Virus Keeps Coming Back

spongy9698 · May 30, 2012

i used Malwarebytes and it says java.exe and javar.exe r trojans or something and everytime i remove them they come back within 3 or 4 hrs or something

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1

Run by spongy at 3:59:42 on 2012-05-30

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3575.2615 [GMT -4:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe

C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe

C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\PnkBstrA.exe

C:\Windows\system32\PnkBstrB.exe

C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe

C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Java\jre7\bin\javaw.exe

C:\Users\spongy\AppData\Local\Akamai\netsession_win.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\VideoLAN\VLC\vlc.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uWindow Title = Internet Explorer, optimized for Bing and MSN

uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\hyperionics db toolbar\tbcore3.dll

TB: Hyperionics DB Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\hyperionics db toolbar\tbcore3.dll

TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File

TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File

TB: {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - No File

TB: {90B49673-5506-483E-B92B-CA0265BD9CA8} - No File

TB: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File

uRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

uRun: [Google Update] "c:\users\spongy\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [JaGeXDaemon] c:\.jagex_cache_32\jagc.jar

uRun: [Akamai NetSession Interface] "c:\users\spongy\appdata\local\akamai\netsession_win.exe"

uRun: [RDReminder] c:\program files\regclean pro\RegCleanPro.exe -rem

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [bCU] "c:\program files\devicevm\browser configuration utility\BCU.exe"

mRun: [NUSB3MON] "c:\program files\nec electronics\usb 3.0 host controller driver\application\nusb3mon.exe"

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\spongy\appdata\roaming\microsoft\windows\start menu\programs\imvu\Run IMVU.lnk

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 24.226.1.94 24.226.10.193 24.226.1.93

TCP: Interfaces\{476C8756-AC8A-44A2-BDB3-426605B11C57} : DhcpNameServer = 24.226.1.94 24.226.10.193 24.226.1.93

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\spongy\appdata\roaming\mozilla\firefox\profiles\zwwyizpk.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll

FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\program files\webzen\browserextension\NPWZCmnCtrl.dll

FF - plugin: c:\users\spongy\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\users\spongy\appdata\local\tunnelers\npTunnelers.dll

FF - plugin: c:\users\spongy\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

FF - plugin: c:\windows\system32\npOGPPlugin.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-11-21 15672]

R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [2011-3-5 19496]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-3-5 218688]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]

R2 BCUService;Browser Configuration Utility Service;c:\program files\devicevm\browser configuration utility\BCUService.exe [2009-10-15 223464]

R2 DES2 Service;DES2 Service for Energy Saving.;c:\program files\gigabyte\energysaver2\des2svr.exe [2011-3-5 68136]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-2-28 1373576]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-5-15 2348352]

R2 Smart TimeLock;Smart TimeLock Service;c:\program files\gigabyte\smart6\timelock\TimeMgmtDaemon.exe [2011-3-5 114688]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-2-29 382272]

R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2009-10-26 58240]

R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2009-10-26 136704]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-3-5 277536]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-7 253088]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2011-11-18 81680]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-16 129976]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-7 1343400]

S3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [2012-2-3 674400]

.

=============== Created Last 30 ================

.

2012-05-29 14:50:04 -------- d-----w- c:\program files\CCleaner

2012-05-29 13:50:16 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{42425088-df7f-489a-9468-a3587ef295e6}\offreg.dll

2012-05-29 12:47:11 -------- d-----w- c:\users\spongy\appdata\roaming\SUPERAntiSpyware.com

2012-05-29 12:46:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-05-29 12:46:37 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-05-27 04:13:32 -------- d-----w- c:\program files\gravitysensation.com

2012-05-27 01:26:30 -------- d-----w- c:\program files\ESET

2012-05-27 01:22:19 -------- d-----w- C:\TDSSKiller_Quarantine

2012-05-26 01:05:27 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{42425088-df7f-489a-9468-a3587ef295e6}\mpengine.dll

2012-05-24 23:22:28 -------- d-----w- c:\users\spongy\appdata\roaming\Raptr

2012-05-24 23:22:28 -------- d-----w- c:\program files\Raptr

2012-05-23 02:40:43 -------- d-----w- c:\users\spongy\appdata\roaming\.minecraft

2012-05-17 23:55:30 -------- d-----w- c:\program files\Oracle

2012-05-17 00:19:17 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-05-17 00:19:16 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe

2012-05-17 00:19:16 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe

2012-05-16 21:52:06 -------- d-----w- c:\users\spongy\appdata\local\{372644FF-5BEB-44F9-BE13-9876133F3F91}

2012-05-16 21:51:45 -------- d-----w- c:\users\spongy\appdata\local\{FE2700D8-EBD3-414F-8FFF-4AAD358D5C65}

2012-05-16 21:49:18 -------- d-----w- c:\users\spongy\appdata\local\{F44F346C-6982-40AF-B58F-CA2F591E4523}

2012-05-16 21:48:58 -------- d-----w- c:\users\spongy\appdata\local\{CA87C0DB-2E13-4173-B43E-965107AD21D3}

2012-05-15 23:27:49 881984 ----a-w- c:\windows\system32\nvgenco32.dll

2012-05-15 23:27:49 61248 ----a-w- c:\windows\system32\OpenCL.dll

2012-05-15 23:27:49 5892928 ----a-w- c:\windows\system32\nvcuda.dll

2012-05-15 23:27:49 2517312 ----a-w- c:\windows\system32\nvcuvid.dll

2012-05-15 23:27:49 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-05-15 23:27:49 19444544 ----a-w- c:\windows\system32\nvoglv32.dll

2012-05-15 23:27:49 10819392 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-05-15 23:27:49 1000256 ----a-w- c:\windows\system32\nvdispco32.dll

2012-05-15 23:27:47 17543488 ----a-w- c:\windows\system32\nvcompiler.dll

2012-05-15 22:48:10 -------- d-----w- c:\program files\Diablo III

2012-05-15 19:53:36 -------- d-----w- c:\users\spongy\appdata\roaming\Carbon

2012-05-09 22:13:18 -------- d-----w- c:\users\spongy\.towns

2012-05-09 22:12:34 -------- d-----w- c:\program files\Towns

2012-05-04 22:33:47 -------- d-----w- c:\users\spongy\appdata\roaming\wargaming.net

2012-05-03 19:04:49 -------- d-----w- c:\users\spongy\appdata\roaming\Enterbrain

2012-05-03 18:53:10 -------- d-----w- c:\program files\Enterbrain

2012-05-01 17:20:17 -------- d-----w- c:\program files\StarCraft II SE

2012-05-01 10:55:11 -------- d-----w- c:\users\spongy\appdata\local\Floating Minds

2012-05-01 10:51:26 -------- d-----w- c:\users\spongy\appdata\local\Tunnelers

2012-04-30 13:13:26 -------- d-----w- c:\users\spongy\SC2-WingsOfLiberty-enSG-Installer

.

==================== Find3M ====================

.

2012-05-29 13:46:20 17488 ----a-w- c:\windows\gdrv.sys

2012-04-28 11:09:34 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-28 11:09:34 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-04 22:47:08 772504 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-04-04 22:47:02 687504 ----a-w- c:\windows\system32\deployJava1.dll

2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-02 20:28:13 674400 ----a-w- c:\windows\system32\xsherlock.xem

.

============= FINISH: 4:00:53.06 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 3/5/2011 6:22:41 AM

System Uptime: 5/29/2012 9:45:59 AM (19 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | P55A-UD3

Processor: Intel® Core i5 CPU 760 @ 2.80GHz | Socket 1156 | 2654/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 269 GiB total, 98.401 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 9.923 GiB free.

E: is CDROM (UDF)

F: is CDROM ()

G: is CDROM ()

H: is CDROM ()

I: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1626: 5/26/2012 2:00:01 AM - Automatic creation

RP1630: 5/27/2012 7:21:23 PM - Automatic creation

RP1634: 5/28/2012 8:17:18 AM - Automatic creation

RP1640: 5/29/2012 10:17:54 AM - Automatic creation

RP1642: 5/30/2012 2:00:01 AM - Automatic creation

.

==== Installed Programs ======================

.

