Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspicious Programs Running in Task Manager, Randomly High CPU and Memory Usage


  • This topic is locked This topic is locked
14 replies to this topic

#1 WizzDizzy

WizzDizzy

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 01 August 2014 - 02:33 PM

I have a few odd looking programs running in Task Manager that seem to have the names of normal Microsoft files but don't have file locations that make any sense or act like any other task manager programs. First is conhost.exe which is the most suspicious. Its command line is /??/C:/Windows/system32/conhost.exe "-(an extremely long string of numbers)" which by itself is strange but even stranger is that the string of numbers constantly changes and does nothing when I ask to see its file location or properties and access is denied if I try to end the process.

 

Other suspicious files are csrss.exe with a file location of %SystemRoot%/system32/csrss.exe ObjectDirectory=/Winows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll-basesrv,1ServerDll=winsrv:UserServerDllIninitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll-sxssrc, 4 Profile C. A few other odd ones are taskhost.exe (with the command line being just "taskhost.exe") and winlogon.exe (with the command line being just "winlogon.exe). These ones very well could just be normal but I figured their command line would be somewhere within system32 or something like that.

 

The only reason I started to look into this was that my CPU and Memory usage was fluctuating between nothing and fairly high when doing nothing in particular. CPU usage will go from 0% to 15% to 0% to 20% when running no programs, and Memory usage is always at least at 2 or 3 GB. Also possibly related is a PUP virus I had a few weeks back that twice tried to redirect my web pages to a fake Java Update site. Not sure if that's related or something else entirely. I massively appreciate any help you guys can give me on this because I've really had no luck trying to figure this stuff out on my own. I've attached my DDS files below, thank you in advance!

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:45 PM

Posted 06 August 2014 - 02:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/542996 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 WizzDizzy

WizzDizzy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 06 August 2014 - 03:00 PM

I do still need assistance with my problem. I've attached the new DDS files and I do not have my Windows CD.

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:45 PM

Posted 08 August 2014 - 07:39 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#5 WizzDizzy

WizzDizzy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 08 August 2014 - 01:56 PM

Results of RogueKiller scan are as follows:

 

RogueKiller V9.2.6.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Austin [Admin rights]
Mode : Remove -- Date : 08/08/2014  14:45:30

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62  -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62  -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62  -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A1A1EDD-77D0-4B26-9292-4BC5573FDEFE} | DhcpNameServer : 209.18.47.61 209.18.47.62  -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9A1A1EDD-77D0-4B26-9292-4BC5573FDEFE} | DhcpNameServer : 209.18.47.61 209.18.47.62  -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{9A1A1EDD-77D0-4B26-9292-4BC5573FDEFE} | DhcpNameServer : 209.18.47.61 209.18.47.62  -> NOT SELECTED
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> NOT SELECTED
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-00KUWA0 ATA Device +++++
--- User ---
[MBR] fa9d0e6a13a3cda9a2c80cfa688ee66f
[BSP] 81e7230b5148af93353ade4a4994bcfd : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_08012014_021038.log - RKreport_SCN_08082014_144255.log

 

The results of the AdwCleaner scan are as follows:

 

# AdwCleaner v3.304 - Report created 08/08/2014 at 14:48:03
# Updated 08/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Austin - ELECTRICFIZZ
# Running from : C:\Users\Austin\Desktop\adwcleaner_3.304.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v31.0 (x86 en-US)

*************************

AdwCleaner[R0].txt - [726 octets] - [08/08/2014 14:47:10]
AdwCleaner[R1].txt - [647 octets] - [08/08/2014 14:48:03]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [706 octets] ##########

 

The results of FRST64 is as follows and the additional information is attached:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-08-2014
Ran by Austin (administrator) on ELECTRICFIZZ on 08-08-2014 14:50:23
Running from C:\Users\Austin\Desktop\FRST64
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk
ShortcutTarget: Qualcomm Atheros Killer Network Manager.lnk -> C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe ()
Startup: C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1061D8D96A41CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 01 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 02 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 03 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 04 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 15 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3inhq4ai.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Austin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Extension: NoScript - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3inhq4ai.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-06-23]
FF Extension: Adblock Plus - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3inhq4ai.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-30]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [93048 2014-04-26] (EasyAntiCheat Ltd)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-10] ()
S2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [503296 2013-05-07] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [66928 2013-05-07] (Qualcomm Atheros, Inc.)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [165824 2013-05-07] (Qualcomm Atheros, Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-01] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-08 14:50 - 2014-08-08 14:50 - 00000000 ____D () C:\Users\Austin\Desktop\FRST64
2014-08-08 14:49 - 2014-08-08 14:50 - 00000000 ____D () C:\FRST
2014-08-08 14:47 - 2014-08-08 14:48 - 00000000 ____D () C:\AdwCleaner
2014-08-08 14:46 - 2014-08-08 14:46 - 01366203 _____ () C:\Users\Austin\Desktop\adwcleaner_3.304.exe
2014-08-08 14:38 - 2014-08-08 14:38 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-08-08 14:37 - 2014-08-08 14:37 - 05392984 _____ () C:\Users\Austin\Desktop\RogueKillerX64.exe
2014-08-08 14:36 - 2014-08-08 14:36 - 00002511 _____ () C:\Users\Austin\Desktop\aasdf.txt
2014-08-02 13:49 - 2014-08-02 13:49 - 00000000 ____D () C:\Users\Austin\AppData\Local\CrashDumps
2014-08-01 16:36 - 2014-08-01 16:36 - 00000000 ____D () C:\Users\Austin\AppData\Local\SCE
2014-08-01 15:12 - 2014-08-06 15:57 - 00006021 _____ () C:\Users\Austin\Desktop\attach.txt
2014-08-01 15:12 - 2014-08-06 15:56 - 00014060 _____ () C:\Users\Austin\Desktop\dds.txt
2014-08-01 15:10 - 2014-08-01 15:10 - 00688992 ____R (Swearware) C:\Users\Austin\Desktop\dds.com
2014-08-01 15:05 - 2014-08-01 15:05 - 00000953 _____ () C:\Users\Austin\Desktop\MagicDisc.lnk
2014-08-01 15:05 - 2014-08-01 15:05 - 00000000 ____D () C:\Program Files (x86)\MagicDisc
2014-08-01 02:07 - 2014-08-01 02:07 - 00029160 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-08-01 02:07 - 2014-08-01 02:07 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-01 01:57 - 2014-08-01 01:57 - 00011488 _____ () C:\ComboFix.txt
2014-08-01 01:35 - 2014-08-01 14:59 - 00000000 ____D () C:\Qoobox
2014-08-01 01:35 - 2014-08-01 01:43 - 00000000 ____D () C:\Windows\erdnt
2014-08-01 01:35 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-01 01:35 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-01 01:35 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-01 01:35 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-01 01:35 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-01 01:35 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-01 01:35 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-01 01:35 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-01 01:34 - 2014-08-01 01:34 - 05567414 ____R (Swearware) C:\Users\Austin\Downloads\ComboFix.exe
2014-07-29 20:45 - 2014-08-01 01:25 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-29 20:45 - 2014-07-29 20:45 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-29 20:45 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-29 20:45 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-29 20:45 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-29 20:44 - 2014-07-29 20:44 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Austin\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-29 17:28 - 2014-07-02 13:44 - 00609240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-07-29 17:26 - 2014-07-02 16:48 - 31512520 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-07-29 17:26 - 2014-07-02 16:48 - 24196896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-07-29 17:26 - 2014-07-02 16:48 - 22994208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-07-29 17:26 - 2014-07-02 16:48 - 17555104 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-07-29 17:26 - 2014-07-02 16:48 - 15294296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-07-29 17:26 - 2014-07-02 16:48 - 13922752 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-07-29 17:26 - 2014-07-02 16:48 - 13835208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-07-29 17:26 - 2014-07-02 16:48 - 12866008 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-07-29 17:26 - 2014-07-02 16:48 - 11283344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-07-29 17:26 - 2014-07-02 16:48 - 11222048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-07-29 17:26 - 2014-07-02 16:48 - 04247000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-07-29 17:26 - 2014-07-02 16:48 - 03989960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-07-29 17:26 - 2014-07-02 16:48 - 01890080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434052.dll
2014-07-29 17:26 - 2014-07-02 16:48 - 01539928 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434052.dll
2014-07-29 17:26 - 2014-07-02 16:48 - 00944928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-07-29 17:26 - 2014-07-02 16:48 - 00907096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-07-29 17:26 - 2014-07-02 16:48 - 00903624 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-07-29 17:26 - 2014-07-02 16:48 - 00869152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-07-29 17:26 - 2014-07-02 16:48 - 00846832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-07-29 17:26 - 2014-07-02 16:48 - 00502232 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-07-29 17:26 - 2014-07-02 16:48 - 00418760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-07-29 17:26 - 2014-07-02 16:48 - 00391640 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-07-29 17:26 - 2014-07-02 16:48 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-07-29 17:26 - 2014-07-02 16:48 - 00348120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-07-29 17:26 - 2014-07-02 16:48 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-07-29 17:26 - 2014-07-02 16:48 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-07-29 17:26 - 2014-07-02 16:48 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-07-28 01:05 - 2014-07-28 01:05 - 00000000 ____D () C:\Users\Austin\AppData\Roaming\Warner Bros. Interactive Entertainment
2014-07-28 01:05 - 2014-07-28 01:05 - 00000000 ____D () C:\Users\Austin\AppData\Local\EMU
2014-07-23 14:57 - 2014-07-23 14:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-20 01:45 - 2014-07-20 01:45 - 00000035 _____ () C:\Users\Austin\Desktop\mount.txt
2014-07-17 20:56 - 2014-07-17 20:56 - 00004133 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-17 20:18 - 2014-07-17 20:46 - 00000000 ____D () C:\Users\Austin\AppData\Roaming\Bioshock
2014-07-17 20:18 - 2014-07-17 20:18 - 00000000 ____D () C:\Users\Austin\Documents\Bioshock
2014-07-17 16:38 - 2014-07-17 18:31 - 00000000 ____D () C:\Users\Austin\AppData\Roaming\Bioshock2Steam
2014-07-17 16:38 - 2014-07-17 16:38 - 00000000 ____D () C:\Users\Austin\Documents\Bioshock2
2014-07-14 16:27 - 2014-07-14 16:27 - 29405096 _____ (Oracle Corporation) C:\Users\Austin\Downloads\jre-7u60-windows-i586(1).exe
2014-07-14 14:07 - 2014-07-14 14:07 - 00000000 ____D () C:\Users\Austin\AppData\Local\PAYDAY 2
2014-07-11 13:14 - 2014-07-11 13:14 - 00000000 ____D () C:\Users\Austin\AppData\Roaming\3909
2014-07-11 01:26 - 2014-07-11 01:26 - 00000000 ____D () C:\Users\Austin\Documents\Skullgirls
2014-07-11 01:24 - 2014-07-11 01:24 - 29405096 _____ (Oracle Corporation) C:\Users\Austin\Downloads\jre-7u60-windows-i586.exe
2014-07-11 01:24 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-11 01:24 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-11 01:24 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-11 01:24 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-11 01:24 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-11 01:24 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-11 01:24 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-11 01:24 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-11 01:24 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-11 01:24 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-11 01:24 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-11 01:24 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-11 01:24 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-11 01:24 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-11 01:24 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-11 01:24 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-11 01:24 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-11 01:24 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-11 01:24 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-11 01:24 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-11 01:24 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-11 01:24 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-11 01:24 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-11 01:24 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-11 01:24 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-11 01:24 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-11 01:24 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-11 01:24 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-11 01:24 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-11 01:24 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-11 01:24 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-11 01:24 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-11 01:24 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-11 01:24 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-11 01:24 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-11 01:24 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-11 01:24 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-11 01:24 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-11 01:24 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-11 01:24 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-11 01:24 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-11 01:24 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-11 01:24 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-11 01:24 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-11 01:24 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-11 01:24 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-11 01:24 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-11 01:24 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-11 01:24 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-11 01:24 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-11 01:24 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-11 01:24 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-11 01:24 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-11 01:24 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-11 01:24 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-11 01:24 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-11 01:24 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-11 01:24 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-11 01:24 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-11 01:24 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-11 01:24 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-11 01:24 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-11 01:24 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-11 01:24 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-11 01:24 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-11 01:24 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-11 01:24 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-11 01:24 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-11 01:24 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-11 01:24 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-11 01:24 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-11 01:24 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-11 01:24 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-11 01:24 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-11 01:24 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-11 01:24 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-11 01:24 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-11 01:24 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-11 01:22 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-11 01:22 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-11 01:22 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-11 01:22 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-07-11 01:22 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-07-11 01:22 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-07-11 01:22 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-07-11 01:22 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-07-11 01:22 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-07-11 01:22 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-07-11 01:22 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-07-11 01:22 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-07-11 01:22 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-07-11 01:22 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-07-11 01:22 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-07-11 01:22 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-07-11 01:22 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-07-11 01:22 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-07-11 01:22 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-07-11 01:22 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-07-11 01:22 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-07-11 01:22 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-07-11 01:22 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-07-11 01:22 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-07-11 01:22 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-07-11 01:22 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-07-11 01:22 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-07-11 01:22 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-07-11 01:22 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-07-11 01:22 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-07-11 01:22 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-07-11 01:22 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-07-11 01:22 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-07-11 01:22 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-07-11 01:22 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-07-11 01:22 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-07-11 01:22 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-07-11 01:22 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-07-11 01:22 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-07-11 01:22 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-07-11 01:22 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-07-11 01:22 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-07-11 01:21 - 2014-07-11 01:21 - 30984104 _____ (Oracle Corporation) C:\Users\Austin\Downloads\jre-7u60-windows-x64.exe
2014-07-11 01:09 - 2014-07-11 01:09 - 00000000 ____D () C:\Users\Austin\AppData\Local\uTorrent

