Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

conhost.exe causes GPU to run at 98%


  • This topic is locked This topic is locked
26 replies to this topic

#1 artnude

artnude

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 PM

Posted 07 September 2013 - 07:45 PM

At each reboot after about 5 minutes conhost.exe causes my graphics card to run at 98%.

I can stop it in task manager by ending one of the instances of conhost.exe.

I can also stop it by reinstalling the video card driver and it will be fine until the next reboot and the cycle begins again.

I have looked everywhere and tried many tools but nothing seems to find it.

The logs were taken after i ended the process.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660
Run by Brad at 17:29:18 on 2013-09-07
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.24567.21543 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files (x86)\Jetico\BestCrypt\BCWipeSvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files (x86)\Jetico\BestCrypt\BCWipeTM.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\wfc.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
C:\Program Files (x86)\Privoxy\privoxy.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
C:\PROGRA~2\Jetico\BESTCR~1\BCResident.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Jetico\BestCrypt\BCWipeTM.exe
C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.yahoo.com/?type=994519&fr=spigot-yhp-ie
uProxyOverride = <local>
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Steam] "C:\Program Files (x86)\steam1\Steam.exe" -silent
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [BCWipeTM Startup] "C:\Program Files (x86)\Jetico\BestCrypt\BCWipeTM.exe" startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
StartupFolder: C:\Users\Brad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~1.LNK - C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BESTCR~1.LNK - C:\Program Files (x86)\Jetico\BestCrypt\BestCrypt.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Privoxy.lnk - C:\Program Files (x86)\Privoxy\privoxy.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 68.116.46.115 24.205.192.61 24.205.224.36
TCP: Interfaces\{4F5DA580-B7C8-43DE-9DEB-D0DABA9CB699} : DHCPNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\ese3if2r.default\
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
FF - prefs.js: browser.startup.homepage - hxxp://www.huffingtonpost.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
.
============= SERVICES / DRIVERS ===============
.
R0 bcfnt;bcfnt;C:\Windows\System32\drivers\bcfnt.sys [2010-3-18 187456]
R0 fsh;fsh;C:\Windows\System32\drivers\fsh.sys [2010-3-18 55872]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\System32\drivers\mv91cons.sys [2011-3-14 24880]
R0 SI3124;SiI-3124 SATALink Controller;C:\Windows\System32\drivers\SI3124.sys [2007-11-20 92200]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2012-8-2 210016]
R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\System32\drivers\vsflt53.sys [2012-8-2 141920]
R1 BC_3DES;BC_3DES;C:\Windows\System32\drivers\bc_3des.sys [2010-3-18 34368]
R1 BC_BF128;BC_BF128;C:\Windows\System32\drivers\bc_bf128.sys [2010-3-18 30784]
R1 BC_BF448;BC_BF448;C:\Windows\System32\drivers\bc_bf448.sys [2010-3-18 30784]
R1 BC_BFish;BC_BFish;C:\Windows\System32\drivers\bc_bfish.sys [2010-3-18 30272]
R1 BC_CAST;BC_CAST;C:\Windows\System32\drivers\bc_cast.sys [2010-3-18 37440]
R1 BC_DES;BC_DES;C:\Windows\System32\drivers\bc_des.sys [2010-3-18 33856]
R1 BC_Gost;BC_Gost;C:\Windows\System32\drivers\bc_gost.sys [2010-3-18 25664]
R1 BC_IDEA;BC_IDEA;C:\Windows\System32\drivers\bc_idea.sys [2010-3-18 27712]
R1 BC_RC6;BC_RC6;C:\Windows\System32\drivers\bc_rc6.sys [2010-3-18 30272]
R1 BC_RIJN;BC_RIJN;C:\Windows\System32\drivers\bc_rijn.sys [2010-3-18 51264]
R1 BC_SERP;BC_SERP;C:\Windows\System32\drivers\bc_serp.sys [2010-3-18 36928]
R1 BC_TFISH;BC_TFISH;C:\Windows\System32\drivers\bc_tfish.sys [2010-3-18 34368]
R1 bcbus;BestCrypt bus driver;C:\Windows\System32\drivers\bcbus.sys [2010-3-18 81984]
R2 BCWipeSvc;BCWipe service;C:\Program Files (x86)\Jetico\BestCrypt\BCWipeSvc.exe [2010-3-18 95544]
R2 cpuz134;cpuz134;C:\Windows\System32\drivers\cpuz134_x64.sys [2012-7-4 21480]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2012-7-4 21992]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 139616]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-9-7 14984480]
R2 OS Selector;Acronis OS Selector activator;C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-5-25 2139536]
R2 PDFSFilter;PDFSFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2011-9-28 80400]
R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2011-6-30 1191408]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-8-18 414496]
R2 Time;Time;C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe [2013-8-30 10752]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-17 450848]
R3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-1-18 25632]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-1-17 66800]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech HD Webcam C510(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 mhk;mhk;C:\Windows\System32\drivers\mhk.sys [2010-3-18 16872]
R3 moh;moh;C:\Windows\System32\drivers\moh.sys [2010-3-18 12776]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-7-18 366600]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-4-27 83080]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-4-27 184968]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-9-7 39712]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2013-1-22 13368]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 anvsnddrv;AnvSoft Virtual Sound Device;C:\Windows\System32\drivers\anvsnddrv.sys [2013-2-14 33872]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2012-9-13 19032]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2012-9-13 12384]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-25 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2012-7-26 31800]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-25 57856]
S4 BCSWAP;BCSWAP;C:\Windows\System32\drivers\bcswap.sys [2010-3-18 101952]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .txt: NFOPad=C:\Program Files (x86)\NFOPad\NFOPad.exe "%1"
.
=============== Created Last 30 ================
.
2013-09-08 00:01:34    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-09-07 23:38:44    --------    d-----w-    C:\Windows\pss
2013-09-07 23:13:23    --------    d-----w-    C:\Windows\ERUNT
2013-09-07 22:03:39    965008    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C6563138-16FB-4CFC-99FE-5C7E30819355}\gapaengine.dll
2013-09-07 22:03:37    9515512    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5DAECB9C-B357-43CB-A606-74CF683AF76B}\mpengine.dll
2013-09-07 22:02:24    --------    d-----w-    C:\Program Files (x86)\Microsoft Security Client
2013-09-07 22:02:23    --------    d-----w-    C:\Program Files\Microsoft Security Client
2013-09-07 21:49:48    920864    ----a-w-    C:\Windows\System32\nvvsvc.exe
2013-09-07 21:49:48    6599968    ----a-w-    C:\Windows\System32\nvcpl.dll
2013-09-07 21:49:48    63776    ----a-w-    C:\Windows\System32\nvshext.dll
2013-09-07 21:49:48    3452192    ----a-w-    C:\Windows\System32\nvsvc64.dll
2013-09-07 21:49:48    3319709    ----a-w-    C:\Windows\System32\nvcoproc.bin
2013-09-07 21:49:48    219424    ----a-w-    C:\Windows\System32\nvmctray.dll
2013-09-07 21:49:39    61216    ----a-w-    C:\Windows\System32\OpenCL.dll
2013-09-07 21:49:39    53024    ----a-w-    C:\Windows\SysWow64\OpenCL.dll
2013-09-07 21:41:47    0    ----a-w-    C:\Windows\SysWow64\sppsvc.exe
2013-09-07 21:41:47    0    ----a-w-    C:\Windows\SysWow64\conhost.exe
2013-09-07 21:41:46    0    ----a-w-    C:\Windows\SysWow64\wfc.exe
2013-09-07 21:41:46    0    ----a-w-    C:\Windows\SysWow64\taskhost.exe
2013-09-07 21:41:46    0    ----a-w-    C:\Windows\SysWow64\spoolsv.exe
2013-09-07 21:41:46    0    ----a-w-    C:\Windows\SysWow64\dwm.exe
2013-09-07 21:41:30    0    ----a-w-    C:\Windows\SysWow64\winlogon.exe
2013-09-07 21:41:30    0    ----a-w-    C:\Windows\SysWow64\smss.exe
2013-09-07 21:41:30    0    ----a-w-    C:\Windows\SysWow64\services.exe
2013-09-07 21:41:30    0    ----a-w-    C:\Windows\SysWow64\nvvsvc.exe
2013-09-07 21:41:30    0    ----a-w-    C:\Windows\SysWow64\lsm.exe
2013-09-07 21:41:30    0    ----a-w-    C:\Windows\SysWow64\lsass.exe
2013-09-07 21:41:30    0    ----a-w-    C:\Windows\SysWow64\csrss.exe
2013-09-06 15:34:28    9515512    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D768640C-2E78-40E1-9437-20B8BC56C962}\mpengine.dll
2013-09-05 00:17:52    --------    d-----w-    C:\AdwCleaner
2013-09-01 02:01:17    --------    d-----w-    C:\ProgramData\vsosdk
2013-09-01 01:34:00    --------    d-----w-    C:\ProgramData\VSO
2013-09-01 01:29:59    82816    ----a-w-    C:\Users\Brad\AppData\Roaming\pcouffin.sys
2013-08-31 02:08:43    --------    d-----w-    C:\ProgramData\Steam
2013-08-31 01:57:31    --------    d-----w-    C:\Program Files (x86)\Saints Row IV
2013-08-31 01:57:13    49664    ----a-w-    C:\ProgramData\Microsoft\Windows\Time\w9xpopen.exe
2013-08-31 01:57:13    43008    ----a-w-    C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe
2013-08-31 01:57:13    24064    ----a-w-    C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe
2013-08-31 01:57:13    2303488    ----a-w-    C:\ProgramData\Microsoft\Windows\Time\python27.dll
2013-08-31 01:57:13    10752    ----a-w-    C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe
2013-08-31 01:57:12    569680    ----a-w-    C:\ProgramData\Microsoft\Windows\Time\msvcp90.dll
2013-08-31 01:57:12    219648    ----a-w-    C:\ProgramData\Microsoft\Windows\Time\boost_python-vc90-mt-1_48.dll
2013-08-27 03:17:20    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-27 03:17:20    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-26 17:02:58    --------    d-----w-    C:\Program Files\Vuze
2013-08-26 04:45:46    --------    d-----w-    C:\NvidiaLogging
2013-08-26 04:45:33    29984    ----a-w-    C:\Windows\System32\SETC12D.tmp
2013-08-26 04:38:04    972712    ----a-w-    C:\Windows\System32\deployJava1.dll
2013-08-26 04:38:03    108968    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2013-08-24 07:11:55    --------    d-----w-    C:\Program Files\PeerBlock
2013-08-21 20:12:03    --------    d-----w-    C:\Users\Brad\AppData\Local\Slick Savings
2013-08-20 05:55:32    --------    d-----w-    C:\Program Files (x86)\Samsung Magician
2013-08-18 21:58:20    571168    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe
2013-08-17 18:26:29    3913664    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-08-17 18:26:28    5550528    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-08-17 18:26:28    3968960    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-17 18:26:28    243712    ----a-w-    C:\Windows\System32\wow64.dll
2013-08-17 18:26:28    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2013-08-17 18:26:28    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-08-17 18:26:27    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-08-17 18:26:27    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-08-17 18:26:27    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-08-17 18:26:27    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-08-17 18:26:27    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-08-16 18:07:49    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-08-16 18:04:33    224256    ----a-w-    C:\Windows\System32\wintrust.dll
.
==================== Find3M  ====================
.
2013-08-26 04:38:00    1093032    ----a-w-    C:\Windows\System32\npDeployJava1.dll
2013-07-26 05:13:37    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-07-26 05:12:08    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-07-26 03:13:24    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54    1888768    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27    1620992    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-07-19 01:41:01    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-07-18 17:15:12    39712    ----a-w-    C:\Windows\System32\drivers\nvvad64v.sys
2013-07-18 17:15:08    29984    ----a-w-    C:\Windows\System32\nvaudcap64v.dll
2013-07-18 17:15:06    28448    ----a-w-    C:\Windows\SysWow64\nvaudcap32v.dll
2013-07-09 05:51:16    1217024    ----a-w-    C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20    1472512    ----a-w-    C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33    663552    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10    175104    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31    1166848    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-07-09 04:45:07    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-07-06 06:03:53    1910208    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-06-23 23:29:22    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-23 23:29:22    867240    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-06-23 23:29:22    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-06-19 04:50:08    247216    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys
2013-06-19 04:50:08    139616    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
2013-06-16 12:38:18    31520    ----a-w-    C:\Windows\System32\nvhdap64.dll
2013-06-16 12:38:15    196384    ----a-w-    C:\Windows\System32\drivers\nvhda64v.sys
2013-06-15 04:32:16    39936    ----a-w-    C:\Windows\System32\drivers\tssecsrv.sys
.
============= FINISH: 17:29:29.70 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 artnude

artnude
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 PM

Posted 09 September 2013 - 02:18 AM

On a side note, I just noticed that one of the instances of conhost, the one that is causing the problem is listed under my username.

