Jump to content


Photo
- - - - -

Sirefef.Ac problem...


  • This topic is locked This topic is locked
14 replies to this topic

#1 Fallen_Angel

Fallen_Angel

    New Member

  • Members
  • Pip
  • 17 posts

Posted 12 April 2012 - 09:08 AM

Performed a quick scanned with MbAM but couldn't find anything. Yet, Microsoft Security Essentials kept on detecting Win32/Sirefef.AC. I also saw HTML/IFrameRef.Z before that, tried to remove succeeded, appeared again. After the second removal it didn't appear again.





DDS.txt


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Lucifer Morningstar at 16:03:07 on 2012-04-12
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3038.1416 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Lucifer Morningstar\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\AIMP2\AIMP2.exe
C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.iminent.com/?appId=E9E0F785-7514-48C0-BA39-8E3268B9ECD5
uInternet Settings,ProxyOverride = local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TBSB01620 Class: {58124a0b-dc32-4180-9bff-e0e21ae34026} - c:\program files\iminent toolbar\tbcore3.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows

live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: IMinent Toolbar: {977ae9cc-af83-45e8-9e03-e2798216e2d5} - c:\program files\iminent toolbar\tbcore3.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [Google Update] "c:\users\lucifer morningstar\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [Keyboard Manager Utility] "c:\program files\keyboard manager\manager utility\KeyboardManager.exe" /lang en /H
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{89FD6307-A626-4384-82FC-F321026DD1E7} : DhcpNameServer = 192.168.1.1 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl2e6f9e0c;MpKsl2e6f9e0c;c:\programdata\microsoft\microsoft antimalware\definition updates\{da1b953d-eae2-468a-8051-45c1cf1eaa9f}\MpKsl2e6f9e0c.sys

[2012-4-12 29904]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2012-1-23 25896]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-12 654408]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-2-29 382272]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-12 22344]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-2-22 148800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-15 158856]
S2 veteboot;Nwdls;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 253600]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18

753504]
.
=============== Created Last 30 ================
.
2012-04-12 13:29:27 -------- d-----w- c:\users\lucifer morningstar\appdata\roaming\Malwarebytes
2012-04-12 13:26:36 -------- d-----w- c:\programdata\Malwarebytes
2012-04-12 13:26:34 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-12 13:26:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-12 12:51:03 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{71DAD5DC-1D75-4E06-811A-178A68C84A4A}
2012-04-12 12:50:53 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{D61B785A-8E2D-4695-8B32-3870F7E805B4}
2012-04-12 11:51:46 -------- d-----w- c:\users\lucifer morningstar\appdata\local\Demiurge Studios
2012-04-12 11:51:46 -------- d-----w- c:\programdata\RELOADED
2012-04-12 10:59:54 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{da1b953d-eae2-468a-8051-45c1cf1eaa9f}

\offreg.dll
2012-04-12 10:55:54 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-12 10:55:47 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{da1b953d-eae2-468a-8051-45c1cf1eaa9f}

\MpKsl2e6f9e0c.sys
2012-04-12 00:50:30 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{2F273D5E-A2D9-489D-8735-539CAE181238}
2012-04-12 00:50:10 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{D92A1CD4-9B04-4975-8BED-1766F2E29835}
2012-04-11 12:49:57 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{E8B63A4E-6154-423A-85E8-B52EBA5F0BB3}
2012-04-11 12:49:36 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{0577ADB0-5F5A-45E9-B9CD-16456722ACC5}
2012-04-11 11:30:31 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-04-11 06:34:42 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{da1b953d-eae2-468a-8051-45c1cf1eaa9f}

