.0409 4196  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
22:15:13.0410 4196  HidBth - ok
22:15:13.0413 4196  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
22:15:13.0413 4196  HidIr - ok
22:15:13.0415 4196  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
22:15:13.0416 4196  hidserv - ok
22:15:13.0418 4196  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:15:13.0419 4196  HidUsb - ok
22:15:13.0421 4196  [ 6B415E7AE774B9118360F559F627468E ] hitmanpro37     C:\Windows\system32\drivers\hitmanpro37.sys
22:15:13.0421 4196  hitmanpro37 - ok
22:15:13.0424 4196  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:15:13.0425 4196  hkmsvc - ok
22:15:13.0428 4196  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:15:13.0430 4196  HomeGroupListener - ok
22:15:13.0434 4196  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:15:13.0435 4196  HomeGroupProvider - ok
22:15:13.0437 4196  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:15:13.0438 4196  HpSAMD - ok
22:15:13.0444 4196  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:15:13.0448 4196  HTTP - ok
22:15:13.0450 4196  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:15:13.0450 4196  hwpolicy - ok
22:15:13.0453 4196  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
22:15:13.0454 4196  i8042prt - ok
22:15:13.0458 4196  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:15:13.0461 4196  iaStorV - ok
22:15:13.0468 4196  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:15:13.0473 4196  idsvc - ok
22:15:13.0475 4196  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
22:15:13.0476 4196  iirsp - ok
22:15:13.0483 4196  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
22:15:13.0488 4196  IKEEXT - ok
22:15:13.0491 4196  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
22:15:13.0492 4196  intelide - ok
22:15:13.0495 4196  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:15:13.0495 4196  intelppm - ok
22:15:13.0497 4196  [ A01C412699B6F21645B2885C2BAE4454 ] IOMap           C:\Windows\system32\drivers\IOMap64.sys
22:15:13.0498 4196  IOMap - ok
22:15:13.0500 4196  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:15:13.0501 4196  IPBusEnum - ok
22:15:13.0504 4196  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:15:13.0505 4196  IpFilterDriver - ok
22:15:13.0510 4196  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:15:13.0513 4196  iphlpsvc - ok
22:15:13.0516 4196  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:15:13.0517 4196  IPMIDRV - ok
22:15:13.0519 4196  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:15:13.0520 4196  IPNAT - ok
22:15:13.0522 4196  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:15:13.0523 4196  IRENUM - ok
22:15:13.0525 4196  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:15:13.0525 4196  isapnp - ok
22:15:13.0529 4196  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:15:13.0531 4196  iScsiPrt - ok
22:15:13.0533 4196  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
22:15:13.0533 4196  kbdclass - ok
22:15:13.0535 4196  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
22:15:13.0536 4196  kbdhid - ok
22:15:13.0537 4196  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
22:15:13.0538 4196  KeyIso - ok
22:15:13.0540 4196  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:15:13.0541 4196  KSecDD - ok
22:15:13.0544 4196  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:15:13.0545 4196  KSecPkg - ok
22:15:13.0547 4196  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:15:13.0547 4196  ksthunk - ok
22:15:13.0551 4196  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:15:13.0554 4196  KtmRm - ok
22:15:13.0557 4196  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:15:13.0560 4196  LanmanServer - ok
22:15:13.0562 4196  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:15:13.0564 4196  LanmanWorkstation - ok
22:15:13.0567 4196  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:15:13.0567 4196  lltdio - ok
22:15:13.0571 4196  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:15:13.0574 4196  lltdsvc - ok
22:15:13.0575 4196  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:15:13.0576 4196  lmhosts - ok
22:15:13.0579 4196  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
22:15:13.0580 4196  LSI_FC - ok
22:15:13.0582 4196  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
22:15:13.0583 4196  LSI_SAS - ok
22:15:13.0585 4196  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:15:13.0586 4196  LSI_SAS2 - ok
22:15:13.0588 4196  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:15:13.0589 4196  LSI_SCSI - ok
22:15:13.0591 4196  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
22:15:13.0592 4196  luafv - ok
22:15:13.0595 4196  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:15:13.0596 4196  Mcx2Svc - ok
22:15:13.0597 4196  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
22:15:13.0598 4196  megasas - ok
22:15:13.0602 4196  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
22:15:13.0604 4196  MegaSR - ok
22:15:13.0606 4196  [ 2BB3EAE2EA641515D4B205CAB29E1624 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
22:15:13.0607 4196  MEIx64 - ok
22:15:13.0609 4196  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
22:15:13.0610 4196  MMCSS - ok
22:15:13.0612 4196  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
22:15:13.0613 4196  Modem - ok
22:15:13.0615 4196  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:15:13.0615 4196  monitor - ok
22:15:13.0617 4196  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
22:15:13.0617 4196  mouclass - ok
22:15:13.0619 4196  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:15:13.0620 4196  mouhid - ok
22:15:13.0623 4196  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:15:13.0624 4196  mountmgr - ok
22:15:13.0628 4196  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
22:15:13.0629 4196  MpFilter - ok
22:15:13.0632 4196  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:15:13.0634 4196  mpio - ok
22:15:13.0636 4196  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:15:13.0637 4196  mpsdrv - ok
22:15:13.0643 4196  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:15:13.0649 4196  MpsSvc - ok
22:15:13.0652 4196  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:15:13.0654 4196  MRxDAV - ok
22:15:13.0657 4196  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:15:13.0658 4196  mrxsmb - ok
22:15:13.0661 4196  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:15:13.0663 4196  mrxsmb10 - ok
22:15:13.0666 4196  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:15:13.0667 4196  mrxsmb20 - ok
22:15:13.0669 4196  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:15:13.0669 4196  msahci - ok
22:15:13.0672 4196  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:15:13.0673 4196  msdsm - ok
22:15:13.0675 4196  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
22:15:13.0677 4196  MSDTC - ok
22:15:13.0680 4196  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:15:13.0681 4196  Msfs - ok
22:15:13.0683 4196  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:15:13.0683 4196  mshidkmdf - ok
22:15:13.0685 4196  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:15:13.0685 4196  msisadrv - ok
22:15:13.0688 4196  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:15:13.0690 4196  MSiSCSI - ok
22:15:13.0692 4196  msiserver - ok
22:15:13.0694 4196  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:15:13.0694 4196  MSKSSRV - ok
22:15:13.0698 4196  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
22:15:13.0699 4196  MsMpSvc - ok
22:15:13.0700 4196  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:15:13.0701 4196  MSPCLOCK - ok
22:15:13.0702 4196  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:15:13.0703 4196  MSPQM - ok
22:15:13.0707 4196  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:15:13.0709 4196  MsRPC - ok
22:15:13.0712 4196  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
22:15:13.0712 4196  mssmbios - ok
22:15:13.0714 4196  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:15:13.0714 4196  MSTEE - ok
22:15:13.0716 4196  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
22:15:13.0716 4196  MTConfig - ok
22:15:13.0718 4196  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
22:15:13.0719 4196  Mup - ok
22:15:13.0723 4196  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
22:15:13.0727 4196  napagent - ok
22:15:13.0731 4196  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:15:13.0733 4196  NativeWifiP - ok
22:15:13.0741 4196  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:15:13.0746 4196  NDIS - ok
22:15:13.0749 4196  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:15:13.0749 4196  NdisCap - ok
22:15:13.0751 4196  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:15:13.0752 4196  NdisTapi - ok
22:15:13.0754 4196  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:15:13.0755 4196  Ndisuio - ok