The valid instance is listed under "system".

Both files appear to originate from the system32 folder.

I just got a charge on my debit card that I do not remember making from a company that says my account is inactive as I haven't used them for a few years.

I have changed my account information but I am afraid I have been hacked.

I am writing this from another computer as I am afraid to go online with that one.

The problem is I can't access most of my email accounts from this puter.

I can only access one and it is not the one I signed up on.

I guess I will periodically go online with the infected puter to check emails till I get a response.

Having a hard time trusting anything I receive right now.

Big thanks in advance to anyone who may reply to this.



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,659 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:04 PM

Posted 12 September 2013 - 07:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/507093 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 artnude

artnude
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 PM

Posted 12 September 2013 - 08:04 PM

Yes, I still need help.

Canohost.exe under my user starts about 5 minutes after a reboot causing my graphics card to run at 98%.

When I end the process it goes back to normal.

I have scanned with avast, MSE, Malwarebytes and an online scanner but nothing is found.

 

Here is the new DDS log that I just made

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16686
Run by Brad at 17:56:44 on 2013-09-12
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.24567.21851 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files (x86)\Jetico\BestCrypt\BCWipeSvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files (x86)\Jetico\BestCrypt\BCWipeTM.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Windows\System32\wfc.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Privoxy\privoxy.exe
C:\PROGRA~2\Jetico\BESTCR~1\BCResident.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Jetico\BestCrypt\BCWipeTM.exe
C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.yahoo.com/?type=994519&fr=spigot-yhp-ie
uProxyOverride = <local>
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Steam] "C:\Program Files (x86)\steam1\Steam.exe" -silent
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [BCWipeTM Startup] "C:\Program Files (x86)\Jetico\BestCrypt\BCWipeTM.exe" startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
StartupFolder: C:\Users\Brad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~1.LNK - C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BESTCR~1.LNK - C:\Program Files (x86)\Jetico\BestCrypt\BestCrypt.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Privoxy.lnk - C:\Program Files (x86)\Privoxy\privoxy.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 68.116.46.115 24.205.192.61 24.205.224.36
TCP: Interfaces\{4F5DA580-B7C8-43DE-9DEB-D0DABA9CB699} : DHCPNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\ese3if2r.default\
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
FF - prefs.js: browser.startup.homepage - hxxp://www.huffingtonpost.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
.
============= SERVICES / DRIVERS ===============
.
R0 bcfnt;bcfnt;C:\Windows\System32\drivers\bcfnt.sys [2010-3-18 187456]
R0 fsh;fsh;C:\Windows\System32\drivers\fsh.sys [2010-3-18 55872]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\System32\drivers\mv91cons.sys [2011-3-14 24880]
R0 SI3124;SiI-3124 SATALink Controller;C:\Windows\System32\drivers\SI3124.sys [2007-11-20 92200]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2012-8-2 210016]
R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\System32\drivers\vsflt53.sys [2012-8-2 141920]
R1 BC_3DES;BC_3DES;C:\Windows\System32\drivers\bc_3des.sys [2010-3-18 34368]
R1 BC_BF128;BC_BF128;C:\Windows\System32\drivers\bc_bf128.sys [2010-3-18 30784]
R1 BC_BF448;BC_BF448;C:\Windows\System32\drivers\bc_bf448.sys [2010-3-18 30784]
R1 BC_BFish;BC_BFish;C:\Windows\System32\drivers\bc_bfish.sys [2010-3-18 30272]
R1 BC_CAST;BC_CAST;C:\Windows\System32\drivers\bc_cast.sys [2010-3-18 37440]
R1 BC_DES;BC_DES;C:\Windows\System32\drivers\bc_des.sys [2010-3-18 33856]
R1 BC_Gost;BC_Gost;C:\Windows\System32\drivers\bc_gost.sys [2010-3-18 25664]
R1 BC_IDEA;BC_IDEA;C:\Windows\System32\drivers\bc_idea.sys [2010-3-18 27712]
R1 BC_RC6;BC_RC6;C:\Windows\System32\drivers\bc_rc6.sys [2010-3-18 30272]
R1 BC_RIJN;BC_RIJN;C:\Windows\System32\drivers\bc_rijn.sys [2010-3-18 51264]
R1 BC_SERP;BC_SERP;C:\Windows\System32\drivers\bc_serp.sys [2010-3-18 36928]
R1 BC_TFISH;BC_TFISH;C:\Windows\System32\drivers\bc_tfish.sys [2010-3-18 34368]
R1 bcbus;BestCrypt bus driver;C:\Windows\System32\drivers\bcbus.sys [2010-3-18 81984]
R2 BCWipeSvc;BCWipe service;C:\Program Files (x86)\Jetico\BestCrypt\BCWipeSvc.exe [2010-3-18 95544]
R2 cpuz134;cpuz134;C:\Windows\System32\drivers\cpuz134_x64.sys [2012-7-4 21480]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2012-7-4 21992]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-9-7 14984480]
R2 OS Selector;Acronis OS Selector activator;C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-5-25 2139536]
R2 PDFSFilter;PDFSFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2011-9-28 80400]
R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2011-6-30 1191408]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-8-18 414496]
R2 Time;Time;C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe [2013-8-30 10752]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-17 450848]
R3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-1-18 25632]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-1-17 66800]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech HD Webcam C510(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 mhk;mhk;C:\Windows\System32\drivers\mhk.sys [2010-3-18 16872]
R3 moh;moh;C:\Windows\System32\drivers\moh.sys [2010-3-18 12776]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-4-27 83080]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-4-27 184968]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-9-7 39712]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 anvsnddrv;AnvSoft Virtual Sound Device;C:\Windows\System32\drivers\anvsnddrv.sys [2013-2-14 33872]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 139616]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-7-18 366600]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2012-9-13 19032]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2012-9-13 12384]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-25 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2012-7-26 31800]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-25 57856]
S4 BCSWAP;BCSWAP;C:\Windows\System32\drivers\bcswap.sys [2010-3-18 101952]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .txt: NFOPad=C:\Program Files (x86)\NFOPad\NFOPad.exe "%1"
.
=============== Created Last 30 ================
.
2013-09-13 00:46:29    9515512    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CD08238D-0426-4B57-A9DE-DBC036A3335C}\mpengine.dll
2013-09-13 00:46:17    --------    d-----w-    C:\Users\Brad\AppData\Local\{AFA050D8-CFB2-4375-80CC-4E28A18035BA}
2013-09-12 04:39:01    --------    d-----w-    C:\Users\Brad\AppData\Local\{4B98DAE5-01BD-41DC-90D5-317E284D66B0}
2013-09-12 00:17:11    9515512    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-11 16:38:26    --------    d-----w-    C:\Users\Brad\AppData\Local\{5684E448-2468-453A-9AB9-D6A68A3AF840}
2013-09-11 04:38:02    --------    d-----w-    C:\Users\Brad\AppData\Local\{EF113932-E511-47A2-8547-7FC3ABF14FC7}
2013-09-10 19:21:51    3968960    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-09-10 16:37:28    --------    d-----w-    C:\Users\Brad\AppData\Local\{9DB73336-0AB3-4E02-A4B5-57EE9D10B093}
2013-09-10 04:36:53    --------    d-----w-    C:\Users\Brad\AppData\Local\{34F78148-8B34-4C18-BAA4-5DA59313E1CE}
2013-09-09 16:36:42    --------    d-----w-    C:\Users\Brad\AppData\Local\{B474CAD5-6263-4E56-BBBE-DB9A33A5DA06}
2013-09-09 04:36:06    --------    d-----w-    C:\Users\Brad\AppData\Local\{034A4AEC-830C-4F2A-B308-B9B690FEC82F}
2013-09-08 16:35:41    --------    d-----w-    C:\Users\Brad\AppData\Local\{40116081-EABF-4987-B6F8-917485791FFF}
2013-09-08 04:12:36    --------    d-----w-    C:\Users\Brad\AppData\Local\{E42A75DD-147D-462D-A864-DCFA9981227D}
2013-09-08 00:01:34    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-09-07 23:38:44    --------    d-----w-    C:\Windows\pss
2013-09-07 23:13:23    --------    d-----w-    C:\Windows\ERUNT
2013-09-07 22:03:39    965008    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C6563138-16FB-4CFC-99FE-5C7E30819355}\gapaengine.dll
2013-09-07 22:02:24    --------    d-----w-    C:\Program Files (x86)\Microsoft Security Client
2013-09-07 22:02:23    --------    d-----w-    C:\Program Files\Microsoft Security Client
2013-09-07 21:49:48    920864    ----a-w-    C:\Windows\System32\nvvsvc.exe
2013-09-07 21:49:48    6599968    ----a-w-    C:\Windows\System32\nvcpl.dll
2013-09-07 21:49:48    63776    ----a-w-    C:\Windows\System32\nvshext.dll
2013-09-07 21:49:48    3452192    ----a-w-    C:\Windows\System32\nvsvc64.dll
2013-09-07 21:49:48    3319709    ----a-w-    C:\Windows\System32\nvcoproc.bin
2013-09-07 21:49:48    219424    ----a-w-    C:\Windows\System32\nvmctray.dll
2013-09-07 21:49:39    61216    ----a-w-    C:\Windows\System32\OpenCL.dll
2013-09-07 21:49:39    53024    ----a-w-    C:\Windows\SysWow64\OpenCL.dll
2013-09-07 21:41:47    0    ----a-w-    C:\Windows\SysWow64\sppsvc.exe
2013-09-07 21:41:47    0    ----a-w-    C:\Windows\SysWow64\conhost.exe
2013-09-07 21:41:46    0    ----a-w-    C:\Windows\SysWow64\wfc.exe
2013-09-07 21:41:46    0    ----a-w-    C:\Windows\SysWow64\taskhost.exe
2013-09-07 21:41:46    0    ----a-w-    C:\Windows\SysWow64\spoolsv.exe
2013-09-07 21:41:46    0    ----a-w-    C:\Windows\SysWow64\dwm.exe
2013-09-07 21:41:30    0    ----a-w-    C:\Windows\SysWow64\winlogon.exe
2013-09-07 21:41:30    0    ----a-w-    C:\Windows\SysWow64\smss.exe
2013-09-07 21:41:30    0    ----a-w-    C:\Windows\SysWow64\services.exe
2013-09-07 21:41:30    0    ----a-w-    C:\Windows\SysWow64\nvvsvc.exe
2013-09-07 21:41:30    0    ----a-w-    C:\Windows\SysWow64\lsm.exe
2013-09-07 21:41:30    0    ----a-w-    C:\Windows\SysWow64\lsass.exe
2013-09-07 21:41:30    0    ----a-w-    C:\Windows\SysWow64\csrss.exe
2013-09-06 15:34:28    9515512    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D768640C-2E78-40E1-9437-20B8BC56C962}\mpengine.dll
2013-09-05 00:17:52    --------    d-----w-    C:\AdwCleaner
2013-09-01 02:01:17    --------    d-----w-    C:\ProgramData\vsosdk
2013-09-01 01:34:00    --------    d-----w-    C:\ProgramData\VSO
2013-09-01 01:29:59    82816    ----a-w-    C:\Users\Brad\AppData\Roaming\pcouffin.sys
2013-08-31 02:08:43    --------    d-----w-    C:\ProgramData\Steam
2013-08-31 01:57:31    --------    d-----w-    C:\Program Files (x86)\Saints Row IV
2013-08-31 01:57:13    49664    ----a-w-    C:\ProgramData\Microsoft\Windows\Time\w9xpopen.exe
2013-08-31 01:57:13    43008    ----a-w-    C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe
2013-08-31 01:57:13    24064    ----a-w-    C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe
2013-08-31 01:57:13    2303488    ----a-w-    C:\ProgramData\Microsoft\Windows\Time\python27.dll
2013-08-31 01:57:13    10752    ----a-w-    C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe
2013-08-31 01:57:12    569680    ----a-w-    C:\ProgramData\Microsoft\Windows\Time\msvcp90.dll
2013-08-31 01:57:12    219648    ----a-w-    C:\ProgramData\Microsoft\Windows\Time\boost_python-vc90-mt-1_48.dll
2013-08-27 03:17:20    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-27 03:17:20    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-26 17:02:58    --------    d-----w-    C:\Program Files\Vuze
2013-08-26 04:45:46    --------    d-----w-    C:\NvidiaLogging
2013-08-26 04:45:33    29984    ----a-w-    C:\Windows\System32\SETC12D.tmp
2013-08-26 04:38:04    972712    ----a-w-    C:\Windows\System32\deployJava1.dll
2013-08-26 04:38:03    108968    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2013-08-24 07:11:55    --------    d-----w-    C:\Program Files\PeerBlock
2013-08-21 20:12:03    --------    d-----w-    C:\Users\Brad\AppData\Local\Slick Savings
2013-08-20 05:55:32    --------    d-----w-    C:\Program Files (x86)\Samsung Magician
2013-08-18 21:58:20    571168    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe
2013-08-16 18:04:33    224256    ----a-w-    C:\Windows\System32\wintrust.dll
.
==================== Find3M  ====================
.
2013-08-26 04:38:00    1093032    ----a-w-    C:\Windows\System32\npDeployJava1.dll
2013-08-10 05:22:18    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-08-10 05:20:59    3959296    ----a-w-    C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09    2876928    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-08-10 03:58:06    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-08-10 03:17:38    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-08-10 03:07:50    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-08-10 02:27:59    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-08 01:20:43    3155456    ----a-w-    C:\Windows\System32\win32k.sys
2013-08-05 02:25:45    155584    ----a-w-    C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:23:53    5550528    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03    243712    ----a-w-    C:\Windows\System32\wow64.dll
2013-08-02 02:15:03    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34    424448    ----a-w-    C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30    3913664    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42    274944    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17    338432    ----a-w-    C:\Windows\System32\conhost.exe
2013-08-02 00:59:09    112640    ----a-w-    C:\Windows\System32\smss.exe
2013-08-02 00:45:37    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05    6144    ---ha-w-    C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05    4608    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54    1888768    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27    1620992    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-07-19 01:41:01    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-07-18 17:15:12    39712    ----a-w-    C:\Windows\System32\drivers\nvvad64v.sys
2013-07-18 17:15:08    29984    ----a-w-    C:\Windows\System32\nvaudcap64v.dll
2013-07-18 17:15:06    28448    ----a-w-    C:\Windows\SysWow64\nvaudcap32v.dll
2013-07-09 05:51:16    1217024    ----a-w-    C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20    1472512    ----a-w-    C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33    663552    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10    175104    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31    1166848    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-07-06 06:03:53    1910208    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-06-23 23:29:22    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-23 23:29:22    867240    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-06-23 23:29:22    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-06-19 04:50:08    247216    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys
2013-06-19 04:50:08    139616    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
2013-06-16 12:38:18    31520    ----a-w-    C:\Windows\System32\nvhdap64.dll
2013-06-16 12:38:15    196384    ----a-w-    C:\Windows\System32\drivers\nvhda64v.sys
2013-06-15 04:32:16    39936    ----a-w-    C:\Windows\System32\drivers\tssecsrv.sys
.
============= FINISH: 17:56:54.03 ===============
 