@BIOS

µTorrent

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Akamai NetSession Interface

Apple Application Support

Apple Software Update

AutoGreen B09.1014.2

Bandisoft MPEG-1 Decoder

Browser Configuration Utility

Camtasia Studio 7

CCleaner

Cobalt

CraftBukkit

Crayon Physics Deluxe version 55

D3DX10

DAEMON Tools Lite

DES 2.0

Diablo III

DivX Setup

DriverAgent by eSupport.com

Dungeons of Dredmor

Easy Tune 6 B10.0521.1

ESET Online Scanner v3

Game Booster 3

Google Chrome

Hyperionics DB Toolbar

Java Auto Updater

Java SE Development Kit 7 Update 4

Java 7 Update 4

JavaFX 2.1.0

JavaFX 2.1.0 SDK

KAG 0.91A

League of Legends

LogMeIn Hamachi

Lost Saga

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft DirectX SDK (June 2008)

Microsoft Excel 2010

Microsoft Office Excel 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft XNA Framework Redistributable 3.1

Microsoft XNA Framework Redistributable 4.0

MotioninJoy ds3 driver version 0.6.0001

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

NEC Electronics USB 3.0 Host Controller Driver

Nexus Mod Manager

Notepad++

NVIDIA 3D Vision Controller Driver 296.10

NVIDIA 3D Vision Driver 296.10

NVIDIA Control Panel 296.10

NVIDIA Graphics Driver 296.10

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0213

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.7.11

NVIDIA Update Components

OGPlanet Game Launcher

ON_OFF Charge B10.0427.1

On2 VP7 Personal Edition

OpenAL

Origin

Paint.NET v3.5.8

Pando Media Booster

Plants vs. Zombies

Project64 1.7

Project64 1.7.0.55

PunkBuster Services

QuickTime

Realm of the Mad God

Realtek Ethernet Controller Driver For Windows 7

RegClean Pro

Rock of Ages

RollerCoaster Tycoon Deluxe

SD Gundam Capsule Fighter

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Skype Click to Call

Skype™ 5.5

Smart 6 B10.0422.1

Smart Defrag 2

Sorian AI Mod 1.9.7

StarCraft II

Steam

Sumotori Full Version

SUPERAntiSpyware

System Requirements Lab CYRI

tConfig version 0.23.2

Terraria

Terraria Game Launcher GUI version 1.2.2

TES Construction Set

The Elder Scrolls V: Skyrim

Towns (Alpha) version 0.40.2

Towns version 0.45b

Towns version 0.46

Tunnelers

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

VC80CRTRedist - 8.0.50727.6195

VLC media player 2.0.0

WEBZEN Browser Extension

Winamp

Winamp Detector Plug-in

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinRAR 4.00 beta 7 (32-bit)

World of Tanks

Xfire (remove only)

XSplit

.

==== Event Viewer Messages From Past Week ========

.

5/29/2012 3:04:58 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer TREYSCOMPUTA that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BE817D5D-FCFB-4565-8FC6-6B6C3. The master browser is stopping or an election is being forced.

5/29/2012 2:30:19 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer BECK-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BE817D5D-FCFB-4565-8FC6-6B6C3B37C8. The master browser is stopping or an election is being forced.

5/27/2012 8:57:55 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer OWNER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BE817D5D-FCFB-4565-8FC6-6B6C3B37C. The master browser is stopping or an election is being forced.

5/26/2012 7:52:30 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

5/26/2012 7:52:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

5/26/2012 7:52:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

5/26/2012 7:52:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

5/26/2012 7:52:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

5/26/2012 7:52:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

5/26/2012 7:52:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

5/26/2012 7:52:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AppleCharger CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf

5/26/2012 7:52:06 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

5/26/2012 7:52:06 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

5/26/2012 7:52:06 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

5/26/2012 7:52:06 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

5/26/2012 7:52:06 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

5/26/2012 7:52:06 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

5/26/2012 7:52:06 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

5/26/2012 7:52:06 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

5/26/2012 7:52:06 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

5/26/2012 7:52:06 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

5/26/2012 2:04:00 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy1.

5/23/2012 10:17:08 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer KODY-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{476C8756-AC8A-44A2-BDB3-426605B11C. The master browser is stopping or an election is being forced.

.

==== End Of File ===========================

MrCharlie · May 30, 2012

Welcome to the forum.

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

-------------------------

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!)

Post back the report.

MrC

spongy9698 · June 1, 2012

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.01.02

Windows 7 x86 NTFS

Internet Explorer 9.0.8112.16421

spongy :: SPONGY-PC [administrator]

6/1/2012 1:14:15 AM

mbam-log-2012-06-01 (01-21-24).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 217842

Time elapsed: 5 minute(s), 14 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Users\spongy\AppData\Local\Temp\java.exe (Trojan.MSIL.Gen) -> No action taken.

C:\Users\spongy\AppData\Local\Temp\javav.exe (PUP.HackTool.ACGen) -> No action taken.

(end)

MrCharlie · June 1, 2012

Can you post the log from RogueKiller, MrC

spongy9698 · June 1, 2012

RogueKiller V7.5.2 [05/30/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 32 bits version

Started in : Normal mode

User: spongy [Admin rights]

Mode: Scan -- Date: 06/01/2012 09:05:49

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3300831AS ATA Device +++++

--- User ---

[MBR] a869989db88e738ab8d5abb58da9fdb1

[bSP] ceb84c3e7b096f62a58a22cb4210973b : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 10240 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 21178368 | Size: 275826 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

MrCharlie · June 1, 2012

Files Detected: 2
C:\Users\spongy\AppData\Local\Temp\java.exe (Trojan.MSIL.Gen) -> No action taken.
C:\Users\spongy\AppData\Local\Temp\javav.exe (PUP.HackTool.ACGen) -> No action taken.

Looks like you never fixed anything!!

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

MrC

spongy9698 · June 1, 2012

accidently put the wrong 1 last time

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.01.02

Windows 7 x86 NTFS

Internet Explorer 9.0.8112.16421

spongy :: SPONGY-PC [administrator]

6/1/2012 1:14:15 AM

mbam-log-2012-06-01 (01-14-15).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 217842

Time elapsed: 5 minute(s), 14 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Users\spongy\AppData\Local\Temp\java.exe (Trojan.MSIL.Gen) -> Quarantined and deleted successfully.

C:\Users\spongy\AppData\Local\Temp\javav.exe (PUP.HackTool.ACGen) -> Quarantined and deleted successfully.

(end)

MrCharlie · June 1, 2012

µTorrent

Continued use of filesharing or ill-advised downloads will surely re-infect your system.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

-----------------------------

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

spongy9698 · June 1, 2012

12:59:42.0672 4020 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16

12:59:42.0911 4020 ============================================================

12:59:42.0911 4020 Current date / time: 2012/06/01 12:59:42.0911

12:59:42.0911 4020 SystemInfo:

12:59:42.0911 4020

12:59:42.0911 4020 OS Version: 6.1.7600 ServicePack: 0.0

12:59:42.0911 4020 Product type: Workstation

12:59:42.0911 4020 ComputerName: SPONGY-PC

12:59:42.0911 4020 UserName: spongy

12:59:42.0911 4020 Windows directory: C:\Windows

12:59:42.0911 4020 System windows directory: C:\Windows

12:59:42.0911 4020 Processor architecture: Intel x86

12:59:42.0911 4020 Number of processors: 4

12:59:42.0911 4020 Page size: 0x1000

12:59:42.0911 4020 Boot type: Normal boot

12:59:42.0911 4020 ============================================================

12:59:43.0755 4020 Drive \Device\Harddisk0\DR0 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x9769, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050

12:59:43.0783 4020 ============================================================

12:59:43.0783 4020 \Device\Harddisk0\DR0:

12:59:43.0811 4020 MBR partitions:

12:59:43.0811 4020 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

12:59:43.0811 4020 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1400000

12:59:43.0811 4020 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1432800, BlocksNum 0x21AB9000

12:59:43.0811 4020 ============================================================

12:59:43.0852 4020 C: <-> \Device\Harddisk0\DR0\Partition2

12:59:43.0954 4020 D: <-> \Device\Harddisk0\DR0\Partition1

12:59:43.0954 4020 ============================================================

12:59:43.0954 4020 Initialize success

12:59:43.0954 4020 ============================================================

13:00:08.0066 5980 ============================================================

13:00:08.0066 5980 Scan started

13:00:08.0066 5980 Mode: Manual; SigCheck; TDLFS;

13:00:08.0066 5980 ============================================================

13:00:09.0772 5980 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

13:00:09.0815 5980 !SASCORE - ok

13:00:09.0982 5980 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

13:00:10.0081 5980 1394ohci - ok

13:00:10.0371 5980 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

13:00:10.0393 5980 ACPI - ok

13:00:10.0418 5980 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

13:00:10.0493 5980 AcpiPmi - ok

13:00:10.0599 5980 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

13:00:10.0617 5980 AdobeFlashPlayerUpdateSvc - ok

13:00:10.0682 5980 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

13:00:10.0707 5980 adp94xx - ok

13:00:10.0761 5980 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

13:00:10.0783 5980 adpahci - ok

13:00:10.0814 5980 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

13:00:10.0824 5980 adpu320 - ok

13:00:10.0846 5980 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll

13:00:10.0911 5980 AeLookupSvc - ok

13:00:10.0978 5980 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys

13:00:11.0032 5980 AFD - ok

13:00:11.0067 5980 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

13:00:11.0082 5980 agp440 - ok

13:00:11.0107 5980 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

13:00:11.0121 5980 aic78xx - ok

13:00:11.0172 5980 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe

13:00:11.0237 5980 ALG - ok

13:00:11.0256 5980 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

13:00:11.0270 5980 aliide - ok

13:00:11.0277 5980 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

13:00:11.0293 5980 amdagp - ok

13:00:11.0312 5980 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

13:00:11.0328 5980 amdide - ok

13:00:11.0364 5980 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

13:00:11.0398 5980 AmdK8 - ok

13:00:11.0405 5980 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

13:00:11.0433 5980 AmdPPM - ok

13:00:11.0457 5980 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys

13:00:11.0468 5980 amdsata - ok

13:00:11.0488 5980 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

13:00:11.0500 5980 amdsbs - ok

13:00:11.0541 5980 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys

13:00:11.0547 5980 amdxata - ok

13:00:11.0617 5980 apf001 - ok

13:00:11.0642 5980 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

13:00:11.0704 5980 AppID - ok

13:00:11.0731 5980 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll

13:00:11.0863 5980 AppIDSvc - ok

13:00:11.0891 5980 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll

13:00:11.0933 5980 Appinfo - ok

13:00:11.0974 5980 AppleCharger (75a8b998eb259dd512f01ea25bec7f3b) C:\Windows\system32\DRIVERS\AppleCharger.sys