22:15:13.0758 4196  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:15:13.0759 4196  NdisWan - ok
22:15:13.0761 4196  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:15:13.0762 4196  NDProxy - ok
22:15:13.0764 4196  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:15:13.0765 4196  NetBIOS - ok
22:15:13.0768 4196  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:15:13.0770 4196  NetBT - ok
22:15:13.0771 4196  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
22:15:13.0772 4196  Netlogon - ok
22:15:13.0777 4196  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
22:15:13.0780 4196  Netman - ok
22:15:13.0782 4196  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:15:13.0783 4196  NetMsmqActivator - ok
22:15:13.0785 4196  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:15:13.0786 4196  NetPipeActivator - ok
22:15:13.0790 4196  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
22:15:13.0792 4196  netprofm - ok
22:15:13.0794 4196  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:15:13.0795 4196  NetTcpActivator - ok
22:15:13.0797 4196  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:15:13.0797 4196  NetTcpPortSharing - ok
22:15:13.0800 4196  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
22:15:13.0801 4196  nfrd960 - ok
22:15:13.0804 4196  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:15:13.0804 4196  NisDrv - ok
22:15:13.0808 4196  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
22:15:13.0809 4196  NisSrv - ok
22:15:13.0813 4196  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:15:13.0815 4196  NlaSvc - ok
22:15:13.0817 4196  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:15:13.0818 4196  Npfs - ok
22:15:13.0821 4196  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
22:15:13.0822 4196  nsi - ok
22:15:13.0824 4196  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:15:13.0824 4196  nsiproxy - ok
22:15:13.0836 4196  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:15:13.0845 4196  Ntfs - ok
22:15:13.0847 4196  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
22:15:13.0848 4196  Null - ok
22:15:13.0851 4196  [ 805F0C2B9C07E4C0F74D0EF70E9E827A ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
22:15:13.0852 4196  NVHDA - ok
22:15:13.0941 4196  [ EE6B7B6A54BCAFF516E30B1C15467495 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:15:13.0976 4196  nvlddmkm - ok
22:15:13.0981 4196  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:15:13.0983 4196  nvraid - ok
22:15:13.0985 4196  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:15:13.0987 4196  nvstor - ok
22:15:13.0993 4196  [ 25626309AD2F81D47C829CCB5E46E478 ] nvsvc           C:\Windows\system32\nvvsvc.exe
22:15:13.0997 4196  nvsvc - ok
22:15:14.0009 4196  [ A9AFE5B0648C8D7A411A72D8222F7F6E ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:15:14.0015 4196  nvUpdatusService - ok
22:15:14.0018 4196  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:15:14.0019 4196  nv_agp - ok
22:15:14.0021 4196  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:15:14.0022 4196  ohci1394 - ok
22:15:14.0024 4196  [ A29A80A1CF63D0DC27EEFCAF27D34664 ] ossrv           C:\Windows\system32\drivers\ctoss2k.sys
22:15:14.0025 4196  ossrv - ok
22:15:14.0029 4196  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:15:14.0032 4196  p2pimsvc - ok
22:15:14.0036 4196  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:15:14.0040 4196  p2psvc - ok
22:15:14.0042 4196  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
22:15:14.0043 4196  Parport - ok
22:15:14.0045 4196  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:15:14.0046 4196  partmgr - ok
22:15:14.0049 4196  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:15:14.0050 4196  PcaSvc - ok
22:15:14.0053 4196  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
22:15:14.0054 4196  pci - ok
22:15:14.0056 4196  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
22:15:14.0057 4196  pciide - ok
22:15:14.0060 4196  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
22:15:14.0061 4196  pcmcia - ok
22:15:14.0063 4196  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:15:14.0063 4196  pcw - ok
22:15:14.0069 4196  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:15:14.0072 4196  PEAUTH - ok
22:15:14.0082 4196  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
22:15:14.0089 4196  PeerDistSvc - ok
22:15:14.0107 4196  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:15:14.0108 4196  PerfHost - ok
22:15:14.0120 4196  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
22:15:14.0128 4196  pla - ok
22:15:14.0132 4196  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:15:14.0135 4196  PlugPlay - ok
22:15:14.0137 4196  PnkBstrA - ok
22:15:14.0139 4196  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:15:14.0140 4196  PNRPAutoReg - ok
22:15:14.0144 4196  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:15:14.0145 4196  PNRPsvc - ok
22:15:14.0150 4196  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:15:14.0153 4196  PolicyAgent - ok
22:15:14.0157 4196  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
22:15:14.0159 4196  Power - ok
22:15:14.0161 4196  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:15:14.0162 4196  PptpMiniport - ok
22:15:14.0164 4196  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
22:15:14.0165 4196  Processor - ok
22:15:14.0168 4196  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:15:14.0170 4196  ProfSvc - ok
22:15:14.0171 4196  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:15:14.0172 4196  ProtectedStorage - ok
22:15:14.0175 4196  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:15:14.0175 4196  Psched - ok
22:15:14.0186 4196  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
22:15:14.0194 4196  ql2300 - ok
22:15:14.0197 4196  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
22:15:14.0198 4196  ql40xx - ok
22:15:14.0201 4196  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
22:15:14.0203 4196  QWAVE - ok
22:15:14.0205 4196  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:15:14.0206 4196  QWAVEdrv - ok
22:15:14.0208 4196  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:15:14.0208 4196  RasAcd - ok
22:15:14.0210 4196  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:15:14.0211 4196  RasAgileVpn - ok
22:15:14.0220 4196  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
22:15:14.0223 4196  RasAuto - ok
22:15:14.0235 4196  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:15:14.0239 4196  Rasl2tp - ok
22:15:14.0247 4196  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
22:15:14.0250 4196  RasMan - ok
22:15:14.0252 4196  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:15:14.0253 4196  RasPppoe - ok
22:15:14.0256 4196  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:15:14.0257 4196  RasSstp - ok
22:15:14.0260 4196  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:15:14.0262 4196  rdbss - ok
22:15:14.0264 4196  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
22:15:14.0265 4196  rdpbus - ok
22:15:14.0266 4196  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:15:14.0266 4196  RDPCDD - ok
22:15:14.0270 4196  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
22:15:14.0272 4196  RDPDR - ok
22:15:14.0273 4196  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:15:14.0274 4196  RDPENCDD - ok
22:15:14.0276 4196  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:15:14.0276 4196  RDPREFMP - ok
22:15:14.0279 4196  [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:15:14.0279 4196  RdpVideoMiniport - ok
22:15:14.0283 4196  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:15:14.0284 4196  RDPWD - ok
22:15:14.0287 4196  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:15:14.0289 4196  rdyboost - ok
22:15:14.0291 4196  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:15:14.0293 4196  RemoteAccess - ok
22:15:14.0296 4196  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:15:14.0297 4196  RemoteRegistry - ok
22:15:14.0302 4196  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:15:14.0304 4196  RpcEptMapper - ok
22:15:14.0305 4196  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
22:15:14.0306 4196  RpcLocator - ok
22:15:14.0311 4196  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
22:15:14.0313 4196  RpcSs - ok
22:15:14.0315 4196  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:15:14.0316 4196  rspndr - ok
22:15:14.0323 4196  [ B358C047E081AC70035017BD1D7ED818 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
22:15:14.0325 4196  RTL8167 - ok
22:15:14.0328 4196  [ D1EC7582EBB4EF184B432C3167EF0466 ] rzendpt         C:\Windows\system32\DRIVERS\rzendpt.sys
22:15:14.0328 4196  rzendpt - ok
22:15:14.0330 4196  [ 2A4CAD463AC2B03CC110EFB1B043099B ] rzudd           C:\Windows\system32\DRIVERS\rzudd.sys
22:15:14.0331 4196  rzudd - ok