\mpengine.dll
2012-04-11 05:02:34 -------- d-----w- c:\users\lucifer morningstar\appdata\roaming\LegacyGames
2012-04-11 05:01:07 -------- d-----w- C:\Downloads
2012-04-11 02:02:24 -------- d-----w- c:\program files\VideoLAN
2012-04-11 00:49:13 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{BA401E3C-A113-4465-B4C0-C7ABF3EA3510}
2012-04-11 00:48:51 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{7B1E52A7-976B-4959-909B-04BFCB2B2197}
2012-04-10 12:48:39 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{2934ADEA-6245-41E8-BD8E-1DFC6752A748}
2012-04-10 12:48:18 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{73930A13-0B20-4022-B07C-3203946DB009}
2012-04-10 00:48:05 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{87E860A6-67B0-4A23-8758-E54D5B0970B7}
2012-04-10 00:47:45 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{5AE5BE77-4798-4406-9798-367052E7EEF0}
2012-04-09 12:47:33 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{70923B0F-8167-4F90-ADB7-18D20098D318}
2012-04-09 12:47:13 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{D0EE2316-8085-47E0-8D04-943FC43D020A}
2012-04-09 00:47:00 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{EF32204F-0BF4-4444-A4D4-492BC6DF3F48}
2012-04-09 00:46:39 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{09D93C46-31E3-4369-BC60-34BDA7E1C78D}
2012-04-08 12:46:26 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{6CE4A77D-EA26-4C77-B327-051EB8F767B3}
2012-04-08 12:46:05 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{A58A18DE-85B2-4C02-ACFE-B634ECBFFC62}
2012-04-08 00:45:51 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{97E5DA56-0488-4E02-902E-423FE704624B}
2012-04-08 00:45:23 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{DDF417D4-7583-4CEC-BD13-B8E339066C19}
2012-04-07 12:45:10 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{A2E28F56-F50E-4D71-BE50-320AB2B5EBDD}
2012-04-07 12:44:50 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{F53912B8-E2C5-43AC-B79D-05B38B50C052}
2012-04-07 00:44:37 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{643C237C-B939-4B97-8827-52600630D168}
2012-04-07 00:44:22 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{11BAAC24-D409-450A-AE2C-AE1B11970794}
2012-04-06 12:44:07 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{DFB791A3-C598-476A-AD0C-A88C492D065D}
2012-04-06 12:43:38 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{8B4695F9-4687-44AF-AC14-1FA6D1B0EF4C}
2012-04-06 00:43:26 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{D6085089-CCD9-4C24-8022-D2CF270194A7}
2012-04-06 00:43:03 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{A08997CC-F9EE-4AD8-AE17-89E18022670E}
2012-04-05 12:42:51 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{DC9EA5A4-A521-41EC-ACE2-177AB78AD910}
2012-04-05 12:42:41 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{8DCFA5E9-E4D7-4A97-8118-EBBB82B4BD39}
2012-04-05 00:53:16 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{91FEA736-4ACD-4787-8400-00B0FDF37865}
2012-04-04 12:52:53 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{4A2BB2B4-B0C4-444B-A0CD-04C9E9DE7174}
2012-04-04 00:52:31 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{7DE3DB63-BE08-4904-BE5A-B18E4361AF67}
2012-04-03 12:52:05 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{3A64DE54-42E2-4171-9A9A-C74E24938C17}
2012-04-03 00:51:44 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{A17CEE97-E36A-4C33-8724-8A8AAA541E08}
2012-04-02 12:51:08 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{892BF3F3-28BA-4F18-A55E-D3A7BCF171D8}
2012-04-02 06:19:53 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-02 00:50:36 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{1D25CE55-E236-4ECD-99EF-3EC6DACD4BBE}
2012-04-01 12:50:12 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{80E27944-6219-4C79-B0BD-3A1E8A6609F4}
2012-04-01 00:49:40 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{D81CF393-4D1E-43F2-AA05-932D7DF2CA5D}
2012-03-31 12:49:17 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{F11C77A1-5BA6-4668-8656-A540CBB03CFD}
2012-03-31 00:48:55 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{F0E3C9FB-B083-481B-9109-AA532FC0BAB9}
2012-03-30 12:48:31 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{9E0616FB-0816-49D7-844A-8868B88E79D2}
2012-03-30 00:48:10 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{26392DF8-8D78-4975-9E78-81D7EE162A41}
2012-03-29 12:47:48 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{6AE221ED-CC8A-402A-AF95-DD40D09351E7}
2012-03-29 00:47:26 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{6AC600AA-CC45-485C-8927-ED49B229D2E7}
2012-03-28 12:47:14 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{1E52ADB8-972D-4B2D-AE7F-E66E23786BC8}
2012-03-28 12:46:52 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{653CF04D-4CDA-4C3A-B762-48A38D16EC10}
2012-03-28 00:46:39 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{72721852-39C8-42E0-8143-E2CE5B106AEE}
2012-03-28 00:46:07 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{BC0A694F-2453-4605-A2D4-8626959E5D28}
2012-03-27 12:45:55 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{27FEE192-6245-479F-88C3-C6B3C6E3A825}
2012-03-27 12:45:33 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{CF101359-2ADD-4EEA-8E7B-D54D1364E9FB}
2012-03-27 00:45:21 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{86143203-5646-4CD4-BD12-0FA16667FBFB}
2012-03-27 00:44:57 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{F5A2BBE0-361A-4963-940A-EA4BC48BE4AE}
2012-03-26 12:44:05 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{49E56C3F-D6AA-4E0B-9F2A-F698EE0CF92A}
2012-03-26 12:43:44 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{6B942774-4B1A-4CA2-B781-14FA408DE943}
2012-03-26 00:43:31 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{2826F660-BB7F-4DD7-A692-AB89299CF0DE}
2012-03-26 00:43:06 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{EBEBCFC6-337E-49E5-BC55-9DB654B5CD0A}
2012-03-25 12:42:46 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{261EA3E4-99C6-48ED-9DDE-6DDD6026EFCA}
2012-03-25 12:42:22 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{95065EA2-2541-417F-BCB8-D6EDB01F4A01}
2012-03-25 00:42:09 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{32827740-BFE1-4E21-9B20-E0F78B8298CA}
2012-03-25 00:41:48 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{0AD6C045-B9FB-4AF9-98FA-E251B580893E}
2012-03-24 12:41:24 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{85FF4C89-4618-4A13-8E10-9CCDD7C8C1EF}
2012-03-24 12:40:59 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{87688520-7A34-4DEA-AFAF-10539B2582B3}
2012-03-24 00:40:43 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{0BD9D965-1B00-4CE5-8172-DCA853194E52}
2012-03-24 00:40:22 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{54355B4B-0EA9-4D44-9028-13C7091E03B1}
2012-03-23 12:40:09 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{8ED6A8AB-28AA-49AF-A33C-E7D338DB3B6D}
2012-03-23 12:39:54 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{53F02F02-2AC8-432A-8E0A-59DF140CCFE2}
2012-03-23 00:39:42 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{FFBC80BE-2812-4E90-8DB6-971F564217BF}
2012-03-23 00:39:20 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{1FA6EB43-4DA3-4B16-9545-36F6ACEFA5DA}
2012-03-22 12:39:00 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{1E202924-2A5E-4461-8A94-82F930C42A06}
2012-03-22 12:38:37 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{A068F838-0EDF-49A8-820E-E73494F21685}
2012-03-22 00:38:25 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{382518EC-2E9E-4282-8E02-523C28F582DF}
2012-03-22 00:38:05 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{939BE9C0-747B-4EC3-9128-6500038C932A}
2012-03-21 12:37:53 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{DC1FD0E2-141A-4DF8-B9A1-E432E8394D27}
2012-03-21 12:37:39 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{65EF405D-1677-4473-AEBC-0B4529E17EB5}
2012-03-21 00:37:26 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{305279AC-D386-4A52-A43D-5EDB5BFC2F52}
2012-03-21 00:37:00 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{078F571F-C683-4E5A-995F-10F81897EFE9}
2012-03-20 12:36:36 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{585EFD36-8CFF-4D5C-AD73-A501EA2FFA42}
2012-03-20 12:36:22 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{D060223D-D964-493F-B967-7DDC4D5A1881}
2012-03-20 00:36:10 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{3A1F69CC-9BFA-419A-96CA-AFFB96D37B6A}
2012-03-20 00:35:42 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{0A23B819-51B4-4856-BA85-C1385C54EB4F}
2012-03-19 12:35:31 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{CE3B35D2-BB08-44F6-8AEA-73208C44AB49}
2012-03-19 12:35:20 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{4F391BA0-55C9-4AA0-A915-15B59BCB2C7C}
2012-03-19 00:35:08 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{C2F7477E-6915-4F37-9BB9-082393AF2CD9}
2012-03-19 00:34:47 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{43D24ED7-DEF6-4318-9EF2-DB88CAEFAF90}
2012-03-18 12:34:33 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{D8298081-7D8D-4472-A19F-ED1809209348}
2012-03-18 12:34:21 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{C62BBB40-A77C-437B-B2FA-717331741FF8}
2012-03-18 00:34:09 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{EB898A16-EEEC-4BB7-91FA-360CD199631C}
2012-03-18 00:33:44 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{A75FD805-A923-4FBA-A7A3-A55A40C8991F}
2012-03-17 12:33:33 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{2CCDAF47-273E-43E3-BE10-9E73956DCB6E}
2012-03-17 12:33:11 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{CDB74869-C7B6-480D-AF50-417CD97503F4}
2012-03-17 03:18:53 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-17 03:18:53 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-03-17 03:18:53 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-03-17 03:18:53 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-03-17 03:18:53 19444544 ----a-w- c:\windows\system32\nvoglv32.dll
2012-03-17 03:18:53 10819392 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-03-17 03:18:51 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-03-17 00:32:49 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{8EEDF2AF-CD92-4ED6-8EC5-3C4C85F6E96F}
2012-03-17 00:32:27 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{51D6D035-8738-4132-A473-2DA4AF18F22B}
2012-03-16 12:32:15 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{BEF3B710-60D7-47EB-B597-CF6738E1F0AB}
2012-03-16 12:31:53 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{0A614804-FCC5-4BBD-BD41-EFC1D7E13ACA}
2012-03-16 00:31:40 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{A107AFF9-AB87-4D9C-AE85-665BC47281E9}
2012-03-16 00:31:13 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{61C96FC5-C336-4380-A9A2-A5FD739D2B8E}
2012-03-15 12:31:02 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{C2EBB115-36E6-4BA5-B211-D3DCA0DA3E26}
2012-03-15 12:30:41 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{08CA1834-14B8-469D-861D-CDEE80C7BB1D}
2012-03-15 00:30:29 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{91DF2A8D-A376-44B2-9680-6F51C28E44B1}
2012-03-15 00:30:04 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{6E8188AD-73A4-49F2-9056-9778B46D4EA2}
2012-03-14 17:45:10 -------- d-----w- c:\program files\IMinent Toolbar
2012-03-14 17:39:05 -------- d-----w- c:\programdata\Tarma Installer
2012-03-14 17:36:59 -------- d-----w- c:\program files\fbphotozoom
2012-03-14 12:29:39 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{037C7424-07A6-44FA-9835-2D3D88923F39}
2012-03-14 12:29:07 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{A3F14A3E-258F-4BBD-A9D6-ED0A3D28E625}
2012-03-14 07:53:20 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 07:52:38 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 07:52:38 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 07:52:38 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 07:52:37 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 07:52:37 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 07:44:19 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-14 07:44:19 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 06:13:19 -------- d--h--w- c:\program files\common files\EAInstaller
2012-03-14 06:02:51 -------- d-----w- c:\program files\HHD Software
2012-03-13 18:03:17 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{A90A339E-DA9E-4B19-AE80-F078A738B809}
2012-03-13 18:02:54 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{03A2993C-FB21-4614-BDB6-587E27FB3348}
.
==================== Find3M ====================
.
2012-04-02 06:19:53 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-08 16:50:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
2012-03-06 06:39:00 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-06 06:39:00 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-02-29 23:59:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-29 23:59:00 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-29 23:59:00 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-29 23:59:00 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-29 23:59:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-29 20:56:41 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:55:16 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-29 20:53:47 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:53:46 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-29 20:53:46 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-02-29 20:53:45 2561344 ----a-w- c:\windows\system32\nvsvcr.dll
2012-02-29 15:11:45 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11:42 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09:53 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 13:32:37 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-29 12:26:56 416064 ----a-w- c:\windows\system32\nvStreaming.exe
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-18 15:55:45 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-25 02:07:19 0 ----a-w- C:\DFRC602.tmp
2012-01-24 16:00:12 98816 ----a-w- c:\windows\system32\mfps.dll
2012-01-24 15:59:50 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-01-24 15:59:50 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-01-24 15:59:50 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
2012-01-24 15:59:50 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-01-24 15:59:50 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-01-24 15:59:50 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-01-24 15:59:50 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-01-24 15:59:50 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-01-23 20:13:02 319456 ----a-w- c:\windows\DIFxAPI.dll
2012-01-23 20:12:55 319488 ----a-w- c:\windows\HideWin.exe
2012-01-17 12:46:00 27968 ----a-w- c:\windows\system32\nvhdap32.dll
2012-01-17 12:45:59 67392 ----a-w- c:\windows\system32\nvapo32v.dll
2012-01-17 12:45:56 148800 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2012-01-17 12:45:54 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
.
============= FINISH: 16:03:44.90 ===============





Attach.txt


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 23/01/2012 21:18:49
System Uptime: 12/04/2012 04:20:02 (12 hours ago)
.
Motherboard: Quanta | | TW8/SW8/DW8
Processor: Intel® Core™2 Duo CPU P8700 @ 2.53GHz | CPU | 2534/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 61.872 GiB free.
D: is CDROM (CDFS)
E: is FIXED (NTFS) - 149 GiB total, 13.228 GiB free.
F: is FIXED (NTFS) - 149 GiB total, 48.579 GiB free.
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP183: 04/04/2012 00:56:19 - Scheduled Checkpoint
RP184: 04/04/2012 08:55:47 - Windows Update
RP186: 05/04/2012 04:13:49 - Windows Live Essentials
RP187: 05/04/2012 08:26:24 - Windows Update
RP188: 06/04/2012 09:04:40 - Windows Update
RP189: 07/04/2012 04:41:32 - Scheduled Checkpoint
RP190: 07/04/2012 08:26:34 - Windows Update
RP191: 08/04/2012 07:52:37 - Scheduled Checkpoint
RP192: 08/04/2012 08:25:45 - Windows Update
RP193: 09/04/2012 08:30:25 - Windows Update
RP194: 10/04/2012 08:27:31 - Windows Update
RP195: 11/04/2012 08:31:55 - Windows Update
RP196: 12/04/2012 - Scheduled Checkpoint
RP197: 12/04/2012 03:00:12 - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
Agere Systems HDA Modem
AIMP2
Anathema
µTorrent
Combined Community Codec Pack 2010-10-10
Compatibility Pack for the 2007 Office system
D3DX10
Google Chrome
HHD Software Hex Editor Neo 5.01
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IMinent Toolbar
Intel PROSet Wireless
Intel® PROSet/Wireless WiFi Software
Intel® Matrix Storage Manager
Java Auto Updater
Java™ 6 Update 31
Keyboard Manager Utility
Kingdoms of Amalur - Reckoning "Update" version 1.0.0.2
Kingdoms of Amalur Reckoning
Malwarebytes Anti-Malware version 1.61.0.1400
Mass Effect™ 3
Master Of Magic
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Office Word Viewer 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
MSVCRT
Mumble 1.2.3
NC Launcher (GameForge)
Nexus Mod Manager
NVIDIA 3D Vision Driver 296.10
NVIDIA Control Panel 296.10
NVIDIA Graphics Driver 296.10
NVIDIA HD Audio Driver 1.3.12.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Stereoscopic 3D Driver
PL-2303 Vista Driver Installer
PowerISO
Real Alternative 2.0.2
Realtek Ethernet Controller Driver For Windows Vista
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Segoe UI
Shoot Many Robots © Demiurge Studios version 1
Skype™ 5.8
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Ventrilo Client
VLC media player 2.0.1
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.00 beta 6 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
12/04/2012 15:56:54, Error: Service Control Manager [7023] - The Nwdls service