 

Attached Files



#5 artnude

artnude
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 PM

Posted 13 September 2013 - 12:42 AM

On one part of the site it says I need to zip the attached file but the site will not allow me to attach a zipped file so I just attached the text file.

I am assuming this is not the reason I have gotten no help but more probably, that nobody has a solution.

I did a lot of searching before i came here for help.

I know I am not the only one with this problem.

I also know I have found no solutions for this problem.

It may seem minor and it probably is but my computer is doing something it should not be doing and i am sure there is a reason for this.

The part that really worries me is that it may be doing something else that I am unaware of.

If you guys can't figure it out I guess I will trash the drive and buy a new one.

Of course I would rather not do that.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:04 PM

Posted 13 September 2013 - 09:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

conhost.exe is often related to some InfoStealer malware. Change all your passwords.

You can download these tools to a CD or Flash driver and copy them to the desktop of the infected computer.

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#7 artnude

artnude
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 PM

Posted 13 September 2013 - 08:02 PM

Here is the rogue killer log

 

RogueKiller V8.6.11 _x64_ [Sep 11 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Brad [Admin rights]
Mode : Remove -- Date : 09/13/2013 17:31:26
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG SSD 830 Series SCSI Disk Device +++++
--- User ---
[MBR] 98db7f7989d68f77024055ac6ca31542
[BSP] 98613fda9827068405fd07ecf5556378 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 219824 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: SAMSUNG SSD 830 Series SCSI Disk Device +++++
--- User ---
[MBR] d1f5805ee1d4b4493a1ea31afd0951b1
[BSP] 4abfdb72e8d4bcc4306ad61bdd5f844f : Legit.C MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 1907729 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_D_09132013_173126.txt >>
RKreport[0]_S_09132013_173102.txt


 

here is the adwcleaner report

 

# AdwCleaner v3.003 - Report created 13/09/2013 at 17:37:38
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Brad - BRAD-MASTER
# Running from : C:\Users\Brad\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\ese3if2r.default\prefs.js ]


-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2373 octets] - [04/09/2013 17:17:55]
AdwCleaner[R1].txt - [1022 octets] - [04/09/2013 17:42:04]
AdwCleaner[R2].txt - [1143 octets] - [07/09/2013 16:21:42]
AdwCleaner[R3].txt - [1263 octets] - [07/09/2013 16:53:46]
AdwCleaner[R4].txt - [1373 octets] - [13/09/2013 17:33:27]
AdwCleaner[R5].txt - [1434 octets] - [13/09/2013 17:36:24]
AdwCleaner[S0].txt - [2431 octets] - [04/09/2013 17:18:59]
AdwCleaner[S1].txt - [1084 octets] - [04/09/2013 17:43:56]
AdwCleaner[S2].txt - [1205 octets] - [07/09/2013 16:22:28]
AdwCleaner[S3].txt - [1325 octets] - [07/09/2013 16:54:24]
AdwCleaner[S4].txt - [1355 octets] - [13/09/2013 17:37:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1415 octets] ##########

 

 

