svchost using almost 200MB

oekoeloe · Mar 16, 2013

Hello,

One of my svchost.exe is using almost 200MB.
I know that Vista has a lot of trouble with this but I managed to disable some services to prevent some other instances of svchost.exe to eat too much memory.

For this one, I can't seem to find the hungry service that is eating the memory.

The services being used by this particular svchost.exe

After some research on the Internet, I found out that all these services shouldn't be turned off. So I'm expecting the answer: "Can't do anything about it then."
But, I'm still gonna try by posting this!

Specs:
Windows Vista Home 64 bit (320GB) < Active HDD
Windows XP Professional (160GB)
4Gb Kingston RAM
OCZ 650W
Gigabyte EP45-DS3
MSI GTX 560 OC 1GB
Intel Core 2 Duo E8400 @ 3,00GHz

Thank you!

johnb35 · Mar 16, 2013

I would be scanning your system for malware first. svchost can be used for malware.

I would recommend doing the following.

1.

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.

2.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Download this file here :

Combofix
When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
Close all open Windows including this one.
Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
Please click on I agree on the disclaimer window.
ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.
ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.
Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:
At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
Please click on yes in the next window to continue scanning for malware.
ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.
When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.

3.

Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Vista and Windows 7 users must right click on the hijackthis icon and click on run as. If the run as option doesn't appear then press and hold the shift key while right clicking on the icon to get it to appear.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

When the hijackthis log appears in a notepad file, click on the edit menu, click select all, then click on the edit menu again and click on copy. Come back to your reply and right click on your mouse and click on paste.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log

oekoeloe · Mar 16, 2013

Malware Bytes Log:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.16.11

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Michael :: CC86213-C [administrator]

16-3-2013 22:42:20
mbam-log-2013-03-16 (22-42-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227298
Time elapsed: 6 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Combofix

ComboFix 13-03-16.02 - Michael 16-03-2013 22:55:05.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.4094.2646 [GMT 1:00]
Gestart vanuit: C:\Users\Michael\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Users\Michael\AppData\Local\xdelta.exe
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Recent\dimmu-borgir_enthrone-darkness-triumphant_cover.jpg.url
C:\Windows\SysWow64\URTTemp
C:\Windows\SysWow64\URTTemp\regtlib.exe
C:\Windows\XSxS

(((((((((((((((((((( Bestanden Gemaakt van 2013-02-16 to 2013-03-16 ))))))))))))))))))))))))))))))

2013-03-16 21:45:44 . 2013-03-16 21:45:44 388096 ----a-r- C:\Users\Michael\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-03-16 11:35:01 . 2013-03-16 11:35:01 9310 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2013-03-16 11:35:01 . 2013-03-16 11:35:01 8646 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2013-03-16 11:35:01 . 2013-03-16 11:35:01 8613 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2013-03-16 11:35:01 . 2013-03-16 11:35:01 6429 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2013-03-16 11:35:01 . 2013-03-16 11:35:01 63115 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2013-03-16 11:35:01 . 2013-03-16 11:35:01 5927 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2013-03-16 11:35:01 . 2013-03-16 11:35:01 4599 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2013-03-16 11:35:01 . 2013-03-16 11:35:01 1651 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2013-03-16 11:35:00 . 2013-03-16 11:35:00 8288 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2013-03-16 11:35:00 . 2013-03-16 11:35:00 6910 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2013-03-16 11:35:00 . 2013-03-16 11:35:00 6208 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2013-03-16 11:35:00 . 2013-03-16 11:35:00 18541 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2013-03-16 11:34:59 . 2013-03-16 11:34:59 51852 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2013-03-16 11:34:58 . 2013-03-16 11:34:58 8782 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2013-03-16 11:34:58 . 2013-03-16 11:34:58 7271 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2013-03-16 11:34:58 . 2013-03-16 11:34:58 23327 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2013-03-16 11:34:58 . 2013-03-16 11:34:58 20719 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2013-03-15 18:25:05 . 2013-02-08 00:28:29 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6D1497EC-88F0-460D-9674-0BB470DE1424}\mpengine.dll
2013-03-15 18:24:01 . 2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\system32\mshtml.tlb
2013-03-15 18:24:00 . 2013-02-02 07:37:58 182816 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2013-03-15 18:24:00 . 2013-02-02 06:44:02 304640 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2013-03-15 18:24:00 . 2013-02-02 06:38:20 96768 ----a-w- C:\Windows\system32\mshtmled.dll
2013-03-15 18:24:00 . 2013-02-02 04:19:04 149552 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2013-03-15 18:24:00 . 2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-03-15 18:24:00 . 2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-03-11 22:27:30 . 2013-03-11 22:27:30 -------- d-----w- C:\Users\Michael\AppData\Local\DOSBox
2013-03-11 22:27:07 . 2013-03-15 14:13:14 -------- d-----w- C:\Program Files (x86)\DOSBox-0.74
2013-03-11 22:03:32 . 2013-03-11 22:03:32 -------- d-----w- C:\Users\Michael\tbs_logs
2013-03-08 11:34:07 . 2013-03-08 11:33:58 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-06 22:57:33 . 2013-01-09 01:10:05 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\vgx\VGX.dll
2013-03-06 22:57:33 . 2013-01-08 22:01:00 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\vgx\VGX.dll
2013-03-06 22:44:39 . 2013-01-04 01:59:24 2773504 ----a-w- C:\Windows\system32\win32k.sys
2013-03-06 22:44:36 . 2013-01-04 11:31:10 1423720 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2013-03-06 22:43:51 . 2012-11-08 04:26:22 1570816 ----a-w- C:\Windows\system32\quartz.dll
2013-03-06 22:43:51 . 2012-11-08 03:48:38 1314816 ----a-w- C:\Windows\SysWow64\quartz.dll
2013-03-06 22:43:38 . 2013-01-05 05:37:50 4695400 ----a-w- C:\Windows\system32\ntoskrnl.exe
2013-03-05 23:48:22 . 2013-03-05 23:48:22 -------- d-----w- C:\Program Files\Sony
2013-03-03 14:48:51 . 2013-03-16 21:41:36 -------- d-----w- C:\Users\Michael\AppData\Roaming\.minecraft
2013-02-22 01:30:18 . 2013-02-22 01:30:18 -------- d-----w- C:\Users\Michael\AppData\Roaming\Sony Creative Software Inc
2013-02-19 12:04:39 . 2013-02-19 12:04:39 -------- d-----w- C:\Program Files (x86)\Sizer
2013-02-15 18:58:12 . 2013-02-15 18:58:12 106088 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-03-16 11:34:57 . 2008-07-27 11:35:30 25640 ----a-w- C:\Windows\gdrv.sys
2013-03-15 18:25:21 . 2006-11-02 12:35:00 72013344 ----a-w- C:\Windows\system32\mrt.exe
2013-03-08 11:33:54 . 2012-06-06 18:01:19 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-03-08 11:33:54 . 2010-04-23 10:26:16 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-01-28 18:00:15 . 2013-01-28 18:00:15 21840 ----a-w- C:\Windows\SysWow64\SIntfNT.dll
2013-01-28 18:00:15 . 2013-01-28 18:00:15 17212 ----a-w- C:\Windows\SysWow64\SIntf32.dll
2013-01-28 18:00:15 . 2013-01-28 18:00:15 12067 ----a-w- C:\Windows\SysWow64\SIntf16.dll
2013-01-25 13:48:06 . 2013-01-30 18:46:01 9422672 ----a-w- C:\Windows\system32\nvcuda.dll
2013-01-25 13:48:06 . 2013-01-30 18:46:01 2911008 ----a-w- C:\Windows\system32\nvcuvid.dll
2013-01-25 13:48:06 . 2013-01-30 18:46:01 2352416 ----a-w- C:\Windows\system32\nvcuvenc.dll
2013-01-25 13:48:06 . 2013-01-30 18:46:01 20534048 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2013-01-25 13:48:06 . 2013-01-30 18:46:01 1990944 ----a-w- C:\Windows\SysWow64\nvcuvenc.dll
2013-01-25 13:48:06 . 2013-01-30 18:46:01 12771784 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2013-01-25 13:48:06 . 2013-01-30 18:46:00 2726176 ----a-w- C:\Windows\SysWow64\nvcuvid.dll
2013-01-25 13:48:06 . 2013-01-30 18:46:00 25256736 ----a-w- C:\Windows\system32\nvcompiler.dll
2013-01-25 13:48:06 . 2013-01-30 18:46:00 1807136 ----a-w- C:\Windows\system32\nvdispco6420294.dll
2013-01-25 13:48:06 . 2013-01-30 18:46:00 1510176 ----a-w- C:\Windows\system32\nvdispgenco6420162.dll
2013-01-25 13:48:06 . 2013-01-30 18:45:59 7964168 ----a-w- C:\Windows\SysWow64\nvcuda.dll
2013-01-25 13:48:06 . 2013-01-30 18:45:59 7569184 ----a-w- C:\Windows\system32\nvopencl.dll
2013-01-25 13:48:06 . 2013-01-30 18:45:59 17985632 ----a-w- C:\Windows\system32\nvd3dumx.dll
2013-01-25 13:48:06 . 2013-01-30 18:45:58 6267240 ----a-w- C:\Windows\SysWow64\nvopencl.dll
2013-01-25 13:48:06 . 2013-01-30 18:45:58 17560352 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
2013-01-25 13:48:06 . 2013-01-30 18:45:58 15182544 ----a-w- C:\Windows\system32\nvwgf2umx.dll
2013-01-25 13:48:06 . 2013-01-30 18:45:58 11037472 ----a-w- C:\Windows\system32\drivers\nvlddmkm.sys
2013-01-25 13:48:06 . 2012-11-16 14:41:56 26946848 ----a-w- C:\Windows\system32\nvoglv64.dll
2013-01-25 13:48:06 . 2012-10-14 19:21:59 2530376 ----a-w- C:\Windows\SysWow64\nvapi.dll
2013-01-25 13:48:06 . 2012-10-14 19:21:59 15037248 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2013-01-25 13:48:06 . 2012-06-15 11:48:18 2855880 ----a-w- C:\Windows\system32\nvapi64.dll
2013-01-25 11:27:37 . 2012-06-15 11:50:24 6392096 ----a-w- C:\Windows\system32\nvcpl.dll
2013-01-25 11:27:37 . 2012-06-15 11:50:24 3472160 ----a-w- C:\Windows\system32\nvsvc64.dll
2013-01-25 11:27:32 . 2012-06-15 11:50:24 877344 ----a-w- C:\Windows\system32\nvvsvc.exe
2013-01-25 11:27:32 . 2012-06-15 11:50:24 63776 ----a-w- C:\Windows\system32\nvshext.dll
2013-01-25 11:27:32 . 2012-06-15 11:50:24 237856 ----a-w- C:\Windows\system32\nvmctray.dll
2013-01-17 15:34:53 . 2013-01-08 22:32:20 18960 ----a-w- C:\Windows\system32\drivers\LNonPnP.sys
2013-01-17 00:28:58 . 2009-10-05 12:20:44 273840 ------w- C:\Windows\system32\MpSigStub.exe
2012-12-29 10:20:08 . 2009-03-01 14:36:51 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-12-28 18:26:03 . 2012-12-27 17:11:20 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-12-26 19:32:22 . 2012-12-26 19:32:22 466456 ----a-w- C:\Windows\system32\wrap_oal.dll
2012-12-26 19:32:22 . 2012-12-26 19:32:22 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-12-26 19:32:22 . 2012-12-26 19:32:22 122904 ----a-w- C:\Windows\system32\OpenAL32.dll
2012-12-26 19:32:22 . 2012-12-26 19:32:22 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-12-19 05:42:00 . 2013-01-30 18:46:06 31672 ----a-w- C:\Windows\system32\nvhdap64.dll
2012-12-19 05:41:52 . 2013-01-30 18:46:06 194488 ----a-w- C:\Windows\system32\drivers\nvhda64v.sys
2012-12-18 08:31:25 . 2012-06-15 11:48:30 1510328 ----a-w- C:\Windows\system32\nvhdagenco6420103.dll

