Fallen_Angel

Sirefef.Ac problem...

15 posts in this topic

Performed a quick scanned with MbAM but couldn't find anything. Yet, Microsoft Security Essentials kept on detecting Win32/Sirefef.AC. I also saw HTML/IFrameRef.Z before that, tried to remove succeeded, appeared again. After the second removal it didn't appear again.

DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Lucifer Morningstar at 16:03:07 on 2012-04-12

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3038.1416 [GMT 2:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k rpcss

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\agrsmsvc.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Users\Lucifer Morningstar\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\SearchIndexer.exe

C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\AIMP2\AIMP2.exe

C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.iminent.com/?appId=E9E0F785-7514-48C0-BA39-8E3268B9ECD5

uInternet Settings,ProxyOverride = local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: TBSB01620 Class: {58124a0b-dc32-4180-9bff-e0e21ae34026} - c:\program files\iminent toolbar\tbcore3.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows

live\WindowsLiveLogin.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: IMinent Toolbar: {977ae9cc-af83-45e8-9e03-e2798216e2d5} - c:\program files\iminent toolbar\tbcore3.dll

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED

uRun: [Google Update] "c:\users\lucifer morningstar\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

mRun: [Keyboard Manager Utility] "c:\program files\keyboard manager\manager utility\KeyboardManager.exe" /lang en /H

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

LSP: mswsock.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{89FD6307-A626-4384-82FC-F321026DD1E7} : DhcpNameServer = 192.168.1.1 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

R1 MpKsl2e6f9e0c;MpKsl2e6f9e0c;c:\programdata\microsoft\microsoft antimalware\definition updates\{da1b953d-eae2-468a-8051-45c1cf1eaa9f}\MpKsl2e6f9e0c.sys

[2012-4-12 29904]

R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2012-1-23 25896]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-12 654408]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-2-29 382272]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-12 22344]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]

R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-2-22 148800]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-15 158856]

S2 veteboot;Nwdls;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 253600]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18

753504]

.

=============== Created Last 30 ================

.

2012-04-12 13:29:27 -------- d-----w- c:\users\lucifer morningstar\appdata\roaming\Malwarebytes

2012-04-12 13:26:36 -------- d-----w- c:\programdata\Malwarebytes

2012-04-12 13:26:34 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-12 13:26:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-04-12 12:51:03 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{71DAD5DC-1D75-4E06-811A-178A68C84A4A}

2012-04-12 12:50:53 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{D61B785A-8E2D-4695-8B32-3870F7E805B4}

2012-04-12 11:51:46 -------- d-----w- c:\users\lucifer morningstar\appdata\local\Demiurge Studios

2012-04-12 11:51:46 -------- d-----w- c:\programdata\RELOADED

2012-04-12 10:59:54 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{da1b953d-eae2-468a-8051-45c1cf1eaa9f}

\offreg.dll

2012-04-12 10:55:54 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

2012-04-12 10:55:47 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{da1b953d-eae2-468a-8051-45c1cf1eaa9f}

\MpKsl2e6f9e0c.sys

2012-04-12 00:50:30 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{2F273D5E-A2D9-489D-8735-539CAE181238}

2012-04-12 00:50:10 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{D92A1CD4-9B04-4975-8BED-1766F2E29835}

2012-04-11 12:49:57 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{E8B63A4E-6154-423A-85E8-B52EBA5F0BB3}

2012-04-11 12:49:36 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{0577ADB0-5F5A-45E9-B9CD-16456722ACC5}

2012-04-11 11:30:31 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2012-04-11 06:34:42 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{da1b953d-eae2-468a-8051-45c1cf1eaa9f}

\mpengine.dll

2012-04-11 05:02:34 -------- d-----w- c:\users\lucifer morningstar\appdata\roaming\LegacyGames

2012-04-11 05:01:07 -------- d-----w- C:\Downloads

2012-04-11 02:02:24 -------- d-----w- c:\program files\VideoLAN

2012-04-11 00:49:13 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{BA401E3C-A113-4465-B4C0-C7ABF3EA3510}

2012-04-11 00:48:51 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{7B1E52A7-976B-4959-909B-04BFCB2B2197}

2012-04-10 12:48:39 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{2934ADEA-6245-41E8-BD8E-1DFC6752A748}

2012-04-10 12:48:18 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{73930A13-0B20-4022-B07C-3203946DB009}