terminated with the following error: Access is denied.
12/04/2012 15:41:55, Error: Service Control Manager [7023] - The Cam5603D service

terminated with the following error: Access is denied.
12/04/2012 15:26:54, Error: Service Control Manager [7023] - The AN983 service

terminated with the following error: Access is denied.
12/04/2012 15:11:54, Error: Service Control Manager [7023] - The Nvgts service

terminated with the following error: Access is denied.
12/04/2012 14:56:54, Error: Service Control Manager [7023] - The Ipssvc service

terminated with the following error: Access is denied.
12/04/2012 14:41:54, Error: Service Control Manager [7023] - The Schscnt service

terminated with the following error: Access is denied.
12/04/2012 14:26:54, Error: Service Control Manager [7023] - The Procdd service

terminated with the following error: Access is denied.
12/04/2012 14:11:54, Error: Service Control Manager [7023] - The Pclepci service

terminated with the following error: Access is denied.
12/04/2012 13:56:54, Error: Service Control Manager [7023] - The SE26mgmt service

terminated with the following error: Access is denied.
12/04/2012 13:41:54, Error: Service Control Manager [7023] - The Se45mgmt service

terminated with the following error: Access is denied.
12/04/2012 13:26:55, Error: Service Control Manager [7023] - The Mfetdik service

terminated with the following error: Access is denied.
12/04/2012 13:11:56, Error: Service Control Manager [7023] - The Curtainssyssvc

service terminated with the following error: Access is denied.
12/04/2012 13:00:55, Error: Service Control Manager [7023] - The Lvcomser service

terminated with the following error: Access is denied.
12/04/2012 12:59:55, Error: Service Control Manager [7023] - The Omci service

terminated with the following error: Access is denied.
12/04/2012 12:56:55, Error: Service Control Manager [7023] - The WcesComm service

terminated with the following error: Access is denied.
12/04/2012 12:55:55, Error: Service Control Manager [7023] - The WUSB54GCSVC

service terminated with the following error: Access is denied.
12/04/2012 04:32:21, Error: Service Control Manager [7009] - A timeout was

reached (30000 milliseconds) while waiting for the Windows Search service to

connect.
12/04/2012 04:32:21, Error: Service Control Manager [7000] - The Windows Search

service failed to start due to the following error: The service did not respond

to the start or control request in a timely fashion.
12/04/2012 04:32:21, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got

error "1053" attempting to start the service WSearch with arguments "" in order to

run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/04/2012 12:31:03, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address

lease 192.168.1.13 for the Network Card with network address 0022FA2D42D2 has been

denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
10/04/2012 12:29:50, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address

lease 192.168.1.12 for the Network Card with network address 0022FA2D42D2 has been

denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
09/04/2012 08:25:36, Error: Microsoft Antimalware [2001] - Microsoft Antimalware

has encountered an error trying to update signatures. New Signature Version:

Previous Signature Version: 1.123.1315.0 Update Source: Microsoft Update

Server Update Stage: Search Source Path: http://www.microsoft.com

Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM

Current Engine Version: Previous Engine Version: 1.1.8202.0

Error code: 0x8024402f Error description: An unexpected problem occurred

while checking for updates. For information on installing or troubleshooting

updates, see Help and Support.
06/04/2012 09:24:33, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address

lease 192.168.1.11 for the Network Card with network address 0022FA2D42D2 has been

denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
06/04/2012 08:27:44, Error: Microsoft Antimalware [2001] - Microsoft Antimalware

has encountered an error trying to update signatures. New Signature Version:

Previous Signature Version: 1.123.1127.0 Update Source: Microsoft Update

Server Update Stage: Search Source Path: http://www.microsoft.com

Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM

Current Engine Version: Previous Engine Version: 1.1.8202.0

Error code: 0x8024402f Error description: An unexpected problem occurred

while checking for updates. For information on installing or troubleshooting

updates, see Help and Support.
.
==== End Of File ===========================

#2 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,178 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 13 April 2012 - 09:57 AM

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.
For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options)
Post back the report.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#3 Fallen_Angel

Fallen_Angel

    New Member

  • Members
  • Pip
  • 17 posts

Posted 14 April 2012 - 02:58 AM

<p> </p>
<div>RogueKiller V7.3.2 [03/20/2012] by Tigzy</div>
<div>mail: tigzyRK&lt;at&gt;gmail&lt;dot&gt;com</div>
<div>Feedback: http://www.geekstogo...uekiller/</div>
<div>Blog: http://tigzyrk.blogs...gspot.com</div>
<div> </div>
<div>Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version</div>
<div>Started in : Normal mode</div>
<div>User: Lucifer Morningstar [Admin rights]</div>
<div>Mode: Scan -- Date: 04/14/2012 09:56:36</div>
<div> </div>
<div>¤¤¤ Bad processes: 0 ¤¤¤</div>
<div> </div>
<div>¤¤¤ Registry Entries: 3 ¤¤¤</div>
<div>[HJ] HKLM\[...]\System : EnableLUA (0) -&gt; FOUND</div>
<div>[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -&gt; FOUND</div>
<div>[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -&gt; FOUND</div>
<div> </div>
<div>¤¤¤ Particular Files / Folders: ¤¤¤</div>
<div> </div>
<div>¤¤¤ Driver: [LOADED] ¤¤¤</div>
<div> </div>
<div>¤¤¤ Infection :  ¤¤¤</div>
<div> </div>
<div>¤¤¤ HOSTS File: ¤¤¤</div>
<div> </div>
<div> </div>
<div>¤¤¤ MBR Check: ¤¤¤</div>
<div> </div>
<div>+++++ PhysicalDrive0: ST9120822AS +++++</div>
<div>--- User ---</div>
<div>[MBR] 1954251629bddb9a2334663d9040e14b</div>
<div>[BSP] e18ab1359e8ab6f1fd6488de27c6f8e6 : Windows Vista MBR Code</div>
<div>Partition table:</div>
<div>0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 114471 Mo</div>
<div>User = LL1 ... OK!</div>
<div>User = LL2 ... OK!</div>
<div> </div>
<div>Finished : &lt;&lt; RKreport[1].txt &gt;&gt;</div>
<div>RKreport[1].txt</div>
<div> </div>
<div> </div>
<div> </div>


#4 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,178 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 14 April 2012 - 06:08 AM

Please make sure system restore is running and create a new restore point before continuing.

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

Posted Image

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

Posted Image

------------------------

Click the Start Scan button.