13:00:11.0987 5980 AppleCharger - ok

13:00:12.0000 5980 AppleChargerSrv (95ef7247c50c7241fdae39a9b3aff4ae) C:\Windows\system32\AppleChargerSrv.exe

13:00:12.0005 5980 AppleChargerSrv - ok

13:00:12.0087 5980 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll

13:00:12.0146 5980 AppMgmt - ok

13:00:12.0240 5980 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

13:00:12.0257 5980 arc - ok

13:00:12.0294 5980 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

13:00:12.0311 5980 arcsas - ok

13:00:12.0423 5980 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

13:00:12.0437 5980 aspnet_state - ok

13:00:12.0456 5980 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

13:00:12.0589 5980 AsyncMac - ok

13:00:12.0612 5980 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

13:00:12.0619 5980 atapi - ok

13:00:12.0667 5980 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll

13:00:12.0721 5980 AudioEndpointBuilder - ok

13:00:12.0724 5980 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll

13:00:12.0745 5980 Audiosrv - ok

13:00:12.0772 5980 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll

13:00:12.0848 5980 AxInstSV - ok

13:00:12.0917 5980 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

13:00:12.0984 5980 b06bdrv - ok

13:00:13.0021 5980 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

13:00:13.0068 5980 b57nd60x - ok

13:00:13.0272 5980 BCUService (382b151daffe4a9ce9da9f564b66761e) C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe

13:00:13.0290 5980 BCUService - ok

13:00:13.0332 5980 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll

13:00:13.0390 5980 BDESVC - ok

13:00:13.0415 5980 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

13:00:13.0489 5980 Beep - ok

13:00:13.0548 5980 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll

13:00:13.0600 5980 BFE - ok

13:00:13.0731 5980 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\System32\qmgr.dll

13:00:13.0799 5980 BITS - ok

13:00:13.0819 5980 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

13:00:13.0853 5980 blbdrive - ok

13:00:13.0902 5980 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys

13:00:13.0928 5980 bowser - ok

13:00:13.0956 5980 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

13:00:13.0997 5980 BrFiltLo - ok

13:00:14.0013 5980 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

13:00:14.0048 5980 BrFiltUp - ok

13:00:14.0083 5980 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll

13:00:14.0130 5980 Browser - ok

13:00:14.0163 5980 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

13:00:14.0190 5980 Brserid - ok

13:00:14.0203 5980 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

13:00:14.0237 5980 BrSerWdm - ok

13:00:14.0266 5980 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

13:00:14.0303 5980 BrUsbMdm - ok

13:00:14.0322 5980 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

13:00:14.0350 5980 BrUsbSer - ok

13:00:14.0371 5980 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

13:00:14.0406 5980 BTHMODEM - ok

13:00:14.0447 5980 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll

13:00:14.0506 5980 bthserv - ok

13:00:14.0537 5980 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

13:00:14.0597 5980 cdfs - ok

13:00:14.0629 5980 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

13:00:14.0651 5980 cdrom - ok

13:00:14.0682 5980 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll

13:00:14.0739 5980 CertPropSvc - ok

13:00:14.0761 5980 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

13:00:14.0774 5980 circlass - ok

13:00:14.0803 5980 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

13:00:14.0815 5980 CLFS - ok

13:00:14.0902 5980 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:00:14.0917 5980 clr_optimization_v2.0.50727_32 - ok

13:00:14.0979 5980 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

13:00:15.0003 5980 clr_optimization_v4.0.30319_32 - ok

13:00:15.0068 5980 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

13:00:15.0105 5980 CmBatt - ok

13:00:15.0122 5980 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

13:00:15.0136 5980 cmdide - ok

13:00:15.0179 5980 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

13:00:15.0207 5980 CNG - ok

13:00:15.0217 5980 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

13:00:15.0230 5980 Compbatt - ok

13:00:15.0255 5980 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

13:00:15.0270 5980 CompositeBus - ok

13:00:15.0279 5980 COMSysApp - ok

13:00:15.0285 5980 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

13:00:15.0294 5980 crcdisk - ok

13:00:15.0329 5980 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll

13:00:15.0383 5980 CryptSvc - ok

13:00:15.0440 5980 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys

13:00:15.0494 5980 CSC - ok

13:00:15.0539 5980 CscService (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll

13:00:15.0576 5980 CscService - ok

13:00:15.0631 5980 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll

13:00:15.0676 5980 DcomLaunch - ok

13:00:15.0711 5980 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll

13:00:15.0750 5980 defragsvc - ok

13:00:15.0826 5980 DES2 Service (fdc0c5adde1cde6edb0bef78f0699af3) C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe

13:00:15.0838 5980 DES2 Service - ok

13:00:15.0900 5980 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys

13:00:15.0945 5980 DfsC - ok

13:00:16.0026 5980 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll

13:00:16.0078 5980 Dhcp - ok

13:00:16.0100 5980 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

13:00:16.0132 5980 discache - ok

13:00:16.0158 5980 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

13:00:16.0165 5980 Disk - ok

13:00:16.0201 5980 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll

13:00:16.0246 5980 Dnscache - ok

13:00:16.0276 5980 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll

13:00:16.0312 5980 dot3svc - ok

13:00:16.0349 5980 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll

13:00:16.0387 5980 DPS - ok

13:00:16.0437 5980 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

13:00:16.0465 5980 drmkaud - ok

13:00:16.0547 5980 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

13:00:16.0554 5980 dtsoftbus01 - ok

13:00:16.0616 5980 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys

13:00:16.0630 5980 DXGKrnl - ok

13:00:16.0676 5980 EagleNT - ok

13:00:16.0696 5980 EagleXNt - ok

13:00:16.0724 5980 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll

13:00:16.0761 5980 EapHost - ok

13:00:16.0956 5980 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

13:00:17.0005 5980 ebdrv - ok

13:00:17.0088 5980 EFS (f42309c4191c506b71db5d1126d26318) C:\Windows\System32\lsass.exe

13:00:17.0112 5980 EFS - ok

13:00:17.0188 5980 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe

13:00:17.0241 5980 ehRecvr - ok

13:00:17.0258 5980 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe

13:00:17.0284 5980 ehSched - ok

13:00:17.0334 5980 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

13:00:17.0345 5980 elxstor - ok

13:00:17.0360 5980 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

13:00:17.0383 5980 ErrDev - ok

13:00:17.0418 5980 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll

13:00:17.0452 5980 EventSystem - ok

13:00:17.0492 5980 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

13:00:17.0510 5980 exfat - ok

13:00:17.0539 5980 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

13:00:17.0557 5980 fastfat - ok

13:00:17.0616 5980 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe

13:00:17.0663 5980 Fax - ok

13:00:17.0675 5980 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

13:00:17.0699 5980 fdc - ok

13:00:17.0717 5980 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll

13:00:17.0749 5980 fdPHost - ok

13:00:17.0767 5980 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll

13:00:17.0784 5980 FDResPub - ok

13:00:17.0789 5980 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

13:00:17.0796 5980 FileInfo - ok

13:00:17.0807 5980 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

13:00:17.0841 5980 Filetrace - ok

13:00:17.0861 5980 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

13:00:17.0888 5980 flpydisk - ok

13:00:17.0916 5980 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

13:00:17.0923 5980 FltMgr - ok

13:00:17.0990 5980 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll

13:00:18.0037 5980 FontCache - ok

13:00:18.0216 5980 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

13:00:18.0235 5980 FontCache3.0.0.0 - ok

13:00:18.0281 5980 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

13:00:18.0298 5980 FsDepends - ok

13:00:18.0321 5980 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

13:00:18.0337 5980 Fs_Rec - ok

13:00:18.0641 5980 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

13:00:18.0663 5980 fvevol - ok

13:00:18.0703 5980 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

13:00:18.0715 5980 gagp30kx - ok

13:00:18.0746 5980 gdrv (d556cb79967e92b5cc69686d16c1d846) C:\Windows\gdrv.sys

13:00:18.0753 5980 gdrv - ok

13:00:18.0799 5980 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll

13:00:18.0840 5980 gpsvc - ok

13:00:18.0907 5980 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys

13:00:18.0917 5980 hamachi - ok

13:00:19.0080 5980 Hamachi2Svc (fa89c0429821c7c429eec7a0ce1c02d3) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