Here is the JRT report

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.0 (09.12.2013:1)
OS: Windows 7 Ultimate x64
Ran by Brad on Fri 09/13/2013 at 17:50:32.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Brad\appdata\local\slick savings"
Successfully deleted: [Empty Folder] C:\Users\Brad\appdata\local\{034A4AEC-830C-4F2A-B308-B9B690FEC82F}
Successfully deleted: [Empty Folder] C:\Users\Brad\appdata\local\{34F78148-8B34-4C18-BAA4-5DA59313E1CE}
Successfully deleted: [Empty Folder] C:\Users\Brad\appdata\local\{40116081-EABF-4987-B6F8-917485791FFF}
Successfully deleted: [Empty Folder] C:\Users\Brad\appdata\local\{4B98DAE5-01BD-41DC-90D5-317E284D66B0}
Successfully deleted: [Empty Folder] C:\Users\Brad\appdata\local\{5684E448-2468-453A-9AB9-D6A68A3AF840}
Successfully deleted: [Empty Folder] C:\Users\Brad\appdata\local\{9DB73336-0AB3-4E02-A4B5-57EE9D10B093}
Successfully deleted: [Empty Folder] C:\Users\Brad\appdata\local\{AFA050D8-CFB2-4375-80CC-4E28A18035BA}
Successfully deleted: [Empty Folder] C:\Users\Brad\appdata\local\{B474CAD5-6263-4E56-BBBE-DB9A33A5DA06}
Successfully deleted: [Empty Folder] C:\Users\Brad\appdata\local\{E42A75DD-147D-462D-A864-DCFA9981227D}
Successfully deleted: [Empty Folder] C:\Users\Brad\appdata\local\{ED01D6AF-9DE7-4926-AD42-67A123A0654C}
Successfully deleted: [Empty Folder] C:\Users\Brad\appdata\local\{EF113932-E511-47A2-8547-7FC3ABF14FC7}



~~~ FireFox

Emptied folder: C:\Users\Brad\AppData\Roaming\mozilla\firefox\profiles\ese3if2r.default\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 09/13/2013 at 17:51:42.01
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

After running all three the problem is still there.

I have also noticed odd shutdowns and it has trouble restarting.

I figured maybe my power supply might be getting buggy but wanted to see if we could find anything before making a large purchase.

It will try to restart and shutdown immediately over and over.

One day I noticed if I disconnected a couple drives it would start up.

This last time I had to disconnect almost all my drives to get it to boot.

I Normally run 12 drives but these scans were done with only two hooked up due to booting problems

I just want to thank you for spending your time trying to help me.

I really appreciate it.


Edited by artnude, 14 September 2013 - 01:00 AM.


#8 artnude

artnude
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 PM

Posted 13 September 2013 - 08:33 PM

I don't know if this is helpful but after running the programs, the instance of conhost, the valid one that used to run under username SYSTEM now has no username and the one that makes my vid card go buggy still runs under my username.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:04 PM

Posted 14 September 2013 - 09:23 AM

Run these programs and post the logs for my review.

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
  • Note:
    Do not mouse click ComboFix's window while it's running. That may cause it to stall


    Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

    Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
    ==============


#10 artnude

artnude
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 PM

Posted 14 September 2013 - 12:35 PM

Here is the tdsskiller log

 

10:05:15.0605 1420  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:05:16.0182 1420  ============================================================
10:05:16.0182 1420  Current date / time: 2013/09/14 10:05:16.0182
10:05:16.0182 1420  SystemInfo:
10:05:16.0182 1420  
10:05:16.0182 1420  OS Version: 6.1.7601 ServicePack: 1.0
10:05:16.0182 1420  Product type: Workstation
10:05:16.0182 1420  ComputerName: BRAD-MASTER
10:05:16.0182 1420  UserName: Brad
10:05:16.0182 1420  Windows directory: C:\Windows
10:05:16.0182 1420  System windows directory: C:\Windows
10:05:16.0182 1420  Running under WOW64
10:05:16.0182 1420  Processor architecture: Intel x64
10:05:16.0182 1420  Number of processors: 8
10:05:16.0182 1420  Page size: 0x1000
10:05:16.0182 1420  Boot type: Normal boot
10:05:16.0182 1420  ============================================================
10:05:16.0603 1420  Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:05:16.0603 1420  Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:05:16.0634 1420  ============================================================
10:05:16.0634 1420  \Device\Harddisk0\DR0:
10:05:16.0634 1420  MBR partitions:
10:05:16.0634 1420  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1AD58669
10:05:16.0634 1420  \Device\Harddisk1\DR1:
10:05:16.0634 1420  GPT partitions:
10:05:16.0634 1420  \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {EAD4F8B3-4636-4D1E-883B-0301D02326D3}, Name: , StartLBA 0x22, BlocksNum 0x40000
10:05:16.0634 1420  \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {F597014E-6017-4262-A7D3-74272D7DCE23}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0xE8DC8000
10:05:16.0634 1420  MBR partitions:
10:05:16.0634 1420  ============================================================
10:05:16.0634 1420  C: <-> \Device\Harddisk0\DR0\Partition1
10:05:16.0666 1420  E: <-> \Device\Harddisk1\DR1\Partition2
10:05:16.0666 1420  ============================================================
10:05:16.0666 1420  Initialize success
10:05:16.0666 1420  ============================================================
10:05:48.0209 3344  ============================================================
10:05:48.0209 3344  Scan started
10:05:48.0209 3344  Mode: Manual; SigCheck; TDLFS;
10:05:48.0209 3344  ============================================================
10:05:48.0474 3344  ================ Scan system memory ========================
10:05:48.0474 3344  System memory - ok
10:05:48.0474 3344  ================ Scan services =============================
10:05:48.0490 3344  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
10:05:48.0536 3344  1394ohci - ok
10:05:48.0552 3344  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
10:05:48.0552 3344  ACPI - ok
10:05:48.0568 3344  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
10:05:48.0583 3344  AcpiPmi - ok
10:05:48.0583 3344  [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs            C:\Windows\system32\drivers\adfs.sys
10:05:48.0599 3344  adfs - ok
10:05:48.0599 3344  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:05:48.0614 3344  AdobeARMservice - ok
10:05:48.0614 3344  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
10:05:48.0630 3344  adp94xx - ok
10:05:48.0630 3344  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
10:05:48.0646 3344  adpahci - ok
10:05:48.0646 3344  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
10:05:48.0661 3344  adpu320 - ok
10:05:48.0661 3344  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:05:48.0708 3344  AeLookupSvc - ok
10:05:48.0724 3344  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
10:05:48.0724 3344  AFD - ok
10:05:48.0739 3344  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
10:05:48.0739 3344  agp440 - ok
10:05:48.0739 3344  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
10:05:48.0755 3344  ALG - ok
10:05:48.0755 3344  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:05:48.0770 3344  aliide - ok
10:05:48.0770 3344  ALSysIO - ok
10:05:48.0786 3344  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
10:05:48.0786 3344  amdide - ok
10:05:48.0786 3344  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
10:05:48.0802 3344  AmdK8 - ok
10:05:48.0802 3344  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
10:05:48.0817 3344  AmdPPM - ok
10:05:48.0817 3344  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
10:05:48.0817 3344  amdsata - ok
10:05:48.0833 3344  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
10:05:48.0833 3344  amdsbs - ok
10:05:48.0833 3344  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
10:05:48.0848 3344  amdxata - ok
10:05:48.0848 3344  [ E71711D37C48AC40FD3E2866A5ABBA51 ] anvsnddrv       C:\Windows\system32\drivers\anvsnddrv.sys
10:05:48.0864 3344  anvsnddrv - ok
10:05:48.0864 3344  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
10:05:48.0911 3344  AppID - ok
10:05:48.0926 3344  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:05:48.0942 3344  AppIDSvc - ok
10:05:48.0942 3344  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
10:05:48.0958 3344  Appinfo - ok
10:05:48.0958 3344  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
10:05:48.0973 3344  AppMgmt - ok
10:05:48.0973 3344  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
10:05:48.0973 3344  arc - ok
10:05:48.0989 3344  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
10:05:48.0989 3344  arcsas - ok
10:05:49.0004 3344  [ F6BDA026E4157DC4E321CA391E9D9BC6 ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
10:05:49.0004 3344  AsIO - ok
10:05:49.0020 3344  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:05:49.0020 3344  aspnet_state - ok
10:05:49.0020 3344  [ 26D66E32E78D3059715B3A17BC679CD9 ] AsUpIO          C:\Windows\syswow64\drivers\AsUpIO.sys
10:05:49.0036 3344  AsUpIO - ok
10:05:49.0036 3344  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:05:49.0051 3344  AsyncMac - ok
10:05:49.0067 3344  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
10:05:49.0067 3344  atapi - ok
10:05:49.0082 3344  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:05:49.0098 3344  AudioEndpointBuilder - ok
10:05:49.0114 3344  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
10:05:49.0129 3344  AudioSrv - ok
10:05:49.0145 3344  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:05:49.0160 3344  AxInstSV - ok
10:05:49.0160 3344  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
10:05:49.0176 3344  b06bdrv - ok
10:05:49.0192 3344  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
10:05:49.0192 3344  b57nd60a - ok
10:05:49.0192 3344  [ 8C71086E6313C03636B8187FBFC8F627 ] bcbus           C:\Windows\system32\DRIVERS\bcbus.sys
10:05:49.0207 3344  bcbus - ok
10:05:49.0223 3344  [ F5109B77DF605D272B6F326D0B2BBB3A ] bcfnt           C:\Windows\system32\drivers\bcfnt.sys
10:05:49.0238 3344  bcfnt - ok
10:05:49.0238 3344  [ F2A12DA12AA071A63F4E49137237A099 ] BCSWAP          C:\Windows\system32\drivers\BCSWAP.sys
10:05:49.0254 3344  BCSWAP - ok
10:05:49.0254 3344  [ FF8047C0B95C4E11442C75368BA3A582 ] BCWipeSvc       C:\Program Files (x86)\Jetico\BestCrypt\BCWipeSvc.exe
10:05:49.0270 3344  BCWipeSvc - ok
10:05:49.0270 3344  [ D9AA4CFE38D62FC18576D84D49C244F5 ] BC_3DES         C:\Windows\system32\drivers\BC_3DES.sys
10:05:49.0285 3344  BC_3DES - ok
10:05:49.0285 3344  [ 34CA67729B9117385D4824940D719F9D ] BC_BF128        C:\Windows\system32\drivers\BC_BF128.sys
10:05:49.0301 3344  BC_BF128 - ok
10:05:49.0301 3344  [ D20B03DF1B41E265E7842E5C7DCC1A22 ] BC_BF448        C:\Windows\system32\drivers\BC_BF448.sys
10:05:49.0316 3344  BC_BF448 - ok
10:05:49.0316 3344  [ C0500F01DA2D5E0EE5E5DF79C1FC1262 ] BC_BFish        C:\Windows\system32\drivers\BC_BFish.sys
10:05:49.0332 3344  BC_BFish - ok
10:05:49.0332 3344  [ 345B68AFD97999193BFF776899DD62FA ] BC_CAST         C:\Windows\system32\drivers\BC_CAST.sys
10:05:49.0348 3344  BC_CAST - ok
10:05:49.0348 3344  [ EF266E37D139EB64C48FA8696B219FC6 ] BC_DES          C:\Windows\system32\drivers\BC_DES.sys
10:05:49.0363 3344  BC_DES - ok
10:05:49.0363 3344  [ CE0A22BD3BE0CCFBD29BA26A6FD2DBAF ] BC_Gost         C:\Windows\system32\drivers\BC_Gost.sys
10:05:49.0379 3344  BC_Gost - ok
10:05:49.0379 3344  [ 08B593871A2671E2B8F8116D1E0B9CBD ] BC_IDEA         C:\Windows\system32\drivers\BC_IDEA.sys
10:05:49.0394 3344  BC_IDEA - ok
10:05:49.0394 3344  [ 560C504CA41DACB3FC22FAFB498B428E ] BC_RC6          C:\Windows\system32\drivers\BC_RC6.sys
10:05:49.0410 3344  BC_RC6 - ok
10:05:49.0410 3344  [ 4E7B9A24E477DB2B9D84D1C5761D7697 ] BC_RIJN         C:\Windows\system32\drivers\BC_RIJN.sys
10:05:49.0426 3344  BC_RIJN - ok
10:05:49.0426 3344  [ 243E49F5028080BD25D94DF5BA28A942 ] BC_SERP         C:\Windows\system32\drivers\BC_SERP.sys
10:05:49.0441 3344  BC_SERP - ok
10:05:49.0441 3344  [ BD0261532882FAE63C197AF48EFF5B90 ] BC_TFISH        C:\Windows\system32\drivers\BC_TFISH.sys
10:05:49.0457 3344  BC_TFISH - ok
10:05:49.0457 3344  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
10:05:49.0472 3344  BDESVC - ok
10:05:49.0472 3344  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:05:49.0488 3344  Beep - ok
10:05:49.0504 3344  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
10:05:49.0535 3344  BFE - ok
10:05:49.0535 3344  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
10:05:49.0566 3344  BITS - ok
10:05:49.0582 3344  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
10:05:49.0582 3344  blbdrive - ok
10:05:49.0582 3344  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:05:49.0597 3344  bowser - ok
10:05:49.0597 3344  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:05:49.0613 3344  BrFiltLo - ok
10:05:49.0613 3344  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:05:49.0613 3344  BrFiltUp - ok
10:05:49.0628 3344  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
10:05:49.0644 3344  BridgeMP - ok
10:05:49.0644 3344  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
10:05:49.0660 3344  Browser - ok
10:05:49.0660 3344  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
10:05:49.0675 3344  Brserid - ok
10:05:49.0675 3344  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:05:49.0691 3344  BrSerWdm - ok
10:05:49.0691 3344  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:05:49.0706 3344  BrUsbMdm - ok
10:05:49.0706 3344  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:05:49.0706 3344  BrUsbSer - ok
10:05:49.0706 3344  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
10:05:49.0722 3344  BTHMODEM - ok
10:05:49.0722 3344  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
10:05:49.0753 3344  bthserv - ok
10:05:49.0753 3344  catchme - ok
10:05:49.0753 3344  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:05:49.0784 3344  cdfs - ok
10:05:49.0784 3344  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
10:05:49.0800 3344  cdrom - ok
10:05:49.0800 3344  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
10:05:49.0816 3344  CertPropSvc - ok
10:05:49.0816 3344  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
10:05:49.0831 3344  circlass - ok
10:05:49.0831 3344  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
10:05:49.0847 3344  CLFS - ok
10:05:49.0847 3344  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:05:49.0862 3344  clr_optimization_v2.0.50727_32 - ok
10:05:49.0862 3344  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:05:49.0878 3344  clr_optimization_v2.0.50727_64 - ok
10:05:49.0878 3344  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:05:49.0878 3344  clr_optimization_v4.0.30319_32 - ok
10:05:49.0894 3344  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:05:49.0894 3344  clr_optimization_v4.0.30319_64 - ok
10:05:49.0894 3344  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
10:05:49.0909 3344  CmBatt - ok
10:05:49.0909 3344  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:05:49.0925 3344  cmdide - ok
10:05:49.0925 3344  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
10:05:49.0940 3344  CNG - ok
10:05:49.0940 3344  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
10:05:49.0956 3344  Compbatt - ok