2012-04-10 00:48:05 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{87E860A6-67B0-4A23-8758-E54D5B0970B7}

2012-04-10 00:47:45 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{5AE5BE77-4798-4406-9798-367052E7EEF0}

2012-04-09 12:47:33 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{70923B0F-8167-4F90-ADB7-18D20098D318}

2012-04-09 12:47:13 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{D0EE2316-8085-47E0-8D04-943FC43D020A}

2012-04-09 00:47:00 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{EF32204F-0BF4-4444-A4D4-492BC6DF3F48}

2012-04-09 00:46:39 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{09D93C46-31E3-4369-BC60-34BDA7E1C78D}

2012-04-08 12:46:26 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{6CE4A77D-EA26-4C77-B327-051EB8F767B3}

2012-04-08 12:46:05 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{A58A18DE-85B2-4C02-ACFE-B634ECBFFC62}

2012-04-08 00:45:51 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{97E5DA56-0488-4E02-902E-423FE704624B}

2012-04-08 00:45:23 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{DDF417D4-7583-4CEC-BD13-B8E339066C19}

2012-04-07 12:45:10 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{A2E28F56-F50E-4D71-BE50-320AB2B5EBDD}

2012-04-07 12:44:50 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{F53912B8-E2C5-43AC-B79D-05B38B50C052}

2012-04-07 00:44:37 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{643C237C-B939-4B97-8827-52600630D168}

2012-04-07 00:44:22 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{11BAAC24-D409-450A-AE2C-AE1B11970794}

2012-04-06 12:44:07 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{DFB791A3-C598-476A-AD0C-A88C492D065D}

2012-04-06 12:43:38 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{8B4695F9-4687-44AF-AC14-1FA6D1B0EF4C}

2012-04-06 00:43:26 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{D6085089-CCD9-4C24-8022-D2CF270194A7}

2012-04-06 00:43:03 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{A08997CC-F9EE-4AD8-AE17-89E18022670E}

2012-04-05 12:42:51 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{DC9EA5A4-A521-41EC-ACE2-177AB78AD910}

2012-04-05 12:42:41 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{8DCFA5E9-E4D7-4A97-8118-EBBB82B4BD39}

2012-04-05 00:53:16 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{91FEA736-4ACD-4787-8400-00B0FDF37865}

2012-04-04 12:52:53 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{4A2BB2B4-B0C4-444B-A0CD-04C9E9DE7174}

2012-04-04 00:52:31 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{7DE3DB63-BE08-4904-BE5A-B18E4361AF67}

2012-04-03 12:52:05 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{3A64DE54-42E2-4171-9A9A-C74E24938C17}

2012-04-03 00:51:44 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{A17CEE97-E36A-4C33-8724-8A8AAA541E08}

2012-04-02 12:51:08 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{892BF3F3-28BA-4F18-A55E-D3A7BCF171D8}

2012-04-02 06:19:53 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-02 00:50:36 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{1D25CE55-E236-4ECD-99EF-3EC6DACD4BBE}

2012-04-01 12:50:12 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{80E27944-6219-4C79-B0BD-3A1E8A6609F4}

2012-04-01 00:49:40 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{D81CF393-4D1E-43F2-AA05-932D7DF2CA5D}

2012-03-31 12:49:17 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{F11C77A1-5BA6-4668-8656-A540CBB03CFD}

2012-03-31 00:48:55 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{F0E3C9FB-B083-481B-9109-AA532FC0BAB9}

2012-03-30 12:48:31 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{9E0616FB-0816-49D7-844A-8868B88E79D2}

2012-03-30 00:48:10 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{26392DF8-8D78-4975-9E78-81D7EE162A41}

2012-03-29 12:47:48 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{6AE221ED-CC8A-402A-AF95-DD40D09351E7}

2012-03-29 00:47:26 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{6AC600AA-CC45-485C-8927-ED49B229D2E7}

2012-03-28 12:47:14 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{1E52ADB8-972D-4B2D-AE7F-E66E23786BC8}

2012-03-28 12:46:52 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{653CF04D-4CDA-4C3A-B762-48A38D16EC10}

2012-03-28 00:46:39 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{72721852-39C8-42E0-8143-E2CE5B106AEE}

2012-03-28 00:46:07 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{BC0A694F-2453-4605-A2D4-8626959E5D28}

2012-03-27 12:45:55 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{27FEE192-6245-479F-88C3-C6B3C6E3A825}