13:00:19.0119 5980 Hamachi2Svc - ok

13:00:19.0230 5980 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

13:00:19.0280 5980 hcw85cir - ok

13:00:19.0328 5980 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys

13:00:19.0370 5980 HdAudAddService - ok

13:00:19.0411 5980 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

13:00:19.0450 5980 HDAudBus - ok

13:00:19.0486 5980 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

13:00:19.0521 5980 HidBatt - ok

13:00:19.0549 5980 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

13:00:19.0591 5980 HidBth - ok

13:00:19.0597 5980 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

13:00:19.0620 5980 HidIr - ok

13:00:19.0646 5980 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll

13:00:19.0685 5980 hidserv - ok

13:00:19.0755 5980 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

13:00:19.0789 5980 HidUsb - ok

13:00:19.0825 5980 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll

13:00:19.0883 5980 hkmsvc - ok

13:00:19.0922 5980 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll

13:00:19.0966 5980 HomeGroupListener - ok

13:00:20.0002 5980 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll

13:00:20.0038 5980 HomeGroupProvider - ok

13:00:20.0074 5980 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

13:00:20.0089 5980 HpSAMD - ok

13:00:20.0136 5980 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

13:00:20.0197 5980 HTTP - ok

13:00:20.0230 5980 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

13:00:20.0238 5980 hwpolicy - ok

13:00:20.0256 5980 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

13:00:20.0272 5980 i8042prt - ok

13:00:20.0304 5980 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys

13:00:20.0320 5980 iaStorV - ok

13:00:20.0435 5980 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

13:00:20.0486 5980 idsvc - ok

13:00:20.0507 5980 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

13:00:20.0518 5980 iirsp - ok

13:00:20.0588 5980 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll

13:00:20.0640 5980 IKEEXT - ok

13:00:20.0665 5980 IntcAzAudAddService - ok

13:00:20.0682 5980 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

13:00:20.0693 5980 intelide - ok

13:00:20.0714 5980 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

13:00:20.0742 5980 intelppm - ok

13:00:20.0774 5980 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll

13:00:20.0825 5980 IPBusEnum - ok

13:00:20.0860 5980 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:00:20.0910 5980 IpFilterDriver - ok

13:00:20.0955 5980 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll

13:00:21.0016 5980 iphlpsvc - ok

13:00:21.0023 5980 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

13:00:21.0037 5980 IPMIDRV - ok

13:00:21.0056 5980 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

13:00:21.0111 5980 IPNAT - ok

13:00:21.0147 5980 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

13:00:21.0187 5980 IRENUM - ok

13:00:21.0221 5980 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

13:00:21.0231 5980 isapnp - ok

13:00:21.0264 5980 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

13:00:21.0277 5980 iScsiPrt - ok

13:00:21.0301 5980 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

13:00:21.0312 5980 kbdclass - ok

13:00:21.0323 5980 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

13:00:21.0356 5980 kbdhid - ok

13:00:21.0395 5980 KeyIso (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe

13:00:21.0410 5980 KeyIso - ok

13:00:21.0427 5980 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys

13:00:21.0438 5980 KSecDD - ok

13:00:21.0469 5980 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys

13:00:21.0482 5980 KSecPkg - ok

13:00:21.0519 5980 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll

13:00:21.0567 5980 KtmRm - ok

13:00:21.0621 5980 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\system32\srvsvc.dll

13:00:21.0675 5980 LanmanServer - ok

13:00:21.0702 5980 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll

13:00:21.0741 5980 LanmanWorkstation - ok

13:00:21.0781 5980 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

13:00:21.0838 5980 lltdio - ok

13:00:21.0882 5980 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll

13:00:21.0913 5980 lltdsvc - ok

13:00:21.0929 5980 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll

13:00:21.0981 5980 lmhosts - ok

13:00:22.0016 5980 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

13:00:22.0025 5980 LSI_FC - ok

13:00:22.0040 5980 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

13:00:22.0049 5980 LSI_SAS - ok

13:00:22.0106 5980 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

13:00:22.0115 5980 LSI_SAS2 - ok

13:00:22.0132 5980 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

13:00:22.0142 5980 LSI_SCSI - ok

13:00:22.0165 5980 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

13:00:22.0223 5980 luafv - ok

13:00:22.0256 5980 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll

13:00:22.0269 5980 Mcx2Svc - ok

13:00:22.0280 5980 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

13:00:22.0289 5980 megasas - ok

13:00:22.0314 5980 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

13:00:22.0326 5980 MegaSR - ok

13:00:22.0345 5980 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

13:00:22.0364 5980 MMCSS - ok

13:00:22.0376 5980 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

13:00:22.0409 5980 Modem - ok

13:00:22.0425 5980 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

13:00:22.0448 5980 monitor - ok

13:00:22.0508 5980 MotioninJoyXFilter (d1a65145cda845048da97dd244a38d1d) C:\Windows\system32\DRIVERS\MijXfilt.sys

13:00:22.0514 5980 MotioninJoyXFilter - ok

13:00:22.0547 5980 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

13:00:22.0553 5980 mouclass - ok

13:00:22.0572 5980 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

13:00:22.0595 5980 mouhid - ok

13:00:22.0626 5980 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

13:00:22.0634 5980 mountmgr - ok

13:00:22.0685 5980 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

13:00:22.0697 5980 MozillaMaintenance - ok

13:00:22.0723 5980 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

13:00:22.0731 5980 mpio - ok

13:00:22.0740 5980 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

13:00:22.0781 5980 mpsdrv - ok

13:00:22.0847 5980 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll

13:00:22.0906 5980 MpsSvc - ok

13:00:22.0940 5980 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

13:00:22.0966 5980 MRxDAV - ok

13:00:23.0039 5980 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys

13:00:23.0089 5980 mrxsmb - ok

13:00:23.0133 5980 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:00:23.0172 5980 mrxsmb10 - ok

13:00:23.0195 5980 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:00:23.0216 5980 mrxsmb20 - ok

13:00:23.0233 5980 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys

13:00:23.0249 5980 msahci - ok

13:00:23.0287 5980 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

13:00:23.0304 5980 msdsm - ok

13:00:23.0333 5980 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe

13:00:23.0370 5980 MSDTC - ok

13:00:23.0402 5980 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

13:00:23.0445 5980 Msfs - ok

13:00:23.0451 5980 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

13:00:23.0493 5980 mshidkmdf - ok

13:00:23.0509 5980 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

13:00:23.0518 5980 msisadrv - ok

13:00:23.0553 5980 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll

13:00:23.0583 5980 MSiSCSI - ok

13:00:23.0585 5980 msiserver - ok

13:00:23.0601 5980 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

13:00:23.0643 5980 MSKSSRV - ok

13:00:23.0661 5980 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

13:00:23.0710 5980 MSPCLOCK - ok

13:00:23.0726 5980 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

13:00:23.0744 5980 MSPQM - ok

13:00:23.0763 5980 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

13:00:23.0770 5980 MsRPC - ok

13:00:23.0779 5980 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

13:00:23.0787 5980 mssmbios - ok

13:00:23.0800 5980 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

13:00:23.0822 5980 MSTEE - ok

13:00:23.0839 5980 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

13:00:23.0867 5980 MTConfig - ok

13:00:23.0891 5980 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

13:00:23.0900 5980 Mup - ok

13:00:23.0935 5980 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll

13:00:23.0980 5980 napagent - ok

13:00:24.0043 5980 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

13:00:24.0072 5980 NativeWifiP - ok

13:00:24.0140 5980 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

13:00:24.0162 5980 NDIS - ok

13:00:24.0172 5980 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

13:00:24.0209 5980 NdisCap - ok

13:00:24.0259 5980 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

13:00:24.0308 5980 NdisTapi - ok

13:00:24.0328 5980 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

13:00:24.0349 5980 Ndisuio - ok

13:00:24.0384 5980 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

13:00:24.0421 5980 NdisWan - ok

13:00:24.0432 5980 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

13:00:24.0459 5980 NDProxy - ok

13:00:24.0483 5980 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

13:00:24.0534 5980 NetBIOS - ok

13:00:24.0561 5980 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

13:00:24.0601 5980 NetBT - ok

13:00:24.0627 5980 Netlogon (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe

13:00:24.0640 5980 Netlogon - ok

13:00:24.0687 5980 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll

13:00:24.0725 5980 Netman - ok

13:00:24.0805 5980 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

13:00:24.0828 5980 NetMsmqActivator - ok

13:00:24.0842 5980 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

13:00:24.0856 5980 NetPipeActivator - ok

13:00:24.0887 5980 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll

13:00:24.0950 5980 netprofm - ok

13:00:24.0952 5980 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

13:00:24.0958 5980 NetTcpActivator - ok

13:00:24.0960 5980 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

13:00:24.0966 5980 NetTcpPortSharing - ok

13:00:24.0998 5980 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

13:00:25.0005 5980 nfrd960 - ok

13:00:25.0027 5980 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll

13:00:25.0052 5980 NlaSvc - ok

13:00:25.0057 5980 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

13:00:25.0082 5980 Npfs - ok

13:00:25.0107 5980 npggsvc - ok

13:00:25.0130 5980 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll

13:00:25.0156 5980 nsi - ok

13:00:25.0167 5980 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

13:00:25.0218 5980 nsiproxy - ok

13:00:25.0322 5980 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys

13:00:25.0347 5980 Ntfs - ok

13:00:25.0353 5980 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

13:00:25.0386 5980 Null - ok

13:00:25.0420 5980 nusb3hub (e079302fc304cc3f8d444d770c1275d9) C:\Windows\system32\DRIVERS\nusb3hub.sys

13:00:25.0462 5980 nusb3hub - ok

13:00:25.0492 5980 nusb3xhc (456f7262604f85746919823f592b303c) C:\Windows\system32\DRIVERS\nusb3xhc.sys

13:00:25.0503 5980 nusb3xhc - ok

13:00:26.0631 5980 nvlddmkm (e891b3979f0cf2740c1b073f834221fe) C:\Windows\system32\DRIVERS\nvlddmkm.sys