22:15:14.0333 4196  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
22:15:14.0333 4196  s3cap - ok
22:15:14.0335 4196  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
22:15:14.0335 4196  SamSs - ok
22:15:14.0338 4196  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:15:14.0339 4196  sbp2port - ok
22:15:14.0342 4196  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:15:14.0344 4196  SCardSvr - ok
22:15:14.0346 4196  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:15:14.0346 4196  scfilter - ok
22:15:14.0354 4196  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
22:15:14.0361 4196  Schedule - ok
22:15:14.0364 4196  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:15:14.0364 4196  SCPolicySvc - ok
22:15:14.0367 4196  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:15:14.0369 4196  SDRSVC - ok
22:15:14.0371 4196  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:15:14.0372 4196  secdrv - ok
22:15:14.0374 4196  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
22:15:14.0375 4196  seclogon - ok
22:15:14.0377 4196  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
22:15:14.0378 4196  SENS - ok
22:15:14.0380 4196  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:15:14.0381 4196  SensrSvc - ok
22:15:14.0383 4196  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
22:15:14.0383 4196  Serenum - ok
22:15:14.0385 4196  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:15:14.0386 4196  Serial - ok
22:15:14.0389 4196  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
22:15:14.0390 4196  sermouse - ok
22:15:14.0394 4196  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:15:14.0396 4196  SessionEnv - ok
22:15:14.0398 4196  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:15:14.0399 4196  sffdisk - ok
22:15:14.0400 4196  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:15:14.0401 4196  sffp_mmc - ok
22:15:14.0402 4196  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:15:14.0403 4196  sffp_sd - ok
22:15:14.0405 4196  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
22:15:14.0406 4196  sfloppy - ok
22:15:14.0410 4196  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:15:14.0412 4196  SharedAccess - ok
22:15:14.0416 4196  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:15:14.0419 4196  ShellHWDetection - ok
22:15:14.0421 4196  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:15:14.0422 4196  SiSRaid2 - ok
22:15:14.0424 4196  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
22:15:14.0425 4196  SiSRaid4 - ok
22:15:14.0428 4196  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:15:14.0429 4196  Smb - ok
22:15:14.0432 4196  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:15:14.0433 4196  SNMPTRAP - ok
22:15:14.0434 4196  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:15:14.0435 4196  spldr - ok
22:15:14.0440 4196  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
22:15:14.0443 4196  Spooler - ok
22:15:14.0465 4196  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
22:15:14.0476 4196  sppsvc - ok
22:15:14.0480 4196  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:15:14.0481 4196  sppuinotify - ok
22:15:14.0487 4196  [ D6AB7C13FCDD2E4CAC35244D2C172D9A ] sptd            C:\Windows\System32\Drivers\sptd.sys
22:15:14.0491 4196  sptd - ok
22:15:14.0496 4196  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:15:14.0498 4196  srv - ok
22:15:14.0502 4196  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:15:14.0505 4196  srv2 - ok
22:15:14.0508 4196  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:15:14.0510 4196  srvnet - ok
22:15:14.0513 4196  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:15:14.0515 4196  SSDPSRV - ok
22:15:14.0517 4196  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:15:14.0518 4196  SstpSvc - ok
22:15:14.0520 4196  Steam Client Service - ok
22:15:14.0525 4196  [ 2222073BE0232E70A397B8302293AA9D ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:15:14.0527 4196  Stereo Service - ok
22:15:14.0529 4196  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
22:15:14.0530 4196  stexstor - ok
22:15:14.0535 4196  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
22:15:14.0539 4196  stisvc - ok
22:15:14.0541 4196  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
22:15:14.0541 4196  storflt - ok
22:15:14.0543 4196  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
22:15:14.0544 4196  storvsc - ok
22:15:14.0546 4196  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
22:15:14.0546 4196  swenum - ok
22:15:14.0551 4196  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
22:15:14.0554 4196  swprv - ok
22:15:14.0556 4196  Synth3dVsc - ok
22:15:14.0568 4196  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
22:15:14.0578 4196  SysMain - ok
22:15:14.0581 4196  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:15:14.0582 4196  TabletInputService - ok
22:15:14.0586 4196  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:15:14.0588 4196  TapiSrv - ok
22:15:14.0590 4196  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
22:15:14.0591 4196  TBS - ok
22:15:14.0604 4196  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:15:14.0613 4196  Tcpip - ok
22:15:14.0626 4196  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:15:14.0632 4196  TCPIP6 - ok
22:15:14.0635 4196  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:15:14.0636 4196  tcpipreg - ok
22:15:14.0639 4196  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:15:14.0639 4196  TDPIPE - ok
22:15:14.0641 4196  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:15:14.0641 4196  TDTCP - ok
22:15:14.0644 4196  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:15:14.0645 4196  tdx - ok
22:15:14.0648 4196  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
22:15:14.0648 4196  TermDD - ok
22:15:14.0654 4196  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
22:15:14.0659 4196  TermService - ok
22:15:14.0661 4196  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
22:15:14.0662 4196  Themes - ok
22:15:14.0664 4196  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
22:15:14.0665 4196  THREADORDER - ok
22:15:14.0668 4196  [ E0267493FB897F96DF28D4023EB4E0DA ] Time            C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe
22:15:14.0668 4196  Time - ok
22:15:14.0671 4196  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
22:15:14.0672 4196  TrkWks - ok
22:15:14.0675 4196  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:15:14.0676 4196  TrustedInstaller - ok
22:15:14.0678 4196  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:15:14.0679 4196  tssecsrv - ok
22:15:14.0681 4196  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:15:14.0682 4196  TsUsbFlt - ok
22:15:14.0683 4196  tsusbhub - ok
22:15:14.0686 4196  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:15:14.0687 4196  tunnel - ok
22:15:14.0689 4196  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
22:15:14.0690 4196  uagp35 - ok
22:15:14.0694 4196  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:15:14.0696 4196  udfs - ok
22:15:14.0699 4196  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:15:14.0701 4196  UI0Detect - ok
22:15:14.0703 4196  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:15:14.0703 4196  uliagpkx - ok
22:15:14.0706 4196  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:15:14.0707 4196  umbus - ok
22:15:14.0709 4196  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
22:15:14.0710 4196  UmPass - ok
22:15:14.0713 4196  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
22:15:14.0715 4196  UmRdpService - ok
22:15:14.0716 4196  [ 8F387A1CC015A3F5020700C657A0FC85 ] UnsignedThemes  C:\Windows\UnsignedThemesSvc.exe
22:15:14.0717 4196  UnsignedThemes - ok
22:15:14.0721 4196  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
22:15:14.0723 4196  upnphost - ok
22:15:14.0726 4196  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
22:15:14.0727 4196  usbaudio - ok
22:15:14.0729 4196  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:15:14.0730 4196  usbccgp - ok
22:15:14.0732 4196  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:15:14.0733 4196  usbcir - ok
22:15:14.0736 4196  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:15:14.0736 4196  usbehci - ok
22:15:14.0740 4196  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:15:14.0742 4196  usbhub - ok
22:15:14.0744 4196  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
22:15:14.0745 4196  usbohci - ok
22:15:14.0747 4196  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:15:14.0748 4196  usbprint - ok
22:15:14.0750 4196  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:15:14.0751 4196  USBSTOR - ok
22:15:14.0752 4196  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:15:14.0753 4196  usbuhci - ok
22:15:14.0755 4196  [ 297EE9C666FC8BB96A232DB0DDBA1E49 ] uxpatch         C:\Windows\system32\drivers\uxpatch.sys