------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.

[-] 2012-06-15 14:55:02 . 66CFDF478939DD6388858DE06F2CE14C . 302080 . . [6.0.6000.16386 (vista_rtm.061101-2205)] .. C:\Windows\system32\shsvcs.dll

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 15:19:40 3671872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 20:56:08 59280]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 14:39:05 41208]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 07:35:28 946352]
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2012-10-25 02:12:14 421888]
"AVP"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-05-31 18:00:26 218880]
"SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 12:37:14 517096]
"AdobeCS6ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 15:26:58 1073312]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 07:04:54 252848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - PROCEXP152

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes

Inhoud van de 'Gedeelde Taken' map

2013-03-15 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2174043652-3731302686-191459016-1000Core.job
- C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-15 10:45:55 . 2009-06-15 10:45:54]

2013-03-16 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2174043652-3731302686-191459016-1000UA.job
- C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-15 10:45:55 . 2009-06-15 10:45:54]

--------- X64 Entries -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-05-28 09:49:44 12497552]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-06-16 12:31:28 2716216]
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 05:09:46 446392]
"Launch LCore"="C:\Program Files\Logitech Gaming Software\LCore.exe" [2012-11-29 00:09:44 7406392]

------- Bijkomende Scan -------

uStart Page = hxxp://www.google.nl/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = 127.0.0.1:4444
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 192.168.1.1

- - - - ORPHANS VERWIJDERD - - - -

Wow6432Node-HKCU-Run-AdobeBridge - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:51:08, on 16-3-2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16470)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Sizer\sizer.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:4444
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
O4 - HKLM\..\Run: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2174043652-3731302686-191459016-1006\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2174043652-3731302686-191459016-1006\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun (User 'UpdatusUser')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: &Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\CompuPicPro\ScsiAccess.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10822 bytes

johnb35 · Mar 16, 2013

Any particular reason you are using spoiler tags in your posts? They don't do anything.

I see an issue. Your log shows you have 2 antivirus programs installed... Eset and Kaspersky, can't have more than one antivirus program installed at any given time. A couple more scans and then I need to see a log that combofix produces but doesn't show you.

Please navigate to C:\Qoobox and in that folder will be a file named add-remove programs.txt Open that file and copy and paste the contents back here.

Then do the following.

1.

Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

To remove the infections simply click on the Continue button and TDSSKiller will attempt to clean them or remove them.

After trying to clean them it will pop up with the results of the scan and its actions.

Please reboot the system if asked to do so.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it example, C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt

Please open the log and copy and paste it back here.

2.

Please download and run the ESET Online Scanner
Disable any antivirus/security programs.
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates, install and then start scanning your system.
When the scan is done, push list of found threats
Click on Export to text file , and save the file to your desktop using a file name, such as ESETlog. Include the contents of this report in your next reply.
If no threats are found then it won't produce a log.

oekoeloe · Mar 16, 2013

I tried using spoilers because those hide the big chunkc of text on other forums. Didn't know it wouldn't work here.

I've Kaspersky Installed only for the Firewall. I disabled all the other components like Anti-Virus.
Is there a firewall you could recommend? Preferbly a free one.

Qoobox:
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Help Manager
Adobe Photoshop CS6
Adobe Photoshop Lightroom 4.2
Adobe Reader 9.5.4 - Nederlands
Adobe Shockwave Player 11.6
AML Free Registry Cleaner 4.24
Amnesia - The Dark Descent
Apple Application Support
Apple Software Update
Audacity 2.0
Auslogics Disk Defrag
Call of Duty - United Offensive
Call of Duty 2
Call of Duty(R) - World at War(TM) 1.2 Patch
Call of Duty(R) - World at War(TM) 1.4 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Camtasia Studio 7
Compatibility Pack for the 2007 Office system
CompuPic Pro
DAEMON Tools Lite
DX-Ball 1.09
Energy Saver Advance B10.0309.1
Fraps (remove only)
Google Chrome
Guild Wars 2
Guitar Pro 6
Half-Life
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
Happyland Adventures v1.3.1
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java 7 Update 17
Java Auto Updater
Junk Mail filter update
Kaspersky Internet Security 2013
Lame ACM MP3 Codec
LAME v3.99.3 (for Windows)
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office Professional Editie 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 4.0
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
MSI Afterburner 2.2.1
MSVCRT
MSVCRT Redists
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
NVIDIA Performance
NVIDIA PhysX
NVIDIA System Monitor
NVIDIA System Update
OpenAL
OpenVPN 2.2.2
Origin
PDF Settings CS6
Penumbra Requiem
QuickTime
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Sizer 3.34
Source SDK
Source SDK Base 2007
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Steam
swMSM
Team Fortress 2
The Banner Saga: Factions
The Sims™ 3
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 Runtime Setup Package (x64)
VLC media player 2.0.1
Windows Live - Hulpprogramma voor uploaden
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Writer
Windows Media Player Firefox Plugin