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-08 14:50 - 2014-08-08 14:50 - 00000000 ____D () C:\Users\Austin\Desktop\FRST64
2014-08-08 14:50 - 2014-08-08 14:49 - 00000000 ____D () C:\FRST
2014-08-08 14:48 - 2014-08-08 14:47 - 00000000 ____D () C:\AdwCleaner
2014-08-08 14:46 - 2014-08-08 14:46 - 01366203 _____ () C:\Users\Austin\Desktop\adwcleaner_3.304.exe
2014-08-08 14:42 - 2014-02-08 18:35 - 01062005 _____ () C:\Windows\WindowsUpdate.log
2014-08-08 14:41 - 2014-02-08 17:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-08 14:41 - 2009-07-14 00:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-08 14:41 - 2009-07-14 00:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-08 14:38 - 2014-08-08 14:38 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-08-08 14:37 - 2014-08-08 14:37 - 05392984 _____ () C:\Users\Austin\Desktop\RogueKillerX64.exe
2014-08-08 14:36 - 2014-08-08 14:36 - 00002511 _____ () C:\Users\Austin\Desktop\aasdf.txt
2014-08-08 14:34 - 2014-02-08 16:29 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-08 01:33 - 2009-07-14 00:51 - 00071482 _____ () C:\Windows\setupact.log
2014-08-06 15:57 - 2014-08-01 15:12 - 00006021 _____ () C:\Users\Austin\Desktop\attach.txt
2014-08-06 15:56 - 2014-08-01 15:12 - 00014060 _____ () C:\Users\Austin\Desktop\dds.txt
2014-08-04 21:49 - 2009-07-14 01:13 - 00796870 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-04 21:45 - 2014-02-08 19:05 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-04 21:45 - 2014-02-08 18:54 - 00000000 ____D () C:\ProgramData\Bigfoot Networks
2014-08-04 21:45 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-04 15:10 - 2014-02-10 11:36 - 00166768 _____ () C:\Windows\PFRO.log
2014-08-02 13:49 - 2014-08-02 13:49 - 00000000 ____D () C:\Users\Austin\AppData\Local\CrashDumps
2014-08-01 16:56 - 2014-02-09 03:41 - 00000000 ____D () C:\Users\Austin\Documents\my games
2014-08-01 16:36 - 2014-08-01 16:36 - 00000000 ____D () C:\Users\Austin\AppData\Local\SCE
2014-08-01 16:21 - 2014-05-03 14:26 - 00000000 ____D () C:\Users\Austin\AppData\Local\Google
2014-08-01 16:21 - 2014-05-03 14:26 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-01 15:10 - 2014-08-01 15:10 - 00688992 ____R (Swearware) C:\Users\Austin\Desktop\dds.com
2014-08-01 15:05 - 2014-08-01 15:05 - 00000953 _____ () C:\Users\Austin\Desktop\MagicDisc.lnk
2014-08-01 15:05 - 2014-08-01 15:05 - 00000000 ____D () C:\Program Files (x86)\MagicDisc
2014-08-01 15:05 - 2014-03-18 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc
2014-08-01 14:59 - 2014-08-01 01:35 - 00000000 ____D () C:\Qoobox
2014-08-01 02:07 - 2014-08-01 02:07 - 00029160 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-08-01 02:07 - 2014-08-01 02:07 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-01 01:57 - 2014-08-01 01:57 - 00011488 _____ () C:\ComboFix.txt
2014-08-01 01:56 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-01 01:43 - 2014-08-01 01:35 - 00000000 ____D () C:\Windows\erdnt
2014-08-01 01:34 - 2014-08-01 01:34 - 05567414 ____R (Swearware) C:\Users\Austin\Downloads\ComboFix.exe
2014-08-01 01:25 - 2014-07-29 20:45 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-31 21:37 - 2014-04-25 23:36 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-31 21:37 - 2014-04-25 23:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-31 21:37 - 2014-02-08 16:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-29 20:45 - 2014-07-29 20:45 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-29 20:45 - 2014-07-06 08:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-29 20:45 - 2014-07-06 08:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-29 20:44 - 2014-07-29 20:44 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Austin\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-29 20:04 - 2014-03-23 15:06 - 00000000 ____D () C:\Users\Austin\AppData\Roaming\vlc
2014-07-29 17:28 - 2014-02-08 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-07-29 17:28 - 2014-02-08 19:04 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-07-29 17:27 - 2014-02-08 19:01 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-29 17:23 - 2014-03-13 01:50 - 00000000 ____D () C:\Users\Austin\AppData\Local\NVIDIA Corporation
2014-07-28 01:05 - 2014-07-28 01:05 - 00000000 ____D () C:\Users\Austin\AppData\Roaming\Warner Bros. Interactive Entertainment
2014-07-28 01:05 - 2014-07-28 01:05 - 00000000 ____D () C:\Users\Austin\AppData\Local\EMU
2014-07-28 01:03 - 2014-02-08 17:18 - 01002528 _____ () C:\Windows\DirectX.log
2014-07-25 17:35 - 2014-03-29 00:13 - 00000000 ____D () C:\Users\Austin\Documents\Euro Truck Simulator 2
2014-07-25 09:50 - 2014-06-02 14:33 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-07-25 09:50 - 2014-06-02 14:33 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-07-25 09:50 - 2014-03-13 01:50 - 01283136 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-07-25 09:50 - 2014-03-13 01:50 - 01126480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-07-24 03:01 - 2014-04-25 23:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 02:19 - 2014-02-16 11:40 - 00000000 ____D () C:\ProgramData\Origin
2014-07-23 15:39 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-23 15:13 - 2014-05-12 16:15 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-07-23 15:05 - 2014-05-12 16:12 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-07-23 14:57 - 2014-07-23 14:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-20 01:45 - 2014-07-20 01:45 - 00000035 _____ () C:\Users\Austin\Desktop\mount.txt
2014-07-18 22:59 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-17 20:56 - 2014-07-17 20:56 - 00004133 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-17 20:56 - 2014-03-30 21:48 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-17 20:46 - 2014-07-17 20:18 - 00000000 ____D () C:\Users\Austin\AppData\Roaming\Bioshock
2014-07-17 20:18 - 2014-07-17 20:18 - 00000000 ____D () C:\Users\Austin\Documents\Bioshock
2014-07-17 18:31 - 2014-07-17 16:38 - 00000000 ____D () C:\Users\Austin\AppData\Roaming\Bioshock2Steam
2014-07-17 16:38 - 2014-07-17 16:38 - 00000000 ____D () C:\Users\Austin\Documents\Bioshock2
2014-07-14 16:27 - 2014-07-14 16:27 - 29405096 _____ (Oracle Corporation) C:\Users\Austin\Downloads\jre-7u60-windows-i586(1).exe
2014-07-14 14:07 - 2014-07-14 14:07 - 00000000 ____D () C:\Users\Austin\AppData\Local\PAYDAY 2
2014-07-12 13:12 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-07-11 13:14 - 2014-07-11 13:14 - 00000000 ____D () C:\Users\Austin\AppData\Roaming\3909
2014-07-11 12:40 - 2009-07-14 00:45 - 00270256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-11 12:39 - 2014-05-06 20:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-11 12:39 - 2009-07-14 03:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-11 12:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-11 12:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-11 01:27 - 2014-02-08 16:47 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-11 01:26 - 2014-07-11 01:26 - 00000000 ____D () C:\Users\Austin\Documents\Skullgirls
2014-07-11 01:24 - 2014-07-11 01:24 - 29405096 _____ (Oracle Corporation) C:\Users\Austin\Downloads\jre-7u60-windows-i586.exe
2014-07-11 01:21 - 2014-07-11 01:21 - 30984104 _____ (Oracle Corporation) C:\Users\Austin\Downloads\jre-7u60-windows-x64.exe
2014-07-11 01:09 - 2014-07-11 01:09 - 00000000 ____D () C:\Users\Austin\AppData\Local\uTorrent
2014-07-10 18:25 - 2014-07-08 16:02 - 00000000 ____D () C:\Users\Austin\AppData\Roaming\DarknessII

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-07 17:22

==================== End Of Log ============================

 

 

 

 

 

 

 

 

 

 

 

So far, all of my original problems still persist. Still strange programs running with randomly changing file locations before my eyes, can't terminate them and can't open their file location, randomly high CPU and RAM usage, etc.
 