22:15:14.0756 4196  uxpatch - ok
22:15:14.0758 4196  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
22:15:14.0759 4196  UxSms - ok
22:15:14.0760 4196  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
22:15:14.0761 4196  VaultSvc - ok
22:15:14.0763 4196  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:15:14.0763 4196  vdrvroot - ok
22:15:14.0768 4196  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
22:15:14.0772 4196  vds - ok
22:15:14.0774 4196  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:15:14.0775 4196  vga - ok
22:15:14.0776 4196  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:15:14.0777 4196  VgaSave - ok
22:15:14.0778 4196  VGPU - ok
22:15:14.0782 4196  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:15:14.0784 4196  vhdmp - ok
22:15:14.0786 4196  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:15:14.0786 4196  viaide - ok
22:15:14.0789 4196  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
22:15:14.0790 4196  vmbus - ok
22:15:14.0792 4196  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
22:15:14.0793 4196  VMBusHID - ok
22:15:14.0795 4196  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:15:14.0795 4196  volmgr - ok
22:15:14.0814 4196  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:15:14.0817 4196  volmgrx - ok
22:15:14.0821 4196  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:15:14.0823 4196  volsnap - ok
22:15:14.0826 4196  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
22:15:14.0827 4196  vsmraid - ok
22:15:14.0839 4196  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
22:15:14.0848 4196  VSS - ok
22:15:14.0851 4196  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
22:15:14.0852 4196  vwifibus - ok
22:15:14.0857 4196  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
22:15:14.0860 4196  W32Time - ok
22:15:14.0863 4196  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
22:15:14.0863 4196  WacomPen - ok
22:15:14.0866 4196  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:15:14.0866 4196  WANARP - ok
22:15:14.0868 4196  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:15:14.0868 4196  Wanarpv6 - ok
22:15:14.0878 4196  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
22:15:14.0885 4196  WatAdminSvc - ok
22:15:14.0896 4196  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
22:15:14.0905 4196  wbengine - ok
22:15:14.0908 4196  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:15:14.0910 4196  WbioSrvc - ok
22:15:14.0914 4196  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:15:14.0917 4196  wcncsvc - ok
22:15:14.0919 4196  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:15:14.0920 4196  WcsPlugInService - ok
22:15:14.0922 4196  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
22:15:14.0923 4196  Wd - ok
22:15:14.0929 4196  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:15:14.0933 4196  Wdf01000 - ok
22:15:14.0935 4196  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:15:14.0937 4196  WdiServiceHost - ok
22:15:14.0938 4196  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:15:14.0939 4196  WdiSystemHost - ok
22:15:14.0943 4196  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
22:15:14.0945 4196  WebClient - ok
22:15:14.0948 4196  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:15:14.0950 4196  Wecsvc - ok
22:15:14.0953 4196  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:15:14.0954 4196  wercplsupport - ok
22:15:14.0956 4196  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:15:14.0958 4196  WerSvc - ok
22:15:14.0960 4196  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:15:14.0960 4196  WfpLwf - ok
22:15:14.0962 4196  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:15:14.0962 4196  WIMMount - ok
22:15:14.0964 4196  WinDefend - ok
22:15:14.0966 4196  WinHttpAutoProxySvc - ok
22:15:14.0973 4196  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:15:14.0974 4196  Winmgmt - ok
22:15:14.0988 4196  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
22:15:14.0999 4196  WinRM - ok
22:15:15.0008 4196  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:15:15.0014 4196  Wlansvc - ok
22:15:15.0029 4196  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:15:15.0037 4196  wlidsvc - ok
22:15:15.0039 4196  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
22:15:15.0040 4196  WmiAcpi - ok
22:15:15.0044 4196  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:15:15.0045 4196  wmiApSrv - ok
22:15:15.0047 4196  WMPNetworkSvc - ok
22:15:15.0049 4196  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:15:15.0050 4196  WPCSvc - ok
22:15:15.0053 4196  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:15:15.0055 4196  WPDBusEnum - ok
22:15:15.0057 4196  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:15:15.0057 4196  ws2ifsl - ok
22:15:15.0060 4196  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
22:15:15.0061 4196  wscsvc - ok
22:15:15.0063 4196  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
22:15:15.0064 4196  WSDPrintDevice - ok
22:15:15.0067 4196  [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
22:15:15.0068 4196  WSDScan - ok
22:15:15.0069 4196  WSearch - ok
22:15:15.0086 4196  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:15:15.0099 4196  wuauserv - ok
22:15:15.0105 4196  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:15:15.0106 4196  WudfPf - ok
22:15:15.0109 4196  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:15:15.0111 4196  WUDFRd - ok
22:15:15.0113 4196  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:15:15.0115 4196  wudfsvc - ok
22:15:15.0119 4196  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:15:15.0121 4196  WwanSvc - ok
22:15:15.0123 4196  [ 754C8BF43F0DD4B54865F174A62761E9 ] XENfiltv        C:\Windows\system32\drivers\XENfiltv.sys
22:15:15.0124 4196  XENfiltv - ok
22:15:15.0131 4196  [ 4A5CE13408945E525503B5F73D29B9C5 ] xnacc           C:\Windows\system32\DRIVERS\xnacc.sys
22:15:15.0134 4196  xnacc - ok
22:15:15.0137 4196  [ 38F55D07B1D3391065C40EC065F984E2 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
22:15:15.0138 4196  xusb21 - ok
22:15:15.0139 4196  ================ Scan global ===============================
22:15:15.0140 4196  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:15:15.0144 4196  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
22:15:15.0148 4196  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
22:15:15.0151 4196  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:15:15.0155 4196  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:15:15.0157 4196  [Global] - ok
22:15:15.0157 4196  ================ Scan MBR ==================================
22:15:15.0177 4196  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
22:15:15.0179 4196  \Device\Harddisk1\DR1 - ok
22:15:15.0181 4196  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk3\DR3
22:15:15.0182 4196  \Device\Harddisk3\DR3 - ok
22:15:15.0183 4196  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk4\DR4
22:15:15.0185 4196  \Device\Harddisk4\DR4 - ok
22:15:15.0186 4196  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:15:15.0420 4196  \Device\Harddisk0\DR0 - ok
22:15:15.0422 4196  [ 3051207086651214E435112E51817DC5 ] \Device\Harddisk2\DR2
22:15:15.0423 4196  \Device\Harddisk2\DR2 - ok
22:15:15.0423 4196  ================ Scan VBR ==================================
22:15:15.0428 4196  [ D7DD73D4EA8CAF00212F304696585AC4 ] \Device\Harddisk1\DR1\Partition1
22:15:15.0429 4196  \Device\Harddisk1\DR1\Partition1 - ok
22:15:15.0444 4196  [ D04A9C62BFE6B7B702CE5C922C7726C3 ] \Device\Harddisk1\DR1\Partition2
22:15:15.0444 4196  \Device\Harddisk1\DR1\Partition2 - ok
22:15:15.0446 4196  [ A8D12E1BFDD180BDB75C444DBA996646 ] \Device\Harddisk3\DR3\Partition1
22:15:15.0446 4196  \Device\Harddisk3\DR3\Partition1 - ok
22:15:15.0447 4196  [ 67D03F05E3E056858AD371AB16AE62C3 ] \Device\Harddisk4\DR4\Partition1
22:15:15.0448 4196  \Device\Harddisk4\DR4\Partition1 - ok
22:15:15.0449 4196  [ 68387BADA517CA609C46559969E15310 ] \Device\Harddisk4\DR4\Partition2
22:15:15.0449 4196  \Device\Harddisk4\DR4\Partition2 - ok
22:15:15.0450 4196  [ 7C64B3655AE89EEB331DEC02A504E07E ] \Device\Harddisk0\DR0\Partition1
22:15:15.0451 4196  \Device\Harddisk0\DR0\Partition1 - ok
22:15:15.0452 4196  [ 9F0FE16BBA29052D75A5BBA61556F315 ] \Device\Harddisk0\DR0\Partition2
22:15:15.0453 4196  \Device\Harddisk0\DR0\Partition2 - ok
22:15:15.0454 4196  [ BC7145DAEB28EBA210D6AE03572C99AD ] \Device\Harddisk2\DR2\Partition1
22:15:15.0455 4196  \Device\Harddisk2\DR2\Partition1 - ok
22:15:15.0455 4196  ============================================================
22:15:15.0455 4196  Scan finished
22:15:15.0455 4196  ============================================================
22:15:15.0460 1364  Detected object count: 0
22:15:15.0460 1364  Actual detected object count: 0
22:15:27.0686 1184  Deinitialize success
Link to post
Share on other sites