Posted Image

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

Posted Image

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


Posted Image


--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#5 Fallen_Angel

Fallen_Angel

    New Member

  • Members
  • Pip
  • 17 posts

Posted 14 April 2012 - 06:29 AM

13:22:14.0452 2236 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
13:22:14.0934 2236 ============================================================
13:22:14.0934 2236 Current date / time: 2012/04/14 13:22:14.0934
13:22:14.0934 2236 SystemInfo:
13:22:14.0934 2236
13:22:14.0934 2236 OS Version: 6.0.6002 ServicePack: 2.0
13:22:14.0934 2236 Product type: Workstation
13:22:14.0934 2236 ComputerName: HELL
13:22:14.0934 2236 UserName: Lucifer Morningstar
13:22:14.0934 2236 Windows directory: C:\Windows
13:22:14.0934 2236 System windows directory: C:\Windows
13:22:14.0934 2236 Processor architecture: Intel x86
13:22:14.0934 2236 Number of processors: 2
13:22:14.0934 2236 Page size: 0x1000
13:22:14.0934 2236 Boot type: Normal boot
13:22:14.0934 2236 ============================================================
13:22:15.0587 2236 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:22:15.0622 2236 \Device\Harddisk0\DR0:
13:22:15.0622 2236 MBR used
13:22:15.0622 2236 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xDF93800
13:22:15.0666 2236 Initialize success
13:22:15.0666 2236 ============================================================
13:23:12.0398 1120 ============================================================
13:23:12.0398 1120 Scan started
13:23:12.0398 1120 Mode: Manual; SigCheck; TDLFS;
13:23:12.0398 1120 ============================================================
13:23:13.0421 1120 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
13:23:13.0540 1120 ACPI - ok
13:23:13.0731 1120 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:23:13.0834 1120 AdobeARMservice - ok
13:23:14.0524 1120 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:23:14.0611 1120 AdobeFlashPlayerUpdateSvc - ok
13:23:15.0260 1120 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
13:23:15.0383 1120 adp94xx - ok
13:23:15.0674 1120 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
13:23:15.0741 1120 adpahci - ok
13:23:16.0072 1120 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
13:23:16.0120 1120 adpu160m - ok
13:23:16.0509 1120 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
13:23:16.0542 1120 adpu320 - ok
13:23:16.0959 1120 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
13:23:17.0187 1120 AeLookupSvc - ok
13:23:17.0614 1120 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
13:23:17.0743 1120 AFD - ok
13:23:18.0050 1120 AgereModemAudio (efbc44fbd75e4f80bd927aebf6e7eade) C:\Windows\system32\agrsmsvc.exe
13:23:18.0148 1120 AgereModemAudio - ok
13:23:18.0788 1120 AgereSoftModem (1cfeba39fc613e45b49d3eddfbcda289) C:\Windows\system32\DRIVERS\AGRSM.sys
13:23:18.0963 1120 AgereSoftModem - ok
13:23:19.0214 1120 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
13:23:19.0252 1120 agp440 - ok
13:23:19.0531 1120 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:23:19.0557 1120 aic78xx - ok
13:23:19.0801 1120 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
13:23:19.0974 1120 ALG - ok
13:23:20.0439 1120 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
13:23:20.0474 1120 aliide - ok
13:23:20.0834 1120 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
13:23:20.0884 1120 amdagp - ok
13:23:21.0213 1120 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
13:23:21.0247 1120 amdide - ok
13:23:21.0634 1120 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
13:23:21.0715 1120 AmdK7 - ok
13:23:22.0104 1120 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
13:23:22.0157 1120 AmdK8 - ok
13:23:22.0541 1120 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
13:23:22.0605 1120 Appinfo - ok
13:23:23.0031 1120 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
13:23:23.0101 1120 arc - ok
13:23:23.0412 1120 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
13:23:23.0453 1120 arcsas - ok
13:23:23.0734 1120 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:23:23.0797 1120 aspnet_state - ok
13:23:24.0137 1120 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:23:24.0197 1120 AsyncMac - ok
13:23:24.0499 1120 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
13:23:24.0517 1120 atapi - ok
13:23:24.0663 1120 ATSWPDRV - ok
13:23:25.0077 1120 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
13:23:25.0195 1120 AudioEndpointBuilder - ok
13:23:25.0233 1120 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
13:23:25.0269 1120 Audiosrv - ok
13:23:25.0551 1120 bcm4sbxp - ok
13:23:25.0891 1120 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:23:25.0997 1120 Beep - ok
13:23:26.0416 1120 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
13:23:26.0619 1120 BITS - ok
13:23:26.0990 1120 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
13:23:27.0080 1120 blbdrive - ok
13:23:27.0487 1120 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
13:23:27.0539 1120 bowser - ok
13:23:28.0020 1120 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:23:28.0093 1120 BrFiltLo - ok
13:23:28.0630 1120 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:23:28.0737 1120 BrFiltUp - ok
13:23:29.0277 1120 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
13:23:29.0337 1120 Browser - ok
13:23:29.0764 1120 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:23:30.0054 1120 Brserid - ok
13:23:30.0445 1120 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:23:30.0572 1120 BrSerWdm - ok
13:23:31.0157 1120 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:23:31.0223 1120 BrUsbMdm - ok
13:23:31.0677 1120 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:23:31.0751 1120 BrUsbSer - ok
13:23:32.0152 1120 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
13:23:32.0229 1120 BTHMODEM - ok
13:23:32.0502 1120 catchme - ok
13:23:32.0851 1120 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:23:32.0911 1120 cdfs - ok
13:23:33.0244 1120 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
13:23:33.0339 1120 cdrom - ok
13:23:33.0688 1120 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
13:23:33.0760 1120 CertPropSvc - ok
13:23:34.0101 1120 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
13:23:34.0165 1120 circlass - ok
13:23:34.0483 1120 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
13:23:34.0511 1120 CLFS - ok
13:23:34.0590 1120 clr_optimization_v2.0.50215_32 - ok
13:23:34.0786 1120 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:23:34.0869 1120 clr_optimization_v2.0.50727_32 - ok
13:23:35.0379 1120 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:23:35.0484 1120 clr_optimization_v4.0.30319_32 - ok
13:23:35.0964 1120 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
13:23:36.0019 1120 CmBatt - ok
13:23:36.0380 1120 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
13:23:36.0398 1120 cmdide - ok
13:23:36.0930 1120 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
13:23:36.0978 1120 Compbatt - ok
13:23:37.0243 1120 COMSysApp - ok
13:23:37.0654 1120 cqmgstor - ok
13:23:37.0983 1120 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
13:23:38.0002 1120 crcdisk - ok
13:23:38.0134 1120 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
13:23:38.0190 1120 Crusoe - ok
13:23:38.0302 1120 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
13:23:38.0351 1120 CryptSvc - ok
13:23:38.0376 1120 crystaloutputfileserver - ok
13:23:38.0487 1120 CTEDSPFX.DLL - ok
13:23:38.0698 1120 CX88AUD - ok
13:23:39.0241 1120 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
13:23:39.0322 1120 DcomLaunch - ok
13:23:39.0673 1120 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
13:23:39.0757 1120 DfsC - ok
13:23:40.0562 1120 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
13:23:40.0968 1120 DFSR - ok
13:23:41.0518 1120 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
13:23:41.0618 1120 Dhcp - ok
13:23:42.0184 1120 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
13:23:42.0253 1120 disk - ok
13:23:42.0475 1120 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
13:23:42.0559 1120 Dnscache - ok
13:23:42.0851 1120 dnsexit - ok
13:23:43.0107 1120 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
13:23:43.0143 1120 dot3svc - ok
13:23:43.0278 1120 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
13:23:43.0352 1120 DPS - ok
13:23:43.0831 1120 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
13:23:43.0901 1120 drmkaud - ok
13:23:44.0106 1120 DSI_SiUSBXp_3_1 - ok
13:23:44.0318 1120 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
13:23:44.0382 1120 DXGKrnl - ok
13:23:44.0448 1120 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:23:44.0503 1120 E1G60 - ok
13:23:44.0578 1120 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
13:23:44.0635 1120 EapHost - ok
13:23:44.0801 1120 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
13:23:44.0847 1120 Ecache - ok
13:23:44.0866 1120 egathdrv - ok
13:23:45.0006 1120 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
13:23:45.0087 1120 ehRecvr - ok
13:23:45.0166 1120 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
13:23:45.0230 1120 ehSched - ok
13:23:45.0266 1120 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
13:23:45.0302 1120 ehstart - ok
13:23:45.0618 1120 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
13:23:45.0688 1120 elxstor - ok
13:23:46.0094 1120 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
13:23:46.0253 1120 EMDMgmt - ok
13:23:46.0598 1120 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
13:23:46.0633 1120 ErrDev - ok
13:23:47.0059 1120 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
13:23:47.0141 1120 EventSystem - ok
13:23:47.0383 1120 EvtEng (306ac856622864c761cbdb5e816bb9d8) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
13:23:47.0510 1120 EvtEng ( UnsignedFile.Multi.Generic ) - warning
13:23:47.0511 1120 EvtEng - detected UnsignedFile.Multi.Generic (1)
13:23:47.0872 1120 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
13:23:47.0948 1120 exfat - ok
13:23:48.0195 1120 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
13:23:48.0262 1120 fastfat - ok
13:23:48.0505 1120 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
13:23:48.0559 1120 fdc - ok
13:23:48.0705 1120 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
13:23:48.0735 1120 fdPHost - ok
13:23:48.0878 1120 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
13:23:48.0952 1120 FDResPub - ok
13:23:49.0211 1120 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:23:49.0239 1120 FileInfo - ok
13:23:49.0407 1120 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:23:49.0463 1120 Filetrace - ok
13:23:49.0703 1120 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
13:23:49.0749 1120 flpydisk - ok