oekoeloe · Mar 16, 2013

TDSSKiller:
00:07:41.0834 8056 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
00:07:41.0964 8056 ============================================================
00:07:41.0964 8056 Current date / time: 2013/03/17 00:07:41.0964
00:07:41.0964 8056 SystemInfo:
00:07:41.0964 8056
00:07:41.0964 8056 OS Version: 6.0.6002 ServicePack: 2.0
00:07:41.0964 8056 Product type: Workstation
00:07:41.0965 8056 ComputerName: CC86213-C
00:07:41.0965 8056 UserName: Michael
00:07:41.0965 8056 Windows directory: C:\Windows
00:07:41.0965 8056 System windows directory: C:\Windows
00:07:41.0965 8056 Running under WOW64
00:07:41.0965 8056 Processor architecture: Intel x64
00:07:41.0965 8056 Number of processors: 2
00:07:41.0965 8056 Page size: 0x1000
00:07:41.0965 8056 Boot type: Normal boot
00:07:41.0965 8056 ============================================================
00:07:43.0047 8056 Drive \Device\Harddisk0\DR0 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:07:43.0066 8056 Drive \Device\Harddisk1\DR1 - Size: 0x25432CDE00 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:07:43.0071 8056 ============================================================
00:07:43.0071 8056 \Device\Harddisk0\DR0:
00:07:43.0084 8056 MBR partitions:
00:07:43.0084 8056 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D000
00:07:43.0084 8056 \Device\Harddisk1\DR1:
00:07:43.0084 8056 MBR partitions:
00:07:43.0084 8056 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x66C1A34
00:07:43.0098 8056 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x66C1AB2, BlocksNum 0xC35700F
00:07:43.0098 8056 ============================================================
00:07:43.0160 8056 C: <-> \Device\Harddisk0\DR0\Partition1
00:07:43.0182 8056 G: <-> \Device\Harddisk1\DR1\Partition1
00:07:43.0195 8056 H: <-> \Device\Harddisk1\DR1\Partition2
00:07:43.0195 8056 ============================================================
00:07:43.0195 8056 Initialize success
00:07:43.0195 8056 ============================================================
00:07:44.0702 1356 ============================================================
00:07:44.0702 1356 Scan started
00:07:44.0702 1356 Mode: Manual;
00:07:44.0702 1356 ============================================================
00:07:46.0366 1356 ================ Scan system memory ========================
00:07:46.0366 1356 System memory - ok
00:07:46.0366 1356 ================ Scan services =============================
00:07:46.0655 1356 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
00:07:46.0676 1356 ACPI - ok
00:07:46.0764 1356 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
00:07:46.0824 1356 adp94xx - ok
00:07:46.0883 1356 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
00:07:46.0913 1356 adpahci - ok
00:07:46.0924 1356 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
00:07:46.0942 1356 adpu160m - ok
00:07:46.0978 1356 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
00:07:46.0981 1356 adpu320 - ok
00:07:47.0011 1356 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:07:47.0013 1356 AeLookupSvc - ok
00:07:47.0065 1356 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
00:07:47.0098 1356 AFD - ok
00:07:47.0114 1356 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
00:07:47.0129 1356 agp440 - ok
00:07:47.0156 1356 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
00:07:47.0158 1356 aic78xx - ok
00:07:47.0173 1356 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
00:07:47.0175 1356 ALG - ok
00:07:47.0183 1356 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
00:07:47.0200 1356 aliide - ok
00:07:47.0214 1356 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
00:07:47.0230 1356 amdide - ok
00:07:47.0239 1356 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
00:07:47.0255 1356 AmdK8 - ok
00:07:47.0287 1356 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
00:07:47.0288 1356 Appinfo - ok
00:07:47.0308 1356 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
00:07:47.0324 1356 arc - ok
00:07:47.0336 1356 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
00:07:47.0352 1356 arcsas - ok
00:07:47.0513 1356 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
00:07:47.0514 1356 aspnet_state - ok
00:07:47.0533 1356 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:07:47.0535 1356 AsyncMac - ok
00:07:47.0559 1356 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
00:07:47.0559 1356 atapi - ok
00:07:47.0597 1356 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:07:47.0602 1356 AudioEndpointBuilder - ok
00:07:47.0608 1356 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
00:07:47.0611 1356 AudioSrv - ok
00:07:48.0111 1356 [ 6FDDD18A650764A59302A018765E5521 ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
00:07:48.0112 1356 AVP - ok
00:07:48.0151 1356 Beep - ok
00:07:48.0244 1356 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
00:07:48.0301 1356 BFE - ok
00:07:48.0411 1356 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\system32\qmgr.dll
00:07:48.0425 1356 BITS - ok
00:07:48.0444 1356 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
00:07:48.0446 1356 blbdrive - ok
00:07:48.0471 1356 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:07:48.0473 1356 bowser - ok
00:07:48.0497 1356 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
00:07:48.0499 1356 BrFiltLo - ok
00:07:48.0518 1356 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
00:07:48.0520 1356 BrFiltUp - ok
00:07:48.0554 1356 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
00:07:48.0557 1356 Browser - ok
00:07:48.0569 1356 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
00:07:48.0584 1356 Brserid - ok
00:07:48.0605 1356 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
00:07:48.0623 1356 BrSerWdm - ok
00:07:48.0640 1356 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
00:07:48.0654 1356 BrUsbMdm - ok
00:07:48.0670 1356 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
00:07:48.0672 1356 BrUsbSer - ok
00:07:48.0692 1356 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
00:07:48.0698 1356 BTHMODEM - ok
00:07:48.0847 1356 [ D94B86AD01A3CC323619D4FF512ED6FA ] catchme C:\ComboFix\catchme.sys
00:07:48.0864 1356 catchme - ok
00:07:48.0881 1356 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:07:48.0899 1356 cdfs - ok
00:07:48.0928 1356 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
00:07:48.0943 1356 cdrom - ok
00:07:48.0988 1356 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
00:07:48.0990 1356 CertPropSvc - ok
00:07:49.0011 1356 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
00:07:49.0014 1356 circlass - ok
00:07:49.0058 1356 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
00:07:49.0076 1356 CLFS - ok
00:07:49.0125 1356 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:07:49.0129 1356 clr_optimization_v2.0.50727_32 - ok
00:07:49.0191 1356 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:07:49.0193 1356 clr_optimization_v2.0.50727_64 - ok
00:07:49.0310 1356 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:07:49.0323 1356 clr_optimization_v4.0.30319_32 - ok
00:07:49.0342 1356 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:07:49.0344 1356 clr_optimization_v4.0.30319_64 - ok
00:07:49.0361 1356 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
00:07:49.0386 1356 cmdide - ok
00:07:49.0397 1356 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
00:07:49.0398 1356 Compbatt - ok
00:07:49.0401 1356 COMSysApp - ok
00:07:49.0410 1356 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
00:07:49.0424 1356 crcdisk - ok
00:07:49.0499 1356 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:07:49.0521 1356 CryptSvc - ok
00:07:49.0632 1356 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
00:07:49.0642 1356 DcomLaunch - ok
00:07:49.0681 1356 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:07:49.0698 1356 DfsC - ok
00:07:49.0912 1356 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
00:07:49.0950 1356 DFSR - ok
00:07:50.0009 1356 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
00:07:50.0014 1356 Dhcp - ok
00:07:50.0042 1356 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
00:07:50.0045 1356 disk - ok
00:07:50.0073 1356 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:07:50.0075 1356 Dnscache - ok
00:07:50.0083 1356 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
00:07:50.0088 1356 dot3svc - ok
00:07:50.0109 1356 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
00:07:50.0113 1356 DPS - ok
00:07:50.0143 1356 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:07:50.0158 1356 drmkaud - ok
00:07:50.0216 1356 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
00:07:50.0220 1356 dtsoftbus01 - ok
00:07:50.0239 1356 dump_wmimmc - ok
00:07:50.0285 1356 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:07:50.0301 1356 DXGKrnl - ok
00:07:50.0331 1356 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
00:07:50.0351 1356 E1G60 - ok
00:07:50.0379 1356 [ 082DAB566F704D258D35BA89F21239CA ] eamon C:\Windows\system32\DRIVERS\eamon.sys
00:07:50.0399 1356 eamon - ok
00:07:50.0426 1356 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
00:07:50.0430 1356 EapHost - ok
00:07:50.0454 1356 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
00:07:50.0482 1356 Ecache - ok
00:07:50.0489 1356 [ 4FF6F92F170550E226B4595766C4D6A6 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
00:07:50.0508 1356 ehdrv - ok
00:07:50.0568 1356 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:07:50.0574 1356 ehRecvr - ok
00:07:50.0593 1356 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
00:07:50.0609 1356 ehSched - ok
00:07:50.0616 1356 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
00:07:50.0617 1356 ehstart - ok
00:07:50.0707 1356 [ 98B82B6AFA03F8F0DD058C3DFCEA472A ] EhttpSrv C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
00:07:50.0710 1356 EhttpSrv - ok
00:07:50.0824 1356 [ 9737FC97B5C941F083C4E46CBCCE2D4A ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
00:07:50.0828 1356 ekrn - ok
00:07:50.0963 1356 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
00:07:51.0002 1356 elxstor - ok
00:07:51.0029 1356 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
00:07:51.0035 1356 EMDMgmt - ok
00:07:51.0060 1356 [ 71C8CBDE6B18F90F19E9C7CB884F87C8 ] epfwwfpr C:\Windows\system32\DRIVERS\epfwwfpr.sys
00:07:51.0077 1356 epfwwfpr - ok
00:07:51.0108 1356 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
00:07:51.0123 1356 ErrDev - ok
00:07:51.0150 1356 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
00:07:51.0156 1356 EventSystem - ok
00:07:51.0220 1356 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
00:07:51.0247 1356 exfat - ok
00:07:51.0276 1356 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:07:51.0278 1356 fastfat - ok
00:07:51.0293 1356 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
00:07:51.0295 1356 fdc - ok
00:07:51.0330 1356 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
00:07:51.0343 1356 fdPHost - ok
00:07:51.0362 1356 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
00:07:51.0364 1356 FDResPub - ok
00:07:51.0374 1356 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:07:51.0392 1356 FileInfo - ok