 

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:45 PM

Posted 09 August 2014 - 06:07 AM

Nothing suspicious was found on your logs.



Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

#7 WizzDizzy

WizzDizzy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 09 August 2014 - 12:39 PM

Results of aswMBR:

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-08-09 13:37:28
-----------------------------
13:37:28.657    OS Version: Windows x64 6.1.7601 Service Pack 1
13:37:28.657    Number of processors: 8 586 0x3C03
13:37:28.657    ComputerName: ELECTRICFIZZ  UserName: Austin
13:37:29.473    Initialize success
13:37:29.527    VM: initialized successfully
13:37:29.528    VM: Intel CPU supported
13:37:37.238    VM: supported disk I/O ataport.SYS
13:37:53.477    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
13:37:53.478    Disk 0 Vendor: WDC_WD10EZEX-00KUWA0 15.01H15 Size: 953869MB BusType: 11
13:37:53.539    VM: Disk 0 MBR read successfully
13:37:53.540    Disk 0 MBR scan
13:37:53.541    Disk 0 Windows 7 default MBR code
13:37:53.543    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
13:37:53.544    Disk 0 Boot: NTFS     code=1
13:37:53.546    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       953767 MB offset 206848
13:37:53.555    Disk 0 scanning C:\Windows\system32\drivers
13:37:56.647    Service scanning
13:38:02.777    Modules scanning
13:38:02.781    Disk 0 trace - called modules:
13:38:02.784    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
13:38:02.785    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80073d8790]
13:38:02.787    3 CLASSPNP.SYS[fffff8800188643f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa80071b3680]
13:38:02.790    Scan finished successfully
13:38:26.332    Disk 0 MBR has been saved successfully to "C:\Users\Austin\Desktop\MBR.dat"
13:38:26.334    The log file has been saved successfully to "C:\Users\Austin\Desktop\aswMBR.txt"

 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:45 PM

Posted 09 August 2014 - 12:46 PM

It's clean.

Can I see the TDSSKiller log.

#9 WizzDizzy

WizzDizzy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 09 August 2014 - 08:57 PM