13:00:26.0738 5980 nvlddmkm - ok

13:00:26.0868 5980 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys

13:00:26.0883 5980 nvraid - ok

13:00:26.0904 5980 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys

13:00:26.0914 5980 nvstor - ok

13:00:26.0986 5980 NVSvc (ae2de8e165dcb93a66b21748e6f913df) C:\Windows\system32\nvvsvc.exe

13:00:27.0010 5980 NVSvc - ok

13:00:27.0194 5980 nvUpdatusService (c78581c14699c46fe0f0817416383134) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

13:00:27.0280 5980 nvUpdatusService - ok

13:00:27.0402 5980 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

13:00:27.0419 5980 nv_agp - ok

13:00:27.0443 5980 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

13:00:27.0481 5980 ohci1394 - ok

13:00:27.0578 5980 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

13:00:27.0602 5980 ose - ok

13:00:27.0918 5980 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

13:00:28.0073 5980 osppsvc - ok

13:00:28.0255 5980 OverwolfUpdaterService (813c8045395da92ac8a7e0c7a78da8e7) C:\Program Files\Overwolf\OverwolfUpdater.exe

13:00:28.0269 5980 OverwolfUpdaterService - ok

13:00:28.0602 5980 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

13:00:28.0687 5980 p2pimsvc - ok

13:00:28.0722 5980 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll

13:00:28.0775 5980 p2psvc - ok

13:00:28.0836 5980 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

13:00:28.0875 5980 Parport - ok

13:00:28.0906 5980 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

13:00:28.0921 5980 partmgr - ok

13:00:28.0939 5980 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

13:00:28.0978 5980 Parvdm - ok

13:00:29.0017 5980 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll

13:00:29.0045 5980 PcaSvc - ok

13:00:29.0086 5980 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

13:00:29.0103 5980 pci - ok

13:00:29.0123 5980 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

13:00:29.0132 5980 pciide - ok

13:00:29.0158 5980 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

13:00:29.0170 5980 pcmcia - ok

13:00:29.0184 5980 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

13:00:29.0194 5980 pcw - ok

13:00:29.0238 5980 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

13:00:29.0286 5980 PEAUTH - ok

13:00:29.0379 5980 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll

13:00:29.0441 5980 PeerDistSvc - ok

13:00:29.0545 5980 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll

13:00:29.0584 5980 pla - ok

13:00:29.0698 5980 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll

13:00:29.0753 5980 PlugPlay - ok

13:00:29.0800 5980 PnkBstrA (3a2bdd76e7d2a5f40a7174793d1ba794) C:\Windows\system32\PnkBstrA.exe

13:00:29.0813 5980 PnkBstrA - ok

13:00:29.0861 5980 PnkBstrB (27f1be4a53441c9f1f48b9adc145b0a5) C:\Windows\system32\PnkBstrB.exe

13:00:29.0876 5980 PnkBstrB - ok

13:00:29.0896 5980 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll

13:00:29.0935 5980 PNRPAutoReg - ok

13:00:29.0964 5980 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

13:00:29.0988 5980 PNRPsvc - ok

13:00:30.0041 5980 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll

13:00:30.0109 5980 PolicyAgent - ok

13:00:30.0183 5980 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll

13:00:30.0224 5980 Power - ok

13:00:30.0269 5980 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

13:00:30.0307 5980 PptpMiniport - ok

13:00:30.0324 5980 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

13:00:30.0361 5980 Processor - ok

13:00:30.0401 5980 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll

13:00:30.0440 5980 ProfSvc - ok

13:00:30.0466 5980 ProtectedStorage (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe

13:00:30.0477 5980 ProtectedStorage - ok

13:00:30.0502 5980 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

13:00:30.0547 5980 Psched - ok

13:00:30.0648 5980 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

13:00:30.0683 5980 ql2300 - ok

13:00:30.0787 5980 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

13:00:30.0804 5980 ql40xx - ok

13:00:30.0836 5980 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll

13:00:30.0867 5980 QWAVE - ok

13:00:30.0884 5980 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

13:00:30.0900 5980 QWAVEdrv - ok

13:00:30.0914 5980 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

13:00:30.0961 5980 RasAcd - ok

13:00:30.0999 5980 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

13:00:31.0046 5980 RasAgileVpn - ok

13:00:31.0083 5980 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll

13:00:31.0112 5980 RasAuto - ok

13:00:31.0134 5980 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

13:00:31.0180 5980 Rasl2tp - ok

13:00:31.0216 5980 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll

13:00:31.0257 5980 RasMan - ok

13:00:31.0284 5980 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

13:00:31.0331 5980 RasPppoe - ok

13:00:31.0354 5980 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

13:00:31.0371 5980 RasSstp - ok

13:00:31.0398 5980 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

13:00:31.0417 5980 rdbss - ok

13:00:31.0429 5980 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

13:00:31.0440 5980 rdpbus - ok

13:00:31.0448 5980 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

13:00:31.0488 5980 RDPCDD - ok

13:00:31.0529 5980 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys

13:00:31.0561 5980 RDPDR - ok

13:00:31.0576 5980 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

13:00:31.0612 5980 RDPENCDD - ok

13:00:31.0635 5980 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

13:00:31.0674 5980 RDPREFMP - ok

13:00:31.0703 5980 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

13:00:31.0734 5980 RDPWD - ok

13:00:31.0775 5980 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

13:00:31.0783 5980 rdyboost - ok

13:00:31.0807 5980 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll

13:00:31.0842 5980 RemoteAccess - ok

13:00:31.0872 5980 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll

13:00:31.0911 5980 RemoteRegistry - ok

13:00:31.0928 5980 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll

13:00:31.0966 5980 RpcEptMapper - ok

13:00:31.0980 5980 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe

13:00:32.0017 5980 RpcLocator - ok

13:00:32.0139 5980 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll

13:00:32.0183 5980 RpcSs - ok

13:00:32.0208 5980 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

13:00:32.0230 5980 rspndr - ok

13:00:32.0317 5980 RTL8167 (80b66a4181f782884a815e69d0afa743) C:\Windows\system32\DRIVERS\Rt86win7.sys

13:00:32.0334 5980 RTL8167 - ok

13:00:32.0375 5980 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys

13:00:32.0426 5980 s3cap - ok

13:00:32.0448 5980 SamSs (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe

13:00:32.0470 5980 SamSs - ok

13:00:32.0548 5980 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

13:00:32.0559 5980 SASDIFSV - ok

13:00:32.0597 5980 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

13:00:32.0609 5980 SASKUTIL - ok

13:00:32.0647 5980 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

13:00:32.0665 5980 sbp2port - ok

13:00:32.0695 5980 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll

13:00:32.0739 5980 SCardSvr - ok

13:00:32.0753 5980 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

13:00:32.0787 5980 scfilter - ok

13:00:32.0847 5980 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll

13:00:32.0913 5980 Schedule - ok

13:00:32.0941 5980 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll

13:00:32.0979 5980 SCPolicySvc - ok

13:00:32.0993 5980 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll

13:00:33.0038 5980 SDRSVC - ok

13:00:33.0064 5980 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

13:00:33.0112 5980 secdrv - ok

13:00:33.0132 5980 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll

13:00:33.0170 5980 seclogon - ok

13:00:33.0188 5980 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll

13:00:33.0223 5980 SENS - ok

13:00:33.0251 5980 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll

13:00:33.0292 5980 SensrSvc - ok

13:00:33.0329 5980 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

13:00:33.0348 5980 Serenum - ok

13:00:33.0371 5980 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

13:00:33.0389 5980 Serial - ok

13:00:33.0405 5980 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

13:00:33.0464 5980 sermouse - ok

13:00:33.0509 5980 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll

13:00:33.0544 5980 SessionEnv - ok

13:00:33.0568 5980 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

13:00:33.0606 5980 sffdisk - ok

13:00:33.0644 5980 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

13:00:33.0686 5980 sffp_mmc - ok

13:00:33.0702 5980 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys

13:00:33.0741 5980 sffp_sd - ok

13:00:33.0760 5980 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

13:00:33.0793 5980 sfloppy - ok

13:00:33.0841 5980 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll

13:00:33.0889 5980 SharedAccess - ok

13:00:33.0930 5980 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll

13:00:33.0947 5980 ShellHWDetection - ok

13:00:33.0965 5980 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

13:00:33.0973 5980 sisagp - ok

13:00:34.0003 5980 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

13:00:34.0012 5980 SiSRaid2 - ok

13:00:34.0030 5980 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

13:00:34.0041 5980 SiSRaid4 - ok

13:00:34.0129 5980 Smart TimeLock (101556f6216e97f1258d87c38203695f) C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe

13:00:34.0154 5980 Smart TimeLock ( UnsignedFile.Multi.Generic ) - warning

13:00:34.0154 5980 Smart TimeLock - detected UnsignedFile.Multi.Generic (1)

13:00:34.0204 5980 SmartDefragDriver (bf302072dc8374cf4e118fd88aa817a2) C:\Windows\system32\Drivers\SmartDefragDriver.sys