2012-03-27 12:45:33 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{CF101359-2ADD-4EEA-8E7B-D54D1364E9FB}

2012-03-27 00:45:21 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{86143203-5646-4CD4-BD12-0FA16667FBFB}

2012-03-27 00:44:57 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{F5A2BBE0-361A-4963-940A-EA4BC48BE4AE}

2012-03-26 12:44:05 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{49E56C3F-D6AA-4E0B-9F2A-F698EE0CF92A}

2012-03-26 12:43:44 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{6B942774-4B1A-4CA2-B781-14FA408DE943}

2012-03-26 00:43:31 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{2826F660-BB7F-4DD7-A692-AB89299CF0DE}

2012-03-26 00:43:06 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{EBEBCFC6-337E-49E5-BC55-9DB654B5CD0A}

2012-03-25 12:42:46 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{261EA3E4-99C6-48ED-9DDE-6DDD6026EFCA}

2012-03-25 12:42:22 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{95065EA2-2541-417F-BCB8-D6EDB01F4A01}

2012-03-25 00:42:09 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{32827740-BFE1-4E21-9B20-E0F78B8298CA}

2012-03-25 00:41:48 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{0AD6C045-B9FB-4AF9-98FA-E251B580893E}

2012-03-24 12:41:24 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{85FF4C89-4618-4A13-8E10-9CCDD7C8C1EF}

2012-03-24 12:40:59 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{87688520-7A34-4DEA-AFAF-10539B2582B3}

2012-03-24 00:40:43 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{0BD9D965-1B00-4CE5-8172-DCA853194E52}

2012-03-24 00:40:22 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{54355B4B-0EA9-4D44-9028-13C7091E03B1}

2012-03-23 12:40:09 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{8ED6A8AB-28AA-49AF-A33C-E7D338DB3B6D}

2012-03-23 12:39:54 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{53F02F02-2AC8-432A-8E0A-59DF140CCFE2}

2012-03-23 00:39:42 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{FFBC80BE-2812-4E90-8DB6-971F564217BF}

2012-03-23 00:39:20 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{1FA6EB43-4DA3-4B16-9545-36F6ACEFA5DA}

2012-03-22 12:39:00 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{1E202924-2A5E-4461-8A94-82F930C42A06}

2012-03-22 12:38:37 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{A068F838-0EDF-49A8-820E-E73494F21685}

2012-03-22 00:38:25 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{382518EC-2E9E-4282-8E02-523C28F582DF}

2012-03-22 00:38:05 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{939BE9C0-747B-4EC3-9128-6500038C932A}

2012-03-21 12:37:53 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{DC1FD0E2-141A-4DF8-B9A1-E432E8394D27}

2012-03-21 12:37:39 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{65EF405D-1677-4473-AEBC-0B4529E17EB5}

2012-03-21 00:37:26 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{305279AC-D386-4A52-A43D-5EDB5BFC2F52}

2012-03-21 00:37:00 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{078F571F-C683-4E5A-995F-10F81897EFE9}

2012-03-20 12:36:36 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{585EFD36-8CFF-4D5C-AD73-A501EA2FFA42}

2012-03-20 12:36:22 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{D060223D-D964-493F-B967-7DDC4D5A1881}

2012-03-20 00:36:10 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{3A1F69CC-9BFA-419A-96CA-AFFB96D37B6A}

2012-03-20 00:35:42 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{0A23B819-51B4-4856-BA85-C1385C54EB4F}

2012-03-19 12:35:31 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{CE3B35D2-BB08-44F6-8AEA-73208C44AB49}

2012-03-19 12:35:20 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{4F391BA0-55C9-4AA0-A915-15B59BCB2C7C}

2012-03-19 00:35:08 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{C2F7477E-6915-4F37-9BB9-082393AF2CD9}

2012-03-19 00:34:47 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{43D24ED7-DEF6-4318-9EF2-DB88CAEFAF90}

2012-03-18 12:34:33 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{D8298081-7D8D-4472-A19F-ED1809209348}

2012-03-18 12:34:21 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{C62BBB40-A77C-437B-B2FA-717331741FF8}

2012-03-18 00:34:09 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{EB898A16-EEEC-4BB7-91FA-360CD199631C}

2012-03-18 00:33:44 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{A75FD805-A923-4FBA-A7A3-A55A40C8991F}

2012-03-17 12:33:33 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{2CCDAF47-273E-43E3-BE10-9E73956DCB6E}