10:05:49.0956 3344  [ 59D203C3F46F3CA536ECAC0E084CD887 ] CompFilter64    C:\Windows\system32\DRIVERS\lvbflt64.sys
10:05:49.0956 3344  CompFilter64 - ok
10:05:49.0972 3344  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
10:05:49.0972 3344  CompositeBus - ok
10:05:49.0972 3344  COMSysApp - ok
10:05:49.0987 3344  [ 17719A7F571D4CD08223F0B30F71B8B8 ] cpuz134         C:\Windows\system32\drivers\cpuz134_x64.sys
10:05:49.0987 3344  cpuz134 - ok
10:05:49.0987 3344  [ 262969A3FAB32B9E17E63E2D17A57744 ] cpuz135         C:\Windows\system32\drivers\cpuz135_x64.sys
10:05:49.0987 3344  cpuz135 - ok
10:05:50.0003 3344  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
10:05:50.0003 3344  crcdisk - ok
10:05:50.0003 3344  [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:05:50.0034 3344  CryptSvc - ok
10:05:50.0034 3344  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
10:05:50.0065 3344  CSC - ok
10:05:50.0081 3344  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
10:05:50.0081 3344  CscService - ok
10:05:50.0096 3344  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:05:50.0128 3344  DcomLaunch - ok
10:05:50.0128 3344  [ 6EBCE114DD13E4D9CBFD520D4F4BBDA4 ] DefragFS        C:\Windows\system32\drivers\DefragFS.sys
10:05:50.0128 3344  DefragFS - ok
10:05:50.0143 3344  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
10:05:50.0159 3344  defragsvc - ok
10:05:50.0174 3344  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:05:50.0190 3344  DfsC - ok
10:05:50.0190 3344  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:05:50.0206 3344  Dhcp - ok
10:05:50.0206 3344  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
10:05:50.0237 3344  discache - ok
10:05:50.0237 3344  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
10:05:50.0237 3344  Disk - ok
10:05:50.0252 3344  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:05:50.0252 3344  Dnscache - ok
10:05:50.0268 3344  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
10:05:50.0284 3344  dot3svc - ok
10:05:50.0284 3344  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
10:05:50.0315 3344  DPS - ok
10:05:50.0315 3344  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:05:50.0330 3344  drmkaud - ok
10:05:50.0330 3344  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:05:50.0362 3344  DXGKrnl - ok
10:05:50.0362 3344  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
10:05:50.0377 3344  EapHost - ok
10:05:50.0408 3344  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
10:05:50.0440 3344  ebdrv - ok
10:05:50.0455 3344  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
10:05:50.0455 3344  EFS - ok
10:05:50.0471 3344  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
10:05:50.0486 3344  ehRecvr - ok
10:05:50.0486 3344  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
10:05:50.0502 3344  ehSched - ok
10:05:50.0502 3344  [ 9A47AC3DFCF81D30922CDAAF1C2D579F ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
10:05:50.0502 3344  ElbyCDIO - ok
10:05:50.0518 3344  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
10:05:50.0533 3344  elxstor - ok
10:05:50.0533 3344  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:05:50.0533 3344  ErrDev - ok
10:05:50.0549 3344  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
10:05:50.0580 3344  EventSystem - ok
10:05:50.0580 3344  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
10:05:50.0611 3344  exfat - ok
10:05:50.0611 3344  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:05:50.0642 3344  fastfat - ok
10:05:50.0642 3344  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
10:05:50.0658 3344  Fax - ok
10:05:50.0658 3344  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
10:05:50.0674 3344  fdc - ok
10:05:50.0674 3344  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
10:05:50.0689 3344  fdPHost - ok
10:05:50.0705 3344  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:05:50.0720 3344  FDResPub - ok
10:05:50.0720 3344  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:05:50.0736 3344  FileInfo - ok
10:05:50.0736 3344  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:05:50.0752 3344  Filetrace - ok
10:05:50.0752 3344  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
10:05:50.0767 3344  flpydisk - ok
10:05:50.0767 3344  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:05:50.0783 3344  FltMgr - ok
10:05:50.0798 3344  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
10:05:50.0814 3344  FontCache - ok
10:05:50.0814 3344  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:05:50.0830 3344  FontCache3.0.0.0 - ok
10:05:50.0830 3344  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
10:05:50.0830 3344  FsDepends - ok
10:05:50.0830 3344  [ C00C18ED2180E6109AF6F3A16C93FC32 ] fsh             C:\Windows\system32\drivers\fsh.sys
10:05:50.0845 3344  fsh - ok
10:05:50.0861 3344  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:05:50.0861 3344  Fs_Rec - ok
10:05:50.0861 3344  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:05:50.0876 3344  fvevol - ok
10:05:50.0876 3344  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
10:05:50.0892 3344  gagp30kx - ok
10:05:50.0908 3344  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
10:05:50.0923 3344  gpsvc - ok
10:05:50.0939 3344  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:05:50.0939 3344  gupdate - ok
10:05:50.0939 3344  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:05:50.0954 3344  gupdatem - ok
10:05:50.0954 3344  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:05:50.0954 3344  hcw85cir - ok
10:05:50.0970 3344  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:05:50.0970 3344  HdAudAddService - ok
10:05:50.0986 3344  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
10:05:50.0986 3344  HDAudBus - ok
10:05:51.0001 3344  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
10:05:51.0001 3344  HidBatt - ok
10:05:51.0001 3344  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
10:05:51.0017 3344  HidBth - ok
10:05:51.0017 3344  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
10:05:51.0032 3344  HidIr - ok
10:05:51.0032 3344  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
10:05:51.0048 3344  hidserv - ok
10:05:51.0064 3344  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:05:51.0064 3344  HidUsb - ok
10:05:51.0064 3344  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:05:51.0095 3344  hkmsvc - ok
10:05:51.0095 3344  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:05:51.0110 3344  HomeGroupListener - ok
10:05:51.0110 3344  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:05:51.0126 3344  HomeGroupProvider - ok
10:05:51.0126 3344  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
10:05:51.0126 3344  HpSAMD - ok
10:05:51.0142 3344  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:05:51.0173 3344  HTTP - ok
10:05:51.0173 3344  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:05:51.0173 3344  hwpolicy - ok
10:05:51.0173 3344  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
10:05:51.0188 3344  i8042prt - ok
10:05:51.0188 3344  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
10:05:51.0204 3344  iaStorV - ok
10:05:51.0220 3344  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:05:51.0235 3344  idsvc - ok
10:05:51.0235 3344  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
10:05:51.0251 3344  iirsp - ok
10:05:51.0251 3344  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
10:05:51.0282 3344  IKEEXT - ok
10:05:51.0282 3344  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
10:05:51.0298 3344  intelide - ok
10:05:51.0298 3344  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:05:51.0298 3344  intelppm - ok
10:05:51.0313 3344  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:05:51.0329 3344  IPBusEnum - ok
10:05:51.0329 3344  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:05:51.0360 3344  IpFilterDriver - ok
10:05:51.0360 3344  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:05:51.0376 3344  iphlpsvc - ok
10:05:51.0376 3344  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
10:05:51.0391 3344  IPMIDRV - ok
10:05:51.0391 3344  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
10:05:51.0422 3344  IPNAT - ok
10:05:51.0422 3344  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:05:51.0422 3344  IRENUM - ok
10:05:51.0438 3344  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:05:51.0438 3344  isapnp - ok
10:05:51.0438 3344  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
10:05:51.0454 3344  iScsiPrt - ok
10:05:51.0454 3344  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
10:05:51.0469 3344  kbdclass - ok
10:05:51.0469 3344  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
10:05:51.0485 3344  kbdhid - ok
10:05:51.0485 3344  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
10:05:51.0485 3344  KeyIso - ok
10:05:51.0485 3344  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:05:51.0500 3344  KSecDD - ok
10:05:51.0500 3344  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
10:05:51.0516 3344  KSecPkg - ok
10:05:51.0516 3344  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
10:05:51.0532 3344  ksthunk - ok
10:05:51.0547 3344  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:05:51.0563 3344  KtmRm - ok
10:05:51.0578 3344  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
10:05:51.0594 3344  LanmanServer - ok
10:05:51.0594 3344  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:05:51.0625 3344  LanmanWorkstation - ok
10:05:51.0625 3344  [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
10:05:51.0641 3344  LGBusEnum - ok
10:05:51.0641 3344  [ CDDC07D414B08FECD48E4940C29F483F ] LGSHidFilt      C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
10:05:51.0641 3344  LGSHidFilt - ok
10:05:51.0641 3344  [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
10:05:51.0656 3344  LGVirHid - ok
10:05:51.0656 3344  [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
10:05:51.0656 3344  LHidFilt - ok
10:05:51.0672 3344  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:05:51.0688 3344  lltdio - ok
10:05:51.0703 3344  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:05:51.0719 3344  lltdsvc - ok
10:05:51.0719 3344  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:05:51.0750 3344  lmhosts - ok
10:05:51.0750 3344  [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
10:05:51.0750 3344  LMouFilt - ok
10:05:51.0766 3344  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
10:05:51.0766 3344  LSI_FC - ok
10:05:51.0766 3344  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
10:05:51.0781 3344  LSI_SAS - ok
10:05:51.0781 3344  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:05:51.0797 3344  LSI_SAS2 - ok
10:05:51.0797 3344  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:05:51.0797 3344  LSI_SCSI - ok
10:05:51.0812 3344  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
10:05:51.0828 3344  luafv - ok
10:05:51.0828 3344  [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
10:05:51.0844 3344  LVRS64 - ok
10:05:51.0906 3344  [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
10:05:51.0968 3344  LVUVC64 - ok
10:05:51.0968 3344  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
10:05:51.0984 3344  Mcx2Svc - ok
10:05:51.0984 3344  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
10:05:51.0984 3344  megasas - ok
10:05:52.0000 3344  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
10:05:52.0000 3344  MegaSR - ok
10:05:52.0015 3344  [ 7571CE94352814C6A2C3D5E1BD187C2C ] mhk             C:\Windows\system32\drivers\mhk.sys
10:05:52.0015 3344  mhk - ok
10:05:52.0031 3344  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
10:05:52.0046 3344  MMCSS - ok
10:05:52.0046 3344  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
10:05:52.0078 3344  Modem - ok
10:05:52.0078 3344  [ 477E3698B85BFE72744306B8B9A9B30E ] moh             C:\Windows\system32\drivers\moh.sys
10:05:52.0093 3344  moh - ok
10:05:52.0093 3344  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:05:52.0093 3344  monitor - ok
10:05:52.0109 3344  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:05:52.0109 3344  mouclass - ok
10:05:52.0109 3344  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:05:52.0124 3344  mouhid - ok
10:05:52.0124 3344  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:05:52.0140 3344  mountmgr - ok
10:05:52.0140 3344  [ A35576A433F4AEB0D48976A004657CB6 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:05:52.0140 3344  MozillaMaintenance - ok
10:05:52.0156 3344  [ FC1D590039EF06A381768710E6C07E75 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
10:05:52.0156 3344  MpFilter - ok
10:05:52.0171 3344  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:05:52.0171 3344  mpio - ok
10:05:52.0171 3344  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:05:52.0202 3344  mpsdrv - ok
10:05:52.0218 3344  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:05:52.0234 3344  MpsSvc - ok
10:05:52.0249 3344  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:05:52.0265 3344  MRxDAV - ok
10:05:52.0265 3344  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:05:52.0265 3344  mrxsmb - ok
10:05:52.0280 3344  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:05:52.0280 3344  mrxsmb10 - ok
10:05:52.0296 3344  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:05:52.0296 3344  mrxsmb20 - ok
10:05:52.0296 3344  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
10:05:52.0312 3344  msahci - ok
10:05:52.0312 3344  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
10:05:52.0327 3344  msdsm - ok
10:05:52.0327 3344  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
10:05:52.0327 3344  MSDTC - ok
10:05:52.0343 3344  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:05:52.0358 3344  Msfs - ok
10:05:52.0358 3344  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
10:05:52.0390 3344  mshidkmdf - ok
10:05:52.0390 3344  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:05:52.0390 3344  msisadrv - ok
10:05:52.0405 3344  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:05:52.0421 3344  MSiSCSI - ok
10:05:52.0421 3344  msiserver - ok
10:05:52.0421 3344  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:05:52.0452 3344  MSKSSRV - ok
10:05:52.0452 3344  [ FD909D744ACFCF61CAC3A77854F8B301 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
10:05:52.0468 3344  MsMpSvc - ok
10:05:52.0468 3344  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:05:52.0483 3344  MSPCLOCK - ok
10:05:52.0499 3344  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:05:52.0514 3344  MSPQM - ok
10:05:52.0514 3344  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:05:52.0530 3344  MsRPC - ok
10:05:52.0530 3344  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
10:05:52.0546 3344  mssmbios - ok
10:05:52.0546 3344  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:05:52.0577 3344  MSTEE - ok
10:05:52.0577 3344  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
10:05:52.0577 3344  MTConfig - ok
10:05:52.0577 3344  [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
10:05:52.0592 3344  MTsensor - ok
10:05:52.0592 3344  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
10:05:52.0592 3344  Mup - ok
10:05:52.0608 3344  [ BAA293F089077FE71F855BA5649648D9 ] mv91cons        C:\Windows\system32\DRIVERS\mv91cons.sys