13:00:34.0215 5980 SmartDefragDriver - ok

13:00:34.0235 5980 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

13:00:34.0296 5980 Smb - ok

13:00:34.0326 5980 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe

13:00:34.0340 5980 SNMPTRAP - ok

13:00:34.0355 5980 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

13:00:34.0365 5980 spldr - ok

13:00:34.0405 5980 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe

13:00:34.0474 5980 Spooler - ok

13:00:34.0664 5980 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe

13:00:34.0700 5980 sppsvc - ok

13:00:34.0776 5980 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll

13:00:34.0838 5980 sppuinotify - ok

13:00:34.0917 5980 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys

13:00:34.0947 5980 srv - ok

13:00:34.0979 5980 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys

13:00:35.0017 5980 srv2 - ok

13:00:35.0040 5980 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys

13:00:35.0079 5980 srvnet - ok

13:00:35.0112 5980 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll

13:00:35.0155 5980 SSDPSRV - ok

13:00:35.0167 5980 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll

13:00:35.0204 5980 SstpSvc - ok

13:00:35.0253 5980 Steam Client Service - ok

13:00:35.0374 5980 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

13:00:35.0392 5980 Stereo Service - ok

13:00:35.0407 5980 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

13:00:35.0416 5980 stexstor - ok

13:00:35.0460 5980 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll

13:00:35.0501 5980 StiSvc - ok

13:00:35.0528 5980 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys

13:00:35.0538 5980 storflt - ok

13:00:35.0548 5980 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys

13:00:35.0558 5980 storvsc - ok

13:00:35.0568 5980 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

13:00:35.0573 5980 swenum - ok

13:00:35.0613 5980 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll

13:00:35.0655 5980 swprv - ok

13:00:35.0741 5980 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll

13:00:35.0792 5980 SysMain - ok

13:00:35.0818 5980 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll

13:00:35.0851 5980 TabletInputService - ok

13:00:35.0881 5980 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll

13:00:35.0910 5980 TapiSrv - ok

13:00:35.0935 5980 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll

13:00:35.0979 5980 TBS - ok

13:00:36.0110 5980 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys

13:00:36.0144 5980 Tcpip - ok

13:00:36.0162 5980 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys

13:00:36.0181 5980 TCPIP6 - ok

13:00:36.0205 5980 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

13:00:36.0223 5980 tcpipreg - ok

13:00:36.0232 5980 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

13:00:36.0271 5980 TDPIPE - ok

13:00:36.0286 5980 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

13:00:36.0328 5980 TDTCP - ok

13:00:36.0354 5980 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

13:00:36.0379 5980 tdx - ok

13:00:36.0391 5980 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

13:00:36.0398 5980 TermDD - ok

13:00:36.0451 5980 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll

13:00:36.0488 5980 TermService - ok

13:00:36.0500 5980 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll

13:00:36.0525 5980 Themes - ok

13:00:36.0558 5980 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

13:00:36.0594 5980 THREADORDER - ok

13:00:36.0607 5980 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll

13:00:36.0646 5980 TrkWks - ok

13:00:36.0694 5980 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe

13:00:36.0724 5980 TrustedInstaller - ok

13:00:36.0749 5980 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

13:00:36.0804 5980 tssecsrv - ok

13:00:36.0834 5980 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

13:00:36.0857 5980 tunnel - ok

13:00:36.0871 5980 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

13:00:36.0878 5980 uagp35 - ok

13:00:36.0898 5980 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys

13:00:36.0937 5980 udfs - ok

13:00:36.0962 5980 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe

13:00:36.0996 5980 UI0Detect - ok

13:00:37.0023 5980 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

13:00:37.0039 5980 uliagpkx - ok

13:00:37.0055 5980 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

13:00:37.0069 5980 umbus - ok

13:00:37.0084 5980 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

13:00:37.0111 5980 UmPass - ok

13:00:37.0156 5980 UmRdpService (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll

13:00:37.0173 5980 UmRdpService - ok

13:00:37.0217 5980 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll

13:00:37.0252 5980 upnphost - ok

13:00:37.0293 5980 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys

13:00:37.0327 5980 usbaudio - ok

13:00:37.0364 5980 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys

13:00:37.0396 5980 usbccgp - ok

13:00:37.0418 5980 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

13:00:37.0438 5980 usbcir - ok

13:00:37.0458 5980 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys

13:00:37.0475 5980 usbehci - ok

13:00:37.0502 5980 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys

13:00:37.0536 5980 usbhub - ok

13:00:37.0555 5980 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

13:00:37.0572 5980 usbohci - ok

13:00:37.0585 5980 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

13:00:37.0618 5980 usbprint - ok

13:00:37.0642 5980 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS

13:00:37.0660 5980 USBSTOR - ok

13:00:37.0674 5980 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys

13:00:37.0691 5980 usbuhci - ok

13:00:37.0717 5980 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll

13:00:37.0753 5980 UxSms - ok

13:00:37.0780 5980 VaultSvc (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe

13:00:37.0790 5980 VaultSvc - ok

13:00:37.0799 5980 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

13:00:37.0806 5980 vdrvroot - ok

13:00:37.0842 5980 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe

13:00:37.0869 5980 vds - ok

13:00:37.0908 5980 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

13:00:37.0932 5980 vga - ok

13:00:37.0943 5980 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

13:00:37.0966 5980 VgaSave - ok

13:00:37.0982 5980 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

13:00:37.0990 5980 vhdmp - ok

13:00:38.0011 5980 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

13:00:38.0019 5980 viaagp - ok

13:00:38.0031 5980 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

13:00:38.0069 5980 ViaC7 - ok

13:00:38.0088 5980 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

13:00:38.0099 5980 viaide - ok

13:00:38.0133 5980 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys

13:00:38.0147 5980 vmbus - ok

13:00:38.0159 5980 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys

13:00:38.0174 5980 VMBusHID - ok

13:00:38.0195 5980 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

13:00:38.0208 5980 volmgr - ok

13:00:38.0232 5980 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

13:00:38.0248 5980 volmgrx - ok

13:00:38.0270 5980 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

13:00:38.0285 5980 volsnap - ok

13:00:38.0317 5980 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

13:00:38.0330 5980 vsmraid - ok

13:00:38.0481 5980 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe

13:00:38.0530 5980 VSS - ok

13:00:38.0560 5980 vtany - ok

13:00:38.0572 5980 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

13:00:38.0603 5980 vwifibus - ok

13:00:38.0651 5980 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll

13:00:38.0692 5980 W32Time - ok

13:00:38.0729 5980 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

13:00:38.0743 5980 WacomPen - ok

13:00:38.0771 5980 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

13:00:38.0799 5980 WANARP - ok

13:00:38.0802 5980 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

13:00:38.0821 5980 Wanarpv6 - ok

13:00:38.0947 5980 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe

13:00:38.0974 5980 WatAdminSvc - ok

13:00:39.0067 5980 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe

13:00:39.0097 5980 wbengine - ok

13:00:39.0112 5980 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll

13:00:39.0147 5980 WbioSrvc - ok

13:00:39.0199 5980 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll

13:00:39.0247 5980 wcncsvc - ok

13:00:39.0268 5980 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll

13:00:39.0322 5980 WcsPlugInService - ok

13:00:39.0365 5980 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

13:00:39.0380 5980 Wd - ok

13:00:39.0416 5980 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

13:00:39.0438 5980 Wdf01000 - ok

13:00:39.0452 5980 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

13:00:39.0479 5980 WdiServiceHost - ok

13:00:39.0481 5980 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

13:00:39.0494 5980 WdiSystemHost - ok

13:00:39.0533 5980 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll

13:00:39.0563 5980 WebClient - ok

13:00:39.0589 5980 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll

13:00:39.0620 5980 Wecsvc - ok

13:00:39.0633 5980 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll

13:00:39.0665 5980 wercplsupport - ok

13:00:39.0704 5980 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll

13:00:39.0731 5980 WerSvc - ok

13:00:39.0738 5980 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

13:00:39.0755 5980 WfpLwf - ok

13:00:39.0763 5980 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

13:00:39.0769 5980 WIMMount - ok

13:00:39.0861 5980 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll

13:00:39.0902 5980 WinDefend - ok

13:00:39.0909 5980 WinHttpAutoProxySvc - ok

13:00:39.0962 5980 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll

13:00:40.0004 5980 Winmgmt - ok

13:00:40.0213 5980 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll

13:00:40.0278 5980 WinRM - ok

13:00:40.0376 5980 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll

13:00:40.0423 5980 Wlansvc - ok

13:00:40.0611 5980 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

13:00:40.0673 5980 wlidsvc - ok

13:00:40.0872 5980 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

13:00:40.0910 5980 WmiAcpi - ok

13:00:40.0975 5980 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe

13:00:41.0011 5980 wmiApSrv - ok

13:00:41.0139 5980 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe

13:00:41.0235 5980 WMPNetworkSvc - ok

13:00:41.0248 5980 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll

13:00:41.0280 5980 WPCSvc - ok

13:00:41.0299 5980 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll

13:00:41.0333 5980 WPDBusEnum - ok

13:00:41.0385 5980 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

13:00:41.0440 5980 ws2ifsl - ok

13:00:41.0482 5980 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\System32\wscsvc.dll