2012-03-17 12:33:11 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{CDB74869-C7B6-480D-AF50-417CD97503F4}

2012-03-17 03:18:53 61248 ----a-w- c:\windows\system32\OpenCL.dll

2012-03-17 03:18:53 5892928 ----a-w- c:\windows\system32\nvcuda.dll

2012-03-17 03:18:53 2517312 ----a-w- c:\windows\system32\nvcuvid.dll

2012-03-17 03:18:53 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-03-17 03:18:53 19444544 ----a-w- c:\windows\system32\nvoglv32.dll

2012-03-17 03:18:53 10819392 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-03-17 03:18:51 17543488 ----a-w- c:\windows\system32\nvcompiler.dll

2012-03-17 00:32:49 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{8EEDF2AF-CD92-4ED6-8EC5-3C4C85F6E96F}

2012-03-17 00:32:27 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{51D6D035-8738-4132-A473-2DA4AF18F22B}

2012-03-16 12:32:15 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{BEF3B710-60D7-47EB-B597-CF6738E1F0AB}

2012-03-16 12:31:53 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{0A614804-FCC5-4BBD-BD41-EFC1D7E13ACA}

2012-03-16 00:31:40 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{A107AFF9-AB87-4D9C-AE85-665BC47281E9}

2012-03-16 00:31:13 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{61C96FC5-C336-4380-A9A2-A5FD739D2B8E}

2012-03-15 12:31:02 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{C2EBB115-36E6-4BA5-B211-D3DCA0DA3E26}

2012-03-15 12:30:41 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{08CA1834-14B8-469D-861D-CDEE80C7BB1D}

2012-03-15 00:30:29 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{91DF2A8D-A376-44B2-9680-6F51C28E44B1}

2012-03-15 00:30:04 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{6E8188AD-73A4-49F2-9056-9778B46D4EA2}

2012-03-14 17:45:10 -------- d-----w- c:\program files\IMinent Toolbar

2012-03-14 17:39:05 -------- d-----w- c:\programdata\Tarma Installer

2012-03-14 17:36:59 -------- d-----w- c:\program files\fbphotozoom

2012-03-14 12:29:39 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{037C7424-07A6-44FA-9835-2D3D88923F39}

2012-03-14 12:29:07 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{A3F14A3E-258F-4BBD-A9D6-ED0A3D28E625}

2012-03-14 07:53:20 2044416 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 07:52:38 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-03-14 07:52:38 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2012-03-14 07:52:38 1068544 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 07:52:37 683008 ----a-w- c:\windows\system32\d2d1.dll

2012-03-14 07:52:37 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2012-03-14 07:44:19 613376 ----a-w- c:\windows\system32\rdpencom.dll

2012-03-14 07:44:19 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-14 06:13:19 -------- d--h--w- c:\program files\common files\EAInstaller

2012-03-14 06:02:51 -------- d-----w- c:\program files\HHD Software

2012-03-13 18:03:17 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{A90A339E-DA9E-4B19-AE80-F078A738B809}

2012-03-13 18:02:54 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{03A2993C-FB21-4614-BDB6-587E27FB3348}

.

==================== Find3M ====================

.

2012-04-02 06:19:53 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-08 16:50:28 49016 ----a-w- c:\windows\system32\sirenacm.dll

2012-03-06 06:39:00 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-03-06 06:39:00 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-02-29 23:59:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll

2012-02-29 23:59:00 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll

2012-02-29 23:59:00 2301248 ----a-w- c:\windows\system32\nvapi.dll

2012-02-29 23:59:00 15009600 ----a-w- c:\windows\system32\nvd3dum.dll

2012-02-29 23:59:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll

2012-02-29 20:56:41 3881792 ----a-w- c:\windows\system32\nvcpl.dll

2012-02-29 20:55:16 2719040 ----a-w- c:\windows\system32\nvsvc.dll

2012-02-29 20:53:47 108352 ----a-w- c:\windows\system32\nvmctray.dll

2012-02-29 20:53:46 645440 ----a-w- c:\windows\system32\nvvsvc.exe

2012-02-29 20:53:46 62272 ----a-w- c:\windows\system32\nvshext.dll

2012-02-29 20:53:45 2561344 ----a-w- c:\windows\system32\nvsvcr.dll

2012-02-29 15:11:45 5120 ----a-w- c:\windows\system32\wmi.dll

2012-02-29 15:11:42 172032 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 15:09:53 157696 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 13:32:37 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-02-29 12:26:56 416064 ----a-w- c:\windows\system32\nvStreaming.exe