10:05:52.0608 3344  mv91cons - ok
10:05:52.0608 3344  [ A986DC81534582FA478C286E8F57A877 ] mvs91xx         C:\Windows\system32\DRIVERS\mvs91xx.sys
10:05:52.0624 3344  mvs91xx - ok
10:05:52.0624 3344  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
10:05:52.0655 3344  napagent - ok
10:05:52.0655 3344  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:05:52.0670 3344  NativeWifiP - ok
10:05:52.0686 3344  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:05:52.0702 3344  NDIS - ok
10:05:52.0702 3344  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
10:05:52.0733 3344  NdisCap - ok
10:05:52.0733 3344  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:05:52.0748 3344  NdisTapi - ok
10:05:52.0764 3344  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:05:52.0780 3344  Ndisuio - ok
10:05:52.0780 3344  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:05:52.0811 3344  NdisWan - ok
10:05:52.0811 3344  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:05:52.0826 3344  NDProxy - ok
10:05:52.0826 3344  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:05:52.0858 3344  NetBIOS - ok
10:05:52.0858 3344  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
10:05:52.0889 3344  NetBT - ok
10:05:52.0889 3344  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
10:05:52.0889 3344  Netlogon - ok
10:05:52.0904 3344  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
10:05:52.0920 3344  Netman - ok
10:05:52.0936 3344  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:05:52.0936 3344  NetMsmqActivator - ok
10:05:52.0936 3344  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:05:52.0951 3344  NetPipeActivator - ok
10:05:52.0951 3344  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
10:05:52.0982 3344  netprofm - ok
10:05:52.0982 3344  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:05:52.0982 3344  NetTcpActivator - ok
10:05:52.0998 3344  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:05:52.0998 3344  NetTcpPortSharing - ok
10:05:52.0998 3344  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
10:05:53.0014 3344  nfrd960 - ok
10:05:53.0014 3344  [ 8FB3C853E886E1E4D57271672486111C ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:05:53.0029 3344  NisDrv - ok
10:05:53.0029 3344  [ EC445A9F0FB52E5F467C156FFF6F6D93 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
10:05:53.0045 3344  NisSrv - ok
10:05:53.0045 3344  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:05:53.0060 3344  NlaSvc - ok
10:05:53.0060 3344  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:05:53.0076 3344  Npfs - ok
10:05:53.0092 3344  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
10:05:53.0107 3344  nsi - ok
10:05:53.0107 3344  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:05:53.0138 3344  nsiproxy - ok
10:05:53.0154 3344  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:05:53.0170 3344  Ntfs - ok
10:05:53.0185 3344  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
10:05:53.0201 3344  Null - ok
10:05:53.0201 3344  [ 285ACEC1B13A15BA520AAE06BACB9CFF ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
10:05:53.0216 3344  nusb3hub - ok
10:05:53.0216 3344  [ F6D625FF7B56BB6EA063F0D3A5BBC996 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
10:05:53.0216 3344  nusb3xhc - ok
10:05:53.0232 3344  [ 554964B900AE2954B8B589B6287034AC ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
10:05:53.0232 3344  NVHDA - ok
10:05:53.0341 3344  [ 537045E3B550F9508DE2D646ED782BA9 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:05:53.0482 3344  nvlddmkm - ok
10:05:53.0482 3344  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:05:53.0497 3344  nvraid - ok
10:05:53.0497 3344  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:05:53.0513 3344  nvstor - ok
10:05:53.0684 3344  [ 9ECD64455C05E0F4E398197E07E2BEA4 ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
10:05:53.0856 3344  NvStreamSvc - ok
10:05:53.0872 3344  [ DDE01526ECA01B9C781A755EC44BFC5E ] nvsvc           C:\Windows\system32\nvvsvc.exe
10:05:53.0887 3344  nvsvc - ok
10:05:53.0903 3344  [ BC120F98DCA622BE48D16B4A5714CA71 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:05:53.0934 3344  nvUpdatusService - ok
10:05:53.0934 3344  [ CF8027846B45FAF319AE86742B244713 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
10:05:53.0950 3344  nvvad_WaveExtensible - ok
10:05:53.0950 3344  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:05:53.0965 3344  nv_agp - ok
10:05:53.0965 3344  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:05:53.0965 3344  ohci1394 - ok
10:05:53.0996 3344  [ 05789653E0E42CC121EB558BD39F4EEB ] OS Selector     C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
10:05:54.0012 3344  OS Selector - ok
10:05:54.0028 3344  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:05:54.0043 3344  p2pimsvc - ok
10:05:54.0043 3344  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
10:05:54.0059 3344  p2psvc - ok
10:05:54.0059 3344  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
10:05:54.0059 3344  Parport - ok
10:05:54.0074 3344  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:05:54.0074 3344  partmgr - ok
10:05:54.0074 3344  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:05:54.0090 3344  PcaSvc - ok
10:05:54.0106 3344  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
10:05:54.0106 3344  pci - ok
10:05:54.0106 3344  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
10:05:54.0121 3344  pciide - ok
10:05:54.0121 3344  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
10:05:54.0137 3344  pcmcia - ok
10:05:54.0137 3344  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
10:05:54.0137 3344  pcw - ok
10:05:54.0152 3344  [ DF0DED21B6760B183267C0C7E9A141CD ] PDAgent         C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
10:05:54.0184 3344  PDAgent - ok
10:05:54.0215 3344  [ 7038D40D4450F0FA8F6168AC8F4D3FCD ] PDEngine        C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
10:05:54.0262 3344  PDEngine - ok
10:05:54.0262 3344  [ 1A9F1A7DF1E389D092F6514578D50F4F ] PDFSFilter      C:\Windows\system32\DRIVERS\PDFsFilter.sys
10:05:54.0262 3344  PDFSFilter - ok
10:05:54.0277 3344  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:05:54.0308 3344  PEAUTH - ok
10:05:54.0308 3344  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
10:05:54.0340 3344  PeerDistSvc - ok
10:05:54.0355 3344  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
10:05:54.0355 3344  PerfHost - ok
10:05:54.0371 3344  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
10:05:54.0402 3344  pla - ok
10:05:54.0418 3344  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:05:54.0433 3344  PlugPlay - ok
10:05:54.0433 3344  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
10:05:54.0433 3344  PNRPAutoReg - ok
10:05:54.0449 3344  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
10:05:54.0449 3344  PNRPsvc - ok
10:05:54.0464 3344  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:05:54.0480 3344  PolicyAgent - ok
10:05:54.0496 3344  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
10:05:54.0511 3344  Power - ok
10:05:54.0527 3344  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:05:54.0542 3344  PptpMiniport - ok
10:05:54.0542 3344  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
10:05:54.0558 3344  Processor - ok
10:05:54.0558 3344  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
10:05:54.0574 3344  ProfSvc - ok
10:05:54.0574 3344  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:05:54.0574 3344  ProtectedStorage - ok
10:05:54.0589 3344  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:05:54.0605 3344  Psched - ok
10:05:54.0605 3344  [ DEFD557D9B8C0FA3CEA6CC576400114E ] pwdrvio         C:\Windows\system32\pwdrvio.sys
10:05:54.0620 3344  pwdrvio - ok
10:05:54.0620 3344  [ A2EE3B70A9E05F651B888078726C2787 ] pwdspio         C:\Windows\system32\pwdspio.sys
10:05:54.0636 3344  pwdspio - ok
10:05:54.0652 3344  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
10:05:54.0683 3344  ql2300 - ok
10:05:54.0683 3344  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
10:05:54.0698 3344  ql40xx - ok
10:05:54.0698 3344  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
10:05:54.0714 3344  QWAVE - ok
10:05:54.0714 3344  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:05:54.0730 3344  QWAVEdrv - ok
10:05:54.0730 3344  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:05:54.0745 3344  RasAcd - ok
10:05:54.0745 3344  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
10:05:54.0776 3344  RasAgileVpn - ok
10:05:54.0776 3344  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
10:05:54.0808 3344  RasAuto - ok
10:05:54.0808 3344  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:05:54.0823 3344  Rasl2tp - ok
10:05:54.0839 3344  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
10:05:54.0854 3344  RasMan - ok
10:05:54.0870 3344  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:05:54.0886 3344  RasPppoe - ok
10:05:54.0886 3344  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:05:54.0917 3344  RasSstp - ok
10:05:54.0917 3344  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:05:54.0948 3344  rdbss - ok
10:05:54.0948 3344  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
10:05:54.0948 3344  rdpbus - ok
10:05:54.0964 3344  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:05:54.0979 3344  RDPCDD - ok
10:05:54.0979 3344  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
10:05:54.0995 3344  RDPDR - ok
10:05:54.0995 3344  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:05:55.0010 3344  RDPENCDD - ok
10:05:55.0026 3344  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:05:55.0042 3344  RDPREFMP - ok
10:05:55.0042 3344  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:05:55.0057 3344  RdpVideoMiniport - ok
10:05:55.0057 3344  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:05:55.0073 3344  RDPWD - ok
10:05:55.0073 3344  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:05:55.0088 3344  rdyboost - ok
10:05:55.0088 3344  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:05:55.0104 3344  RemoteAccess - ok
10:05:55.0120 3344  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:05:55.0135 3344  RemoteRegistry - ok
10:05:55.0135 3344  [ 9C3AC71A9934B884FAC567A8807E9C4D ] Revoflt         C:\Windows\system32\DRIVERS\revoflt.sys
10:05:55.0151 3344  Revoflt - ok
10:05:55.0151 3344  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:05:55.0182 3344  RpcEptMapper - ok
10:05:55.0182 3344  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
10:05:55.0198 3344  RpcLocator - ok
10:05:55.0198 3344  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
10:05:55.0229 3344  RpcSs - ok
10:05:55.0229 3344  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:05:55.0244 3344  rspndr - ok
10:05:55.0260 3344  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
10:05:55.0276 3344  RTL8167 - ok
10:05:55.0276 3344  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
10:05:55.0276 3344  s3cap - ok
10:05:55.0291 3344  [ 9E7E53891D1747A01F491AB25B95135D ] SaiMini         C:\Windows\system32\DRIVERS\SaiMini.sys
10:05:55.0291 3344  SaiMini - ok
10:05:55.0307 3344  [ B3B86BE19A0CAF025F679C39FD21E735 ] SaiNtBus        C:\Windows\system32\drivers\SaiBus.sys
10:05:55.0322 3344  SaiNtBus - ok
10:05:55.0322 3344  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
10:05:55.0322 3344  SamSs - ok
10:05:55.0338 3344  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:05:55.0338 3344  sbp2port - ok
10:05:55.0338 3344  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:05:55.0369 3344  SCardSvr - ok
10:05:55.0369 3344  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:05:55.0400 3344  scfilter - ok
10:05:55.0400 3344  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
10:05:55.0432 3344  Schedule - ok
10:05:55.0447 3344  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:05:55.0463 3344  SCPolicySvc - ok
10:05:55.0463 3344  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:05:55.0478 3344  SDRSVC - ok
10:05:55.0478 3344  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:05:55.0494 3344  secdrv - ok
10:05:55.0510 3344  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
10:05:55.0525 3344  seclogon - ok
10:05:55.0525 3344  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
10:05:55.0556 3344  SENS - ok
10:05:55.0556 3344  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:05:55.0572 3344  SensrSvc - ok
10:05:55.0572 3344  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
10:05:55.0572 3344  Serenum - ok
10:05:55.0572 3344  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
10:05:55.0588 3344  Serial - ok
10:05:55.0588 3344  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
10:05:55.0603 3344  sermouse - ok
10:05:55.0603 3344  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
10:05:55.0634 3344  SessionEnv - ok
10:05:55.0634 3344  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
10:05:55.0634 3344  sffdisk - ok
10:05:55.0650 3344  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:05:55.0650 3344  sffp_mmc - ok
10:05:55.0650 3344  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
10:05:55.0666 3344  sffp_sd - ok
10:05:55.0666 3344  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
10:05:55.0681 3344  sfloppy - ok
10:05:55.0681 3344  [ D85B7C7810D4FDE6DA341EF96DE13702 ] SgtSch2Svc      C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
10:05:55.0712 3344  SgtSch2Svc - ok
10:05:55.0712 3344  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:05:55.0744 3344  SharedAccess - ok
10:05:55.0744 3344  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:05:55.0775 3344  ShellHWDetection - ok
10:05:55.0775 3344  [ 56CA5171C264D2306C6A58C58C84D905 ] SI3124          C:\Windows\system32\DRIVERS\SI3124.sys
10:05:55.0775 3344  SI3124 - ok
10:05:55.0775 3344  [ 0F498DEE92FD73DD999BAE4D506367F5 ] SI3132          C:\Windows\system32\DRIVERS\SI3132.sys
10:05:55.0790 3344  SI3132 - ok
10:05:55.0790 3344  [ 127CE10E01F53F2EDACA7FE42E5631EA ] SiFilter        C:\Windows\system32\DRIVERS\SiWinAcc.sys
10:05:55.0790 3344  SiFilter - ok
10:05:55.0806 3344  [ B742C37002B8EBEF6E230DF9B4B28546 ] SiRemFil        C:\Windows\system32\DRIVERS\SiRemFil.sys
10:05:55.0806 3344  SiRemFil - ok
10:05:55.0806 3344  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:05:55.0822 3344  SiSRaid2 - ok
10:05:55.0822 3344  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
10:05:55.0822 3344  SiSRaid4 - ok
10:05:55.0837 3344  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:05:55.0853 3344  Smb - ok
10:05:55.0853 3344  [ 32CDE417100C530964E79C53B4E994CA ] snapman         C:\Windows\system32\DRIVERS\snapman.sys
10:05:55.0868 3344  snapman - ok
10:05:55.0868 3344  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:05:55.0884 3344  SNMPTRAP - ok
10:05:55.0884 3344  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
10:05:55.0884 3344  spldr - ok
10:05:55.0900 3344  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
10:05:55.0915 3344  Spooler - ok
10:05:55.0946 3344  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
10:05:55.0993 3344  sppsvc - ok
10:05:55.0993 3344  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
10:05:56.0024 3344  sppuinotify - ok
10:05:56.0024 3344  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:05:56.0040 3344  srv - ok