13:00:41.0519 5980 wscsvc - ok

13:00:41.0523 5980 WSearch - ok

13:00:41.0670 5980 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll

13:00:41.0716 5980 wuauserv - ok

13:00:41.0882 5980 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

13:00:41.0923 5980 WudfPf - ok

13:00:42.0007 5980 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

13:00:42.0069 5980 WUDFRd - ok

13:00:42.0106 5980 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll

13:00:42.0148 5980 wudfsvc - ok

13:00:42.0176 5980 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll

13:00:42.0197 5980 WwanSvc - ok

13:00:42.0217 5980 XDva346 - ok

13:00:42.0235 5980 XDva385 - ok

13:00:42.0260 5980 XDva386 - ok

13:00:42.0285 5980 XDva387 - ok

13:00:42.0293 5980 XDva388 - ok

13:00:42.0299 5980 XDva389 - ok

13:00:42.0306 5980 XDva390 - ok

13:00:42.0322 5980 XDva391 - ok

13:00:42.0329 5980 XDva392 - ok

13:00:42.0335 5980 xhunter1 - ok

13:00:42.0401 5980 xsherlock (137db3558ff67c99cab5a819e9325d06) C:\Windows\system32\xsherlock.xem

13:00:42.0421 5980 xsherlock - ok

13:00:42.0470 5980 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\Windows\system32\DRIVERS\xusb21.sys

13:00:42.0483 5980 xusb21 - ok

13:00:42.0497 5980 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

13:00:42.0703 5980 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

13:00:42.0703 5980 \Device\Harddisk0\DR0 - detected TDSS File System (1)

13:00:42.0707 5980 Boot (0x1200) (98021855462588a2a89f8f13168084cf) \Device\Harddisk0\DR0\Partition0

13:00:42.0709 5980 \Device\Harddisk0\DR0\Partition0 - ok

13:00:42.0734 5980 Boot (0x1200) (0c3f29f78293b974fb94b1233bb01b69) \Device\Harddisk0\DR0\Partition1

13:00:42.0736 5980 \Device\Harddisk0\DR0\Partition1 - ok

13:00:42.0747 5980 Boot (0x1200) (50b20b14e5f88fc66210f7f44aa8686b) \Device\Harddisk0\DR0\Partition2

13:00:42.0749 5980 \Device\Harddisk0\DR0\Partition2 - ok

13:00:42.0750 5980 ============================================================

13:00:42.0750 5980 Scan finished

13:00:42.0750 5980 ============================================================

13:00:42.0766 4608 Detected object count: 2

13:00:42.0766 4608 Actual detected object count: 2

13:03:12.0967 4608 Smart TimeLock ( UnsignedFile.Multi.Generic ) - skipped by user

13:03:12.0967 4608 Smart TimeLock ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:03:13.0007 4608 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

13:03:13.0016 4608 \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine

13:03:13.0019 4608 \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine

13:03:13.0042 4608 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine

13:03:13.0051 4608 \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine

13:03:13.0051 4608 \Device\Harddisk0\DR0\TDLFS - deleted

13:03:13.0051 4608 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

MrCharlie · June 1, 2012

Next.....

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

spongy9698 · June 1, 2012

ComboFix 12-06-01.02 - spongy 06/01/2012 13:38:37.1.4 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3575.2509 [GMT -4:00]

Running from: c:\users\spongy\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\install.exe

c:\users\spongy\AppData\Local\assembly\tmp

c:\users\spongy\AppData\Local\Minibar

c:\users\spongy\AppData\Local\Minibar\chrome\background.html

c:\users\spongy\AppData\Local\Minibar\chrome\cached_http_request.js

c:\users\spongy\AppData\Local\Minibar\chrome\extension_info.json

c:\users\spongy\AppData\Local\Minibar\chrome\icons\icon128.png

c:\users\spongy\AppData\Local\Minibar\chrome\icons\icon19.png

c:\users\spongy\AppData\Local\Minibar\chrome\icons\icon32.png

c:\users\spongy\AppData\Local\Minibar\chrome\icons\icon48.png

c:\users\spongy\AppData\Local\Minibar\chrome\includes\content.js

c:\users\spongy\AppData\Local\Minibar\chrome\includes\content_kango.js

c:\users\spongy\AppData\Local\Minibar\chrome\includes\content_messaging.js

c:\users\spongy\AppData\Local\Minibar\chrome\includes\content_userscript.js

c:\users\spongy\AppData\Local\Minibar\chrome\kango-ui\button.js

c:\users\spongy\AppData\Local\Minibar\chrome\kango-ui\ui.js

c:\users\spongy\AppData\Local\Minibar\chrome\kango\browser.js

c:\users\spongy\AppData\Local\Minibar\chrome\kango\console.js

c:\users\spongy\AppData\Local\Minibar\chrome\kango\event_listener.js

c:\users\spongy\AppData\Local\Minibar\chrome\kango\initialize.js

c:\users\spongy\AppData\Local\Minibar\chrome\kango\io.js

c:\users\spongy\AppData\Local\Minibar\chrome\kango\jsonstorage.js

c:\users\spongy\AppData\Local\Minibar\chrome\kango\kango.js

c:\users\spongy\AppData\Local\Minibar\chrome\kango\lang.js

c:\users\spongy\AppData\Local\Minibar\chrome\kango\messaging.js

c:\users\spongy\AppData\Local\Minibar\chrome\kango\userscript_engine.js

c:\users\spongy\AppData\Local\Minibar\chrome\kango\xhr.js

c:\users\spongy\AppData\Local\Minibar\chrome\main.js

c:\users\spongy\AppData\Local\Minibar\chrome\manifest.json

c:\users\spongy\AppData\Local\Minibar\chrome\minibar\actions.js

c:\users\spongy\AppData\Local\Minibar\chrome\minibar\cachedxhr.js

c:\users\spongy\AppData\Local\Minibar\chrome\minibar\config.js

c:\users\spongy\AppData\Local\Minibar\chrome\minibar\macros.js

c:\users\spongy\AppData\Local\Minibar\chrome\minibar\minibar.js

c:\users\spongy\AppData\Local\Minibar\chrome\popup.html

c:\users\spongy\AppData\Local\Minibar\chrome\popup.js

c:\users\spongy\AppData\Local\Minibar\chrome\tab.html

c:\users\spongy\AppData\Local\Minibar\chrome\tab.js

c:\users\spongy\AppData\Local\Minibar\chrome_installer.js

c:\users\spongy\AppData\Local\Minibar\common.js

c:\users\spongy\AppData\Local\Minibar\install.json

c:\users\spongy\AppData\Local\Minibar\minibar.crx

c:\users\spongy\AppData\Local\Minibar\sqlite3.exe

c:\users\spongy\AppData\Local\Minibar\Uninstall.exe

c:\users\spongy\AppData\Roaming\RSBot.db

.

((((((((((((((((((((((((( Files Created from 2012-05-01 to 2012-06-01 )))))))))))))))))))))))))))))))

.

2012-06-01 17:47 . 2012-06-01 17:47 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-01 03:57 . 2012-06-01 03:57 -------- d-----w- c:\program files\Common Files\Skype

2012-06-01 03:57 . 2012-06-01 03:58 -------- d-----w- c:\program files\Overwolf

2012-06-01 03:57 . 2012-06-01 03:57 -------- d-----w- c:\program files\Common Files\Overwolf

2012-06-01 03:57 . 2012-06-01 05:49 -------- d-----w- c:\users\spongy\AppData\Local\Overwolf

2012-06-01 03:49 . 2012-06-01 03:49 -------- d-----w- C:\gPotato.com

2012-05-31 23:54 . 2012-06-01 05:57 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{42425088-DF7F-489A-9468-A3587EF295E6}\offreg.dll

2012-05-29 14:50 . 2012-05-29 14:50 -------- d-----w- c:\program files\CCleaner

2012-05-29 12:47 . 2012-05-29 12:47 -------- d-----w- c:\users\spongy\AppData\Roaming\SUPERAntiSpyware.com

2012-05-29 12:46 . 2012-05-29 12:47 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-05-29 12:46 . 2012-05-29 12:46 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-05-27 04:13 . 2012-05-27 04:13 -------- d-----w- c:\program files\gravitysensation.com

2012-05-27 01:26 . 2012-05-27 01:26 -------- d-----w- c:\program files\ESET

2012-05-27 01:22 . 2012-06-01 17:03 -------- d-----w- C:\TDSSKiller_Quarantine

2012-05-26 01:05 . 2012-05-15 05:43 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{42425088-DF7F-489A-9468-A3587EF295E6}\mpengine.dll

2012-05-24 23:22 . 2012-05-24 23:23 -------- d-----w- c:\users\spongy\AppData\Roaming\Raptr

2012-05-24 23:22 . 2012-05-24 23:23 -------- d-----w- c:\program files\Raptr

2012-05-23 02:40 . 2012-06-01 02:22 -------- d-----w- c:\users\spongy\AppData\Roaming\.minecraft

2012-05-17 23:55 . 2012-05-17 23:56 -------- d-----w- c:\program files\Oracle

2012-05-17 23:53 . 2012-05-17 23:53 -------- d-----w- c:\program files\Common Files\Java

2012-05-17 23:51 . 2012-05-17 23:52 -------- d-----w- c:\program files\Java

2012-05-17 00:19 . 2012-05-17 00:19 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-05-17 00:19 . 2012-05-17 00:19 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe

2012-05-17 00:19 . 2012-05-17 00:19 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe

2012-05-15 23:30 . 2012-05-31 23:53 -------- d-----w- c:\users\UpdatusUser

2012-05-15 23:27 . 2012-02-29 23:59 881984 ----a-w- c:\windows\system32\nvgenco32.dll