00:07:51.0410 1356 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:07:51.0425 1356 Filetrace - ok
00:07:51.0446 1356 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
00:07:51.0500 1356 flpydisk - ok
00:07:51.0523 1356 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:07:51.0558 1356 FltMgr - ok
00:07:51.0617 1356 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
00:07:51.0632 1356 FontCache - ok
00:07:51.0716 1356 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:07:51.0717 1356 FontCache3.0.0.0 - ok
00:07:51.0747 1356 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:07:51.0762 1356 Fs_Rec - ok
00:07:51.0783 1356 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
00:07:51.0819 1356 gagp30kx - ok
00:07:51.0854 1356 [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv C:\Windows\gdrv.sys
00:07:51.0869 1356 gdrv - ok
00:07:51.0941 1356 [ 2DDD5CBB203C3C3FD6F74979EBD8CC92 ] GEST Service C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
00:07:51.0942 1356 GEST Service - ok
00:07:52.0028 1356 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
00:07:52.0037 1356 gpsvc - ok
00:07:52.0071 1356 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
00:07:52.0101 1356 hamachi - ok
00:07:52.0135 1356 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:07:52.0141 1356 HdAudAddService - ok
00:07:52.0210 1356 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
00:07:52.0225 1356 HDAudBus - ok
00:07:52.0259 1356 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
00:07:52.0276 1356 HidBth - ok
00:07:52.0297 1356 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
00:07:52.0321 1356 HidIr - ok
00:07:52.0348 1356 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll
00:07:52.0358 1356 hidserv - ok
00:07:52.0379 1356 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
00:07:52.0380 1356 HidUsb - ok
00:07:52.0403 1356 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
00:07:52.0405 1356 hkmsvc - ok
00:07:52.0434 1356 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
00:07:52.0450 1356 HpCISSs - ok
00:07:52.0536 1356 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:07:52.0592 1356 HTTP - ok
00:07:52.0611 1356 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
00:07:52.0613 1356 i2omp - ok
00:07:52.0636 1356 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
00:07:52.0654 1356 i8042prt - ok
00:07:52.0699 1356 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
00:07:52.0778 1356 iaStorV - ok
00:07:52.0872 1356 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
00:07:52.0874 1356 IDriverT - ok
00:07:52.0932 1356 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:07:52.0943 1356 idsvc - ok
00:07:52.0963 1356 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
00:07:52.0965 1356 iirsp - ok
00:07:53.0004 1356 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
00:07:53.0012 1356 IKEEXT - ok
00:07:53.0122 1356 [ 01B5249AF90F308F0F07BA48F5386766 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
00:07:53.0185 1356 IntcAzAudAddService - ok
00:07:53.0225 1356 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
00:07:53.0240 1356 intelide - ok
00:07:53.0263 1356 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:07:53.0278 1356 intelppm - ok
00:07:53.0301 1356 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:07:53.0304 1356 IPBusEnum - ok
00:07:53.0339 1356 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:07:53.0357 1356 IpFilterDriver - ok
00:07:53.0391 1356 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
00:07:53.0402 1356 iphlpsvc - ok
00:07:53.0405 1356 IpInIp - ok
00:07:53.0421 1356 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
00:07:53.0451 1356 IPMIDRV - ok
00:07:53.0476 1356 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
00:07:53.0505 1356 IPNAT - ok
00:07:53.0528 1356 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:07:53.0546 1356 IRENUM - ok
00:07:53.0812 1356 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
00:07:53.0843 1356 isapnp - ok
00:07:54.0061 1356 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
00:07:54.0096 1356 iScsiPrt - ok
00:07:54.0221 1356 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
00:07:54.0299 1356 iteatapi - ok
00:07:54.0374 1356 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
00:07:54.0377 1356 iteraid - ok
00:07:54.0394 1356 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
00:07:54.0411 1356 kbdclass - ok
00:07:54.0456 1356 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
00:07:54.0487 1356 kbdhid - ok
00:07:54.0516 1356 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
00:07:54.0517 1356 KeyIso - ok
00:07:54.0589 1356 [ 549F9D454E9E6697B108F16C569B505A ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
00:07:54.0627 1356 KL1 - ok
00:07:54.0800 1356 [ 08DF1B7A82837B92096EC7597C00889A ] KLIF C:\Windows\system32\DRIVERS\klif.sys
00:07:54.0845 1356 KLIF - ok
00:07:54.0860 1356 [ A7DFA9A2554143667E830E8ABE452D70 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
00:07:54.0878 1356 KLIM6 - ok
00:07:54.0934 1356 [ E6FAA395058F7BAF0F3529CDBA9B7133 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
00:07:54.0935 1356 klkbdflt - ok
00:07:54.0944 1356 [ D398DABD44FDDDBED305442BB7BCDB29 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
00:07:54.0946 1356 klmouflt - ok
00:07:54.0965 1356 [ B9B2AEEE5E17B2CEBC034FF2748577A0 ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
00:07:54.0996 1356 kltdi - ok
00:07:55.0009 1356 [ 8E880E08D7453DB58DAC36C2C48FFD45 ] kneps C:\Windows\system32\DRIVERS\kneps.sys
00:07:55.0029 1356 kneps - ok
00:07:55.0071 1356 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:07:55.0079 1356 KSecDD - ok
00:07:55.0118 1356 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
00:07:55.0121 1356 ksthunk - ok
00:07:55.0290 1356 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
00:07:55.0310 1356 KtmRm - ok
00:07:55.0372 1356 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll
00:07:55.0385 1356 LanmanServer - ok
00:07:55.0433 1356 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:07:55.0451 1356 LanmanWorkstation - ok
00:07:55.0469 1356 Lbd - ok
00:07:55.0531 1356 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
00:07:55.0549 1356 LGBusEnum - ok
00:07:55.0579 1356 [ F7205E939F50B1C8D16F895916BE6756 ] LGSHidFilt C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
00:07:55.0611 1356 LGSHidFilt - ok
00:07:55.0630 1356 [ 09521A95BEAB989F1A3E003ACD4E914A ] LGSUsbFilt C:\Windows\system32\DRIVERS\LGSUsbFilt.Sys
00:07:55.0646 1356 LGSUsbFilt - ok
00:07:55.0670 1356 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
00:07:55.0672 1356 LGVirHid - ok
00:07:55.0685 1356 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:07:55.0703 1356 lltdio - ok
00:07:55.0743 1356 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:07:55.0749 1356 lltdsvc - ok
00:07:55.0772 1356 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
00:07:55.0774 1356 lmhosts - ok
00:07:55.0803 1356 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
00:07:55.0819 1356 LSI_FC - ok
00:07:55.0847 1356 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
00:07:55.0891 1356 LSI_SAS - ok
00:07:55.0930 1356 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
00:07:55.0947 1356 LSI_SCSI - ok
00:07:55.0979 1356 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
00:07:55.0993 1356 luafv - ok
00:07:56.0011 1356 lvpepf64 - ok
00:07:56.0023 1356 LVPr2M64 - ok
00:07:56.0035 1356 LVRS64 - ok
00:07:56.0038 1356 LVUSBS64 - ok
00:07:56.0066 1356 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:07:56.0079 1356 Mcx2Svc - ok
00:07:56.0117 1356 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
00:07:56.0147 1356 megasas - ok
00:07:56.0193 1356 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
00:07:56.0213 1356 MegaSR - ok
00:07:56.0235 1356 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
00:07:56.0238 1356 MMCSS - ok
00:07:56.0257 1356 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
00:07:56.0275 1356 Modem - ok
00:07:56.0300 1356 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:07:56.0302 1356 monitor - ok
00:07:56.0309 1356 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
00:07:56.0350 1356 mouclass - ok
00:07:56.0371 1356 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:07:56.0385 1356 mouhid - ok
00:07:56.0394 1356 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
00:07:56.0444 1356 MountMgr - ok
00:07:56.0461 1356 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
00:07:56.0478 1356 mpio - ok
00:07:56.0500 1356 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:07:56.0544 1356 mpsdrv - ok
00:07:56.0608 1356 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
00:07:56.0616 1356 MpsSvc - ok
00:07:56.0635 1356 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
00:07:56.0637 1356 Mraid35x - ok
00:07:56.0668 1356 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:07:56.0685 1356 MRxDAV - ok
00:07:56.0731 1356 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:07:56.0733 1356 mrxsmb - ok
00:07:56.0746 1356 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:07:56.0774 1356 mrxsmb10 - ok
00:07:56.0782 1356 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:07:56.0786 1356 mrxsmb20 - ok
00:07:56.0810 1356 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
00:07:56.0825 1356 msahci - ok
00:07:56.0845 1356 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
00:07:56.0875 1356 msdsm - ok
00:07:56.0888 1356 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
00:07:56.0901 1356 MSDTC - ok
00:07:56.0915 1356 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:07:56.0946 1356 Msfs - ok
00:07:56.0968 1356 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
00:07:56.0970 1356 msisadrv - ok
00:07:57.0013 1356 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:07:57.0026 1356 MSiSCSI - ok
00:07:57.0029 1356 msiserver - ok
00:07:57.0052 1356 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:07:57.0066 1356 MSKSSRV - ok
00:07:57.0079 1356 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:07:57.0093 1356 MSPCLOCK - ok
00:07:57.0109 1356 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:07:57.0111 1356 MSPQM - ok
00:07:57.0146 1356 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:07:57.0150 1356 MsRPC - ok
00:07:57.0162 1356 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
00:07:57.0178 1356 mssmbios - ok
00:07:57.0189 1356 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:07:57.0204 1356 MSTEE - ok
00:07:57.0220 1356 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
00:07:57.0221 1356 Mup - ok
00:07:57.0298 1356 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
00:07:57.0340 1356 napagent - ok
00:07:57.0373 1356 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:07:57.0392 1356 NativeWifiP - ok
00:07:57.0449 1356 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
00:07:57.0459 1356 NDIS - ok
00:07:57.0472 1356 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:07:57.0474 1356 NdisTapi - ok
00:07:57.0494 1356 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:07:57.0511 1356 Ndisuio - ok