10:05:56.0040 3344  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:05:56.0056 3344  srv2 - ok
10:05:56.0056 3344  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:05:56.0071 3344  srvnet - ok
10:05:56.0071 3344  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:05:56.0102 3344  SSDPSRV - ok
10:05:56.0102 3344  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:05:56.0134 3344  SstpSvc - ok
10:05:56.0134 3344  Steam Client Service - ok
10:05:56.0134 3344  [ AD35D219FA36C275589CEE2210C289FA ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
10:05:56.0149 3344  Stereo Service - ok
10:05:56.0149 3344  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
10:05:56.0165 3344  stexstor - ok
10:05:56.0165 3344  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
10:05:56.0180 3344  stisvc - ok
10:05:56.0180 3344  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
10:05:56.0196 3344  storflt - ok
10:05:56.0196 3344  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
10:05:56.0196 3344  storvsc - ok
10:05:56.0212 3344  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
10:05:56.0212 3344  swenum - ok
10:05:56.0227 3344  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
10:05:56.0227 3344  SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
10:05:56.0227 3344  SwitchBoard - detected UnsignedFile.Multi.Generic (1)
10:05:56.0243 3344  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
10:05:56.0274 3344  swprv - ok
10:05:56.0274 3344  Synth3dVsc - ok
10:05:56.0290 3344  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
10:05:56.0321 3344  SysMain - ok
10:05:56.0321 3344  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:05:56.0336 3344  TabletInputService - ok
10:05:56.0336 3344  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:05:56.0368 3344  TapiSrv - ok
10:05:56.0368 3344  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
10:05:56.0383 3344  TBS - ok
10:05:56.0399 3344  [ DB74544B75566C974815E79A62433F29 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:05:56.0430 3344  Tcpip - ok
10:05:56.0446 3344  [ DB74544B75566C974815E79A62433F29 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:05:56.0477 3344  TCPIP6 - ok
10:05:56.0477 3344  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:05:56.0492 3344  tcpipreg - ok
10:05:56.0492 3344  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:05:56.0492 3344  TDPIPE - ok
10:05:56.0508 3344  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:05:56.0508 3344  TDTCP - ok
10:05:56.0508 3344  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:05:56.0539 3344  tdx - ok
10:05:56.0539 3344  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
10:05:56.0539 3344  TermDD - ok
10:05:56.0555 3344  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
10:05:56.0586 3344  TermService - ok
10:05:56.0586 3344  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
10:05:56.0602 3344  Themes - ok
10:05:56.0602 3344  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
10:05:56.0617 3344  THREADORDER - ok
10:05:56.0633 3344  [ E15752D77B4BD377F41B27BA8AC877A5 ] Time            C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe
10:05:56.0633 3344  Time ( UnsignedFile.Multi.Generic ) - warning
10:05:56.0633 3344  Time - detected UnsignedFile.Multi.Generic (1)
10:05:56.0648 3344  [ 6ADC063FD51F03EF0CAB3E716A725BD2 ] timounter       C:\Windows\system32\DRIVERS\timntr.sys
10:05:56.0664 3344  timounter - ok
10:05:56.0664 3344  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
10:05:56.0695 3344  TrkWks - ok
10:05:56.0695 3344  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:05:56.0726 3344  TrustedInstaller - ok
10:05:56.0726 3344  [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:05:56.0742 3344  tssecsrv - ok
10:05:56.0742 3344  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
10:05:56.0742 3344  TsUsbFlt - ok
10:05:56.0742 3344  tsusbhub - ok
10:05:56.0758 3344  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:05:56.0773 3344  tunnel - ok
10:05:56.0773 3344  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
10:05:56.0789 3344  uagp35 - ok
10:05:56.0789 3344  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:05:56.0820 3344  udfs - ok
10:05:56.0820 3344  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:05:56.0836 3344  UI0Detect - ok
10:05:56.0836 3344  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:05:56.0836 3344  uliagpkx - ok
10:05:56.0851 3344  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
10:05:56.0851 3344  umbus - ok
10:05:56.0851 3344  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
10:05:56.0867 3344  UmPass - ok
10:05:56.0867 3344  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
10:05:56.0914 3344  UmRdpService - ok
10:05:56.0914 3344  [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv        C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
10:05:56.0945 3344  UMVPFSrv - ok
10:05:56.0945 3344  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
10:05:56.0976 3344  upnphost - ok
10:05:56.0976 3344  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
10:05:56.0992 3344  usbaudio - ok
10:05:56.0992 3344  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:05:56.0992 3344  usbccgp - ok
10:05:57.0007 3344  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:05:57.0007 3344  usbcir - ok
10:05:57.0007 3344  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
10:05:57.0023 3344  usbehci - ok
10:05:57.0023 3344  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:05:57.0038 3344  usbhub - ok
10:05:57.0038 3344  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
10:05:57.0054 3344  usbohci - ok
10:05:57.0054 3344  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
10:05:57.0054 3344  usbprint - ok
10:05:57.0070 3344  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
10:05:57.0070 3344  usbscan - ok
10:05:57.0070 3344  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:05:57.0085 3344  USBSTOR - ok
10:05:57.0085 3344  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
10:05:57.0101 3344  usbuhci - ok
10:05:57.0101 3344  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
10:05:57.0116 3344  usbvideo - ok
10:05:57.0116 3344  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
10:05:57.0132 3344  UxSms - ok
10:05:57.0132 3344  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
10:05:57.0148 3344  VaultSvc - ok
10:05:57.0148 3344  [ 84BB306B7863883018D7F3EB0C453BD5 ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
10:05:57.0163 3344  VClone - ok
10:05:57.0163 3344  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
10:05:57.0163 3344  vdrvroot - ok
10:05:57.0179 3344  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
10:05:57.0194 3344  vds - ok
10:05:57.0210 3344  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:05:57.0210 3344  vga - ok
10:05:57.0210 3344  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:05:57.0241 3344  VgaSave - ok
10:05:57.0241 3344  VGPU - ok
10:05:57.0241 3344  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
10:05:57.0257 3344  vhdmp - ok
10:05:57.0257 3344  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
10:05:57.0272 3344  viaide - ok
10:05:57.0272 3344  [ 96A4F56CBBA3DCF5D90CDA1BC218D040 ] vididr          C:\Windows\system32\DRIVERS\vididr.sys
10:05:57.0272 3344  vididr - ok
10:05:57.0288 3344  [ C69A784BEC737CD7460EBF3C3834D65E ] vidsflt53       C:\Windows\system32\DRIVERS\vsflt53.sys
10:05:57.0288 3344  vidsflt53 - ok
10:05:57.0288 3344  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
10:05:57.0304 3344  vmbus - ok
10:05:57.0304 3344  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
10:05:57.0319 3344  VMBusHID - ok
10:05:57.0319 3344  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:05:57.0319 3344  volmgr - ok
10:05:57.0335 3344  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:05:57.0335 3344  volmgrx - ok
10:05:57.0350 3344  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:05:57.0350 3344  volsnap - ok
10:05:57.0366 3344  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
10:05:57.0366 3344  vsmraid - ok
10:05:57.0382 3344  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
10:05:57.0428 3344  VSS - ok
10:05:57.0428 3344  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
10:05:57.0428 3344  vwifibus - ok
10:05:57.0444 3344  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
10:05:57.0475 3344  W32Time - ok
10:05:57.0475 3344  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
10:05:57.0475 3344  WacomPen - ok
10:05:57.0491 3344  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
10:05:57.0506 3344  WANARP - ok
10:05:57.0506 3344  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:05:57.0538 3344  Wanarpv6 - ok
10:05:57.0538 3344  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
10:05:57.0569 3344  wbengine - ok
10:05:57.0569 3344  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:05:57.0584 3344  WbioSrvc - ok
10:05:57.0584 3344  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:05:57.0600 3344  wcncsvc - ok
10:05:57.0616 3344  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:05:57.0616 3344  WcsPlugInService - ok
10:05:57.0616 3344  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
10:05:57.0631 3344  Wd - ok
10:05:57.0631 3344  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:05:57.0662 3344  Wdf01000 - ok
10:05:57.0662 3344  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:05:57.0678 3344  WdiServiceHost - ok
10:05:57.0678 3344  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:05:57.0694 3344  WdiSystemHost - ok
10:05:57.0694 3344  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
10:05:57.0709 3344  WebClient - ok
10:05:57.0725 3344  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:05:57.0740 3344  Wecsvc - ok
10:05:57.0740 3344  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:05:57.0772 3344  wercplsupport - ok
10:05:57.0772 3344  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
10:05:57.0803 3344  WerSvc - ok
10:05:57.0803 3344  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
10:05:57.0818 3344  WfpLwf - ok
10:05:57.0818 3344  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:05:57.0834 3344  WIMMount - ok
10:05:57.0834 3344  WinDefend - ok
10:05:57.0834 3344  WinHttpAutoProxySvc - ok
10:05:57.0850 3344  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:05:57.0865 3344  Winmgmt - ok
10:05:57.0896 3344  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
10:05:57.0928 3344  WinRM - ok
10:05:57.0943 3344  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
10:05:57.0943 3344  WinUsb - ok
10:05:57.0959 3344  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:05:57.0974 3344  Wlansvc - ok
10:05:57.0974 3344  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:05:57.0990 3344  wlcrasvc - ok
10:05:58.0006 3344  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:05:58.0037 3344  wlidsvc - ok
10:05:58.0037 3344  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
10:05:58.0052 3344  WmiAcpi - ok
10:05:58.0052 3344  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:05:58.0068 3344  wmiApSrv - ok
10:05:58.0068 3344  WMPNetworkSvc - ok
10:05:58.0068 3344  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:05:58.0084 3344  WPCSvc - ok
10:05:58.0084 3344  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:05:58.0099 3344  WPDBusEnum - ok
10:05:58.0099 3344  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:05:58.0130 3344  ws2ifsl - ok
10:05:58.0130 3344  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
10:05:58.0146 3344  wscsvc - ok
10:05:58.0146 3344  WSearch - ok
10:05:58.0162 3344  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
10:05:58.0193 3344  wuauserv - ok
10:05:58.0208 3344  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:05:58.0208 3344  WudfPf - ok
10:05:58.0224 3344  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:05:58.0224 3344  WUDFRd - ok
10:05:58.0224 3344  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:05:58.0240 3344  wudfsvc - ok
10:05:58.0240 3344  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
10:05:58.0255 3344  WwanSvc - ok
10:05:58.0271 3344  [ 4A5CE13408945E525503B5F73D29B9C5 ] xnacc           C:\Windows\system32\DRIVERS\xnacc.sys
10:05:58.0286 3344  xnacc - ok
10:05:58.0286 3344  [ 38F55D07B1D3391065C40EC065F984E2 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
10:05:58.0286 3344  xusb21 - ok
10:05:58.0286 3344  ================ Scan global ===============================
10:05:58.0302 3344  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:05:58.0302 3344  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
10:05:58.0302 3344  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
10:05:58.0302 3344  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:05:58.0318 3344  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:05:58.0318 3344  [Global] - ok
10:05:58.0318 3344  ================ Scan MBR ==================================
10:05:58.0318 3344  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:05:58.0474 3344  \Device\Harddisk0\DR0 - ok
10:05:58.0489 3344  [ 5F8B5082F3482CC06B72EC5806598AE9 ] \Device\Harddisk1\DR1
10:05:58.0754 3344  \Device\Harddisk1\DR1 - ok
10:05:58.0754 3344  ================ Scan VBR ==================================
10:05:58.0754 3344  [ 71A0A41C296804F0B414AA3B7EBED4FA ] \Device\Harddisk0\DR0\Partition1
10:05:58.0754 3344  \Device\Harddisk0\DR0\Partition1 - ok
10:05:58.0754 3344  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition1
10:05:58.0754 3344  \Device\Harddisk1\DR1\Partition1 - ok
10:05:58.0786 3344  [ E2CFE84ABF538601536385F1F1DAC6CE ] \Device\Harddisk1\DR1\Partition2
10:05:58.0786 3344  \Device\Harddisk1\DR1\Partition2 - ok
10:05:58.0786 3344  ============================================================
10:05:58.0786 3344  Scan finished
10:05:58.0786 3344  ============================================================
10:05:58.0801 4400  Detected object count: 2
10:05:58.0801 4400  Actual detected object count: 2
10:07:48.0251 4400  SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
10:07:48.0251 4400  SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:07:48.0251 4400  Time ( UnsignedFile.Multi.Generic ) - skipped by user
10:07:48.0251 4400  Time ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:09:26.0344 2704  Deinitialize success
___________________________________________________________________________________________________________________________________________________________

Here is the aswmbr log

_________________________________________________________________________________________________________________________________________________________

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-14 10:15:18
-----------------------------
10:15:18.444    OS Version: Windows x64 6.1.7601 Service Pack 1
10:15:18.444    Number of processors: 8 586 0x1A05
10:15:18.444    ComputerName: BRAD-MASTER  UserName: Brad
10:15:18.662    Initialize success
10:16:47.520    AVAST engine defs: 13091401
10:17:13.899    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000080
10:17:13.899    Disk 0 Vendor: SAMSUNG_ CXM0 Size: 244198MB BusType: 11
10:17:13.899    Disk 1  \Device\Harddisk1\DR1 -> \Device\00000081