Results of the MBAR test scan: 
 

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org
 
Database version: v2013.07.09.08
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
gABBY :: GABBY-PC [administrator]
 
9/07/2013 22:25:01
mbar-log-2013-07-09 (22-25-01).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 246401
Time elapsed: 3 minute(s), 59 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites

The Combo FIX report:

 

ComboFix 13-07-09.01 - gABBY 09/07/2013  22:31:22.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.32.1033.18.8146.6165 [GMT 2:00]
Gestart vanuit: c:\users\gABBY\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\frapsvid.dll
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2013-06-09 to 2013-07-09  ))))))))))))))))))))))))))))))
.
.
2013-07-09 20:33 . 2013-07-09 20:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-09 20:18 . 2013-07-09 20:29 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-09 20:05 . 2012-07-27 00:33 15208 ----a-w- c:\windows\system32\drivers\nvflash.sys
2013-07-09 17:03 . 2013-07-09 20:17 -------- d-----w- C:\Malware removel
2013-07-09 15:55 . 2013-07-09 15:55 32000 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2013-07-09 15:49 . 2013-07-09 15:50 -------- d-----w- c:\program files\HitmanPro
2013-07-09 15:49 . 2013-07-09 15:54 -------- d-----w- c:\programdata\HitmanPro
2013-07-09 14:51 . 2013-07-09 14:51 -------- d-----w- c:\programdata\Malwarebytes
2013-07-09 14:51 . 2013-07-09 14:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-09 14:51 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-09 12:52 . 2013-07-09 12:52 569680 ----a-w- c:\programdata\Microsoft\Windows\Time\msvcp90.dll
2013-07-09 12:52 . 2013-07-09 12:52 49664 ----a-w- c:\programdata\Microsoft\Windows\Time\w9xpopen.exe
2013-07-09 12:52 . 2013-07-09 12:52 24064 ----a-w- c:\programdata\Microsoft\Windows\Time\TimeServer.exe
2013-07-09 12:52 . 2013-07-09 12:52 2303488 ----a-w- c:\programdata\Microsoft\Windows\Time\python27.dll
2013-07-09 12:52 . 2013-07-09 12:52 219648 ----a-w- c:\programdata\Microsoft\Windows\Time\boost_python-vc90-mt-1_48.dll
2013-07-09 12:52 . 2013-07-09 12:52 10752 ----a-w- c:\programdata\Microsoft\Windows\Time\Time-svc.exe
2013-07-09 12:52 . 2013-07-09 12:52 10240 ----a-w- c:\programdata\Microsoft\Windows\Time\WindowsTime.exe
2013-07-09 08:18 . 2013-06-17 00:10 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38677760-460E-47D2-80AB-ECC8EFC63DC1}\mpengine.dll
2013-07-03 08:46 . 2013-06-17 00:10 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-01 14:04 . 2013-07-01 14:04 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB094481-049E-4D8E-AB1C-2473ECAA55EA}\gapaengine.dll
2013-06-29 12:25 . 2013-06-29 12:25 -------- d-----w- c:\program files (x86)\SoulseekQt
2013-06-28 23:03 . 2013-06-28 23:03 -------- d-----w- c:\windows\SysWow64\xlive
2013-06-28 23:03 . 2013-06-28 23:03 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2013-06-28 23:01 . 2013-06-28 23:01 -------- d-----w- c:\windows\nl
2013-06-28 23:01 . 2013-06-28 23:01 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-06-28 23:00 . 2013-06-28 23:00 -------- d-----w- c:\program files\Windows Live
2013-06-28 23:00 . 2013-06-28 23:00 -------- d-----w- c:\windows\PCHEALTH
2013-06-28 23:00 . 2013-06-28 23:01 -------- d-----w- c:\program files (x86)\Windows Live
2013-06-28 22:57 . 2013-06-28 22:57 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2013-06-28 22:57 . 2013-06-28 22:57 -------- d--h--w- c:\programdata\CanonBJ
2013-06-28 22:57 . 2012-03-14 03:00 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPAG.DLL
2013-06-28 22:57 . 2012-03-14 03:00 30208 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDAG.DLL
2013-06-28 22:57 . 2012-03-14 03:00 385024 ----a-w- c:\windows\system32\CNMLMAG.DLL
2013-06-28 22:40 . 2013-07-09 17:30 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-06-28 22:40 . 2013-07-09 17:29 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-06-28 22:39 . 2013-07-09 17:30 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-06-28 22:39 . 2013-06-28 22:44 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-06-28 22:39 . 2013-06-28 22:39 -------- d-----w- c:\programdata\EA Core
2013-06-28 22:39 . 2013-07-09 17:29 -------- d-----w- c:\programdata\EA Logs
2013-06-28 22:30 . 2013-06-28 22:30 -------- d-----w- c:\program files (x86)\Winamp Detect
2013-06-28 22:29 . 2013-06-28 22:30 -------- d-----w- c:\program files (x86)\Winamp
2013-06-28 22:27 . 2012-01-13 09:23 1944064 ------w- c:\windows\system32\Sens_oal.dll
2013-06-28 22:27 . 2012-01-13 09:21 2906586 ------w- c:\windows\SysWow64\Sens_oal.dll
2013-06-28 22:27 . 2006-10-06 12:17 53248 ------w- c:\windows\Ctregrun.exe
2013-06-28 22:27 . 2000-05-22 14:58 647872 ------w- c:\windows\SysWow64\Mscomct2.ocx
2013-06-28 22:24 . 2009-09-11 09:06 166912 ------w- c:\windows\SysWow64\CTOPT352.dll
2013-06-28 22:24 . 2009-09-11 09:06 183296 ------w- c:\windows\system32\CTOPT352.dll
2013-06-28 22:24 . 2008-12-22 18:13 61440 ------w- c:\windows\SysWow64\CTChkAud.dll
2013-06-28 22:24 . 2008-12-22 18:13 49664 ------w- c:\windows\system32\CTChkAud.dll
2013-06-28 22:24 . 2006-12-05 11:53 42496 ------w- c:\windows\system32\AddCat.exe
2013-06-28 21:20 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-06-28 21:20 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-28 21:16 . 2013-06-28 21:31 -------- d-----w- c:\programdata\Blizzard Entertainment
2013-06-28 21:16 . 2013-06-28 21:31 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2013-06-28 21:15 . 2013-06-28 21:15 -------- d-----w- c:\programdata\Battle.net
2013-06-28 21:14 . 2013-06-28 21:14 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-06-28 21:11 . 2013-06-28 21:11 564824 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-06-28 21:11 . 2013-06-28 21:17 -------- d-----w- c:\program files (x86)\DAEMON Tools Pro
2013-06-28 21:11 . 2013-07-09 11:44 -------- d-----w- c:\programdata\DAEMON Tools Pro
2013-06-28 21:08 . 2013-06-28 21:08 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-28 20:56 . 2013-06-28 20:56 -------- d-----w- c:\program files (x86)\ASUS
2013-06-28 20:39 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2013-06-28 20:39 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2013-06-28 20:39 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2013-06-28 20:39 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2013-06-28 20:23 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-28 20:23 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-06-28 20:23 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-06-28 20:23 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2013-06-28 20:23 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-06-28 20:23 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2013-06-28 20:23 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-28 20:23 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-06-28 20:23 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-06-28 20:23 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-28 20:23 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-28 20:23 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-06-28 20:08 . 2013-06-28 20:48 -------- d-----w- c:\windows\nl-NL