21:54:38.0822 0x1318 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
21:54:40.0956 0x1318 ============================================================
21:54:40.0956 0x1318 Current date / time: 2014/08/09 21:54:40.0956
21:54:40.0956 0x1318 SystemInfo:
21:54:40.0956 0x1318
21:54:40.0956 0x1318 OS Version: 6.1.7601 ServicePack: 1.0
21:54:40.0956 0x1318 Product type: Workstation
21:54:40.0956 0x1318 ComputerName: ELECTRICFIZZ
21:54:40.0956 0x1318 UserName: Austin
21:54:40.0956 0x1318 Windows directory: C:\Windows
21:54:40.0956 0x1318 System windows directory: C:\Windows
21:54:40.0956 0x1318 Running under WOW64
21:54:40.0956 0x1318 Processor architecture: Intel x64
21:54:40.0956 0x1318 Number of processors: 8
21:54:40.0956 0x1318 Page size: 0x1000
21:54:40.0956 0x1318 Boot type: Normal boot
21:54:40.0956 0x1318 ============================================================
21:54:43.0027 0x1318 KLMD registered as C:\Windows\system32\drivers\26228610.sys
21:54:43.0137 0x1318 System UUID: {F0F8444F-C12B-577E-C68E-9567ACE809D7}
21:54:43.0327 0x1318 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:54:43.0331 0x1318 ============================================================
21:54:43.0331 0x1318 \Device\Harddisk0\DR0:
21:54:43.0331 0x1318 MBR partitions:
21:54:43.0331 0x1318 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:54:43.0331 0x1318 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
21:54:43.0331 0x1318 ============================================================
21:54:43.0359 0x1318 C: &lt;-&gt; \Device\Harddisk0\DR0\Partition2
21:54:43.0359 0x1318 ============================================================
21:54:43.0359 0x1318 Initialize success
21:54:43.0359 0x1318 ============================================================
21:54:44.0668 0x0ec4 ============================================================
21:54:44.0668 0x0ec4 Scan started
21:54:44.0668 0x0ec4 Mode: Manual;
21:54:44.0668 0x0ec4 ============================================================
21:54:44.0668 0x0ec4 KSN ping started
21:54:53.0028 0x0ec4 KSN ping finished: true
21:54:53.0798 0x0ec4 ================ Scan system memory ========================
21:54:53.0798 0x0ec4 System memory - ok
21:54:53.0798 0x0ec4 ================ Scan services =============================
21:54:53.0903 0x0ec4 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:54:53.0906 0x0ec4 1394ohci - ok
21:54:53.0939 0x0ec4 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:54:53.0942 0x0ec4 ACPI - ok
21:54:53.0959 0x0ec4 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:54:53.0959 0x0ec4 AcpiPmi - ok
21:54:54.0004 0x0ec4 [ A6B6AB9502B63F43A9A56AE6AFB22078, DD1F0BA3D8F3333F52A71EAE3719A001F6EF844D647FFABF0E4C56C6C764ACA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:54:54.0006 0x0ec4 AdobeFlashPlayerUpdateSvc - ok
21:54:54.0035 0x0ec4 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:54:54.0040 0x0ec4 adp94xx - ok
21:54:54.0054 0x0ec4 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:54:54.0057 0x0ec4 adpahci - ok
21:54:54.0074 0x0ec4 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:54:54.0076 0x0ec4 adpu320 - ok
21:54:54.0097 0x0ec4 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:54:54.0098 0x0ec4 AeLookupSvc - ok
21:54:54.0125 0x0ec4 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
21:54:54.0130 0x0ec4 AFD - ok
21:54:54.0136 0x0ec4 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
21:54:54.0137 0x0ec4 agp440 - ok
21:54:54.0150 0x0ec4 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
21:54:54.0151 0x0ec4 ALG - ok
21:54:54.0168 0x0ec4 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
21:54:54.0174 0x0ec4 aliide - ok
21:54:54.0184 0x0ec4 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
21:54:54.0184 0x0ec4 amdide - ok
21:54:54.0190 0x0ec4 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:54:54.0191 0x0ec4 AmdK8 - ok
21:54:54.0202 0x0ec4 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:54:54.0203 0x0ec4 AmdPPM - ok
21:54:54.0207 0x0ec4 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:54:54.0208 0x0ec4 amdsata - ok
21:54:54.0225 0x0ec4 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:54:54.0227 0x0ec4 amdsbs - ok
21:54:54.0236 0x0ec4 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:54:54.0236 0x0ec4 amdxata - ok
21:54:54.0253 0x0ec4 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
21:54:54.0254 0x0ec4 AppID - ok
21:54:54.0267 0x0ec4 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:54:54.0268 0x0ec4 AppIDSvc - ok
21:54:54.0275 0x0ec4 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
21:54:54.0276 0x0ec4 Appinfo - ok
21:54:54.0304 0x0ec4 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
21:54:54.0305 0x0ec4 arc - ok
21:54:54.0310 0x0ec4 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:54:54.0311 0x0ec4 arcsas - ok
21:54:54.0376 0x0ec4 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:54:54.0376 0x0ec4 aspnet_state - ok
21:54:54.0395 0x0ec4 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:54:54.0395 0x0ec4 AsyncMac - ok
21:54:54.0402 0x0ec4 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
21:54:54.0402 0x0ec4 atapi - ok
21:54:54.0423 0x0ec4 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:54:54.0430 0x0ec4 AudioEndpointBuilder - ok
21:54:54.0464 0x0ec4 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:54:54.0472 0x0ec4 AudioSrv - ok
21:54:54.0520 0x0ec4 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:54:54.0522 0x0ec4 AxInstSV - ok
21:54:54.0537 0x0ec4 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:54:54.0543 0x0ec4 b06bdrv - ok
21:54:54.0558 0x0ec4 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:54:54.0561 0x0ec4 b57nd60a - ok
21:54:54.0589 0x0ec4 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
21:54:54.0590 0x0ec4 BDESVC - ok
21:54:54.0611 0x0ec4 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
21:54:54.0611 0x0ec4 Beep - ok
21:54:54.0652 0x0ec4 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
21:54:54.0660 0x0ec4 BFE - ok
21:54:54.0685 0x0ec4 [ 92A1B95CFC9E931FDA4FFE75DF87D72B, 0578F5C2C70FA20E32D4220A9EB2719A5ACEBBFFDEE396B632216E4847E68AE7 ] BfLwf C:\Windows\system32\DRIVERS\bflwfx64.sys
21:54:54.0686 0x0ec4 BfLwf - ok
21:54:54.0703 0x0ec4 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll
21:54:54.0714 0x0ec4 BITS - ok
21:54:54.0720 0x0ec4 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:54:54.0721 0x0ec4 blbdrive - ok
21:54:54.0742 0x0ec4 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:54:54.0743 0x0ec4 bowser - ok
21:54:54.0756 0x0ec4 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:54:54.0757 0x0ec4 BrFiltLo - ok
21:54:54.0765 0x0ec4 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:54:54.0766 0x0ec4 BrFiltUp - ok
21:54:54.0776 0x0ec4 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
21:54:54.0777 0x0ec4 BridgeMP - ok
21:54:54.0805 0x0ec4 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
21:54:54.0807 0x0ec4 Browser - ok
21:54:54.0821 0x0ec4 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:54:54.0824 0x0ec4 Brserid - ok
21:54:54.0836 0x0ec4 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:54:54.0836 0x0ec4 BrSerWdm - ok
21:54:54.0847 0x0ec4 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:54:54.0848 0x0ec4 BrUsbMdm - ok
21:54:54.0856 0x0ec4 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:54:54.0856 0x0ec4 BrUsbSer - ok
21:54:54.0862 0x0ec4 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:54:54.0863 0x0ec4 BTHMODEM - ok
21:54:54.0866 0x0ec4 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
21:54:54.0867 0x0ec4 bthserv - ok
21:54:54.0871 0x0ec4 catchme - ok
21:54:54.0877 0x0ec4 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:54:54.0878 0x0ec4 cdfs - ok
21:54:54.0903 0x0ec4 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:54:54.0905 0x0ec4 cdrom - ok
21:54:54.0924 0x0ec4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
21:54:54.0925 0x0ec4 CertPropSvc - ok
21:54:54.0937 0x0ec4 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:54:54.0937 0x0ec4 circlass - ok
21:54:54.0961 0x0ec4 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
21:54:54.0965 0x0ec4 CLFS - ok
21:54:55.0003 0x0ec4 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:54:55.0004 0x0ec4 clr_optimization_v2.0.50727_32 - ok
21:54:55.0025 0x0ec4 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:54:55.0026 0x0ec4 clr_optimization_v2.0.50727_64 - ok
21:54:55.0068 0x0ec4 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:54:55.0070 0x0ec4 clr_optimization_v4.0.30319_32 - ok
21:54:55.0083 0x0ec4 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:54:55.0085 0x0ec4 clr_optimization_v4.0.30319_64 - ok
21:54:55.0097 0x0ec4 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:54:55.0097 0x0ec4 CmBatt - ok
21:54:55.0109 0x0ec4 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:54:55.0109 0x0ec4 cmdide - ok
21:54:55.0138 0x0ec4 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
21:54:55.0142 0x0ec4 CNG - ok
21:54:55.0151 0x0ec4 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:54:55.0152 0x0ec4 Compbatt - ok
21:54:55.0166 0x0ec4 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:54:55.0167 0x0ec4 CompositeBus - ok
21:54:55.0170 0x0ec4 COMSysApp - ok
21:54:55.0182 0x0ec4 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:54:55.0182 0x0ec4 crcdisk - ok
21:54:55.0207 0x0ec4 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:54:55.0209 0x0ec4 CryptSvc - ok
21:54:55.0233 0x0ec4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:54:55.0239 0x0ec4 DcomLaunch - ok
21:54:55.0254 0x0ec4 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
21:54:55.0258 0x0ec4 defragsvc - ok
21:54:55.0266 0x0ec4 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:54:55.0267 0x0ec4 DfsC - ok
21:54:55.0284 0x0ec4 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
21:54:55.0288 0x0ec4 Dhcp - ok
21:54:55.0295 0x0ec4 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
21:54:55.0296 0x0ec4 discache - ok
21:54:55.0304 0x0ec4 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:54:55.0305 0x0ec4 Disk - ok
21:54:55.0323 0x0ec4 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:54:55.0325 0x0ec4 Dnscache - ok
21:54:55.0338 0x0ec4 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
21:54:55.0341 0x0ec4 dot3svc - ok
21:54:55.0355 0x0ec4 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
21:54:55.0357 0x0ec4 DPS - ok
21:54:55.0383 0x0ec4 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:54:55.0383 0x0ec4 drmkaud - ok
21:54:55.0413 0x0ec4 [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:54:55.0424 0x0ec4 DXGKrnl - ok
21:54:55.0441 0x0ec4 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
21:54:55.0443 0x0ec4 EapHost - ok
21:54:55.0449 0x0ec4 EasyAntiCheat - ok
21:54:55.0515 0x0ec4 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:54:55.0551 0x0ec4 ebdrv - ok
21:54:55.0569 0x0ec4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe
21:54:55.0570 0x0ec4 EFS - ok
21:54:55.0607 0x0ec4 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:54:55.0615 0x0ec4 ehRecvr - ok
21:54:55.0628 0x0ec4 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
21:54:55.0630 0x0ec4 ehSched - ok
21:54:55.0649 0x0ec4 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:54:55.0655 0x0ec4 elxstor - ok
21:54:55.0673 0x0ec4 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:54:55.0673 0x0ec4 ErrDev - ok
21:54:55.0686 0x0ec4 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
21:54:55.0691 0x0ec4 EventSystem - ok
21:54:55.0705 0x0ec4 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
21:54:55.0707 0x0ec4 exfat - ok
21:54:55.0724 0x0ec4 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:54:55.0726 0x0ec4 fastfat - ok
21:54:55.0753 0x0ec4 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
21:54:55.0761 0x0ec4 Fax - ok
21:54:55.0774 0x0ec4 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:54:55.0775 0x0ec4 fdc - ok
21:54:55.0792 0x0ec4 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
21:54:55.0792 0x0ec4 fdPHost - ok
21:54:55.0798 0x0ec4 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
21:54:55.0798 0x0ec4 FDResPub - ok