13:23:49.0916 1120 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
13:23:49.0952 1120 FltMgr - ok
13:23:50.0136 1120 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
13:23:50.0267 1120 FontCache - ok
13:23:50.0534 1120 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:23:50.0568 1120 FontCache3.0.0.0 - ok
13:23:50.0722 1120 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
13:23:50.0786 1120 Fs_Rec - ok
13:23:51.0018 1120 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
13:23:51.0046 1120 gagp30kx - ok
13:23:51.0252 1120 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
13:23:51.0445 1120 gpsvc - ok
13:23:51.0894 1120 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
13:23:51.0975 1120 HdAudAddService - ok
13:23:52.0474 1120 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:23:52.0541 1120 HDAudBus - ok
13:23:52.0830 1120 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:23:52.0897 1120 HidBth - ok
13:23:53.0103 1120 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
13:23:53.0173 1120 HidIr - ok
13:23:53.0365 1120 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
13:23:53.0471 1120 hidserv - ok
13:23:53.0547 1120 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
13:23:53.0590 1120 HidUsb - ok
13:23:53.0738 1120 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
13:23:53.0800 1120 hkmsvc - ok
13:23:54.0135 1120 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
13:23:54.0155 1120 HpCISSs - ok
13:23:54.0605 1120 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
13:23:54.0671 1120 HTTP - ok
13:23:54.0821 1120 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
13:23:54.0856 1120 i2omp - ok
13:23:54.0912 1120 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:23:54.0970 1120 i8042prt - ok
13:23:55.0128 1120 IAANTMON (3e42c4691aad4b1e8d0466f9cbf05cbe) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
13:23:55.0236 1120 IAANTMON - ok
13:23:55.0568 1120 iaStor (707c1692214b1c290271067197f075f6) C:\Windows\system32\DRIVERS\iaStor.sys
13:23:55.0598 1120 iaStor - ok
13:23:55.0985 1120 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
13:23:56.0042 1120 iaStorV - ok
13:23:56.0459 1120 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:23:56.0629 1120 idsvc - ok
13:23:56.0970 1120 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:23:57.0014 1120 iirsp - ok
13:23:57.0222 1120 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
13:23:57.0430 1120 IKEEXT - ok
13:23:57.0874 1120 IntcAzAudAddService (a963d32ab87a83445e7d21bd5620539a) C:\Windows\system32\drivers\RTKVHDA.sys
13:23:57.0955 1120 IntcAzAudAddService - ok
13:23:58.0305 1120 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
13:23:58.0336 1120 intelide - ok
13:23:58.0409 1120 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
13:23:58.0463 1120 intelppm - ok
13:23:58.0537 1120 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
13:23:58.0603 1120 IPBusEnum - ok
13:23:58.0672 1120 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:23:58.0733 1120 IpFilterDriver - ok
13:23:59.0143 1120 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
13:23:59.0253 1120 iphlpsvc - ok
13:23:59.0412 1120 IpInIp - ok
13:23:59.0731 1120 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
13:23:59.0800 1120 IPMIDRV - ok
13:24:00.0038 1120 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
13:24:00.0068 1120 IPNAT - ok
13:24:00.0292 1120 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:24:00.0321 1120 IRENUM - ok
13:24:00.0467 1120 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
13:24:00.0493 1120 isapnp - ok
13:24:00.0862 1120 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
13:24:00.0921 1120 iScsiPrt - ok
13:24:01.0248 1120 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:24:01.0268 1120 iteatapi - ok
13:24:01.0756 1120 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:24:01.0777 1120 iteraid - ok
13:24:01.0912 1120 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:24:01.0937 1120 kbdclass - ok
13:24:02.0163 1120 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
13:24:02.0223 1120 kbdhid - ok
13:24:02.0469 1120 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:24:02.0530 1120 KeyIso - ok
13:24:02.0691 1120 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
13:24:02.0817 1120 KMWDFILTER - ok
13:24:03.0200 1120 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
13:24:03.0247 1120 KSecDD - ok
13:24:03.0589 1120 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
13:24:03.0739 1120 KtmRm - ok
13:24:03.0957 1120 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
13:24:04.0026 1120 LanmanServer - ok
13:24:04.0195 1120 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
13:24:04.0273 1120 LanmanWorkstation - ok
13:24:04.0535 1120 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:24:04.0601 1120 lltdio - ok
13:24:04.0664 1120 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
13:24:04.0729 1120 lltdsvc - ok
13:24:04.0751 1120 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
13:24:04.0798 1120 lmhosts - ok
13:24:04.0818 1120 LMIRfsDriver - ok
13:24:04.0891 1120 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
13:24:04.0938 1120 LSI_FC - ok
13:24:05.0039 1120 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
13:24:05.0088 1120 LSI_SAS - ok
13:24:05.0209 1120 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
13:24:05.0258 1120 LSI_SCSI - ok
13:24:05.0307 1120 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:24:05.0403 1120 luafv - ok
13:24:05.0593 1120 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
13:24:05.0630 1120 MBAMProtector - ok
13:24:05.0872 1120 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:24:06.0012 1120 MBAMService - ok
13:24:06.0279 1120 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
13:24:06.0329 1120 Mcx2Svc - ok
13:24:06.0469 1120 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
13:24:06.0489 1120 megasas - ok
13:24:06.0681 1120 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
13:24:06.0740 1120 MegaSR - ok
13:24:06.0888 1120 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:24:06.0960 1120 MMCSS - ok
13:24:07.0111 1120 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:24:07.0172 1120 Modem - ok
13:24:07.0461 1120 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:24:07.0530 1120 monitor - ok
13:24:07.0619 1120 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:24:07.0641 1120 mouclass - ok
13:24:07.0752 1120 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
13:24:07.0799 1120 mouhid - ok
13:24:07.0894 1120 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:24:07.0921 1120 MountMgr - ok
13:24:08.0021 1120 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
13:24:08.0075 1120 MpFilter - ok
13:24:08.0203 1120 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
13:24:08.0254 1120 mpio - ok
13:24:08.0371 1120 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
13:24:08.0393 1120 MpNWMon - ok
13:24:08.0819 1120 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:24:08.0890 1120 mpsdrv - ok
13:24:09.0125 1120 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:24:09.0160 1120 Mraid35x - ok
13:24:09.0301 1120 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
13:24:09.0323 1120 MRxDAV - ok
13:24:09.0507 1120 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:24:09.0586 1120 mrxsmb - ok
13:24:09.0789 1120 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:24:09.0831 1120 mrxsmb10 - ok
13:24:10.0040 1120 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:24:10.0104 1120 mrxsmb20 - ok
13:24:10.0409 1120 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
13:24:10.0426 1120 msahci - ok
13:24:10.0512 1120 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
13:24:10.0551 1120 msdsm - ok
13:24:10.0612 1120 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
13:24:10.0647 1120 MSDTC - ok
13:24:10.0816 1120 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:24:10.0874 1120 Msfs - ok
13:24:11.0074 1120 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:24:11.0124 1120 msisadrv - ok
13:24:11.0370 1120 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
13:24:11.0435 1120 MSiSCSI - ok
13:24:11.0654 1120 msiserver - ok
13:24:11.0903 1120 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
13:24:11.0954 1120 MSKSSRV - ok
13:24:12.0159 1120 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
13:24:12.0183 1120 MsMpSvc - ok
13:24:12.0500 1120 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
13:24:12.0532 1120 MSPCLOCK - ok
13:24:12.0708 1120 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
13:24:12.0753 1120 MSPQM - ok
13:24:13.0086 1120 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
13:24:13.0163 1120 MsRPC - ok
13:24:13.0460 1120 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:24:13.0501 1120 mssmbios - ok
13:24:13.0564 1120 mssqlserver - ok
13:24:13.0642 1120 mstdc - ok
13:24:13.0940 1120 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
13:24:13.0987 1120 MSTEE - ok
13:24:14.0362 1120 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
13:24:14.0390 1120 Mup - ok
13:24:14.0797 1120 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
13:24:14.0857 1120 napagent - ok
13:24:15.0218 1120 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
13:24:15.0294 1120 NativeWifiP - ok
13:24:15.0889 1120 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
13:24:15.0988 1120 NDIS - ok
13:24:16.0251 1120 ndiscm - ok
13:24:16.0518 1120 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:24:16.0562 1120 NdisTapi - ok
13:24:16.0925 1120 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:24:16.0953 1120 Ndisuio - ok
13:24:17.0486 1120 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:24:17.0602 1120 NdisWan - ok
13:24:18.0185 1120 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:24:18.0250 1120 NDProxy - ok
13:24:18.0878 1120 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
13:24:18.0946 1120 NetBIOS - ok
13:24:19.0612 1120 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
13:24:19.0708 1120 netbt - ok
13:24:20.0015 1120 NETGEAR_MA111 - ok
13:24:20.0313 1120 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:24:20.0339 1120 Netlogon - ok
13:24:20.0678 1120 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
13:24:20.0779 1120 Netman - ok
13:24:21.0013 1120 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:24:21.0067 1120 NetMsmqActivator - ok
13:24:21.0091 1120 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:24:21.0114 1120 NetPipeActivator - ok
13:24:21.0482 1120 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
13:24:21.0541 1120 netprofm - ok
13:24:21.0890 1120 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:24:21.0916 1120 NetTcpActivator - ok
13:24:21.0943 1120 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:24:21.0967 1120 NetTcpPortSharing - ok