00:07:57.0546 1356 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:07:57.0548 1356 NdisWan - ok
00:07:57.0561 1356 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:07:57.0579 1356 NDProxy - ok
00:07:57.0592 1356 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:07:57.0595 1356 NetBIOS - ok
00:07:57.0627 1356 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
00:07:57.0632 1356 netbt - ok
00:07:57.0642 1356 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
00:07:57.0644 1356 Netlogon - ok
00:07:57.0671 1356 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
00:07:57.0677 1356 Netman - ok
00:07:57.0719 1356 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:07:57.0723 1356 NetMsmqActivator - ok
00:07:57.0727 1356 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:07:57.0728 1356 NetPipeActivator - ok
00:07:57.0753 1356 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
00:07:57.0759 1356 netprofm - ok
00:07:57.0762 1356 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:07:57.0763 1356 NetTcpActivator - ok
00:07:57.0766 1356 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:07:57.0767 1356 NetTcpPortSharing - ok
00:07:57.0785 1356 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
00:07:57.0815 1356 nfrd960 - ok
00:07:57.0835 1356 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
00:07:57.0840 1356 NlaSvc - ok
00:07:57.0857 1356 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:07:57.0874 1356 Npfs - ok
00:07:57.0888 1356 npggsvc - ok
00:07:57.0892 1356 NPPTNT2 - ok
00:07:57.0903 1356 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
00:07:57.0906 1356 nsi - ok
00:07:57.0909 1356 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:07:57.0912 1356 nsiproxy - ok
00:07:57.0966 1356 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:07:58.0029 1356 Ntfs - ok
00:07:58.0144 1356 nTuneService - ok
00:07:58.0161 1356 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
00:07:58.0162 1356 Null - ok
00:07:58.0204 1356 [ B4F53BCA4C688FF47F04FA90098F896E ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
00:07:58.0209 1356 NVHDA - ok
00:07:58.0610 1356 [ A5CFEF9DA8B0E0E444E909B7F6BB1AFC ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:07:58.0736 1356 nvlddmkm - ok
00:07:58.0779 1356 [ 8C1D181480796D7D3366A9381FD7782D ] nvoclk64 C:\Windows\system32\DRIVERS\nvoclk64.sys
00:07:58.0780 1356 nvoclk64 - ok
00:07:58.0789 1356 [ 549256FD69B5833490CC530BD909CA4A ] NVR0FLASHDev C:\Windows\nvflsh64.sys
00:07:58.0806 1356 NVR0FLASHDev - ok
00:07:58.0837 1356 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:07:58.0840 1356 nvraid - ok
00:07:58.0851 1356 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:07:58.0852 1356 nvstor - ok
00:07:58.0919 1356 [ 58E4328A06D5B7E76225F4EC8918690E ] nvsvc C:\Windows\system32\nvvsvc.exe
00:07:58.0925 1356 nvsvc - ok
00:07:58.0979 1356 [ 2574F7395B3E3B6F37F731291BA76076 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
00:07:58.0996 1356 nvUpdatusService - ok
00:07:59.0020 1356 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
00:07:59.0025 1356 nv_agp - ok
00:07:59.0028 1356 NwlnkFlt - ok
00:07:59.0031 1356 NwlnkFwd - ok
00:07:59.0070 1356 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
00:07:59.0089 1356 ohci1394 - ok
00:07:59.0185 1356 [ EC322186D8FCE3D632F3F597D67747DD ] OpenVPNService C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
00:07:59.0190 1356 OpenVPNService - ok
00:07:59.0253 1356 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:07:59.0255 1356 ose - ok
00:07:59.0408 1356 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
00:07:59.0442 1356 p2pimsvc - ok
00:07:59.0453 1356 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
00:07:59.0458 1356 p2psvc - ok
00:07:59.0510 1356 [ 4C6A7FD04DDF4DB88791048382E3EDB1 ] Parport C:\Windows\system32\DRIVERS\parport.sys
00:07:59.0528 1356 Parport - ok
00:07:59.0551 1356 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:07:59.0568 1356 partmgr - ok
00:07:59.0596 1356 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
00:07:59.0608 1356 PcaSvc - ok
00:07:59.0612 1356 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
00:07:59.0627 1356 pci - ok
00:07:59.0652 1356 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
00:07:59.0667 1356 pciide - ok
00:07:59.0685 1356 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
00:07:59.0728 1356 pcmcia - ok
00:07:59.0761 1356 [ AF7CE12C4F3DC8CB2B07685C916BBCFE ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
00:07:59.0789 1356 pcouffin - ok
00:08:00.0015 1356 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:08:00.0041 1356 PEAUTH - ok
00:08:00.0140 1356 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
00:08:00.0144 1356 PerfHost - ok
00:08:00.0150 1356 PID_PEPI - ok
00:08:00.0197 1356 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
00:08:00.0214 1356 pla - ok
00:08:00.0249 1356 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:08:00.0255 1356 PlugPlay - ok
00:08:00.0287 1356 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
00:08:00.0294 1356 PNRPAutoReg - ok
00:08:00.0306 1356 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
00:08:00.0311 1356 PNRPsvc - ok
00:08:00.0371 1356 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:08:00.0383 1356 PolicyAgent - ok
00:08:00.0400 1356 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:08:00.0417 1356 PptpMiniport - ok
00:08:00.0428 1356 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
00:08:00.0445 1356 Processor - ok
00:08:00.0468 1356 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
00:08:00.0473 1356 ProfSvc - ok
00:08:00.0478 1356 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
00:08:00.0479 1356 ProtectedStorage - ok
00:08:00.0512 1356 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
00:08:00.0530 1356 PSched - ok
00:08:00.0680 1356 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
00:08:00.0715 1356 ql2300 - ok
00:08:00.0740 1356 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
00:08:00.0759 1356 ql40xx - ok
00:08:00.0814 1356 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
00:08:00.0820 1356 QWAVE - ok
00:08:00.0834 1356 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:08:00.0851 1356 QWAVEdrv - ok
00:08:00.0861 1356 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:08:00.0878 1356 RasAcd - ok
00:08:00.0909 1356 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
00:08:00.0912 1356 RasAuto - ok
00:08:00.0919 1356 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:08:00.0923 1356 Rasl2tp - ok
00:08:00.0933 1356 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
00:08:00.0939 1356 RasMan - ok
00:08:00.0973 1356 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:08:00.0990 1356 RasPppoe - ok
00:08:01.0021 1356 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:08:01.0052 1356 RasSstp - ok
00:08:01.0085 1356 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:08:01.0103 1356 rdbss - ok
00:08:01.0114 1356 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:08:01.0129 1356 RDPCDD - ok
00:08:01.0159 1356 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
00:08:01.0179 1356 rdpdr - ok
00:08:01.0182 1356 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:08:01.0196 1356 RDPENCDD - ok
00:08:01.0276 1356 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:08:01.0295 1356 RDPWD - ok
00:08:01.0320 1356 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
00:08:01.0323 1356 RemoteAccess - ok
00:08:01.0359 1356 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:08:01.0364 1356 RemoteRegistry - ok
00:08:01.0396 1356 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
00:08:01.0397 1356 RpcLocator - ok
00:08:01.0523 1356 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
00:08:01.0528 1356 RpcSs - ok
00:08:01.0543 1356 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:08:01.0577 1356 rspndr - ok
00:08:01.0645 1356 [ 98A07845F5F2B2FEB63B5407E18F6FFF ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
00:08:01.0663 1356 RTL8169 - ok
00:08:01.0672 1356 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
00:08:01.0674 1356 SamSs - ok
00:08:01.0687 1356 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
00:08:01.0718 1356 sbp2port - ok
00:08:01.0877 1356 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
00:08:01.0883 1356 SBSDWSCService - ok
00:08:01.0923 1356 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:08:01.0935 1356 SCardSvr - ok
00:08:01.0974 1356 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
00:08:01.0985 1356 Schedule - ok
00:08:02.0016 1356 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
00:08:02.0017 1356 SCPolicySvc - ok
00:08:02.0140 1356 [ 54196CDAC7E1D81D71C652E100B99E77 ] ScsiAccess C:\Program Files (x86)\Photodex\CompuPicPro\ScsiAccess.exe
00:08:02.0141 1356 ScsiAccess - ok
00:08:02.0178 1356 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:08:02.0190 1356 SDRSVC - ok
00:08:02.0213 1356 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:08:02.0230 1356 secdrv - ok
00:08:02.0245 1356 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
00:08:02.0248 1356 seclogon - ok
00:08:02.0267 1356 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll
00:08:02.0270 1356 SENS - ok
00:08:02.0292 1356 [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
00:08:02.0308 1356 Serenum - ok
00:08:02.0320 1356 [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial C:\Windows\system32\DRIVERS\serial.sys
00:08:02.0336 1356 Serial - ok
00:08:02.0355 1356 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
00:08:02.0387 1356 sermouse - ok
00:08:02.0424 1356 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
00:08:02.0474 1356 SessionEnv - ok
00:08:02.0505 1356 [ 4FCACE92BB0345D58BB96ADBD69F5237 ] sfdrv01 C:\Windows\system32\drivers\sfdrv01.sys
00:08:02.0535 1356 sfdrv01 - ok
00:08:02.0552 1356 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
00:08:02.0579 1356 sffdisk - ok
00:08:02.0592 1356 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
00:08:02.0594 1356 sffp_mmc - ok
00:08:02.0606 1356 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
00:08:02.0621 1356 sffp_sd - ok
00:08:02.0648 1356 [ 17F6BD95BF04B924F4C05CE78BEF8AE6 ] sfhlp02 C:\Windows\system32\drivers\sfhlp02.sys
00:08:02.0677 1356 sfhlp02 - ok
00:08:02.0699 1356 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
00:08:02.0725 1356 sfloppy - ok
00:08:02.0759 1356 [ 40CF333266E10137F805B8956FE19031 ] sfsync02 C:\Windows\system32\drivers\sfsync02.sys
00:08:02.0776 1356 sfsync02 - ok
00:08:02.0829 1356 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
00:08:02.0880 1356 SharedAccess - ok
00:08:02.0946 1356 [ 66CFDF478939DD6388858DE06F2CE14C ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:08:02.0949 1356 ShellHWDetection - ok
00:08:02.0968 1356 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
00:08:02.0986 1356 SiSRaid2 - ok
00:08:03.0005 1356 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
00:08:03.0021 1356 SiSRaid4 - ok
00:08:03.0111 1356 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
00:08:03.0146 1356 slsvc - ok
00:08:03.0167 1356 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
00:08:03.0170 1356 SLUINotify - ok