2013-06-28 20:07 . 2003-06-12 21:25 7062 ----a-w- c:\windows\SysWow64\audiopid.vxd
2013-06-28 20:07 . 2013-06-28 20:07 -------- d-----w- c:\program files (x86)\Common Files\Creative
2013-06-28 20:07 . 2013-06-28 22:27 -------- d--h--w- c:\program files (x86)\Creative Installation Information
2013-06-28 20:07 . 2013-06-28 20:07 -------- d-----w- c:\program files (x86)\Common Files\Creative Labs Shared
2013-06-28 20:07 . 2013-06-28 22:27 -------- d-----w- c:\program files\Creative
2013-06-28 20:07 . 2013-06-28 22:27 -------- d-----w- c:\program files (x86)\Creative
2013-06-28 20:03 . 2013-06-28 20:24 -------- d-----w- c:\program files\Microsoft Silverlight
2013-06-28 20:03 . 2013-06-28 20:24 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-06-28 20:01 . 2013-06-28 20:04 -------- d-----w- c:\program files (x86)\Razer
2013-06-28 20:01 . 2013-06-28 20:01 -------- d-----w- c:\programdata\Razer
2013-06-28 19:57 . 2009-07-13 16:55 3584 ----a-w- c:\windows\system32\Spool\prtprocs\x64\nl-NL\LXKPTPRC.DLL.mui
2013-06-28 19:53 . 2013-06-28 19:53 -------- d-----w- c:\windows\system32\SPReview
2013-06-28 19:53 . 2013-06-28 19:53 -------- d-----w- c:\windows\system32\EventProviders
2013-06-28 19:53 . 2013-06-28 19:53 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-06-28 19:52 . 2013-06-28 19:53 -------- d-----w- c:\program files\Microsoft Security Client
2013-06-28 19:19 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-06-28 18:54 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-06-28 18:54 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-06-28 18:54 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-06-28 18:54 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-06-28 18:49 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2013-06-28 18:48 . 2013-06-17 00:10 9552976 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DB752D9D-BB05-496F-A2BC-BF4933E21717}\mpengine.dll
2013-06-28 18:42 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2013-06-28 18:42 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll
2013-06-28 18:42 . 2013-06-28 22:30 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2013-06-28 18:41 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-06-28 18:41 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-06-28 18:41 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-06-28 18:41 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-06-28 18:41 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll
2013-06-28 18:41 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2013-06-28 18:40 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-06-28 18:40 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-06-28 18:40 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-06-28 18:40 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-06-28 18:40 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-06-28 18:40 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-06-28 18:40 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-06-28 18:38 . 2010-06-02 02:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2013-06-28 18:38 . 2010-06-02 02:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2013-06-28 18:38 . 2010-06-02 02:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2013-06-28 18:38 . 2010-06-02 02:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2013-06-28 18:38 . 2010-05-26 09:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-06-28 18:38 . 2010-05-26 09:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-06-28 18:38 . 2010-05-26 09:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2013-06-28 18:38 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2013-06-28 18:38 . 2009-09-04 15:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-28 20:14 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-06-28 20:14 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-06-28 18:41 . 2012-07-17 12:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-06-07 03:29 . 2013-06-07 03:29 126464 ----a-w- c:\windows\system32\drivers\rzudd.sys
2013-06-07 03:29 . 2013-06-07 03:29 31232 ----a-w- c:\windows\system32\drivers\rzendpt.sys
2013-06-02 15:11 . 2010-02-10 06:16 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-05-02 15:29 . 2010-02-10 06:18 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-06-28 20:23 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-06-28 20:23 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-06-28 20:23 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-06-28 20:23 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-06-28 20:23 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-06-28 20:23 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 130736 ----a-w- c:\users\gABBY\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 130736 ----a-w- c:\users\gABBY\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 130736 ----a-w- c:\users\gABBY\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 130736 ----a-w- c:\users\gABBY\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2013-06-28 3456080]
"Steam"="g:\gabby\Stiem\Steam.exe" [2013-07-08 1672616]
"Akamai NetSession Interface"="c:\users\gABBY\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-10-23 3108480]
"CreativeTaskScheduler"="c:\program files (x86)\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2013-06-21 610152]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-07-07 24576]
.
c:\users\gABBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\gABBY\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-6-22 27995640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe;c:\windows\SysWOW64\ASGT.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Time;Time;c:\programdata\Microsoft\Windows\Time\Time-svc.exe;c:\programdata\Microsoft\Windows\Time\Time-svc.exe [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;tsusbhub [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys;c:\windows\SYSNATIVE\drivers\ha20x22k.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-28 18:23 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2013-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-28 18:23]
.
2013-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-28 18:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 164016 ----a-w- c:\users\gABBY\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 164016 ----a-w- c:\users\gABBY\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 164016 ----a-w- c:\users\gABBY\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 164016 ----a-w- c:\users\gABBY\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS VERWIJDERD - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-3720129460-3011277818-515422470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3720129460-3011277818-515422470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2013-07-09  22:34:50
ComboFix-quarantined-files.txt  2013-07-09 20:34
.
Pre-Run: 159.555.026.944 bytes beschikbaar
Post-Run: 160.358.301.696 bytes beschikbaar
.
- - End Of File - - FEDEFDCB4DBA6DB3184CBCD6C415DEAE
A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