13:24:22.0879 1120 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
13:24:23.0233 1120 NETw5v32 - ok
13:24:23.0579 1120 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:24:23.0627 1120 nfrd960 - ok
13:24:23.0927 1120 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:24:23.0984 1120 NisDrv - ok
13:24:24.0033 1120 NisSrv (a5cb074f34bbd89948e34a630d459c0c) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
13:24:24.0107 1120 NisSrv - ok
13:24:24.0408 1120 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
13:24:24.0526 1120 NlaSvc - ok
13:24:24.0805 1120 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
13:24:24.0868 1120 Npfs - ok
13:24:25.0185 1120 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
13:24:25.0252 1120 nsi - ok
13:24:25.0503 1120 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:24:25.0561 1120 nsiproxy - ok
13:24:26.0383 1120 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
13:24:26.0555 1120 Ntfs - ok
13:24:27.0207 1120 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:24:27.0310 1120 ntrigdigi - ok
13:24:27.0466 1120 ntuneservice - ok
13:24:27.0639 1120 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:24:27.0701 1120 Null - ok
13:24:28.0149 1120 NVHDA (3d7fb57354703809b5f0c23287fac1d6) C:\Windows\system32\drivers\nvhda32v.sys
13:24:28.0212 1120 NVHDA - ok
13:24:31.0031 1120 nvlddmkm (e891b3979f0cf2740c1b073f834221fe) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:24:32.0555 1120 nvlddmkm - ok
13:24:32.0977 1120 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
13:24:33.0021 1120 nvraid - ok
13:24:33.0551 1120 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
13:24:33.0574 1120 nvstor - ok
13:24:34.0424 1120 nvsvc (ae2de8e165dcb93a66b21748e6f913df) C:\Windows\system32\nvvsvc.exe
13:24:34.0603 1120 nvsvc - ok
13:24:34.0938 1120 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
13:24:34.0961 1120 nv_agp - ok
13:24:35.0266 1120 NwlnkFlt - ok
13:24:35.0340 1120 NwlnkFwd - ok
13:24:35.0367 1120 O2SCBUS - ok
13:24:35.0408 1120 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
13:24:35.0467 1120 ohci1394 - ok
13:24:35.0477 1120 OsaFsLoc - ok
13:24:35.0555 1120 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:24:35.0579 1120 ose - ok
13:24:35.0917 1120 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:24:36.0010 1120 p2pimsvc - ok
13:24:36.0183 1120 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:24:36.0240 1120 p2psvc - ok
13:24:36.0460 1120 paamsrv - ok
13:24:36.0597 1120 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
13:24:36.0656 1120 Parport - ok
13:24:37.0109 1120 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
13:24:37.0137 1120 partmgr - ok
13:24:37.0524 1120 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
13:24:37.0590 1120 Parvdm - ok
13:24:37.0726 1120 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
13:24:37.0784 1120 PcaSvc - ok
13:24:37.0893 1120 pchost - ok
13:24:38.0299 1120 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
13:24:38.0375 1120 pci - ok
13:24:38.0546 1120 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
13:24:38.0611 1120 pciide - ok
13:24:38.0773 1120 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
13:24:38.0838 1120 pcmcia - ok
13:24:39.0360 1120 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:24:39.0471 1120 PEAUTH - ok
13:24:39.0999 1120 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
13:24:40.0212 1120 pla - ok
13:24:40.0564 1120 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
13:24:41.0400 1120 PlugPlay - ok
13:24:41.0791 1120 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:24:41.0832 1120 PNRPAutoReg - ok
13:24:41.0902 1120 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:24:41.0950 1120 PNRPsvc - ok
13:24:42.0394 1120 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
13:24:42.0469 1120 PolicyAgent - ok
13:24:42.0853 1120 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:24:42.0970 1120 PptpMiniport - ok
13:24:43.0386 1120 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
13:24:43.0439 1120 Processor - ok
13:24:43.0736 1120 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
13:24:43.0815 1120 ProfSvc - ok
13:24:44.0142 1120 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:24:44.0168 1120 ProtectedStorage - ok
13:24:44.0507 1120 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
13:24:44.0570 1120 PSched - ok
13:24:44.0766 1120 qbposdbextservices - ok
13:24:45.0177 1120 qconsvc - ok
13:24:45.0613 1120 qkbfiltr (a94f63608371ab232ed75fbab00fb132) C:\Windows\system32\DRIVERS\qkbfiltr.sys
13:24:45.0707 1120 qkbfiltr - ok
13:24:46.0543 1120 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
13:24:46.0722 1120 ql2300 - ok
13:24:47.0224 1120 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:24:47.0284 1120 ql40xx - ok
13:24:47.0474 1120 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
13:24:47.0619 1120 QWAVE - ok
13:24:48.0019 1120 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
13:24:48.0043 1120 QWAVEdrv - ok
13:24:48.0418 1120 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:24:48.0460 1120 RasAcd - ok
13:24:48.0792 1120 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
13:24:48.0897 1120 RasAuto - ok
13:24:49.0041 1120 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:24:49.0110 1120 Rasl2tp - ok
13:24:49.0205 1120 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
13:24:49.0260 1120 RasMan - ok
13:24:49.0464 1120 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
13:24:49.0502 1120 RasPppoe - ok
13:24:49.0975 1120 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
13:24:50.0063 1120 RasSstp - ok
13:24:50.0462 1120 Rawwan - ok
13:24:51.0012 1120 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
13:24:51.0116 1120 rdbss - ok
13:24:51.0342 1120 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:24:51.0372 1120 RDPCDD - ok
13:24:51.0935 1120 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
13:24:51.0957 1120 rdpdr - ok
13:24:52.0586 1120 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:24:52.0668 1120 RDPENCDD - ok
13:24:53.0207 1120 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
13:24:53.0356 1120 RDPWD - ok
13:24:53.0933 1120 RegSrvc (b33c88df3588acf250b87a004526c31a) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
13:24:54.0092 1120 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
13:24:54.0092 1120 RegSrvc - detected UnsignedFile.Multi.Generic (1)
13:24:54.0467 1120 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
13:24:54.0606 1120 RemoteAccess - ok
13:24:55.0085 1120 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
13:24:55.0139 1120 RemoteRegistry - ok
13:24:55.0485 1120 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
13:24:55.0625 1120 RpcLocator - ok
13:24:56.0258 1120 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
13:24:56.0313 1120 RpcSs - ok
13:24:56.0559 1120 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:24:56.0666 1120 rspndr - ok
13:24:57.0273 1120 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
13:24:57.0293 1120 RTL8169 - ok
13:24:57.0540 1120 RtlProt (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys
13:24:57.0567 1120 RtlProt - ok
13:24:57.0602 1120 rtm - ok
13:24:57.0987 1120 RTSTOR (b0538dea03e088b80482ca939f4e8740) C:\Windows\system32\drivers\RTSTOR.SYS
13:24:58.0119 1120 RTSTOR - ok
13:24:58.0488 1120 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:24:58.0514 1120 SamSs - ok
13:24:58.0937 1120 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:24:58.0969 1120 sbp2port - ok
13:24:59.0341 1120 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
13:24:59.0384 1120 SCardSvr - ok
13:24:59.0551 1120 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\Windows\system32\drivers\SCDEmu.sys
13:24:59.0589 1120 SCDEmu ( UnsignedFile.Multi.Generic ) - warning
13:24:59.0589 1120 SCDEmu - detected UnsignedFile.Multi.Generic (1)
13:24:59.0891 1120 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
13:25:00.0008 1120 Schedule - ok
13:25:00.0353 1120 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
13:25:00.0382 1120 SCPolicySvc - ok
13:25:00.0583 1120 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
13:25:00.0645 1120 SDRSVC - ok
13:25:01.0025 1120 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:25:01.0108 1120 secdrv - ok
13:25:01.0492 1120 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
13:25:01.0549 1120 seclogon - ok
13:25:01.0845 1120 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
13:25:01.0904 1120 SENS - ok
13:25:01.0977 1120 ser2plms - ok
13:25:02.0177 1120 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
13:25:02.0244 1120 Serenum - ok
13:25:02.0521 1120 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
13:25:02.0617 1120 Serial - ok
13:25:02.0997 1120 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:25:03.0039 1120 sermouse - ok
13:25:03.0334 1120 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
13:25:03.0402 1120 SessionEnv - ok
13:25:03.0644 1120 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
13:25:03.0681 1120 sffdisk - ok
13:25:03.0862 1120 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
13:25:03.0925 1120 sffp_mmc - ok
13:25:04.0015 1120 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
13:25:04.0081 1120 sffp_sd - ok
13:25:04.0332 1120 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
13:25:04.0395 1120 sfloppy - ok
13:25:04.0673 1120 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
13:25:04.0768 1120 SharedAccess - ok
13:25:05.0099 1120 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
13:25:05.0223 1120 ShellHWDetection - ok
13:25:05.0484 1120 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
13:25:05.0510 1120 sisagp - ok
13:25:05.0830 1120 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
13:25:05.0857 1120 SiSRaid2 - ok
13:25:05.0923 1120 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
13:25:05.0961 1120 SiSRaid4 - ok
13:25:06.0061 1120 SkypeUpdate (62b825015fa289d2c5ebf8b00846a8ff) C:\Program Files\Skype\Updater\Updater.exe
13:25:06.0225 1120 SkypeUpdate - ok
13:25:06.0510 1120 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
13:25:06.0820 1120 slsvc - ok
13:25:07.0150 1120 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
13:25:07.0220 1120 SLUINotify - ok
13:25:07.0494 1120 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
13:25:07.0560 1120 Smb - ok
13:25:07.0718 1120 smwdm - ok
13:25:07.0964 1120 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
13:25:08.0023 1120 SNMPTRAP - ok
13:25:08.0129 1120 speedfan - ok
13:25:08.0418 1120 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:25:08.0437 1120 spldr - ok
13:25:08.0533 1120 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
13:25:08.0605 1120 Spooler - ok
13:25:08.0888 1120 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
13:25:08.0975 1120 srv - ok