00:08:03.0213 1356 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:08:03.0244 1356 Smb - ok
00:08:03.0272 1356 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:08:03.0275 1356 SNMPTRAP - ok
00:08:03.0315 1356 [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan C:\Windows\syswow64\speedfan.sys
00:08:03.0331 1356 speedfan - ok
00:08:03.0362 1356 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
00:08:03.0379 1356 spldr - ok
00:08:03.0428 1356 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
00:08:03.0451 1356 Spooler - ok
00:08:03.0605 1356 [ A15860E920B02C9A7CE8F3A6C2FF1E3A ] sptd C:\Windows\System32\Drivers\sptd.sys
00:08:03.0703 1356 sptd - ok
00:08:03.0809 1356 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
00:08:03.0846 1356 srv - ok
00:08:03.0870 1356 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:08:03.0922 1356 srv2 - ok
00:08:03.0937 1356 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:08:03.0955 1356 srvnet - ok
00:08:03.0981 1356 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:08:03.0985 1356 SSDPSRV - ok
00:08:04.0010 1356 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:08:04.0014 1356 SstpSvc - ok
00:08:04.0040 1356 Steam Client Service - ok
00:08:04.0082 1356 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
00:08:04.0091 1356 stisvc - ok
00:08:04.0116 1356 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
00:08:04.0118 1356 swenum - ok
00:08:04.0195 1356 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
00:08:04.0216 1356 SwitchBoard - ok
00:08:04.0246 1356 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
00:08:04.0254 1356 swprv - ok
00:08:04.0275 1356 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
00:08:04.0292 1356 Symc8xx - ok
00:08:04.0311 1356 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
00:08:04.0328 1356 Sym_hi - ok
00:08:04.0353 1356 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
00:08:04.0354 1356 Sym_u3 - ok
00:08:04.0400 1356 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
00:08:04.0412 1356 SysMain - ok
00:08:04.0433 1356 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:08:04.0437 1356 TabletInputService - ok
00:08:04.0497 1356 [ F9BE29D5E097F03F81D3CD12B794CB66 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
00:08:04.0534 1356 tap0901 - ok
00:08:04.0567 1356 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
00:08:04.0572 1356 TapiSrv - ok
00:08:04.0582 1356 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
00:08:04.0585 1356 TBS - ok
00:08:04.0790 1356 [ 0E970F59D7FBB838316176B19A2ADB82 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:08:04.0808 1356 Tcpip - ok
00:08:04.0825 1356 [ 0E970F59D7FBB838316176B19A2ADB82 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
00:08:04.0832 1356 Tcpip6 - ok
00:08:04.0855 1356 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:08:04.0889 1356 tcpipreg - ok
00:08:04.0954 1356 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:08:04.0970 1356 TDPIPE - ok
00:08:04.0993 1356 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:08:05.0050 1356 TDTCP - ok
00:08:05.0076 1356 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:08:05.0094 1356 tdx - ok
00:08:05.0106 1356 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
00:08:05.0124 1356 TermDD - ok
00:08:05.0169 1356 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
00:08:05.0179 1356 TermService - ok
00:08:05.0194 1356 [ 66CFDF478939DD6388858DE06F2CE14C ] Themes C:\Windows\system32\shsvcs.dll
00:08:05.0197 1356 Themes - ok
00:08:05.0241 1356 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
00:08:05.0242 1356 THREADORDER - ok
00:08:05.0306 1356 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
00:08:05.0385 1356 TrkWks - ok
00:08:05.0441 1356 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:08:05.0442 1356 TrustedInstaller - ok
00:08:05.0537 1356 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:08:05.0568 1356 tssecsrv - ok
00:08:05.0601 1356 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
00:08:05.0619 1356 tunmp - ok
00:08:05.0654 1356 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:08:05.0678 1356 tunnel - ok
00:08:05.0717 1356 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
00:08:05.0733 1356 uagp35 - ok
00:08:05.0783 1356 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:08:05.0802 1356 udfs - ok
00:08:05.0842 1356 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:08:05.0851 1356 UI0Detect - ok
00:08:05.0867 1356 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
00:08:05.0868 1356 uliagpkx - ok
00:08:05.0889 1356 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
00:08:05.0908 1356 uliahci - ok
00:08:05.0929 1356 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
00:08:05.0964 1356 UlSata - ok
00:08:05.0989 1356 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
00:08:06.0006 1356 ulsata2 - ok
00:08:06.0040 1356 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
00:08:06.0042 1356 umbus - ok
00:08:06.0063 1356 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
00:08:06.0070 1356 upnphost - ok
00:08:06.0101 1356 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
00:08:06.0104 1356 usbaudio - ok
00:08:06.0141 1356 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:08:06.0142 1356 usbccgp - ok
00:08:06.0160 1356 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
00:08:06.0178 1356 usbcir - ok
00:08:06.0182 1356 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
00:08:06.0198 1356 usbehci - ok
00:08:06.0216 1356 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
00:08:06.0261 1356 usbhub - ok
00:08:06.0264 1356 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
00:08:06.0293 1356 usbohci - ok
00:08:06.0346 1356 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
00:08:06.0408 1356 usbprint - ok
00:08:06.0459 1356 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
00:08:06.0476 1356 usbscan - ok
00:08:06.0520 1356 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:08:06.0539 1356 USBSTOR - ok
00:08:06.0557 1356 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
00:08:06.0583 1356 usbuhci - ok
00:08:06.0620 1356 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
00:08:06.0622 1356 UxSms - ok
00:08:06.0637 1356 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
00:08:06.0646 1356 vds - ok
00:08:06.0656 1356 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:08:06.0687 1356 vga - ok
00:08:06.0729 1356 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
00:08:06.0760 1356 VgaSave - ok
00:08:06.0796 1356 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
00:08:06.0812 1356 viaide - ok
00:08:06.0815 1356 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
00:08:06.0849 1356 volmgr - ok
00:08:06.0887 1356 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:08:06.0908 1356 volmgrx - ok
00:08:06.0954 1356 [ 582F710097B46140F5A89A19A6573D4B ] volsnap C:\Windows\system32\drivers\volsnap.sys
00:08:06.0973 1356 volsnap - ok
00:08:06.0993 1356 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
00:08:06.0997 1356 vsmraid - ok
00:08:07.0048 1356 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
00:08:07.0074 1356 VSS - ok
00:08:07.0138 1356 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
00:08:07.0143 1356 W32Time - ok
00:08:07.0170 1356 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
00:08:07.0172 1356 WacomPen - ok
00:08:07.0253 1356 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
00:08:07.0294 1356 Wanarp - ok
00:08:07.0316 1356 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:08:07.0317 1356 Wanarpv6 - ok
00:08:07.0378 1356 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:08:07.0427 1356 wcncsvc - ok
00:08:07.0479 1356 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:08:07.0488 1356 WcsPlugInService - ok
00:08:07.0501 1356 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
00:08:07.0527 1356 Wd - ok
00:08:07.0569 1356 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:08:07.0594 1356 Wdf01000 - ok
00:08:07.0616 1356 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:08:07.0619 1356 WdiServiceHost - ok
00:08:07.0622 1356 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:08:07.0625 1356 WdiSystemHost - ok
00:08:07.0670 1356 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
00:08:07.0676 1356 WebClient - ok
00:08:07.0702 1356 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:08:07.0708 1356 Wecsvc - ok
00:08:07.0716 1356 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:08:07.0720 1356 wercplsupport - ok
00:08:07.0741 1356 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
00:08:07.0745 1356 WerSvc - ok
00:08:07.0765 1356 WinDefend - ok
00:08:07.0772 1356 WinHttpAutoProxySvc - ok
00:08:07.0829 1356 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:08:07.0833 1356 Winmgmt - ok
00:08:07.0887 1356 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
00:08:07.0914 1356 WinRM - ok
00:08:08.0006 1356 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
00:08:08.0015 1356 Wlansvc - ok
00:08:08.0191 1356 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:08:08.0219 1356 wlidsvc - ok
00:08:08.0246 1356 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
00:08:08.0262 1356 WmiAcpi - ok
00:08:08.0352 1356 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:08:08.0356 1356 wmiApSrv - ok
00:08:08.0359 1356 WMPNetworkSvc - ok
00:08:08.0416 1356 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:08:08.0420 1356 WPCSvc - ok
00:08:08.0445 1356 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:08:08.0449 1356 WPDBusEnum - ok
00:08:08.0473 1356 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
00:08:08.0491 1356 WpdUsb - ok
00:08:08.0612 1356 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:08:08.0617 1356 WPFFontCache_v0400 - ok
00:08:08.0633 1356 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:08:08.0651 1356 ws2ifsl - ok
00:08:08.0681 1356 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\system32\wscsvc.dll
00:08:08.0684 1356 wscsvc - ok
00:08:08.0687 1356 WSearch - ok
00:08:08.0778 1356 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
00:08:08.0805 1356 wuauserv - ok
00:08:08.0835 1356 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
00:08:08.0838 1356 WudfPf - ok
00:08:08.0876 1356 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:08:08.0882 1356 WUDFRd - ok
00:08:08.0912 1356 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:08:08.0915 1356 wudfsvc - ok
00:08:08.0933 1356 ================ Scan global ===============================
00:08:08.0964 1356 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
00:08:08.0996 1356 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
00:08:09.0012 1356 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
00:08:09.0059 1356 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
00:08:09.0067 1356 [Global] - ok
00:08:09.0067 1356 ================ Scan MBR ==================================
00:08:09.0079 1356 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
00:08:09.0401 1356 \Device\Harddisk0\DR0 - ok
00:08:09.0404 1356 [ 3051207086651214E435112E51817DC5 ] \Device\Harddisk1\DR1
00:08:09.0517 1356 \Device\Harddisk1\DR1 - ok