Security Check report:

 

 Results of screen317's Security Check version 0.99.68  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
  (On Access scanning disabled!) 
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:````````` 
 Google Chrome 27.0.1453.116  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Let's do some more scanning:

----------Step 1----------------
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

----------Step 2----------------
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

----------Step 3----------------
We need to create a New FULL OTL Report

  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Run Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

----------Step 4 (note: this scan may take a little time)----------------I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt


----------Step 5----------------
Please post the AdwCleaner logfile, the JRT.txt, the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.

Let me know how things go.

Link to post
Share on other sites

ADW LOG:

 

# AdwCleaner v2.304 - Logfile created 07/09/2013 at 22:56:09
# Updated 03/07/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : gABBY - GABBY-PC
# Boot Mode : Normal
# Running from : C:\Users\gABBY\Desktop\AdwCleaner.exe
# Option [search]
 
 
***** [services] *****
 
 
***** [Files / Folders] *****
 
 
***** [Registry] *****
 
Key Found : HKCU\Software\Softonic
 
***** [internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16618
 
[OK] Registry is clean.
 
-\\ Google Chrome v27.0.1453.116
 
File : C:\Users\gABBY\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [690 octets] - [09/07/2013 22:56:09]
 
########## EOF - C:\AdwCleaner[R1].txt - [749 octets] ##########
Link to post
Share on other sites

JRT LOG RESULTS: 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.2 (07.09.2013:1)
OS: Windows 7 Ultimate x64
Ran by gABBY on di 09/07/2013 at 23:00:03,95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on di 09/07/2013 at 23:02:00,04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

ESET Online scanner is running now. 

 

As I would like to say first of all, many thanks for the help. 

 

Second of it, So far the only program that fixed the GPU Load has been Roguekiller X64.  When I run a scan with Roguekiller, my GPU Load instanly drops back to normal and the card cools down.  Can you find this information usefull? 

Link to post
Share on other sites

ESET ONLINE: 

 

E:\Games\ISO\PC\Assassins.Creed.II-SKIDROW\sr-acii.iso a variant of Win32/Packed.VMProtect.AAA trojan deleted - quarantined
E:\Games\ISO\PC\Assassins.Creed.III.Proper.RELOADED(diff-group) (1)\rld-aiii.iso a variant of Win32/Packed.VMProtect.AAD trojan deleted - quarantined
E:\Games\ISO\PC\Dirt 3 Skidrow\sr-dirt3.iso a variant of Win32/Packed.VMProtect.AAA trojan deleted - quarantined
E:\Games\ISO\PC\Hitman Sniper Challenge SKIDROW\sr-hmsc.iso multiple threats deleted - quarantined
E:\Games\ISO\PC\LEGO.Lord.of.the.Rings-RELOADED\rld-legolotr.iso a variant of Win32/Packed.VMProtect.AAH trojan deleted - quarantined
E:\Games\ISO\PC\The.Settlers.7-Razor1911\rzr-set7.iso a variant of Win32/Packed.VMProtect.AAA trojan deleted - quarantined
E:\Games\ISO\PC\The.Witcher.2.Assassins.of.Kings-SKIDROW\sr-tw2b.iso a variant of Win32/Packed.VMProtect.AAA trojan deleted - quarantined
E:\Games\ISO\PC\Tom.Clancys.Splinter.Cell.Conviction-SKIDROW (1)\sr-tcscc.iso a variant of Win32/Packed.VMProtect.AAA trojan deleted - quarantined
F:\ISO II\Games\Age.of.Empires.II.HD-RELOADED (1)\rld-aoe2hd.iso a variant of Win32/Packed.VMProtect.AAH trojan deleted - quarantined
F:\ISO II\Games\Brutal.Legend-RELOADED\rld-brutal.iso a variant of Win32/Packed.VMProtect.AAH trojan deleted - quarantined
F:\ISO II\Games\Lords.of.Football-RELOADED\rld-lof.iso a variant of Win32/Packed.VMProtect.AAH trojan deleted - quarantined
F:\ISO II\Games\Sniper.Elite.V2-SKIDROW\Sniper.Elite.V2-SKIDROW\sr-sev2.iso Win32/CoinMiner.BX trojan deleted - quarantined
F:\ISO II\Games\Tom.Clancys.Splinter.Cell.Conviction-SKIDROW\sr-tcscc.iso a variant of Win32/Packed.VMProtect.AAA trojan deleted - quarantined
G:\gABBY\Dirt 3\paul.dll a variant of Win32/Packed.VMProtect.AAA trojan cleaned by deleting - quarantined
G:\gABBY\Nfs Hp\NFSHP_Activator.exe a variant of Win32/Packed.VMProtect.AAD trojan cleaned by deleting - quarantined
G:\gABBY\Splinter Cell Conviction\src\system\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan cleaned by deleting - quarantined
Link to post
Share on other sites

Just for the record, this is the inforeport of Roguekiller X64 that fixes the problem:

 

RogueKiller V8.6.2 _x64_ [Jul  2 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
besturingssysteem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Gestart vanuit : Normale modus
Gebruiker : gABBY [Administrator rechten]
Modus : Scan -- Datum : 07/10/2013 10:09:03
| ARK || FAK || MBR |
 
¤¤¤ Kwaadaardige processen : 4 ¤¤¤
[sUSP PATH] UnsignedThemesSvc.exe -- C:\Windows\UnsignedThemesSvc.exe [7] -> BEEINDIGD [TermProc]
[sUSP PATH] Time-svc.exe -- C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe [-] -> BEEINDIGD [TermProc]
[sUSP PATH] WindowsTime.exe -- C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe [-] -> BEEINDIGD [TermProc]
[sUSP PATH] TimeServer.exe -- C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe [-] -> BEEINDIGD [TermProc]
 
¤¤¤ Register verwijzingen : 6 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> gevonden
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> gevonden
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> gevonden
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> gevonden
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> gevonden
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> gevonden
 
¤¤¤ geplande taken : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ webbrowsers : 0 ¤¤¤
 