13:25:09.0289 1120 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
13:25:09.0335 1120 srv2 - ok
13:25:09.0462 1120 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
13:25:09.0498 1120 srvnet - ok
13:25:09.0562 1120 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
13:25:09.0600 1120 SSDPSRV - ok
13:25:09.0694 1120 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
13:25:09.0735 1120 SstpSvc - ok
13:25:09.0749 1120 stac97 - ok
13:25:09.0971 1120 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
13:25:11.0835 1120 Stereo Service - ok
13:25:12.0158 1120 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
13:25:12.0314 1120 stisvc - ok
13:25:12.0515 1120 streamip - ok
13:25:12.0883 1120 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:25:12.0935 1120 swenum - ok
13:25:13.0260 1120 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
13:25:13.0341 1120 swprv - ok
13:25:13.0680 1120 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:25:13.0700 1120 Symc8xx - ok
13:25:14.0054 1120 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:25:14.0073 1120 Sym_hi - ok
13:25:14.0414 1120 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:25:14.0444 1120 Sym_u3 - ok
13:25:14.0786 1120 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys
13:25:14.0861 1120 SynTP - ok
13:25:15.0139 1120 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
13:25:15.0230 1120 SysMain - ok
13:25:15.0592 1120 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
13:25:15.0645 1120 TabletInputService - ok
13:25:15.0913 1120 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
13:25:15.0947 1120 TapiSrv - ok
13:25:16.0282 1120 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
13:25:16.0389 1120 TBS - ok
13:25:16.0660 1120 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
13:25:16.0754 1120 Tcpip - ok
13:25:16.0893 1120 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
13:25:16.0962 1120 Tcpip6 - ok
13:25:17.0028 1120 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
13:25:17.0091 1120 tcpipreg - ok
13:25:17.0127 1120 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:25:17.0157 1120 TDPIPE - ok
13:25:17.0181 1120 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:25:17.0212 1120 TDTCP - ok
13:25:17.0244 1120 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
13:25:17.0305 1120 tdx - ok
13:25:17.0436 1120 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
13:25:17.0465 1120 TermDD - ok
13:25:17.0525 1120 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
13:25:17.0605 1120 TermService - ok
13:25:17.0646 1120 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
13:25:17.0676 1120 Themes - ok
13:25:17.0708 1120 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:25:17.0739 1120 THREADORDER - ok
13:25:17.0749 1120 tossmbnt - ok
13:25:17.0811 1120 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
13:25:17.0868 1120 TrkWks - ok
13:25:17.0911 1120 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
13:25:17.0948 1120 TrustedInstaller - ok
13:25:18.0002 1120 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:25:18.0046 1120 tssecsrv - ok
13:25:18.0095 1120 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:25:18.0132 1120 tunmp - ok
13:25:18.0170 1120 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
13:25:18.0193 1120 tunnel - ok
13:25:18.0244 1120 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
13:25:18.0271 1120 uagp35 - ok
13:25:18.0307 1120 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
13:25:18.0336 1120 udfs - ok
13:25:18.0429 1120 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
13:25:18.0477 1120 UI0Detect - ok
13:25:18.0529 1120 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
13:25:18.0560 1120 uliagpkx - ok
13:25:18.0633 1120 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
13:25:18.0699 1120 uliahci - ok
13:25:18.0777 1120 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:25:18.0796 1120 UlSata - ok
13:25:18.0812 1120 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:25:18.0832 1120 ulsata2 - ok
13:25:18.0901 1120 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:25:18.0947 1120 umbus - ok
13:25:19.0008 1120 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
13:25:19.0062 1120 upnphost - ok
13:25:19.0147 1120 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
13:25:19.0184 1120 usbccgp - ok
13:25:19.0230 1120 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
13:25:19.0283 1120 usbcir - ok
13:25:19.0364 1120 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
13:25:19.0404 1120 usbehci - ok
13:25:19.0464 1120 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
13:25:19.0537 1120 usbhub - ok
13:25:19.0610 1120 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
13:25:19.0656 1120 usbohci - ok
13:25:19.0698 1120 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
13:25:19.0773 1120 usbprint - ok
13:25:20.0325 1120 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:25:20.0404 1120 USBSTOR - ok
13:25:20.0830 1120 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:25:20.0894 1120 usbuhci - ok
13:25:21.0273 1120 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
13:25:21.0321 1120 usbvideo - ok
13:25:21.0489 1120 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
13:25:21.0544 1120 UxSms - ok
13:25:21.0609 1120 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
13:25:21.0683 1120 vds - ok
13:25:21.0997 1120 veteboot - ok
13:25:22.0280 1120 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
13:25:22.0366 1120 vga - ok
13:25:22.0589 1120 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
13:25:22.0620 1120 VgaSave - ok
13:25:22.0986 1120 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
13:25:23.0042 1120 viaagp - ok
13:25:23.0546 1120 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
13:25:23.0579 1120 ViaC7 - ok
13:25:24.0088 1120 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
13:25:24.0105 1120 viaide - ok
13:25:24.0396 1120 vmkbd2 - ok
13:25:24.0570 1120 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
13:25:24.0634 1120 volmgr - ok
13:25:24.0964 1120 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
13:25:24.0988 1120 volmgrx - ok
13:25:25.0514 1120 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
13:25:25.0625 1120 volsnap - ok
13:25:26.0229 1120 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
13:25:26.0266 1120 vsmraid - ok
13:25:27.0030 1120 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
13:25:27.0237 1120 VSS - ok
13:25:27.0474 1120 w200mdm - ok
13:25:27.0628 1120 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
13:25:27.0687 1120 W32Time - ok
13:25:28.0072 1120 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:25:28.0115 1120 WacomPen - ok
13:25:28.0573 1120 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:25:28.0611 1120 Wanarp - ok
13:25:28.0634 1120 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:25:28.0671 1120 Wanarpv6 - ok
13:25:29.0124 1120 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
13:25:29.0236 1120 wcncsvc - ok
13:25:29.0590 1120 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
13:25:29.0646 1120 WcsPlugInService - ok
13:25:30.0066 1120 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
13:25:30.0086 1120 Wd - ok
13:25:30.0575 1120 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
13:25:30.0680 1120 Wdf01000 - ok
13:25:31.0068 1120 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:25:31.0171 1120 WdiServiceHost - ok
13:25:31.0187 1120 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:25:31.0221 1120 WdiSystemHost - ok
13:25:31.0560 1120 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
13:25:31.0655 1120 WebClient - ok
13:25:32.0026 1120 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
13:25:32.0077 1120 Wecsvc - ok
13:25:32.0183 1120 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
13:25:32.0245 1120 wercplsupport - ok
13:25:32.0441 1120 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
13:25:32.0485 1120 WerSvc - ok
13:25:32.0706 1120 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
13:25:32.0781 1120 WinDefend - ok
13:25:32.0806 1120 WinHttpAutoProxySvc - ok
13:25:33.0323 1120 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
13:25:33.0402 1120 Winmgmt - ok
13:25:33.0523 1120 winpppoverethernet - ok
13:25:33.0792 1120 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
13:25:33.0943 1120 WinRM - ok
13:25:34.0300 1120 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
13:25:34.0430 1120 Wlansvc - ok
13:25:35.0087 1120 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:25:35.0299 1120 wlidsvc - ok
13:25:35.0489 1120 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
13:25:35.0531 1120 WmiAcpi - ok
13:25:35.0829 1120 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
13:25:35.0938 1120 wmiApSrv - ok
13:25:36.0203 1120 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
13:25:36.0468 1120 WMPNetworkSvc - ok
13:25:36.0833 1120 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
13:25:36.0898 1120 WPCSvc - ok
13:25:37.0166 1120 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
13:25:37.0231 1120 WPDBusEnum - ok
13:25:37.0667 1120 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:25:37.0740 1120 WPFFontCache_v0400 - ok
13:25:37.0933 1120 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
13:25:37.0982 1120 ws2ifsl - ok
13:25:38.0197 1120 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
13:25:38.0276 1120 wscsvc - ok
13:25:38.0309 1120 WSearch - ok
13:25:38.0476 1120 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
13:25:38.0677 1120 wuauserv - ok
13:25:38.0730 1120 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:25:38.0777 1120 WUDFRd - ok
13:25:38.0827 1120 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
13:25:38.0891 1120 wudfsvc - ok
13:25:39.0019 1120 wusb54gv2svc - ok
13:25:39.0077 1120 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:25:40.0481 1120 \Device\Harddisk0\DR0 - ok
13:25:40.0541 1120 Boot (0x1200) (a0979c308b32317d32153df4715de082) \Device\Harddisk0\DR0\Partition0
13:25:40.0574 1120 \Device\Harddisk0\DR0\Partition0 - ok
13:25:40.0574 1120 ============================================================
13:25:40.0574 1120 Scan finished
13:25:40.0574 1120 ============================================================
13:25:40.0583 5940 Detected object count: 3
13:25:40.0583 5940 Actual detected object count: 3
13:27:21.0062 5940 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
13:27:21.0062 5940 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:27:21.0063 5940 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:27:21.0063 5940 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:27:21.0064 5940 SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user
13:27:21.0064 5940 SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:27:57.0315 2716 Deinitialize success