oekoeloe · Mar 16, 2013

00:08:09.0518 1356 ================ Scan VBR ==================================
00:08:09.0530 1356 [ 6E4F5551E489D5AF62AE8E5988B12123 ] \Device\Harddisk0\DR0\Partition1
00:08:09.0535 1356 \Device\Harddisk0\DR0\Partition1 - ok
00:08:09.0537 1356 [ 59C4490B93FADF73EB5F901A7F0B6955 ] \Device\Harddisk1\DR1\Partition1
00:08:09.0538 1356 \Device\Harddisk1\DR1\Partition1 - ok
00:08:09.0552 1356 [ 825E8CB09AAB56DAECC4587F96006FCE ] \Device\Harddisk1\DR1\Partition2
00:08:09.0553 1356 \Device\Harddisk1\DR1\Partition2 - ok
00:08:09.0554 1356 ============================================================
00:08:09.0554 1356 Scan finished
00:08:09.0554 1356 ============================================================
00:08:09.0562 2936 Detected object count: 0
00:08:09.0562 2936 Actual detected object count: 0
00:08:37.0585 7464 Deinitialize success

johnb35 · Mar 16, 2013

While we are waiting for the Eset scan.

I recommend uninstalling the following.

Adobe Flash Player 10 Plugin - outdated
Adobe Reader 9.5.4 - Nederlands - outdated
AML Free Registry Cleaner 4.24 - registry cleaner is not needed
Spelling Dictionaries Support For Adobe Reader 9 - adobe reader outdated
Spybot - Search & Destroy - old and outdated, use malwarebytes instead.

You can download the latest adobe reader here.

http://get.adobe.com/reader/?promoid=BUIGO

Just uncheck mcafee security scan plus before installing.

According to your installed program list, Eset isn't installed so we need to do the following.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code:

SecCenter::

AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

oekoeloe · Mar 16, 2013

I uninstalled those applications. The Eset scanner didn't find anything and I can't make a log.

When I drag the txt on combofix, it does what it did before all over again.
Is that right?

johnb35 · Mar 16, 2013

Yes it is. It will run just like before and produce a new log.

oekoeloe · Mar 17, 2013

ComboFix 13-03-16.02 - Michael 17-03-2013 0:55:06.3.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.4094.2303 [GMT 1:00]
Gestart vanuit: C:\Users\Michael\Downloads\ComboFix.exe
gebruikte Opdracht switches :: C:\Users\Michael\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

---- Voorgaande Run -------

C:\Users\Michael\AppData\Local\xdelta.exe
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Recent\dimmu-borgir_enthrone-darkness-triumphant_cover.jpg.url
C:\Windows\SysWow64\URTTemp
C:\Windows\SysWow64\URTTemp\regtlib.exe
C:\Windows\XSxS

(((((((((((((((((((( Bestanden Gemaakt van 2013-02-17 to 2013-03-17 ))))))))))))))))))))))))))))))

2013-03-17 00:06:04 . 2013-03-17 00:06:04 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\temp
2013-03-17 00:06:04 . 2013-03-17 00:06:04 -------- d-----w- C:\Users\Michael\AppData\Local\temp
2013-03-17 00:06:04 . 2013-03-17 00:06:04 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-03-16 23:28:15 . 2013-03-16 23:28:15 -------- d-----w- C:\Program Files (x86)\ESET
2013-03-16 21:45:44 . 2013-03-16 21:45:44 388096 ----a-r- C:\Users\Michael\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-03-16 11:35:01 . 2013-03-16 11:35:01 9310 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2013-03-16 11:35:01 . 2013-03-16 11:35:01 8646 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2013-03-16 11:35:01 . 2013-03-16 11:35:01 8613 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2013-03-16 11:35:01 . 2013-03-16 11:35:01 6429 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2013-03-16 11:35:01 . 2013-03-16 11:35:01 63115 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2013-03-16 11:35:01 . 2013-03-16 11:35:01 5927 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2013-03-16 11:35:01 . 2013-03-16 11:35:01 4599 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2013-03-16 11:35:01 . 2013-03-16 11:35:01 1651 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2013-03-16 11:35:00 . 2013-03-16 11:35:00 8288 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2013-03-16 11:35:00 . 2013-03-16 11:35:00 6910 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2013-03-16 11:35:00 . 2013-03-16 11:35:00 6208 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2013-03-16 11:35:00 . 2013-03-16 11:35:00 18541 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2013-03-16 11:34:59 . 2013-03-16 11:34:59 51852 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2013-03-16 11:34:58 . 2013-03-16 11:34:58 8782 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2013-03-16 11:34:58 . 2013-03-16 11:34:58 7271 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2013-03-16 11:34:58 . 2013-03-16 11:34:58 23327 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2013-03-16 11:34:58 . 2013-03-16 11:34:58 20719 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2013-03-15 18:25:05 . 2013-02-08 00:28:29 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6D1497EC-88F0-460D-9674-0BB470DE1424}\mpengine.dll
2013-03-15 18:24:01 . 2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\system32\mshtml.tlb
2013-03-15 18:24:00 . 2013-02-02 07:37:58 182816 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2013-03-15 18:24:00 . 2013-02-02 06:44:02 304640 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2013-03-15 18:24:00 . 2013-02-02 06:38:20 96768 ----a-w- C:\Windows\system32\mshtmled.dll
2013-03-15 18:24:00 . 2013-02-02 04:19:04 149552 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2013-03-15 18:24:00 . 2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-03-15 18:24:00 . 2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-03-11 22:27:30 . 2013-03-11 22:27:30 -------- d-----w- C:\Users\Michael\AppData\Local\DOSBox
2013-03-11 22:27:07 . 2013-03-15 14:13:14 -------- d-----w- C:\Program Files (x86)\DOSBox-0.74
2013-03-11 22:03:32 . 2013-03-11 22:03:32 -------- d-----w- C:\Users\Michael\tbs_logs
2013-03-08 11:34:07 . 2013-03-08 11:33:58 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-06 22:57:33 . 2013-01-09 01:10:05 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\vgx\VGX.dll
2013-03-06 22:57:33 . 2013-01-08 22:01:00 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\vgx\VGX.dll
2013-03-06 22:44:39 . 2013-01-04 01:59:24 2773504 ----a-w- C:\Windows\system32\win32k.sys
2013-03-06 22:44:36 . 2013-01-04 11:31:10 1423720 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2013-03-06 22:43:51 . 2012-11-08 04:26:22 1570816 ----a-w- C:\Windows\system32\quartz.dll
2013-03-06 22:43:51 . 2012-11-08 03:48:38 1314816 ----a-w- C:\Windows\SysWow64\quartz.dll
2013-03-06 22:43:38 . 2013-01-05 05:37:50 4695400 ----a-w- C:\Windows\system32\ntoskrnl.exe
2013-03-05 23:48:22 . 2013-03-05 23:48:22 -------- d-----w- C:\Program Files\Sony
2013-03-03 14:48:51 . 2013-03-16 21:41:36 -------- d-----w- C:\Users\Michael\AppData\Roaming\.minecraft
2013-02-22 01:30:18 . 2013-02-22 01:30:18 -------- d-----w- C:\Users\Michael\AppData\Roaming\Sony Creative Software Inc
2013-02-19 12:04:39 . 2013-02-19 12:04:39 -------- d-----w- C:\Program Files (x86)\Sizer
2013-02-15 18:58:12 . 2013-02-15 18:58:12 106088 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-03-16 11:34:57 . 2008-07-27 11:35:30 25640 ----a-w- C:\Windows\gdrv.sys
2013-03-15 18:25:21 . 2006-11-02 12:35:00 72013344 ----a-w- C:\Windows\system32\mrt.exe
2013-03-08 11:33:54 . 2012-06-06 18:01:19 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-03-08 11:33:54 . 2010-04-23 10:26:16 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-01-28 18:00:15 . 2013-01-28 18:00:15 21840 ----a-w- C:\Windows\SysWow64\SIntfNT.dll
2013-01-28 18:00:15 . 2013-01-28 18:00:15 17212 ----a-w- C:\Windows\SysWow64\SIntf32.dll
2013-01-28 18:00:15 . 2013-01-28 18:00:15 12067 ----a-w- C:\Windows\SysWow64\SIntf16.dll
2013-01-25 13:48:06 . 2013-01-30 18:46:01 9422672 ----a-w- C:\Windows\system32\nvcuda.dll
2013-01-25 13:48:06 . 2013-01-30 18:46:01 2911008 ----a-w- C:\Windows\system32\nvcuvid.dll
2013-01-25 13:48:06 . 2013-01-30 18:46:01 2352416 ----a-w- C:\Windows\system32\nvcuvenc.dll
2013-01-25 13:48:06 . 2013-01-30 18:46:01 20534048 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2013-01-25 13:48:06 . 2013-01-30 18:46:01 1990944 ----a-w- C:\Windows\SysWow64\nvcuvenc.dll
2013-01-25 13:48:06 . 2013-01-30 18:46:01 12771784 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2013-01-25 13:48:06 . 2013-01-30 18:46:00 2726176 ----a-w- C:\Windows\SysWow64\nvcuvid.dll
2013-01-25 13:48:06 . 2013-01-30 18:46:00 25256736 ----a-w- C:\Windows\system32\nvcompiler.dll
2013-01-25 13:48:06 . 2013-01-30 18:46:00 1807136 ----a-w- C:\Windows\system32\nvdispco6420294.dll
2013-01-25 13:48:06 . 2013-01-30 18:46:00 1510176 ----a-w- C:\Windows\system32\nvdispgenco6420162.dll
2013-01-25 13:48:06 . 2013-01-30 18:45:59 7964168 ----a-w- C:\Windows\SysWow64\nvcuda.dll
2013-01-25 13:48:06 . 2013-01-30 18:45:59 7569184 ----a-w- C:\Windows\system32\nvopencl.dll
2013-01-25 13:48:06 . 2013-01-30 18:45:59 17985632 ----a-w- C:\Windows\system32\nvd3dumx.dll
2013-01-25 13:48:06 . 2013-01-30 18:45:58 6267240 ----a-w- C:\Windows\SysWow64\nvopencl.dll
2013-01-25 13:48:06 . 2013-01-30 18:45:58 17560352 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
2013-01-25 13:48:06 . 2013-01-30 18:45:58 15182544 ----a-w- C:\Windows\system32\nvwgf2umx.dll
2013-01-25 13:48:06 . 2013-01-30 18:45:58 11037472 ----a-w- C:\Windows\system32\drivers\nvlddmkm.sys
2013-01-25 13:48:06 . 2012-11-16 14:41:56 26946848 ----a-w- C:\Windows\system32\nvoglv64.dll
2013-01-25 13:48:06 . 2012-10-14 19:21:59 2530376 ----a-w- C:\Windows\SysWow64\nvapi.dll
2013-01-25 13:48:06 . 2012-10-14 19:21:59 15037248 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2013-01-25 13:48:06 . 2012-06-15 11:48:18 2855880 ----a-w- C:\Windows\system32\nvapi64.dll
2013-01-25 11:27:37 . 2012-06-15 11:50:24 6392096 ----a-w- C:\Windows\system32\nvcpl.dll
2013-01-25 11:27:37 . 2012-06-15 11:50:24 3472160 ----a-w- C:\Windows\system32\nvsvc64.dll
2013-01-25 11:27:32 . 2012-06-15 11:50:24 877344 ----a-w- C:\Windows\system32\nvvsvc.exe
2013-01-25 11:27:32 . 2012-06-15 11:50:24 63776 ----a-w- C:\Windows\system32\nvshext.dll
2013-01-25 11:27:32 . 2012-06-15 11:50:24 237856 ----a-w- C:\Windows\system32\nvmctray.dll
2013-01-17 15:34:53 . 2013-01-08 22:32:20 18960 ----a-w- C:\Windows\system32\drivers\LNonPnP.sys
2013-01-17 00:28:58 . 2009-10-05 12:20:44 273840 ------w- C:\Windows\system32\MpSigStub.exe
2012-12-29 10:20:08 . 2009-03-01 14:36:51 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-12-28 18:26:03 . 2012-12-27 17:11:20 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-12-26 19:32:22 . 2012-12-26 19:32:22 466456 ----a-w- C:\Windows\system32\wrap_oal.dll
2012-12-26 19:32:22 . 2012-12-26 19:32:22 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-12-26 19:32:22 . 2012-12-26 19:32:22 122904 ----a-w- C:\Windows\system32\OpenAL32.dll
2012-12-26 19:32:22 . 2012-12-26 19:32:22 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-12-19 05:42:00 . 2013-01-30 18:46:06 31672 ----a-w- C:\Windows\system32\nvhdap64.dll
2012-12-19 05:41:52 . 2013-01-30 18:46:06 194488 ----a-w- C:\Windows\system32\drivers\nvhda64v.sys
2012-12-18 08:31:25 . 2012-06-15 11:48:30 1510328 ----a-w- C:\Windows\system32\nvhdagenco6420103.dll