21:54:55.0801 0x0ec4 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:54:55.0802 0x0ec4 FileInfo - ok
21:54:55.0813 0x0ec4 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:54:55.0814 0x0ec4 Filetrace - ok
21:54:55.0820 0x0ec4 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:54:55.0821 0x0ec4 flpydisk - ok
21:54:55.0836 0x0ec4 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:54:55.0839 0x0ec4 FltMgr - ok
21:54:55.0874 0x0ec4 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
21:54:55.0888 0x0ec4 FontCache - ok
21:54:55.0918 0x0ec4 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:54:55.0918 0x0ec4 FontCache3.0.0.0 - ok
21:54:55.0929 0x0ec4 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:54:55.0930 0x0ec4 FsDepends - ok
21:54:55.0951 0x0ec4 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:54:55.0952 0x0ec4 Fs_Rec - ok
21:54:55.0982 0x0ec4 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:54:55.0984 0x0ec4 fvevol - ok
21:54:55.0996 0x0ec4 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:54:55.0997 0x0ec4 gagp30kx - ok
21:54:56.0023 0x0ec4 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
21:54:56.0032 0x0ec4 gpsvc - ok
21:54:56.0042 0x0ec4 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:54:56.0043 0x0ec4 hcw85cir - ok
21:54:56.0086 0x0ec4 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:54:56.0090 0x0ec4 HdAudAddService - ok
21:54:56.0098 0x0ec4 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:54:56.0099 0x0ec4 HDAudBus - ok
21:54:56.0102 0x0ec4 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:54:56.0102 0x0ec4 HidBatt - ok
21:54:56.0117 0x0ec4 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:54:56.0118 0x0ec4 HidBth - ok
21:54:56.0120 0x0ec4 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:54:56.0121 0x0ec4 HidIr - ok
21:54:56.0133 0x0ec4 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
21:54:56.0133 0x0ec4 hidserv - ok
21:54:56.0150 0x0ec4 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:54:56.0150 0x0ec4 HidUsb - ok
21:54:56.0165 0x0ec4 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:54:56.0167 0x0ec4 hkmsvc - ok
21:54:56.0193 0x0ec4 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:54:56.0196 0x0ec4 HomeGroupListener - ok
21:54:56.0213 0x0ec4 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:54:56.0216 0x0ec4 HomeGroupProvider - ok
21:54:56.0227 0x0ec4 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:54:56.0228 0x0ec4 HpSAMD - ok
21:54:56.0252 0x0ec4 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:54:56.0260 0x0ec4 HTTP - ok
21:54:56.0282 0x0ec4 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:54:56.0282 0x0ec4 hwpolicy - ok
21:54:56.0294 0x0ec4 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:54:56.0295 0x0ec4 i8042prt - ok
21:54:56.0313 0x0ec4 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:54:56.0317 0x0ec4 iaStorV - ok
21:54:56.0356 0x0ec4 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:54:56.0365 0x0ec4 idsvc - ok
21:54:56.0416 0x0ec4 IEEtwCollectorService - ok
21:54:56.0418 0x0ec4 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:54:56.0419 0x0ec4 iirsp - ok
21:54:56.0451 0x0ec4 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
21:54:56.0461 0x0ec4 IKEEXT - ok
21:54:56.0492 0x0ec4 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
21:54:56.0492 0x0ec4 intelide - ok
21:54:56.0512 0x0ec4 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:54:56.0513 0x0ec4 intelppm - ok
21:54:56.0525 0x0ec4 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:54:56.0526 0x0ec4 IPBusEnum - ok
21:54:56.0541 0x0ec4 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:54:56.0542 0x0ec4 IpFilterDriver - ok
21:54:56.0558 0x0ec4 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:54:56.0564 0x0ec4 iphlpsvc - ok
21:54:56.0568 0x0ec4 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:54:56.0569 0x0ec4 IPMIDRV - ok
21:54:56.0577 0x0ec4 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:54:56.0579 0x0ec4 IPNAT - ok
21:54:56.0595 0x0ec4 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:54:56.0595 0x0ec4 IRENUM - ok
21:54:56.0600 0x0ec4 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:54:56.0601 0x0ec4 isapnp - ok
21:54:56.0613 0x0ec4 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:54:56.0616 0x0ec4 iScsiPrt - ok
21:54:56.0644 0x0ec4 [ 4EE2423C38F43D37F8497A672FD10BDC, 031C5272DD28809255CF4FA8E6DE45DBFBD9A363BBD5156D0AEE0787C4297980 ] ISCT C:\Windows\system32\DRIVERS\ISCTD64.sys
21:54:56.0645 0x0ec4 ISCT - ok
21:54:56.0652 0x0ec4 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
21:54:56.0653 0x0ec4 kbdclass - ok
21:54:56.0665 0x0ec4 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:54:56.0666 0x0ec4 kbdhid - ok
21:54:56.0695 0x0ec4 [ 8388468214713C94154C547DDB4F96CC, 661365BAB7F20E1EF1B7B97146C3F49744EF7AAC342E0FB64481CF116135C7C1 ] Ke2200 C:\Windows\system32\DRIVERS\e22w7x64.sys
21:54:56.0696 0x0ec4 Ke2200 - ok
21:54:56.0702 0x0ec4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe
21:54:56.0703 0x0ec4 KeyIso - ok
21:54:56.0718 0x0ec4 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:54:56.0719 0x0ec4 KSecDD - ok
21:54:56.0729 0x0ec4 [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:54:56.0731 0x0ec4 KSecPkg - ok
21:54:56.0735 0x0ec4 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:54:56.0735 0x0ec4 ksthunk - ok
21:54:56.0761 0x0ec4 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
21:54:56.0765 0x0ec4 KtmRm - ok
21:54:56.0786 0x0ec4 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll
21:54:56.0790 0x0ec4 LanmanServer - ok
21:54:56.0807 0x0ec4 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:54:56.0809 0x0ec4 LanmanWorkstation - ok
21:54:56.0827 0x0ec4 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:54:56.0828 0x0ec4 lltdio - ok
21:54:56.0847 0x0ec4 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:54:56.0851 0x0ec4 lltdsvc - ok
21:54:56.0858 0x0ec4 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:54:56.0858 0x0ec4 lmhosts - ok
21:54:56.0869 0x0ec4 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:54:56.0870 0x0ec4 LSI_FC - ok
21:54:56.0881 0x0ec4 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:54:56.0883 0x0ec4 LSI_SAS - ok
21:54:56.0908 0x0ec4 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:54:56.0908 0x0ec4 LSI_SAS2 - ok
21:54:56.0914 0x0ec4 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:54:56.0915 0x0ec4 LSI_SCSI - ok
21:54:56.0927 0x0ec4 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
21:54:56.0928 0x0ec4 luafv - ok
21:54:56.0956 0x0ec4 [ 8A50D5304E6AE48664CF5838EC32F647, C76943FABEE1B5E1B641AA610668CCD4227E2C4B191DD30B79D3AB31A9E8B5BE ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
21:54:56.0958 0x0ec4 MBAMSwissArmy - ok
21:54:56.0987 0x0ec4 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF, 2722E217AF11F928E58F694E5C1CC5776283A56C54E7F84401FECFBD73E91EBA ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
21:54:56.0990 0x0ec4 mcdbus - ok
21:54:57.0014 0x0ec4 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:54:57.0015 0x0ec4 Mcx2Svc - ok
21:54:57.0022 0x0ec4 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:54:57.0023 0x0ec4 megasas - ok
21:54:57.0040 0x0ec4 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:54:57.0043 0x0ec4 MegaSR - ok
21:54:57.0064 0x0ec4 [ 2BB3EAE2EA641515D4B205CAB29E1624, D3F18EE393EB1B0F919484281269A3C55A092D023E62C59D74CB63A55612024B ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
21:54:57.0065 0x0ec4 MEIx64 - ok
21:54:57.0073 0x0ec4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
21:54:57.0075 0x0ec4 MMCSS - ok
21:54:57.0076 0x0ec4 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
21:54:57.0077 0x0ec4 Modem - ok
21:54:57.0096 0x0ec4 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:54:57.0096 0x0ec4 monitor - ok
21:54:57.0107 0x0ec4 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\drivers\mouclass.sys
21:54:57.0108 0x0ec4 mouclass - ok
21:54:57.0116 0x0ec4 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:54:57.0117 0x0ec4 mouhid - ok
21:54:57.0133 0x0ec4 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:54:57.0134 0x0ec4 mountmgr - ok
21:54:57.0177 0x0ec4 [ 4E9D8041D352A33332FD6F59A3A78B03, D4E6229B07EF9866993EEE4F6223DC7F1FF1108273FE14A3DC74E65C181DE56A ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:54:57.0178 0x0ec4 MozillaMaintenance - ok
21:54:57.0188 0x0ec4 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
21:54:57.0189 0x0ec4 mpio - ok
21:54:57.0220 0x0ec4 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:54:57.0221 0x0ec4 mpsdrv - ok
21:54:57.0253 0x0ec4 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:54:57.0262 0x0ec4 MpsSvc - ok
21:54:57.0282 0x0ec4 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:54:57.0284 0x0ec4 MRxDAV - ok
21:54:57.0305 0x0ec4 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:54:57.0307 0x0ec4 mrxsmb - ok
21:54:57.0321 0x0ec4 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:54:57.0325 0x0ec4 mrxsmb10 - ok
21:54:57.0338 0x0ec4 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:54:57.0339 0x0ec4 mrxsmb20 - ok
21:54:57.0351 0x0ec4 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
21:54:57.0351 0x0ec4 msahci - ok
21:54:57.0361 0x0ec4 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:54:57.0363 0x0ec4 msdsm - ok
21:54:57.0384 0x0ec4 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
21:54:57.0386 0x0ec4 MSDTC - ok
21:54:57.0397 0x0ec4 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:54:57.0397 0x0ec4 Msfs - ok
21:54:57.0408 0x0ec4 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:54:57.0408 0x0ec4 mshidkmdf - ok
21:54:57.0414 0x0ec4 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:54:57.0414 0x0ec4 msisadrv - ok
21:54:57.0426 0x0ec4 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:54:57.0428 0x0ec4 MSiSCSI - ok
21:54:57.0430 0x0ec4 msiserver - ok
21:54:57.0449 0x0ec4 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:54:57.0450 0x0ec4 MSKSSRV - ok
21:54:57.0460 0x0ec4 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:54:57.0460 0x0ec4 MSPCLOCK - ok
21:54:57.0472 0x0ec4 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:54:57.0472 0x0ec4 MSPQM - ok
21:54:57.0488 0x0ec4 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:54:57.0492 0x0ec4 MsRPC - ok
21:54:57.0495 0x0ec4 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:54:57.0496 0x0ec4 mssmbios - ok
21:54:57.0497 0x0ec4 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:54:57.0498 0x0ec4 MSTEE - ok
21:54:57.0508 0x0ec4 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:54:57.0508 0x0ec4 MTConfig - ok
21:54:57.0521 0x0ec4 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
21:54:57.0522 0x0ec4 Mup - ok
21:54:57.0548 0x0ec4 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
21:54:57.0554 0x0ec4 napagent - ok
21:54:57.0581 0x0ec4 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:54:57.0584 0x0ec4 NativeWifiP - ok
21:54:57.0616 0x0ec4 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
21:54:57.0626 0x0ec4 NDIS - ok
21:54:57.0637 0x0ec4 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:54:57.0638 0x0ec4 NdisCap - ok
21:54:57.0649 0x0ec4 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:54:57.0649 0x0ec4 NdisTapi - ok
21:54:57.0674 0x0ec4 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:54:57.0674 0x0ec4 Ndisuio - ok
21:54:57.0690 0x0ec4 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:54:57.0692 0x0ec4 NdisWan - ok
21:54:57.0715 0x0ec4 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:54:57.0715 0x0ec4 NDProxy - ok
21:54:57.0721 0x0ec4 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:54:57.0722 0x0ec4 NetBIOS - ok
21:54:57.0733 0x0ec4 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:54:57.0736 0x0ec4 NetBT - ok
21:54:57.0744 0x0ec4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe
21:54:57.0745 0x0ec4 Netlogon - ok
21:54:57.0761 0x0ec4 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
21:54:57.0765 0x0ec4 Netman - ok
21:54:57.0787 0x0ec4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:54:57.0788 0x0ec4 NetMsmqActivator - ok