2012-05-15 23:27 . 2012-02-29 23:59 61248 ----a-w- c:\windows\system32\OpenCL.dll

2012-05-15 23:27 . 2012-02-29 23:59 5892928 ----a-w- c:\windows\system32\nvcuda.dll

2012-05-15 23:27 . 2012-02-29 23:59 2517312 ----a-w- c:\windows\system32\nvcuvid.dll

2012-05-15 23:27 . 2012-02-29 23:59 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-05-15 23:27 . 2012-02-29 23:59 19444544 ----a-w- c:\windows\system32\nvoglv32.dll

2012-05-15 23:27 . 2012-02-29 23:59 10819392 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-05-15 23:27 . 2012-02-29 23:59 1000256 ----a-w- c:\windows\system32\nvdispco32.dll

2012-05-15 23:27 . 2012-02-29 23:59 17543488 ----a-w- c:\windows\system32\nvcompiler.dll

2012-05-15 22:48 . 2012-05-15 23:32 -------- d-----w- c:\program files\Diablo III

2012-05-15 19:53 . 2012-05-15 19:53 -------- d-----w- c:\users\spongy\AppData\Roaming\Carbon

2012-05-09 22:13 . 2012-05-09 22:13 -------- d-----w- c:\users\spongy\.towns

2012-05-09 22:12 . 2012-05-28 03:04 -------- d-----w- c:\program files\Towns

2012-05-04 22:33 . 2012-05-05 17:06 -------- d-----w- c:\users\spongy\AppData\Roaming\wargaming.net

2012-05-03 19:04 . 2012-05-03 19:04 -------- d-----w- c:\users\spongy\AppData\Roaming\Enterbrain

2012-05-03 18:53 . 2012-05-03 18:53 -------- d-----w- c:\program files\Enterbrain

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-01 05:47 . 2012-03-07 03:08 17488 ----a-w- c:\windows\gdrv.sys

2012-04-28 11:09 . 2012-04-07 22:12 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-28 11:09 . 2011-05-26 18:02 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-04 22:47 . 2011-11-04 04:20 772504 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-04-04 22:47 . 2011-03-05 11:52 687504 ----a-w- c:\windows\system32\deployJava1.dll

2012-04-04 19:56 . 2011-06-10 21:52 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-20 15:54 . 2012-03-20 15:54 86528 ----a-w- c:\windows\system32\iesysprep.dll

2012-03-20 15:54 . 2012-03-20 15:54 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-03-20 15:54 . 2012-03-20 15:54 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-03-20 15:54 . 2012-03-20 15:54 74752 ----a-w- c:\windows\system32\iesetup.dll

2012-03-20 15:54 . 2012-03-20 15:54 63488 ----a-w- c:\windows\system32\tdc.ocx

2012-03-20 15:54 . 2012-03-20 15:54 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-03-20 15:54 . 2012-03-20 15:54 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-03-20 15:54 . 2012-03-20 15:54 367104 ----a-w- c:\windows\system32\html.iec

2012-03-20 15:54 . 2012-03-20 15:54 35840 ----a-w- c:\windows\system32\imgutil.dll

2012-03-20 15:54 . 2012-03-20 15:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-03-20 15:54 . 2012-03-20 15:54 23552 ----a-w- c:\windows\system32\licmgr10.dll

2012-03-20 15:54 . 2012-03-20 15:54 1798656 ----a-w- c:\windows\system32\jscript9.dll

2012-03-20 15:54 . 2012-03-20 15:54 161792 ----a-w- c:\windows\system32\msls31.dll

2012-03-20 15:54 . 2012-03-20 15:54 152064 ----a-w- c:\windows\system32\wextract.exe

2012-03-20 15:54 . 2012-03-20 15:54 150528 ----a-w- c:\windows\system32\iexpress.exe

2012-03-20 15:54 . 2012-03-20 15:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-03-20 15:54 . 2012-03-20 15:54 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2012-03-20 15:54 . 2012-03-20 15:54 11776 ----a-w- c:\windows\system32\mshta.exe

2012-03-20 15:54 . 2012-03-20 15:54 1127424 ----a-w- c:\windows\system32\wininet.dll

2012-03-20 15:54 . 2012-03-20 15:54 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-03-20 15:54 . 2012-03-20 15:54 101888 ----a-w- c:\windows\system32\admparse.dll

2012-05-17 00:19 . 2011-05-03 22:50 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]

"JaGeXDaemon"="c:\.jagex_cache_32\jagc.jar" [2011-08-31 35298]

"Akamai NetSession Interface"="c:\users\spongy\AppData\Local\Akamai\netsession_win.exe" [2012-05-08 3331872]

"RDReminder"="c:\program files\RegClean Pro\RegCleanPro.exe" [2010-11-27 2564480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]

"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKLM\~\startupfolder\C:^Users^spongy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IMVU.lnk]

path=c:\users\spongy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk

backup=c:\windows\pss\IMVU.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]

2012-02-28 21:38 1987976 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-11-10 07:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Overwolf]

2012-05-09 23:47 42424 ----a-w- c:\program files\Overwolf\Overwolf.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2011-08-02 06:50 1242448 ----a-w- c:\program files\Steam\Steam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2012-05-21 20:38 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 253088]

R3 apf001;apf001;c:\game\SoftnyxGame\RakionIS\Bin\apf001.sys [x]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]

R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]

R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2010-10-21 81680]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-17 129976]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-10-21 4208208]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files\Overwolf\OverwolfUpdater.exe [2012-05-09 18360]

R3 vtany;vtany;c:\windows\vtany.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-06 1343400]

R3 XDva346;XDva346;c:\windows\system32\XDva346.sys [x]

R3 XDva385;XDva385;c:\windows\system32\XDva385.sys [x]

R3 XDva386;XDva386;c:\windows\system32\XDva386.sys [x]

R3 XDva387;XDva387;c:\windows\system32\XDva387.sys [x]

R3 XDva388;XDva388;c:\windows\system32\XDva388.sys [x]

R3 XDva389;XDva389;c:\windows\system32\XDva389.sys [x]

R3 XDva390;XDva390;c:\windows\system32\XDva390.sys [x]

R3 XDva391;XDva391;c:\windows\system32\XDva391.sys [x]

R3 XDva392;XDva392;c:\windows\system32\XDva392.sys [x]

R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]

R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [2012-03-02 674400]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 15672]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-27 19496]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-03-05 218688]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]

S2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]

S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 1373576]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-29 2348352]

S2 Smart TimeLock;Smart TimeLock Service;c:\program files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-10-26 58240]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-10-26 136704]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 13727955

*NewlyCreated* - 49701778

*NewlyCreated* - TRUESIGHT

*Deregistered* - 13727955

*Deregistered* - 49701778

*Deregistered* - MBAMSwissArmy

*Deregistered* - TrueSight

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 11:09]

.

2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547598646-1641244617-2403065077-1000Core.job

- c:\users\spongy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-05 11:43]

.

2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547598646-1641244617-2403065077-1000UA.job

- c:\users\spongy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-05 11:43]

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>

IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\spongy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

FF - ProfilePath - c:\users\spongy\AppData\Roaming\Mozilla\Firefox\Profiles\zwwyizpk.default\

FF - prefs.js: browser.search.selectedEngine - Google

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

WebBrowser-{EFEED92A-A33D-4873-BA8F-32BAA631E54D} - (no file)

WebBrowser-{90B49673-5506-483E-B92B-CA0265BD9CA8} - (no file)

WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)

SafeBoot-87418973.sys

AddRemove-CraftBukkit - 0:\users\spongy\Desktop\minecraft server\bukkit test 1.2\Uninstall.exe

AddRemove-Hyperionics DB Toolbar - c:\program files\Hyperionics DB Toolbar\UninstallToolbar.exe

AddRemove-Project64 1.7 - c:\game\Project64 1.7\Uninstall.exe

AddRemove-PunkBusterSvc - c:\program files\Origin Games\Battlefield 3\pbsvc.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xsherlock]

"ImagePath"="c:\windows\system32\xsherlock.xem"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1547598646-1641244617-2403065077-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:6a,41,6b,cc,ac,da,5c,a8,21,a7,e9,4c,ba,31,9b,e3,6d,42,72,d9,75,10,d8,

0f,f4,6b,fe,76,9c,81,d6,6f,9e,d9,41,19,29,c5,00,e8,7e,1f,a1,4f,bc,89,4a,33,\

"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-06-01 13:48:45

ComboFix-quarantined-files.txt 2012-06-01 17:48

.

Pre-Run: 103,081,328,640 bytes free

Post-Run: 102,963,408,896 bytes free

.

- - End Of File - - EE32A6018F1203DB9550AA2396BCD6C1

MrCharlie · June 1, 2012

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how it is, MrC

spongy9698 · June 3, 2012

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.01.02

Windows 7 x86 NTFS

Internet Explorer 9.0.8112.16421

spongy :: SPONGY-PC [administrator]

6/3/2012 12:16:51 AM

mbam-log-2012-06-03 (00-16-51).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 219644

Time elapsed: 3 minute(s), 11 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

virus has not come so i think its gone for good now

MrCharlie · June 3, 2012

Good

A little clean-up to do.

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

-----------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Maurice Naggar · June 4, 2012

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Virus Keeps Coming Back

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information