------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.

[7] 2009-07-10 12:37:33 . 9235EC680D3DB17464B39C7C7DECB4DD . 301568 . . [6.0.6001.18287 (vistasp1_gdr.090709-2345)] .. C:\Windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18287_none_28ff7f1fd585934f\shsvcs.dll
[7] 2009-07-10 12:35:28 . 3F6101365E6319171054ADD75788516C . 300032 . . [6.0.6000.21081 (vista_ldr.090709-2345)] .. C:\Windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6000.21081_none_279cb3aaf1823d60\shsvcs.dll
[7] 2009-07-10 12:27:08 . C2409C9B7C7E422E7680AE4E1738BFC8 . 302080 . . [6.0.6001.22467 (vistasp1_ldr.090709-2345)] .. C:\Windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.22467_none_299ebda8ee92f85e\shsvcs.dll
[7] 2009-07-10 12:24:15 . F33C4D0B9EEFCDE346F8753DC4D6867F . 299520 . . [6.0.6000.16883 (vista_gdr.090709-2345)] .. C:\Windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6000.16883_none_27153f51d8629d02\shsvcs.dll
[7] 2009-07-10 11:56:12 . 00DD742B99B278429714DEE859A73DD0 . 302080 . . [6.0.6002.22169 (vistasp2_ldr.090709-2345)] .. C:\Windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.22169_none_2b873024ebb78030\shsvcs.dll
[7] 2009-07-10 11:51:23 . 56793271ECDEDD350C5ADD305603E963 . 302080 . . [6.0.6002.18063 (vistasp2_gdr.090709-2345)] .. C:\Windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.18063_none_2af7919dd29f485c\shsvcs.dll
[7] 2009-04-11 07:11:24 . 2AD15758174DCC7993FF3C00A955DD66 . 301568 . . [6.0.6002.18005 (lh_sp2rtm.090410-1830)] .. C:\Windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.18005_none_2b3a71b9d26cd364\shsvcs.dll
[7] 2008-01-21 02:50:39 . EB3114330236CF030E8EDF62881BAF67 . 301568 . . [6.0.6001.18000 (longhorn_rtm.080118-1840)] .. C:\Windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_294ef8add54b0818\shsvcs.dll
[-] 2012-06-15 14:55:02 . 66CFDF478939DD6388858DE06F2CE14C . 302080 . . [6.0.6000.16386 (vista_rtm.061101-2205)] .. C:\Windows\system32\shsvcs.dll

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"="" [BU]
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 15:19:40 3671872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 20:56:08 59280]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 14:39:05 41208]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 07:35:28 946352]
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2012-10-25 02:12:14 421888]
"AVP"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-05-31 18:00:26 218880]
"SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 12:37:14 517096]
"AdobeCS6ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 15:26:58 1073312]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 07:04:54 252848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - 12697241
*Deregistered* - 12697241
*Deregistered* - PROCEXP152

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes

Inhoud van de 'Gedeelde Taken' map

2013-03-16 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2174043652-3731302686-191459016-1000Core.job
- C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-15 10:45:55 . 2009-06-15 10:45:54]

2013-03-16 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2174043652-3731302686-191459016-1000UA.job
- C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-15 10:45:55 . 2009-06-15 10:45:54]

--------- X64 Entries -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-05-28 09:49:44 12497552]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-06-16 12:31:28 2716216]
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 05:09:46 446392]
"Launch LCore"="C:\Program Files\Logitech Gaming Software\LCore.exe" [2012-11-29 00:09:44 7406392]

------- Bijkomende Scan -------

uStart Page = hxxp://www.google.nl/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = 127.0.0.1:4444
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 192.168.1.1

johnb35 · Mar 17, 2013

Please upload this file to www.virustotal.com

C:\Windows\system32\shsvcs.dll

Then when you get the results page, copy and paste the url link in your next reply.

oekoeloe · Mar 17, 2013

All seems to be clean:

https://www.virustotal.com/nl/file/...dee4bafd6950bf0c718cc774/analysis/1363479714/

johnb35 · Mar 17, 2013

Ok good.

Check the memory usage now and see where its at.

oekoeloe · Mar 17, 2013

johnb35 said:
Ok good.

Check the memory usage now and see where its at.

It's still between 100 to 200 MB.
Would it be safe to disable the services 1 by 1 and quickly look if either is causing the problem?

johnb35 · Mar 17, 2013

Unless you are really having an issue with memory, I wouldn't worry about it. I just wanted to make sure that infections weren't causing the issue. How much memory do you have installed?

oekoeloe · Mar 17, 2013

johnb35 said:
Unless you are really having an issue with memory, I wouldn't worry about it. I just wanted to make sure that infections weren't causing the issue. How much memory do you have installed?

4 gigabytes. 200MB isn't that much of it but I still don't trust it.
I'm having issues with a videogame, it's getting very low fps while it should be handling it without any problem
I figured it could be this svchost.exe. It uses that amount of memory all the time, but I never bothered with it. But now that I have issues with the videogame, I don't trust.

I'll be offline for a while. Anything said will be read tomorrow.

I really appreciate your help!

johnb35 · Mar 17, 2013

What game are you playing?

oekoeloe · Mar 17, 2013

johnb35 said:
What game are you playing?

Minecraft, the game that doesn't need that much resource from the computer. But yet it has an extremely low fps. I tried everything one normally would've done. Update drivers. Clean installation. Clean computer, etc.
Nothing worked and I saw the svchost.exe as I checked for unnecessary applications. And I remembered that svchost.exe always took a lot of memory like that and never bothered.

oekoeloe · Mar 17, 2013

Ok, what I did was disable every services and start it up again. While keeping an eye on task manager. And when I disabled Superfetch, the svchost dropped in memory usage to less than 50mb.

Can I leave this Superfetch off?

After disabling Superfetch, the game was still lagging.

svchost using almost 200MB

Member

Administrator

Member

Administrator

Member

Member

Member

Administrator

Member

Administrator

Member

Administrator

Member

Administrator

Member

Administrator

Member

Administrator

Member

Member