21:54:57.0791 0x0ec4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:54:57.0793 0x0ec4 NetPipeActivator - ok
21:54:57.0807 0x0ec4 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
21:54:57.0812 0x0ec4 netprofm - ok
21:54:57.0815 0x0ec4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:54:57.0817 0x0ec4 NetTcpActivator - ok
21:54:57.0821 0x0ec4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:54:57.0822 0x0ec4 NetTcpPortSharing - ok
21:54:57.0857 0x0ec4 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:54:57.0857 0x0ec4 nfrd960 - ok
21:54:57.0873 0x0ec4 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:54:57.0877 0x0ec4 NlaSvc - ok
21:54:57.0889 0x0ec4 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:54:57.0890 0x0ec4 Npfs - ok
21:54:57.0899 0x0ec4 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
21:54:57.0900 0x0ec4 nsi - ok
21:54:57.0905 0x0ec4 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:54:57.0905 0x0ec4 nsiproxy - ok
21:54:57.0945 0x0ec4 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:54:57.0964 0x0ec4 Ntfs - ok
21:54:57.0971 0x0ec4 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
21:54:57.0971 0x0ec4 Null - ok
21:54:58.0004 0x0ec4 [ E366A5681C50785D4ED04FCFD65C3415, 7FF7B4B8F09E773401AE879897E60BF494B57B9ACEE990204A4C98A3FB183A33 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
21:54:58.0007 0x0ec4 NVHDA - ok
21:54:58.0232 0x0ec4 [ 2232AE1BB51A96A7381A2CA17DF12E24, 4813E27BC14EB3CBD55AF89B098EA5C8DA4C7FF0B6CCB7AACFC43BC0E578C988 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:54:58.0369 0x0ec4 nvlddmkm - ok
21:54:58.0455 0x0ec4 [ 45D6780D0525D7BC29E2E3605CA73C18, C8BBE8BE9824CD1D3C4314FE370FA03BD6000187B4FC4FC935F8342E1A02FA7E ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
21:54:58.0473 0x0ec4 NvNetworkService - ok
21:54:58.0489 0x0ec4 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:54:58.0491 0x0ec4 nvraid - ok
21:54:58.0504 0x0ec4 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:54:58.0505 0x0ec4 nvstor - ok
21:54:58.0590 0x0ec4 [ A0D870DCE152EE5B92A41AD927201D19, 67FB025CB380D933BF0FDD4AFE9BE4E3C1D69A59865E02A96533BBE9EC260D71 ] NvStreamKms C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
21:54:58.0590 0x0ec4 NvStreamKms - ok
21:54:58.0903 0x0ec4 [ E5597D09E5239C0F908948DB7057AC26, A6045D4D9D2F8007B0F75DAAABB2AD9FEB4A898E33A51ECE9A9D788D8E8F84A4 ] NvStreamSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
21:54:59.0107 0x0ec4 NvStreamSvc - ok
21:54:59.0171 0x0ec4 [ 2C8DD5A34A81715865D66D7AF39362A6, 62F9D873127921EE2EAA80B73E8994C4BF6DA7EEDACAEA030B8D58E086FD3850 ] nvsvc C:\Windows\system32\nvvsvc.exe
21:54:59.0182 0x0ec4 nvsvc - ok
21:54:59.0210 0x0ec4 [ 75034A4D7C02327D150B617571D4196A, 8E7DAFEC4307E883D52BD0B5F0732E26E019C953770B52ACBBAD3074A66393CB ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
21:54:59.0210 0x0ec4 nvvad_WaveExtensible - ok
21:54:59.0229 0x0ec4 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:54:59.0230 0x0ec4 nv_agp - ok
21:54:59.0235 0x0ec4 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:54:59.0236 0x0ec4 ohci1394 - ok
21:54:59.0254 0x0ec4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:54:59.0258 0x0ec4 p2pimsvc - ok
21:54:59.0277 0x0ec4 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
21:54:59.0282 0x0ec4 p2psvc - ok
21:54:59.0292 0x0ec4 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:54:59.0294 0x0ec4 Parport - ok
21:54:59.0310 0x0ec4 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:54:59.0311 0x0ec4 partmgr - ok
21:54:59.0316 0x0ec4 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
21:54:59.0318 0x0ec4 PcaSvc - ok
21:54:59.0329 0x0ec4 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
21:54:59.0331 0x0ec4 pci - ok
21:54:59.0345 0x0ec4 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
21:54:59.0345 0x0ec4 pciide - ok
21:54:59.0357 0x0ec4 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:54:59.0360 0x0ec4 pcmcia - ok
21:54:59.0370 0x0ec4 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
21:54:59.0370 0x0ec4 pcw - ok
21:54:59.0388 0x0ec4 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:54:59.0396 0x0ec4 PEAUTH - ok
21:54:59.0459 0x0ec4 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:54:59.0460 0x0ec4 PerfHost - ok
21:54:59.0499 0x0ec4 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
21:54:59.0514 0x0ec4 pla - ok
21:54:59.0556 0x0ec4 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:54:59.0561 0x0ec4 PlugPlay - ok
21:54:59.0567 0x0ec4 PnkBstrA - ok
21:54:59.0578 0x0ec4 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:54:59.0579 0x0ec4 PNRPAutoReg - ok
21:54:59.0587 0x0ec4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:54:59.0591 0x0ec4 PNRPsvc - ok
21:54:59.0602 0x0ec4 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:54:59.0608 0x0ec4 PolicyAgent - ok
21:54:59.0619 0x0ec4 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
21:54:59.0621 0x0ec4 Power - ok
21:54:59.0645 0x0ec4 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:54:59.0646 0x0ec4 PptpMiniport - ok
21:54:59.0655 0x0ec4 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:54:59.0656 0x0ec4 Processor - ok
21:54:59.0666 0x0ec4 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
21:54:59.0669 0x0ec4 ProfSvc - ok
21:54:59.0677 0x0ec4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:54:59.0678 0x0ec4 ProtectedStorage - ok
21:54:59.0702 0x0ec4 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:54:59.0704 0x0ec4 Psched - ok
21:54:59.0741 0x0ec4 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:54:59.0757 0x0ec4 ql2300 - ok
21:54:59.0779 0x0ec4 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:54:59.0780 0x0ec4 ql40xx - ok
21:54:59.0834 0x0ec4 [ FD2B7C0715937A15B8E96E81D39929C9, A61677B0BF3898D2AC2988BECEF4F1AF358292F0FB26CD96711BAD27CE330208 ] Qualcomm Atheros Killer Service C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
21:54:59.0840 0x0ec4 Qualcomm Atheros Killer Service - ok
21:54:59.0857 0x0ec4 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
21:54:59.0860 0x0ec4 QWAVE - ok
21:54:59.0865 0x0ec4 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:54:59.0866 0x0ec4 QWAVEdrv - ok
21:54:59.0873 0x0ec4 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:54:59.0873 0x0ec4 RasAcd - ok
21:54:59.0875 0x0ec4 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:54:59.0876 0x0ec4 RasAgileVpn - ok
21:54:59.0887 0x0ec4 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
21:54:59.0889 0x0ec4 RasAuto - ok
21:54:59.0896 0x0ec4 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:54:59.0898 0x0ec4 Rasl2tp - ok
21:54:59.0906 0x0ec4 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
21:54:59.0911 0x0ec4 RasMan - ok
21:54:59.0916 0x0ec4 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:54:59.0917 0x0ec4 RasPppoe - ok
21:54:59.0929 0x0ec4 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:54:59.0930 0x0ec4 RasSstp - ok
21:54:59.0944 0x0ec4 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:54:59.0948 0x0ec4 rdbss - ok
21:54:59.0956 0x0ec4 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:54:59.0956 0x0ec4 rdpbus - ok
21:54:59.0958 0x0ec4 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:54:59.0958 0x0ec4 RDPCDD - ok
21:54:59.0973 0x0ec4 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:54:59.0973 0x0ec4 RDPENCDD - ok
21:54:59.0986 0x0ec4 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:54:59.0986 0x0ec4 RDPREFMP - ok
21:54:59.0998 0x0ec4 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:55:00.0001 0x0ec4 RDPWD - ok
21:55:00.0023 0x0ec4 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:55:00.0025 0x0ec4 rdyboost - ok
21:55:00.0037 0x0ec4 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:55:00.0038 0x0ec4 RemoteAccess - ok
21:55:00.0051 0x0ec4 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:55:00.0053 0x0ec4 RemoteRegistry - ok
21:55:00.0061 0x0ec4 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:55:00.0063 0x0ec4 RpcEptMapper - ok
21:55:00.0080 0x0ec4 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
21:55:00.0081 0x0ec4 RpcLocator - ok
21:55:00.0100 0x0ec4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\System32\rpcss.dll
21:55:00.0106 0x0ec4 RpcSs - ok
21:55:00.0117 0x0ec4 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:55:00.0118 0x0ec4 rspndr - ok
21:55:00.0120 0x0ec4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe
21:55:00.0120 0x0ec4 SamSs - ok
21:55:00.0138 0x0ec4 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:55:00.0139 0x0ec4 sbp2port - ok
21:55:00.0152 0x0ec4 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:55:00.0155 0x0ec4 SCardSvr - ok
21:55:00.0162 0x0ec4 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:55:00.0162 0x0ec4 scfilter - ok
21:55:00.0189 0x0ec4 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
21:55:00.0202 0x0ec4 Schedule - ok
21:55:00.0213 0x0ec4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
21:55:00.0214 0x0ec4 SCPolicySvc - ok
21:55:00.0218 0x0ec4 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:55:00.0221 0x0ec4 SDRSVC - ok
21:55:00.0234 0x0ec4 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:55:00.0234 0x0ec4 secdrv - ok
21:55:00.0252 0x0ec4 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
21:55:00.0253 0x0ec4 seclogon - ok
21:55:00.0263 0x0ec4 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
21:55:00.0264 0x0ec4 SENS - ok
21:55:00.0268 0x0ec4 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:55:00.0269 0x0ec4 SensrSvc - ok
21:55:00.0287 0x0ec4 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:55:00.0287 0x0ec4 Serenum - ok
21:55:00.0310 0x0ec4 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:55:00.0311 0x0ec4 Serial - ok
21:55:00.0325 0x0ec4 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:55:00.0325 0x0ec4 sermouse - ok
21:55:00.0331 0x0ec4 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
21:55:00.0333 0x0ec4 SessionEnv - ok
21:55:00.0343 0x0ec4 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:55:00.0343 0x0ec4 sffdisk - ok
21:55:00.0349 0x0ec4 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:55:00.0350 0x0ec4 sffp_mmc - ok
21:55:00.0355 0x0ec4 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:55:00.0355 0x0ec4 sffp_sd - ok
21:55:00.0365 0x0ec4 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:55:00.0366 0x0ec4 sfloppy - ok
21:55:00.0389 0x0ec4 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:55:00.0393 0x0ec4 SharedAccess - ok
21:55:00.0402 0x0ec4 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:55:00.0406 0x0ec4 ShellHWDetection - ok
21:55:00.0416 0x0ec4 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:55:00.0417 0x0ec4 SiSRaid2 - ok
21:55:00.0428 0x0ec4 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:55:00.0429 0x0ec4 SiSRaid4 - ok
21:55:00.0457 0x0ec4 [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:55:00.0458 0x0ec4 SkypeUpdate - ok
21:55:00.0468 0x0ec4 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:55:00.0469 0x0ec4 Smb - ok
21:55:00.0473 0x0ec4 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:55:00.0473 0x0ec4 SNMPTRAP - ok
21:55:00.0475 0x0ec4 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
21:55:00.0476 0x0ec4 spldr - ok
21:55:00.0502 0x0ec4 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
21:55:00.0509 0x0ec4 Spooler - ok
21:55:00.0576 0x0ec4 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
21:55:00.0614 0x0ec4 sppsvc - ok
21:55:00.0631 0x0ec4 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:55:00.0632 0x0ec4 sppuinotify - ok
21:55:00.0653 0x0ec4 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:55:00.0658 0x0ec4 srv - ok
21:55:00.0672 0x0ec4 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:55:00.0677 0x0ec4 srv2 - ok
21:55:00.0694 0x0ec4 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:55:00.0696 0x0ec4 srvnet - ok
21:55:00.0707 0x0ec4 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:55:00.0710 0x0ec4 SSDPSRV - ok
21:55:00.0717 0x0ec4 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:55:00.0718 0x0ec4 SstpSvc - ok