10:17:13.899    Disk 1 Vendor: ST2000VN SC42 Size: 1907729MB BusType: 11
10:17:13.915    Disk 0 MBR read successfully
10:17:13.915    Disk 0 MBR scan
10:17:13.915    Disk 0 Windows 7 default MBR code
10:17:13.915    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       219824 MB offset 2048
10:17:13.931    Disk 0 scanning C:\Windows\system32\drivers
10:17:16.380    Service scanning
10:17:23.353    Modules scanning
10:17:23.353    Disk 0 trace - called modules:
10:17:23.353    ntoskrnl.exe CLASSPNP.SYS disk.sys vsflt53.sys storport.sys hal.dll mvs91xx.sys
10:17:23.369    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8013fb6790]
10:17:23.369    3 CLASSPNP.SYS[fffff8800163b43f] -> nt!IofCallDriver -> [0xfffffa8013ec7e30]
10:17:23.369    5 vsflt53.sys[fffff88000e11cfd] -> nt!IofCallDriver -> \Device\00000080[0xfffffa8013c319c0]
10:17:23.603    AVAST engine scan C:\Windows
10:17:24.164    AVAST engine scan C:\Windows\system32
10:18:27.625    AVAST engine scan C:\Windows\system32\drivers
10:18:30.636    AVAST engine scan C:\Users\Brad
10:19:40.587    AVAST engine scan C:\ProgramData
10:19:54.003    Scan finished successfully
10:20:19.649    Disk 0 MBR has been saved successfully to "C:\Users\Brad\Desktop\MBR.dat"
10:20:19.649    The log file has been saved successfully to "C:\Users\Brad\Desktop\aswMBR.txt"

__________________________________________________________________________________________________________________________________________________________

Here is the combofix log

__________________________________________________________________________________________________________________________________________________________

 

ComboFix 13-09-13.03 - Brad 09/14/2013  10:22:50.2.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.24567.22016 [GMT -7:00]
Running from: c:\users\Brad\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\conhost.exe
c:\windows\SysWow64\dwm.exe
c:\windows\SysWow64\lsm.exe
c:\windows\SysWow64\nvvsvc.exe
c:\windows\SysWow64\spoolsv.exe
c:\windows\SysWow64\sppsvc.exe
c:\windows\SysWow64\taskhost.exe
c:\windows\SysWow64\wfc.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-14 to 2013-09-14  )))))))))))))))))))))))))))))))
.
.
2013-09-14 17:25 . 2013-09-14 17:25    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-09-14 17:25 . 2013-09-14 17:25    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-09-14 01:01 . 2013-08-06 08:58    9515512    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{46835848-C4D6-4411-8BE3-BE1DFBDDC20F}\mpengine.dll
2013-09-14 00:54 . 2013-08-06 08:58    9515512    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-10 19:21 . 2013-08-05 02:25    155584    ----a-w-    c:\windows\system32\drivers\ataport.sys
2013-09-07 23:13 . 2013-09-07 23:13    --------    d-----w-    c:\windows\ERUNT
2013-09-07 22:03 . 2013-09-07 22:03    965008    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6563138-16FB-4CFC-99FE-5C7E30819355}\gapaengine.dll
2013-09-07 22:02 . 2013-09-07 22:02    --------    d-----w-    c:\program files (x86)\Microsoft Security Client
2013-09-07 22:02 . 2013-09-07 22:02    --------    d-----w-    c:\program files\Microsoft Security Client
2013-09-07 21:49 . 2013-08-18 19:34    6599968    ----a-w-    c:\windows\system32\nvcpl.dll
2013-09-07 21:49 . 2013-08-18 19:34    3452192    ----a-w-    c:\windows\system32\nvsvc64.dll
2013-09-07 21:49 . 2013-08-18 19:34    920864    ----a-w-    c:\windows\system32\nvvsvc.exe
2013-09-07 21:49 . 2013-08-18 19:34    63776    ----a-w-    c:\windows\system32\nvshext.dll
2013-09-07 21:49 . 2013-08-18 19:34    219424    ----a-w-    c:\windows\system32\nvmctray.dll
2013-09-07 21:49 . 2013-08-17 05:30    3319709    ----a-w-    c:\windows\system32\nvcoproc.bin
2013-09-07 21:49 . 2013-08-18 21:02    61216    ----a-w-    c:\windows\system32\OpenCL.dll
2013-09-07 21:49 . 2013-08-18 21:02    53024    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2013-09-07 21:41 . 2013-09-07 21:41    0    ----a-w-    c:\windows\SysWow64\winlogon.exe
2013-09-07 21:41 . 2013-09-07 21:41    0    ----a-w-    c:\windows\SysWow64\smss.exe
2013-09-07 21:41 . 2013-09-07 21:41    0    ----a-w-    c:\windows\SysWow64\services.exe
2013-09-07 21:41 . 2013-09-07 21:41    0    ----a-w-    c:\windows\SysWow64\lsass.exe
2013-09-06 15:34 . 2013-08-20 07:46    9515512    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{D768640C-2E78-40E1-9437-20B8BC56C962}\mpengine.dll
2013-09-05 01:43 . 2013-09-05 01:43    --------    d-----w-    c:\program files (x86)\AGEIA Technologies
2013-09-05 00:17 . 2013-09-14 00:37    --------    d-----w-    C:\AdwCleaner
2013-09-01 02:01 . 2013-09-01 02:01    --------    d-----w-    c:\programdata\vsosdk
2013-09-01 01:34 . 2013-09-01 01:35    --------    d-----w-    c:\programdata\VSO
2013-09-01 01:29 . 2013-09-01 01:34    82816    ----a-w-    c:\users\Brad\AppData\Roaming\pcouffin.sys
2013-08-31 02:08 . 2013-08-31 02:08    --------    d-----w-    c:\programdata\Steam
2013-08-31 01:57 . 2013-09-08 02:16    --------    d-----w-    c:\program files (x86)\Saints Row IV
2013-08-31 01:57 . 2013-08-31 01:57    49664    ----a-w-    c:\programdata\Microsoft\Windows\Time\w9xpopen.exe
2013-08-31 01:57 . 2013-08-31 01:57    43008    ----a-w-    c:\programdata\Microsoft\Windows\Time\WindowsTime.exe
2013-08-31 01:57 . 2013-08-31 01:57    24064    ----a-w-    c:\programdata\Microsoft\Windows\Time\TimeServer.exe
2013-08-31 01:57 . 2013-08-31 01:57    2303488    ----a-w-    c:\programdata\Microsoft\Windows\Time\python27.dll
2013-08-31 01:57 . 2013-08-31 01:57    10752    ----a-w-    c:\programdata\Microsoft\Windows\Time\Time-svc.exe
2013-08-31 01:57 . 2013-08-31 01:57    569680    ----a-w-    c:\programdata\Microsoft\Windows\Time\msvcp90.dll
2013-08-31 01:57 . 2013-08-31 01:57    219648    ----a-w-    c:\programdata\Microsoft\Windows\Time\boost_python-vc90-mt-1_48.dll
2013-08-27 03:17 . 2013-08-27 06:47    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-27 03:17 . 2013-08-27 06:47    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-26 17:02 . 2013-08-26 17:03    --------    d-----w-    c:\program files\Vuze
2013-08-26 04:45 . 2013-08-26 04:45    --------    d-----w-    C:\NvidiaLogging
2013-08-26 04:45 . 2013-05-14 19:27    29984    ----a-w-    c:\windows\system32\SETC12D.tmp
2013-08-26 04:43 . 2013-09-04 01:02    --------    d-----w-    c:\users\UpdatusUser
2013-08-26 04:38 . 2013-08-26 04:38    972712    ----a-w-    c:\windows\system32\deployJava1.dll
2013-08-26 04:38 . 2013-08-26 04:38    312232    ----a-w-    c:\windows\system32\javaws.exe
2013-08-26 04:38 . 2013-08-26 04:38    108968    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2013-08-26 04:38 . 2013-08-26 04:38    189352    ----a-w-    c:\windows\system32\javaw.exe
2013-08-24 07:11 . 2013-08-24 15:51    --------    d-----w-    c:\program files\PeerBlock
2013-08-20 05:55 . 2013-08-20 05:55    --------    d-----w-    c:\program files (x86)\Samsung Magician
2013-08-18 21:58 . 2013-08-18 21:58    571168    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-10 19:23 . 2012-07-04 20:37    79143768    ----a-w-    c:\windows\system32\MRT.exe
2013-08-26 04:38 . 2013-07-02 23:23    188840    ----a-w-    c:\windows\system32\java.exe
2013-08-26 04:38 . 2013-07-02 18:31    1093032    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-08-02 01:48 . 2013-09-10 19:21    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-06-23 23:29 . 2013-06-23 23:29    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-23 23:29 . 2012-07-04 22:16    867240    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-06-23 23:29 . 2012-07-04 22:16    789416    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-06-19 04:50 . 2013-06-19 04:50    247216    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
2013-06-19 04:50 . 2013-06-19 04:50    139616    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\Brad\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\Brad\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\Brad\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\Brad\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\steam1\Steam.exe" [BU]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2013-06-06 1653760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"BCWipeTM Startup"="c:\program files (x86)\Jetico\BestCrypt\BCWipeTM.exe" [2010-04-22 996664]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
.
c:\users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Samsung Magician.lnk - c:\program files (x86)\Samsung Magician\Samsung Magician.exe  /AUTOHIDE [2013-8-19 4351392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BestCrypt Auto Open.lnk - c:\program files (x86)\Jetico\BestCrypt\BestCrypt.exe AutoOpen [2010-5-6 1558328]
Privoxy.lnk - c:\program files (x86)\Privoxy\privoxy.exe [2013-3-8 370176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Time;Time;c:\programdata\Microsoft\Windows\Time\Time-svc.exe;c:\programdata\Microsoft\Windows\Time\Time-svc.exe [x]
R3 ALSysIO;ALSysIO;c:\users\Brad\AppData\Local\Temp\ALSysIO64.sys;c:\users\Brad\AppData\Local\Temp\ALSysIO64.sys [x]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys;c:\windows\SYSNATIVE\drivers\anvsnddrv.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R4 BCSWAP;BCSWAP; [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 bcfnt;bcfnt; [x]
S0 fsh;fsh; [x]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys;c:\windows\SYSNATIVE\DRIVERS\mv91cons.sys [x]
S0 SI3124;SiI-3124 SATALink Controller;c:\windows\system32\DRIVERS\SI3124.sys;c:\windows\SYSNATIVE\DRIVERS\SI3124.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt53.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 BC_3DES;BC_3DES; [x]
S1 BC_BF128;BC_BF128; [x]
S1 BC_BF448;BC_BF448; [x]
S1 BC_BFish;BC_BFish; [x]
S1 BC_CAST;BC_CAST; [x]
S1 BC_DES;BC_DES; [x]
S1 BC_Gost;BC_Gost; [x]
S1 BC_IDEA;BC_IDEA; [x]
S1 BC_RC6;BC_RC6; [x]
S1 BC_RIJN;BC_RIJN; [x]
S1 BC_SERP;BC_SERP; [x]
S1 BC_TFISH;BC_TFISH; [x]
S1 bcbus;BestCrypt bus driver;c:\windows\system32\DRIVERS\bcbus.sys;c:\windows\SYSNATIVE\DRIVERS\bcbus.sys [x]
S2 BCWipeSvc;BCWipe service;c:\program files (x86)\Jetico\BestCrypt\BCWipeSvc.exe;c:\program files (x86)\Jetico\BestCrypt\BCWipeSvc.exe [x]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz134_x64.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 OS Selector;Acronis OS Selector activator;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [x]
S2 PDFSFilter;PDFSFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys;c:\windows\SYSNATIVE\DRIVERS\PDFsFilter.sys [x]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 mhk;mhk; [x]
S3 moh;moh; [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 45116091
*Deregistered* - 45116091
*Deregistered* - aswMBR
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-05 21:00    1177552    ----a-w-    c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-05 02:14]
.
2013-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-05 02:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\Brad\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\Brad\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\Brad\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\Brad\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-04-24 7477016]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-08-27 1028896]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-07-19 1356240]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.yahoo.com/?type=994519&fr=spigot-yhp-ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
FF - ProfilePath - c:\users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\ese3if2r.default\
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
FF - prefs.js: browser.startup.homepage - hxxp://www.huffingtonpost.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=
.
.
------- File Associations -------
.
.txt=NFOPad
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1390306879-2500529579-2033920461-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1390306879-2500529579-2033920461-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-14  10:27:00
ComboFix-quarantined-files.txt  2013-09-14 17:27
ComboFix2.txt  2013-07-02 22:36
ComboFix3.txt  2013-07-02 21:53
.
Pre-Run: 66,950,172,672 bytes free
Post-Run: 67,142,586,368 bytes free
.
- - End Of File - - B4A7249DD09883A64ADC993D10494AEF
5FB38429D5D77768867C76DCBDB35194
 

__________________________________________________________________________________________________________________________________________________________

MBR zip is attached

 

Attached Files

  • Attached File  MBR.zip   546bytes   0 downloads


#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:04 PM

Posted 14 September 2013 - 03:56 PM

I need to know what problem persist after running the Combofix tool.

#12 artnude

artnude
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 PM

Posted 14 September 2013 - 04:11 PM

rebooting now to see if it's still there. will be a few minutes.

 

conhost under my username appears again but now it doesn't make my vid card go crazy.

 

Have we fixed it??????????


Edited by artnude, 14 September 2013 - 04:22 PM.


#13 artnude

artnude
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 PM

Posted 14 September 2013 - 04:41 PM

2 reboots now and when the conhost that appeared to be causing the problem  shows up, it no longer spikes my graphics card

 

I am adding drives back to the system one by one and so far no problems with boot up and no odd shut downs.

 

now it is back to on and off booting so unplugged all drives but boot drive and it no longer appears to be booting at all.

The fans spin but it won't even post a start up screen

 

only the boot drive plugged in and it just starts and stops

Fans start spinning and it stops immediately most times.

Sometimes it keeps running a bit but appears not to even get to BIOS

 

unplugging it for a bit to give it a rest. will try again shortly

 

OK, finally got it booted again and the conhost problem seems to have been solved.

Maybe I am also having a hardware issue with the power supply????????

Unless you know of something relating to the problem I was having that would make a computer act like that.

I mean it was controlling my graphics card.........I don't know.

 

My other puter that was on the network is acting odd also but I'll make another post for that one if it becomes an issue.


Edited by artnude, 14 September 2013 - 05:45 PM.


#14 artnude

artnude
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 PM

Posted 14 September 2013 - 06:10 PM

ok,nevermind. The conhost is back to doing the same thing. apparently it just takes a little longer to start spinning the graphics card up


Edited by artnude, 15 September 2013 - 01:05 AM.


#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:04 PM

Posted 15 September 2013 - 07:44 AM

Just to clean the air. Lets check the conhost.exe files on your computer.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe
  • to run it.
  • Copy and paste the content
  • of the following bold text into the main textfield:
    :filefind
    conhost.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.Note: The log can also be found on your Desktop entitled SystemLook.txt
  • [/list]





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users