#6 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,178 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 14 April 2012 - 06:32 AM

Clean so far....please do this:

Please download and run ComboFix.
The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.
MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#7 Fallen_Angel

Fallen_Angel

    New Member

  • Members
  • Pip
  • 17 posts

Posted 14 April 2012 - 07:43 AM

I used ComboFix sometime ago. But it didn't properly run. On my first try, even though I had all my security programs turned off, it gave me an error saying MSE is still running. The program started. Then upon rebooting, combofix itself came up with an error, and kept rebooting the laptop. I intervened and tried to bypass auto-restart on a critical failure. It didn't work. It kept on rebooting. Then again, managed to stop it entering into Safe mode. After this point, I ran TDSSKiller. Tried to run ComboFix, Again it didn't work properly. In safe mode as well. Same error message, and its automatic attempt to run. The program just didn't want to work.

Finally, I decided to rename the ComboFix directory as it's visible in the logs. Downloaded it again. Manage to run it properly this time.

ComboFix log->



ComboFix 12-04-14.02 - Lucifer Morningstar 14/04/2012 14:12:45.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3038.2017 [GMT 2:00]
Running from: c:\users\Lucifer Morningstar\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setup.dll
c:\programdata\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll
c:\programdata\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\Setup.dat
c:\programdata\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\Setup.exe
c:\programdata\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\Setup.ico
c:\windows\$NtUninstallKB32896$
c:\windows\$NtUninstallKB32896$\1889464350\cfg.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-03-14 to 2012-04-14 )))))))))))))))))))))))))))))))
.
.
2012-04-14 12:19 . 2012-04-14 12:21 -------- d-----w- c:\users\Lucifer Morningstar\AppData\Local\temp
2012-04-14 12:19 . 2012-04-14 12:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-14 04:04 . 2012-04-14 04:04 -------- d-----w- C:\_OTL
2012-04-13 13:39 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{593D43D1-03A4-4499-BCC6-715E440FF3D5}\mpengine.dll
2012-04-13 12:35 . 2012-04-13 12:35 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-13 07:03 . 2012-04-13 07:50 -------- d-----w- C:\-ComboFix
2012-04-12 13:29 . 2012-04-12 13:29 -------- d-----w- c:\users\Lucifer Morningstar\AppData\Roaming\Malwarebytes
2012-04-12 13:26 . 2012-04-12 13:26 -------- d-----w- c:\programdata\Malwarebytes
2012-04-12 13:26 . 2012-04-12 13:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-12 13:26 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-12 11:51 . 2012-04-12 11:51 -------- d-----w- c:\users\Lucifer Morningstar\AppData\Local\Demiurge Studios
2012-04-12 11:51 . 2012-04-12 11:51 -------- d-----w- c:\programdata\RELOADED
2012-04-11 11:30 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-04-11 05:02 . 2012-04-11 05:02 -------- d-----w- c:\users\Lucifer Morningstar\AppData\Roaming\LegacyGames
2012-04-11 02:03 . 2012-04-11 02:04 -------- d-----w- c:\users\Lucifer Morningstar\AppData\Roaming\vlc
2012-04-11 02:02 . 2012-04-11 02:02 -------- d-----w- c:\program files\VideoLAN
2012-04-02 06:19 . 2012-04-13 18:09 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-19 00:58 . 2012-03-19 00:58 -------- d-----w- c:\windows\Sun
2012-03-17 03:18 . 2012-02-29 23:59 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-17 03:18 . 2012-02-29 23:59 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-03-17 03:18 . 2012-02-29 23:59 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-03-17 03:18 . 2012-02-29 23:59 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-03-17 03:18 . 2012-02-29 23:59 19444544 ----a-w- c:\windows\system32\nvoglv32.dll
2012-03-17 03:18 . 2012-02-29 23:59 10819392 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-03-17 03:18 . 2012-02-29 23:59 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 18:09 . 2012-01-24 23:31 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-13 12:37 . 2012-01-24 01:50 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-03-14 02:15 . 2012-01-25 21:10 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-08 16:50 . 2012-03-08 16:50 49016 ----a-w- c:\windows\system32\sirenacm.dll
2012-02-29 23:59 . 2012-01-23 20:26 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-29 23:59 . 2012-01-23 20:26 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-29 23:59 . 2012-01-23 20:26 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-29 23:59 . 2012-01-23 20:26 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-29 23:59 . 2012-01-23 20:26 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-29 20:56 . 2012-01-23 20:29 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:55 . 2012-01-23 20:29 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-29 20:53 . 2012-01-23 20:29 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:53 . 2012-01-23 20:29 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-29 20:53 . 2012-01-23 20:29 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-02-29 20:53 . 2012-01-23 20:29 2561344 ----a-w- c:\windows\system32\nvsvcr.dll
2012-02-29 12:26 . 2012-02-29 12:26 416064 ----a-w- c:\windows\system32\nvStreaming.exe
2012-02-18 15:55 . 2012-01-23 21:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-14 15:45 . 2012-03-14 07:52 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 07:52 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-14 07:52 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-14 07:52 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-14 07:52 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 22:20 . 2012-02-10 22:21 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4FC30983-5D11-43D5-BFC2-50C2D529F04A}\gapaengine.dll
2012-02-02 15:16 . 2012-03-14 07:53 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2012-01-23 23:00 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-24 21:14 . 2012-02-10 22:21 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-01-24 16:29 . 2011-03-28 17:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-24 16:04 . 2012-01-24 16:04 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-01-24 16:04 . 2012-01-24 16:04 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-24 16:04 . 2012-01-24 16:04 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-24 16:04 . 2012-01-24 16:04 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-01-24 16:04 . 2012-01-24 16:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-24 16:04 . 2012-01-24 16:04 367104 ----a-w- c:\windows\system32\html.iec
2012-01-24 16:04 . 2012-01-24 16:04 161792 ----a-w- c:\windows\system32\msls31.dll
2012-01-24 16:04 . 2012-01-24 16:04 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-01-24 16:04 . 2012-01-24 16:04 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-01-24 16:04 . 2012-01-24 16:04 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-01-24 16:04 . 2012-01-24 16:04 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-24 16:04 . 2012-01-24 16:04 152064 ----a-w- c:\windows\system32\wextract.exe
2012-01-24 16:04 . 2012-01-24 16:04 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-01-24 16:04 . 2012-01-24 16:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-24 16:04 . 2012-01-24 16:04 11776 ----a-w- c:\windows\system32\mshta.exe
2012-01-24 16:04 . 2012-01-24 16:04 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-24 16:04 . 2012-01-24 16:04 101888 ----a-w- c:\windows\system32\admparse.dll
2012-01-24 16:00 . 2012-01-24 16:00 98816 ----a-w- c:\windows\system32\mfps.dll
2012-01-24 16:00 . 2012-01-24 16:00 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-01-24 16:00 . 2012-01-24 16:00 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2012-01-24 16:00 . 2012-01-24 16:00 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2012-01-24 16:00 . 2012-01-24 16:00 2873344 ----a-w- c:\windows\system32\mf.dll
2012-01-24 16:00 . 2012-01-24 16:00 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-01-24 16:00 . 2012-01-24 16:00 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2012-01-24 16:00 . 2012-01-24 16:00 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-01-24 16:00 . 2012-01-24 16:00 586240 ----a-w- c:\windows\system32\stobject.dll
2012-01-24 16:00 . 2012-01-24 16:00 478720 ----a-w- c:\windows\system32\dxgi.dll
2012-01-24 16:00 . 2012-01-24 16:00 37376 ----a-w- c:\windows\system32\cdd.dll
2012-01-24 16:00 . 2012-01-24 16:00 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-01-24 16:00 . 2012-01-24 16:00 258048 ----a-w- c:\windows\system32\winspool.drv
2012-01-24 16:00 . 2012-01-24 16:00 209920 ----a-w- c:\windows\system32\mfplat.dll
2012-01-24 16:00 . 2012-01-24 16:00 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-01-24 15:59 . 2012-01-24 15:59 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-01-24 15:59 . 2012-01-24 15:59 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-01-24 15:59 . 2012-01-24 15:59 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2012-01-24 15:59 . 2012-01-24 15:59 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-01-24 15:59 . 2012-01-24 15:59 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-01-24 15:59 . 2012-01-24 15:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-01-24 15:59 . 2012-01-24 15:59 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-01-24 15:59 . 2012-01-24 15:59 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-01-23 22:30 . 2012-01-23 22:30 784144 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-01-23 20:13 . 2012-01-23 20:13 319456 ----a-w- c:\windows\DIFxAPI.dll
2012-01-23 20:12 . 2012-01-23 20:12 319488 ----a-w- c:\windows\HideWin.exe
2012-01-17 12:46 . 2012-02-21 23:34 27968 ----a-w- c:\windows\system32\nvhdap32.dll
2012-01-17 12:45 . 2012-02-21 23:34 67392 ----a-w- c:\windows\system32\nvapo32v.dll
2012-01-17 12:45 . 2012-02-21 23:34 148800 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2012-01-17 12:45 . 2012-02-21 23:34 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2012-01-17 03:39 . 2012-01-24 15:45 6557240 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2149C6EF-4CD5-41FE-96EA-43779C6C9DC4}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-02-22 740216]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17151624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Keyboard Manager Utility"="c:\program files\Keyboard Manager\Manager Utility\KeyboardManager.exe" [2007-08-02 4128768]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-31 6265376]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
wercplsupport
Themes
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
rtm
crystaloutputfileserver
paamsrv
mstdc
w200mdm
qconsvc
ser2plms
stac97
pchost
streamip
CTEDSPFX.DLL
catchme
cqmgstor
NETGEAR_MA111
smwdm
ndiscm
O2SCBUS
EQDRV5
fsdfwd
nmindexingservice
superproserver
remotelyanywhere
tmlisten
awlegacy
AKSIFDH
sympxsvc
e1000
s217bus
cbidf2k
swmidi
jconfigd
zpcollector
dsunidrv
NICSer_WPC54G
dvd43llh
TMKEmu
RadProbe
toshidpt
speedfan
qbposdbextservices
mssqlserver
bcm4sbxp
ATSWPDRV
tossmbnt
wusb54gv2svc
Rawwan
ntuneservice
winpppoverethernet
LMIRfsDriver
clr_optimization_v2.0.50215_32
veteboot
dnsexit
DSI_SiUSBXp_3_1
egathdrv
vmkbd2
CX88AUD
Tapisrv
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
winmgmt
schedule
SessionEnv
browser
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:09]
.
2012-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1361915471-2963087161-2656352562-1000Core.job
- c:\users\Lucifer Morningstar\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-23 22:02]
.
2012-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1361915471-2963087161-2656352562-1000UA.job
- c:\users\Lucifer Morningstar\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-23 22:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.iminent.com/?appId=E9E0F785-7514-48C0-BA39-8E3268B9ECD5
uInternet Settings,ProxyOverride = local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-87011576.sys
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RtHDVCpl.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Completion time: 2012-04-14 14:27:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-14 12:27
.
Pre-Run: 68,871,892,992 bytes free
Post-Run: 68,842,455,040 bytes free
.
- - End Of File - - 1A0DA2121ED4BC7DF9B35099940A4D92

#8 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,178 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 14 April 2012 - 08:07 AM

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how it is, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#9 Fallen_Angel

Fallen_Angel

    New Member

  • Members
  • Pip
  • 17 posts

Posted 14 April 2012 - 08:17 AM

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.13.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Lucifer Morningstar :: HELL [administrator]

Protection: Enabled

14/04/2012 15:13:48
mbam-log-2012-04-14 (15-13-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 180244
Time elapsed: 3 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#10 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,178 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 14 April 2012 - 08:21 AM

How's the computer acting now?? MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#11 Fallen_Angel

Fallen_Angel

    New Member

  • Members
  • Pip
  • 17 posts

Posted 14 April 2012 - 08:24 AM

Everything seems to be in an order. Google Chrome isn't redirecting, security licenses looking in an order. I'm not receiving any kind of malicious object blocked msg from MbAM. MSE's not detecting any problems either.

#12 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,178 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 14 April 2012 - 08:28 AM

Great :)

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Posted Image

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

-----------------------------------------------------



Please download OTL from one of the links below:
http://oldtimer.geekstogo.com/OTL.exe
http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#13 Fallen_Angel

Fallen_Angel

    New Member

  • Members
  • Pip
  • 17 posts

Posted 14 April 2012 - 08:47 AM

No other questions. Thanks for the quick help! Everything's back to normal :D And I learned something new.

#14 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,178 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 14 April 2012 - 08:50 AM

Glad we could help you....MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#15 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 16 April 2012 - 08:07 AM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users