21:55:00.0782 0x0ec4 [ 50C8F4A21CC11AEB8CFF57FF5CDCA372, 2A7B0E41E32EDD8D1029C4394995E048E5DBA987F5FDFADDB03E9C1D3BAF1153 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
21:55:00.0788 0x0ec4 Steam Client Service - ok
21:55:00.0823 0x0ec4 [ D2230317777033CD0456990BFC4994E5, 0F2F559593EAD7AB4596E67E9AE56E5ABF5C945201366CFC972357C22A4F776A ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:55:00.0828 0x0ec4 Stereo Service - ok
21:55:00.0841 0x0ec4 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:55:00.0841 0x0ec4 stexstor - ok
21:55:00.0866 0x0ec4 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
21:55:00.0873 0x0ec4 stisvc - ok
21:55:00.0876 0x0ec4 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
21:55:00.0876 0x0ec4 swenum - ok
21:55:00.0890 0x0ec4 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
21:55:00.0897 0x0ec4 swprv - ok
21:55:00.0938 0x0ec4 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
21:55:00.0958 0x0ec4 SysMain - ok
21:55:00.0971 0x0ec4 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:55:00.0972 0x0ec4 TabletInputService - ok
21:55:00.0987 0x0ec4 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
21:55:00.0991 0x0ec4 TapiSrv - ok
21:55:01.0006 0x0ec4 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
21:55:01.0008 0x0ec4 TBS - ok
21:55:01.0053 0x0ec4 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:55:01.0073 0x0ec4 Tcpip - ok
21:55:01.0111 0x0ec4 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:55:01.0131 0x0ec4 TCPIP6 - ok
21:55:01.0145 0x0ec4 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:55:01.0145 0x0ec4 tcpipreg - ok
21:55:01.0156 0x0ec4 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:55:01.0157 0x0ec4 TDPIPE - ok
21:55:01.0183 0x0ec4 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:55:01.0183 0x0ec4 TDTCP - ok
21:55:01.0201 0x0ec4 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:55:01.0202 0x0ec4 tdx - ok
21:55:01.0210 0x0ec4 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
21:55:01.0211 0x0ec4 TermDD - ok
21:55:01.0232 0x0ec4 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
21:55:01.0240 0x0ec4 TermService - ok
21:55:01.0252 0x0ec4 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
21:55:01.0254 0x0ec4 Themes - ok
21:55:01.0269 0x0ec4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
21:55:01.0270 0x0ec4 THREADORDER - ok
21:55:01.0276 0x0ec4 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
21:55:01.0278 0x0ec4 TrkWks - ok
21:55:01.0301 0x0ec4 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:55:01.0303 0x0ec4 TrustedInstaller - ok
21:55:01.0324 0x0ec4 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:55:01.0325 0x0ec4 tssecsrv - ok
21:55:01.0342 0x0ec4 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:55:01.0342 0x0ec4 TsUsbFlt - ok
21:55:01.0361 0x0ec4 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:55:01.0362 0x0ec4 tunnel - ok
21:55:01.0368 0x0ec4 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:55:01.0369 0x0ec4 uagp35 - ok
21:55:01.0383 0x0ec4 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:55:01.0386 0x0ec4 udfs - ok
21:55:01.0393 0x0ec4 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:55:01.0394 0x0ec4 UI0Detect - ok
21:55:01.0410 0x0ec4 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:55:01.0411 0x0ec4 uliagpkx - ok
21:55:01.0424 0x0ec4 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
21:55:01.0425 0x0ec4 umbus - ok
21:55:01.0437 0x0ec4 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:55:01.0438 0x0ec4 UmPass - ok
21:55:01.0456 0x0ec4 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
21:55:01.0460 0x0ec4 upnphost - ok
21:55:01.0473 0x0ec4 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:55:01.0474 0x0ec4 usbccgp - ok
21:55:01.0483 0x0ec4 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:55:01.0484 0x0ec4 usbcir - ok
21:55:01.0495 0x0ec4 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:55:01.0496 0x0ec4 usbehci - ok
21:55:01.0508 0x0ec4 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:55:01.0512 0x0ec4 usbhub - ok
21:55:01.0522 0x0ec4 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:55:01.0523 0x0ec4 usbohci - ok
21:55:01.0531 0x0ec4 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:55:01.0531 0x0ec4 usbprint - ok
21:55:01.0544 0x0ec4 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
21:55:01.0545 0x0ec4 USBSTOR - ok
21:55:01.0550 0x0ec4 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:55:01.0550 0x0ec4 usbuhci - ok
21:55:01.0552 0x0ec4 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
21:55:01.0554 0x0ec4 UxSms - ok
21:55:01.0560 0x0ec4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe
21:55:01.0561 0x0ec4 VaultSvc - ok
21:55:01.0572 0x0ec4 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:55:01.0573 0x0ec4 vdrvroot - ok
21:55:01.0590 0x0ec4 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
21:55:01.0596 0x0ec4 vds - ok
21:55:01.0610 0x0ec4 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:55:01.0610 0x0ec4 vga - ok
21:55:01.0621 0x0ec4 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
21:55:01.0621 0x0ec4 VgaSave - ok
21:55:01.0630 0x0ec4 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:55:01.0632 0x0ec4 vhdmp - ok
21:55:01.0641 0x0ec4 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
21:55:01.0642 0x0ec4 viaide - ok
21:55:01.0660 0x0ec4 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:55:01.0661 0x0ec4 volmgr - ok
21:55:01.0674 0x0ec4 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:55:01.0678 0x0ec4 volmgrx - ok
21:55:01.0695 0x0ec4 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:55:01.0698 0x0ec4 volsnap - ok
21:55:01.0712 0x0ec4 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:55:01.0713 0x0ec4 vsmraid - ok
21:55:01.0750 0x0ec4 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
21:55:01.0767 0x0ec4 VSS - ok
21:55:01.0779 0x0ec4 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
21:55:01.0780 0x0ec4 vwifibus - ok
21:55:01.0801 0x0ec4 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
21:55:01.0806 0x0ec4 W32Time - ok
21:55:01.0814 0x0ec4 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:55:01.0814 0x0ec4 WacomPen - ok
21:55:01.0820 0x0ec4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:55:01.0821 0x0ec4 WANARP - ok
21:55:01.0824 0x0ec4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:55:01.0825 0x0ec4 Wanarpv6 - ok
21:55:01.0862 0x0ec4 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:55:01.0875 0x0ec4 WatAdminSvc - ok
21:55:01.0905 0x0ec4 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
21:55:01.0923 0x0ec4 wbengine - ok
21:55:01.0935 0x0ec4 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:55:01.0938 0x0ec4 WbioSrvc - ok
21:55:01.0950 0x0ec4 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:55:01.0954 0x0ec4 wcncsvc - ok
21:55:01.0960 0x0ec4 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:55:01.0961 0x0ec4 WcsPlugInService - ok
21:55:01.0972 0x0ec4 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:55:01.0972 0x0ec4 Wd - ok
21:55:01.0998 0x0ec4 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:55:02.0006 0x0ec4 Wdf01000 - ok
21:55:02.0028 0x0ec4 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:55:02.0030 0x0ec4 WdiServiceHost - ok
21:55:02.0032 0x0ec4 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:55:02.0034 0x0ec4 WdiSystemHost - ok
21:55:02.0049 0x0ec4 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
21:55:02.0053 0x0ec4 WebClient - ok
21:55:02.0063 0x0ec4 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:55:02.0066 0x0ec4 Wecsvc - ok
21:55:02.0077 0x0ec4 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:55:02.0079 0x0ec4 wercplsupport - ok
21:55:02.0087 0x0ec4 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
21:55:02.0088 0x0ec4 WerSvc - ok
21:55:02.0093 0x0ec4 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:55:02.0094 0x0ec4 WfpLwf - ok
21:55:02.0095 0x0ec4 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:55:02.0096 0x0ec4 WIMMount - ok
21:55:02.0113 0x0ec4 WinDefend - ok
21:55:02.0115 0x0ec4 WinHttpAutoProxySvc - ok
21:55:02.0150 0x0ec4 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:55:02.0153 0x0ec4 Winmgmt - ok
21:55:02.0191 0x0ec4 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
21:55:02.0214 0x0ec4 WinRM - ok
21:55:02.0246 0x0ec4 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:55:02.0256 0x0ec4 Wlansvc - ok
21:55:02.0350 0x0ec4 [ 98F138897EF4246381D197CB81846D62, A9FA88475AFBB8883297708608EC7C1AC29F229C3299A84D557172604813A18C ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:55:02.0374 0x0ec4 wlidsvc - ok
21:55:02.0391 0x0ec4 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:55:02.0392 0x0ec4 WmiAcpi - ok
21:55:02.0400 0x0ec4 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:55:02.0402 0x0ec4 wmiApSrv - ok
21:55:02.0404 0x0ec4 WMPNetworkSvc - ok
21:55:02.0409 0x0ec4 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:55:02.0410 0x0ec4 WPCSvc - ok
21:55:02.0415 0x0ec4 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:55:02.0417 0x0ec4 WPDBusEnum - ok
21:55:02.0426 0x0ec4 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:55:02.0426 0x0ec4 ws2ifsl - ok
21:55:02.0429 0x0ec4 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll
21:55:02.0431 0x0ec4 wscsvc - ok
21:55:02.0433 0x0ec4 WSearch - ok
21:55:02.0497 0x0ec4 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
21:55:02.0523 0x0ec4 wuauserv - ok
21:55:02.0539 0x0ec4 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:55:02.0540 0x0ec4 WudfPf - ok
21:55:02.0556 0x0ec4 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:55:02.0558 0x0ec4 WUDFRd - ok
21:55:02.0570 0x0ec4 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:55:02.0572 0x0ec4 wudfsvc - ok
21:55:02.0592 0x0ec4 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
21:55:02.0595 0x0ec4 WwanSvc - ok
21:55:02.0604 0x0ec4 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B, 2C324592F3F2D50BABA7123B6F9FC922667CC132777E019FF615F2D6F273A45E ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
21:55:02.0605 0x0ec4 xusb21 - ok
21:55:02.0614 0x0ec4 ================ Scan global ===============================
21:55:02.0626 0x0ec4 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
21:55:02.0644 0x0ec4 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
21:55:02.0651 0x0ec4 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
21:55:02.0666 0x0ec4 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
21:55:02.0685 0x0ec4 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
21:55:02.0689 0x0ec4 [ Global ] - ok
21:55:02.0689 0x0ec4 ================ Scan MBR ==================================
21:55:02.0718 0x0ec4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:55:02.0969 0x0ec4 \Device\Harddisk0\DR0 - ok
21:55:02.0969 0x0ec4 ================ Scan VBR ==================================
21:55:02.0970 0x0ec4 [ 527EE0D5342CDBA595ADE75C181CF8BD ] \Device\Harddisk0\DR0\Partition1
21:55:03.0015 0x0ec4 \Device\Harddisk0\DR0\Partition1 - ok
21:55:03.0016 0x0ec4 [ 043E13E488C97CD10625E11520F42BA4 ] \Device\Harddisk0\DR0\Partition2
21:55:03.0045 0x0ec4 \Device\Harddisk0\DR0\Partition2 - ok
21:55:03.0045 0x0ec4 ================ Scan generic autorun ======================
21:55:03.0144 0x0ec4 [ 05470C684B62C2F86325D8685E4513CB, EDE70A162AFA104D774AE1D8D3A077F2C12940851EC5BA785242F4032EEA902E ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
21:55:03.0168 0x0ec4 NvBackend - ok
21:55:03.0191 0x0ec4 [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
21:55:03.0192 0x0ec4 ShadowPlay - ok
21:55:03.0193 0x0ec4 Waiting for KSN requests completion. In queue: 248
21:55:04.0193 0x0ec4 Waiting for KSN requests completion. In queue: 248
21:55:05.0193 0x0ec4 Waiting for KSN requests completion. In queue: 248
21:55:06.0193 0x0ec4 Waiting for KSN requests completion. In queue: 248
21:55:07.0200 0x0ec4 Win FW state via NFP2: enabled
21:55:09.0675 0x0ec4 ============================================================
21:55:09.0675 0x0ec4 Scan finished
21:55:09.0675 0x0ec4 ============================================================
21:55:09.0678 0x17f0 Detected object count: 0
21:55:09.0678 0x17f0 Actual detected object count: 0