¤¤¤ Speciale Files / Folders: ¤¤¤
 
¤¤¤ Driver : [Niet geladen 0x0] ¤¤¤
 
¤¤¤ Externe Hives: ¤¤¤
 
¤¤¤ Infectie :  ¤¤¤
 
¤¤¤ HOSTS Bestand: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Controle: ¤¤¤
 
+++++ PhysicalDrive0: M4-CT256M4SSD2 ATA Device +++++
--- User ---
[MBR] 0d23b348d2c1cfda0f1d717ef1b7f29b
[bSP] 69140a9e103c56ab9d8e3ee25e42471f : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 244096 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: M4-CT256M4SSD2 ATA Device +++++
--- User ---
[MBR] 5057a53b6e9d493b07bca0896b95a165
[bSP] e8de17188eb462e47d80e0b88d796f9b : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 450768 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 923379712 | Size: 502999 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive2: M4-CT256M4SSD2 ATA Device +++++
--- User ---
[MBR] 6299662023e0323980a547460e6f7732
[bSP] 28c086086aa4cef0d125a0e022edd09a : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 19 | Size: 1430795 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive3: M4-CT256M4SSD2 ATA Device +++++
--- User ---
[MBR] 69cbf972354c8b7942556662812a0fe2
[bSP] 69a6da2fe57410061c998d8e1c106d69 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1430797 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive4: M4-CT256M4SSD2 ATA Device +++++
--- User ---
[MBR] 9dcba7316fa7add442e1197eff5d1d14
[bSP] 389a9930ab67a8fb9ac643c102198d19 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953864 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1953515520 | Size: 953862 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Gereed : << RKreport[0]_S_07102013_100903.txt >>
RKreport[0]_D_07092013_184058.txt;RKreport[0]_D_07092013_185523.txt;RKreport[0]_S_07092013_183701.txt
RKreport[0]_S_07092013_184443.txt;RKreport[0]_S_07092013_224607.txt
Link to post
Share on other sites

Sorry for the delay.

 

Please do the following:

 

----------Step 1----------------
We need to run an OTL Fix

  • Please reopen otlicon.png on your desktop.
  • Copy and Paste the following code into the customscanfix.png textbox.
     
    :OTL
    [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    PRC - [2013/07/09 14:52:00 | 000,024,064 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe
    PRC - [2013/07/09 14:52:00 | 000,010,752 | ---- | M] (Microsoft) -- C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe
    PRC - [2013/07/09 14:52:00 | 000,010,240 | ---- | M] (Microsoft) -- C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe
    MOD - [2013/07/09 14:52:00 | 002,382,083 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Time\numpy.linalg.lapack_lite.pyd
    MOD - [2013/07/09 14:52:00 | 002,222,455 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Time\numpy.core._dotblas.pyd
    MOD - [2013/07/09 14:52:00 | 001,311,275 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Time\numpy.core.multiarray.pyd
    MOD - [2013/07/09 14:52:00 | 000,577,536 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Time\pyopencl._cl.pyd
    MOD - [2013/07/09 14:52:00 | 000,515,437 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Time\numpy.random.mtrand.pyd
    MOD - [2013/07/09 14:52:00 | 000,410,432 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Time\numpy.core.umath.pyd
    MOD - [2013/07/09 14:52:00 | 000,285,184 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Time\_hashlib.pyd
    MOD - [2013/07/09 14:52:00 | 000,219,648 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Time\boost_python-vc90-mt-1_48.dll
    MOD - [2013/07/09 14:52:00 | 000,174,793 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Time\numpy.core.scalarmath.pyd
    MOD - [2013/07/09 14:52:00 | 000,074,240 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Time\_ctypes.pyd
    MOD - [2013/07/09 14:52:00 | 000,046,383 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Time\numpy.fft.fftpack_lite.pyd
    MOD - [2013/07/09 14:52:00 | 000,041,019 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Time\numpy.lib._compiled_base.pyd
    MOD - [2013/07/09 14:52:00 | 000,040,960 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Time\_socket.pyd
    MOD - [2013/07/09 14:52:00 | 000,024,064 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe
    MOD - [2013/07/09 14:52:00 | 000,009,728 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Time\select.pyd
    SRV - [2013/07/09 14:52:00 | 000,010,752 | ---- | M] (Microsoft) [Auto | Running] -- C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe -- (Time)

    :Files
    C:\ProgramData\Microsoft\Windows\Time

    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Push runfix.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

----------Step 2----------------
Instructions for DELETE:

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

Afterwards, please reboot the computer.


----------Step 3----------------
Please post the OTL and AdwCleaner reports in your next reply. How are things running now?

Link to post
Share on other sites

Hi! No problem for the delay! 

 

As I tried to fix it myself with some research in some other threads I foudn out that Roguekiller X64 did the job when I hit FIX. 

 

I then deleted the TIME map en restarted the time service of windows  through services.msc. 

 

Al is working well now! Not a single error or alarm in any antimalware programs so far :) 

Link to post
Share on other sites

OTL Report: 

 

All processes killed
========== OTL ==========
C:\Windows\assembly\Desktop.ini moved successfully.
File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
No active process named TimeServer.exe was found!
No active process named Time-svc.exe was found!
No active process named WindowsTime.exe was found!
Service Time stopped successfully!
Service Time deleted successfully!
File C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe not found.
========== FILES ==========
File\Folder C:\ProgramData\Microsoft\Windows\Time not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: gABBY
->Temp folder emptied: 103712517 bytes
->Temporary Internet Files folder emptied: 8738215 bytes
->Google Chrome cache emptied: 415430875 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 40655914 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 542,00 mb
 
 
[EMPTYJAVA]
 
User: All Users
 
User: Default
 
User: Default User
 
User: gABBY
 
User: Public
 
User: UpdatusUser
 
Total Java Files Cleaned = 0,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: gABBY
 
User: Public
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 07102013_231433
 
Files\Folders moved on Reboot...
C:\Users\gABBY\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\gABBY\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
Link to post
Share on other sites

Looks like that got the last of it. Your logs appear to be clean now. :)

 

-------------

 

Unless there are any other issues, I will now provide you with some steps to better protect your computer.

First, we need to remove ComboFix.

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

-------------------

Let's remove OTL and the other tools we used as well:

  • Reopen otlicon.png on your desktop.
  • Click on cleanup.png
  • You will be prompted to reboot your system. Please do so.


-------------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

-------------------

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.
AntiVir
AVG
Microsoft Security Essentials

-------------------

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

-------------------

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.
A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.
If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available


A tutorial on understanding and using firewalls may be found here.

-------------------

Please keep your security programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time.

-------------------

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewa...nti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

-------------------

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.
If you are interested, Firefox may be downloaded from here
Opera is available here: http://www.opera.com/download/

-------------------

For more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.

-------------------

I would grateful if you could reply to this post so that I know you have read it and, if you have no other questions, the thread can then be closed.

I will leave the thread open for a few more days. If you need anything, just come back here and let me know. After that time you will have to send me a PM.


---------------------------------------------------------



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against malware, then click here:
paypal.gif
Every little bit helps. smile.png

-DFB
 

Link to post
Share on other sites
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.