Thanks for helping me so far. If everything appears fine, why am I getting such ridiculous CPU and RAM usage when doing nothing? I mean, I have an i7, should it really be using 30% when doing literally nothing?

Edited by WizzDizzy, 09 August 2014 - 08:57 PM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:45 PM

Posted 10 August 2014 - 08:11 AM

The log is clean.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
  • Note:
    Do not mouse click ComboFix's window while it's running. That may cause it to stall


    Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

    Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
    ==============

    Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    p.s.
    If the SecurityCheck program fails to run for any reason, run it as an Administrator.

    If the site is busy or not available use this mirror site:
    http://www.bleepingcomputer.com/download/securitycheck/
    ===




#11 WizzDizzy

WizzDizzy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 10 August 2014 - 05:46 PM

Both files are attached.

ComboFix 14-08-06.02 - Austin 08/10/2014 18:38:22.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8136.6870 [GMT -4:00]
Running from: c:\users\Austin\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2014-07-10 to 2014-08-10 )))))))))))))))))))))))))))))))
.
.
2014-08-10 22:41 . 2014-08-10 22:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-08 18:49 . 2014-08-08 18:50 -------- d-----w- C:\FRST
2014-08-08 18:47 . 2014-08-08 18:48 -------- d-----w- C:\AdwCleaner
2014-08-08 18:44 . 2014-08-08 18:44 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{96D9A55C-C52C-4CAA-8C4E-19E6B243F47E}\offreg.dll
2014-08-08 18:42 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{96D9A55C-C52C-4CAA-8C4E-19E6B243F47E}\mpengine.dll
2014-08-08 18:38 . 2014-08-08 18:38 30312 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-08-03 22:31 . 2014-08-03 22:31 -------- d-----w- C:\VivoxLogs
2014-08-02 17:49 . 2014-08-02 17:49 -------- d-----w- c:\users\Austin\AppData\Local\CrashDumps
2014-08-01 20:36 . 2014-08-01 20:36 -------- d-----w- c:\users\Austin\AppData\Local\SCE
2014-08-01 19:05 . 2014-08-01 19:05 -------- d-----w- c:\program files (x86)\MagicDisc
2014-08-01 06:07 . 2014-08-01 06:07 29160 ----a-w- c:\windows\SysWow64\drivers\TrueSight.sys
2014-08-01 06:07 . 2014-08-01 06:07 -------- d-----w- c:\programdata\RogueKiller
2014-07-30 00:45 . 2014-08-01 05:25 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-30 00:45 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-30 00:45 . 2014-05-12 11:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-30 00:45 . 2014-05-12 11:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-29 21:28 . 2014-07-02 17:44 609240 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-07-28 05:05 . 2014-07-28 05:05 -------- d-----w- c:\users\Austin\AppData\Local\EMU
2014-07-28 05:05 . 2014-07-28 05:05 -------- d-----w- c:\users\Austin\AppData\Roaming\Warner Bros. Interactive Entertainment
2014-07-18 00:18 . 2014-07-18 00:46 -------- d-----w- c:\users\Austin\AppData\Roaming\Bioshock
2014-07-14 18:07 . 2014-07-14 18:07 -------- d-----w- c:\users\Austin\AppData\Local\PAYDAY 2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-25 13:50 . 2014-06-02 18:33 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-07-25 13:50 . 2014-03-13 05:50 1126480 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-07-25 13:50 . 2014-06-02 18:33 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-07-25 13:50 . 2014-03-13 05:50 1283136 ----a-w- c:\windows\system32\nvspcap64.dll
2014-07-08 17:41 . 2014-02-08 21:00 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-08 17:41 . 2014-02-08 21:00 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-08 17:41 . 2014-04-28 23:41 5659136 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-07-02 20:48 . 2014-03-13 05:52 16122344 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-07-02 20:48 . 2014-02-08 23:04 75040 ----a-w- c:\windows\system32\OpenCL.dll
2014-07-02 20:48 . 2014-02-08 23:04 61912 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-07-02 20:48 . 2014-02-08 23:01 965312 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-07-02 20:48 . 2014-02-08 23:01 3196816 ----a-w- c:\windows\system32\nvapi64.dll
2014-07-02 20:48 . 2014-02-08 23:01 2814656 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-07-02 20:48 . 2014-02-08 23:01 18626304 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-07-02 20:48 . 2014-02-08 23:01 14498552 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-07-02 18:55 . 2014-02-08 23:04 6783776 ----a-w- c:\windows\system32\nvcpl.dll
2014-07-02 18:55 . 2014-02-08 23:04 3522392 ----a-w- c:\windows\system32\nvsvc64.dll
2014-07-02 18:55 . 2014-02-08 23:04 935368 ----a-w- c:\windows\system32\nvvsvc.exe
2014-07-02 18:55 . 2014-02-08 23:04 62808 ----a-w- c:\windows\system32\nvshext.dll
2014-07-02 18:55 . 2014-02-08 23:04 386520 ----a-w- c:\windows\system32\nvmctray.dll
2014-07-02 10:14 . 2014-02-08 23:04 3826628 ----a-w- c:\windows\system32\nvcoproc.bin
2014-06-30 02:09 . 2014-07-11 05:24 519168 ----a-w- c:\windows\system32\aepdu.dll
2014-06-30 02:04 . 2014-07-11 05:24 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-06-26 21:40 . 2014-02-08 20:47 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-06-20 20:14 . 2014-07-11 05:24 266424 ----a-w- c:\windows\system32\iedkcs32.dll
2014-06-19 01:39 . 2014-07-11 05:24 23464448 ----a-w- c:\windows\system32\mshtml.dll
2014-06-19 01:06 . 2014-07-11 05:24 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-06-19 01:06 . 2014-07-11 05:24 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-06-19 00:48 . 2014-07-11 05:24 2768384 ----a-w- c:\windows\system32\iertutil.dll
2014-06-19 00:42 . 2014-07-11 05:24 548352 ----a-w- c:\windows\system32\vbscript.dll
2014-06-19 00:42 . 2014-07-11 05:24 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-06-19 00:41 . 2014-07-11 05:24 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-06-19 00:41 . 2014-07-11 05:24 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-06-19 00:32 . 2014-07-11 05:24 51200 ----a-w- c:\windows\system32\jsproxy.dll
2014-06-19 00:31 . 2014-07-11 05:24 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-06-19 00:26 . 2014-07-11 05:24 598016 ----a-w- c:\windows\system32\ieui.dll
2014-06-19 00:24 . 2014-07-11 05:24 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-06-19 00:24 . 2014-07-11 05:24 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-06-19 00:23 . 2014-07-11 05:24 752640 ----a-w- c:\windows\system32\jscript9diag.dll
2014-06-19 00:14 . 2014-07-11 05:24 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-06-19 00:09 . 2014-07-11 05:24 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2014-06-18 23:59 . 2014-07-11 05:24 38400 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 23:56 . 2014-07-11 05:24 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-06-18 23:53 . 2014-07-11 05:24 195584 ----a-w- c:\windows\system32\msrating.dll
2014-06-18 23:51 . 2014-07-11 05:24 5721088 ----a-w- c:\windows\system32\jscript9.dll
2014-06-18 23:50 . 2014-07-11 05:24 85504 ----a-w- c:\windows\system32\mshtmled.dll
2014-06-18 23:48 . 2014-07-11 05:24 292864 ----a-w- c:\windows\system32\dxtrans.dll
2014-06-18 23:39 . 2014-07-11 05:24 608768 ----a-w- c:\windows\system32\ie4uinit.exe
2014-06-18 23:38 . 2014-07-11 05:24 455168 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-06-18 23:37 . 2014-07-11 05:24 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-06-18 23:36 . 2014-07-11 05:24 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35 . 2014-07-11 05:24 62464 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-06-18 23:33 . 2014-07-11 05:24 631808 ----a-w- c:\windows\system32\msfeeds.dll
2014-06-18 23:27 . 2014-07-11 05:24 1249280 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-06-18 23:27 . 2014-07-11 05:24 2040832 ----a-w- c:\windows\system32\inetcpl.cpl
2014-06-18 23:23 . 2014-07-11 05:24 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-06-18 23:22 . 2014-07-11 05:24 592896 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-06-18 23:06 . 2014-07-11 05:24 32256 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58 . 2014-07-11 05:24 2266112 ----a-w- c:\windows\system32\wininet.dll
2014-06-18 22:52 . 2014-07-11 05:24 4254720 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-06-18 22:51 . 2014-07-11 05:24 13527040 ----a-w- c:\windows\system32\ieframe.dll
2014-06-18 22:46 . 2014-07-11 05:24 1068032 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45 . 2014-07-11 05:24 1964544 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-06-18 22:34 . 2014-07-11 05:24 1393664 ----a-w- c:\windows\system32\urlmon.dll
2014-06-18 22:15 . 2014-07-11 05:24 846336 ----a-w- c:\windows\system32\ieapfltr.dll
2014-06-18 22:13 . 2014-07-11 05:24 1791488 ----a-w- c:\windows\SysWow64\wininet.dll
2014-06-18 02:18 . 2014-07-11 05:24 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-11 05:24 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-18 01:10 . 2014-07-11 05:24 3157504 ----a-w- c:\windows\system32\win32k.sys
2014-06-12 18:21 . 2014-06-12 18:21 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2014-06-10 17:58 . 2014-05-29 23:11 281872 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-06-10 17:58 . 2014-02-09 16:10 281872 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-06-10 17:58 . 2014-02-09 16:10 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-06-07 19:18 . 2014-02-09 16:15 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-06-06 10:10 . 2014-07-11 05:24 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-11 05:24 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-11 05:22 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-11 05:22 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-11 05:22 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-06-03 01:14 . 2014-06-03 01:15 447752 ----a-w- c:\windows\SysWow64\vp6vfw.dll
2014-05-30 08:08 . 2014-07-11 05:24 210944 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 08:08 . 2014-07-11 05:24 86528 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 08:08 . 2014-07-11 05:24 340992 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 08:08 . 2014-07-11 05:24 314880 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 08:08 . 2014-07-11 05:24 307200 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 08:08 . 2014-07-11 05:24 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 08:08 . 2014-07-11 05:24 22016 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 07:52 . 2014-07-11 05:24 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2014-05-30 07:52 . 2014-07-11 05:24 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52 . 2014-07-11 05:24 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2014-05-30 07:52 . 2014-07-11 05:24 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52 . 2014-07-11 05:24 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52 . 2014-07-11 05:24 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-05-30 07:52 . 2014-07-11 05:24 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2014-05-30 06:45 . 2014-07-11 05:24 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2014-05-20 02:44 . 2014-05-26 21:40 1889112 ----a-w- c:\windows\system32\nvdispco6433788.dll
2014-05-20 02:44 . 2014-05-26 21:40 1541576 ----a-w- c:\windows\system32\nvdispgenco6433788.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
c:\users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2014-8-1 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Qualcomm Atheros Killer Network Manager.lnk - c:\program files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe -minimized [2013-5-7 554496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 BfLwf;Qualcomm Atheros Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys;c:\windows\SYSNATIVE\DRIVERS\bflwfx64.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 Ke2200;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\e22w7x64.sys;c:\windows\SYSNATIVE\DRIVERS\e22w7x64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 12623772
*NewlyCreated* - 54320107
*NewlyCreated* - ASWMBR
*NewlyCreated* - ASWVMM
*NewlyCreated* - TRUESIGHT
*Deregistered* - 12623772
*Deregistered* - 54320107
*Deregistered* - aswMBR
*Deregistered* - aswVmm
*Deregistered* - TrueSight
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-08 17:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: %SYSTEMROOT%\system32\BfLLR.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3inhq4ai.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-Fallout 2 Unofficial Patch_is1 - c:\program files (x86)\Steam\steamapps\common\Fallout 2\unins000.exe
AddRemove-Uplay - c:\program files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe
AddRemove-SOE-DC Universe Online Live - c:\program files (x86)\Steam\SteamApps\common\DC Universe Online\Uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-960574517-3388527113-2951511998-1000\Software\SecuROM\License information*]
"datasecu"=hex:b8,47,6b,07,ac,9a,7c,1c,41,25,08,81,10,22,f9,2f,6f,55,74,fa,51,
3b,ba,30,0d,27,59,b7,f2,d1,b0,7e,54,19,ef,c0,0c,47,44,95,6f,81,34,62,74,45,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-08-10 18:42:40
ComboFix-quarantined-files.txt 2014-08-10 22:42
ComboFix2.txt 2014-08-01 05:57
ComboFix3.txt 2014-08-01 05:44
.
Pre-Run: 758,706,937,856 bytes free
Post-Run: 758,512,775,168 bytes free
.
- - End Of File - - 597D20E056BA905D6CBA97B2679A4F3D
A36C5E4F47E84449FF07ED3517B43A31

===

Results of screen317's Security Check version 0.99.86
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 14.0.0.145
Mozilla Firefox (31.0)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Attached Files


Edited by nasdaq, 11 August 2014 - 08:08 AM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:45 PM

Posted 11 August 2014 - 08:12 AM

Windows Firewall Disabled!

How to enable your firewall. (Important)
http://windows.microsoft.com/en-ca/windows/turn-windows-firewall-on-off#turn-windows-firewall-on-off=windows-7

Also I do not see any Anti-virus protection. I suggest your install the free Microsoft Secutity Essentials and execute it.

http://windows.microsoft.com/en-CA/windows/security-essentials-download

===

How is the computer running now?

#13 WizzDizzy

WizzDizzy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 11 August 2014 - 11:43 AM

Still some pretty large CPU and RAM usage seemingly randomly, but if everything came up clean then I guess there's really nothing left to do. Thank you a lot for your time, it gives me a little peace of mind if nothing else.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:45 PM

Posted 11 August 2014 - 12:24 PM

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

Run this when the computer is free for 1 to 2 hours.

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:45 PM

Posted 17 August 2014 - 07:54 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users