2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-02-18 15:55:45 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-25 02:07:19 0 ----a-w- C:\DFRC602.tmp

2012-01-24 16:00:12 98816 ----a-w- c:\windows\system32\mfps.dll

2012-01-24 15:59:50 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll

2012-01-24 15:59:50 519680 ----a-w- c:\windows\system32\d3d11.dll

2012-01-24 15:59:50 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui

2012-01-24 15:59:50 369664 ----a-w- c:\windows\system32\WMPhoto.dll

2012-01-24 15:59:50 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll

2012-01-24 15:59:50 252928 ----a-w- c:\windows\system32\dxdiag.exe

2012-01-24 15:59:50 195584 ----a-w- c:\windows\system32\dxdiagn.dll

2012-01-24 15:59:50 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2012-01-23 20:13:02 319456 ----a-w- c:\windows\DIFxAPI.dll

2012-01-23 20:12:55 319488 ----a-w- c:\windows\HideWin.exe

2012-01-17 12:46:00 27968 ----a-w- c:\windows\system32\nvhdap32.dll

2012-01-17 12:45:59 67392 ----a-w- c:\windows\system32\nvapo32v.dll

2012-01-17 12:45:56 148800 ----a-w- c:\windows\system32\drivers\nvhda32v.sys

2012-01-17 12:45:54 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll

.

============= FINISH: 16:03:44.90 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 23/01/2012 21:18:49

System Uptime: 12/04/2012 04:20:02 (12 hours ago)

.

Motherboard: Quanta | | TW8/SW8/DW8

Processor: Intel® Core™2 Duo CPU P8700 @ 2.53GHz | CPU | 2534/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 112 GiB total, 61.872 GiB free.

D: is CDROM (CDFS)

E: is FIXED (NTFS) - 149 GiB total, 13.228 GiB free.

F: is FIXED (NTFS) - 149 GiB total, 48.579 GiB free.

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP183: 04/04/2012 00:56:19 - Scheduled Checkpoint

RP184: 04/04/2012 08:55:47 - Windows Update

RP186: 05/04/2012 04:13:49 - Windows Live Essentials

RP187: 05/04/2012 08:26:24 - Windows Update

RP188: 06/04/2012 09:04:40 - Windows Update

RP189: 07/04/2012 04:41:32 - Scheduled Checkpoint

RP190: 07/04/2012 08:26:34 - Windows Update

RP191: 08/04/2012 07:52:37 - Scheduled Checkpoint

RP192: 08/04/2012 08:25:45 - Windows Update

RP193: 09/04/2012 08:30:25 - Windows Update

RP194: 10/04/2012 08:27:31 - Windows Update

RP195: 11/04/2012 08:31:55 - Windows Update

RP196: 12/04/2012 - Scheduled Checkpoint

RP197: 12/04/2012 03:00:12 - Windows Update

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.3)

Agere Systems HDA Modem

AIMP2

Anathema

µTorrent

Combined Community Codec Pack 2010-10-10

Compatibility Pack for the 2007 Office system

D3DX10

Google Chrome

HHD Software Hex Editor Neo 5.01

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

IMinent Toolbar

Intel PROSet Wireless

Intel® PROSet/Wireless WiFi Software

Intel® Matrix Storage Manager

Java Auto Updater

Java™ 6 Update 31

Keyboard Manager Utility

Kingdoms of Amalur - Reckoning "Update" version 1.0.0.2

Kingdoms of Amalur Reckoning

Malwarebytes Anti-Malware version 1.61.0.1400

Mass Effect™ 3

Master Of Magic

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft Office Word Viewer 2003

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft XNA Framework Redistributable 3.1

MSVCRT

Mumble 1.2.3

NC Launcher (GameForge)

Nexus Mod Manager

NVIDIA 3D Vision Driver 296.10

NVIDIA Control Panel 296.10

NVIDIA Graphics Driver 296.10

NVIDIA HD Audio Driver 1.3.12.0

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0213

NVIDIA Stereoscopic 3D Driver

PL-2303 Vista Driver Installer

PowerISO

Real Alternative 2.0.2

Realtek Ethernet Controller Driver For Windows Vista

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Segoe UI

Shoot Many Robots © Demiurge Studios version 1

Skype™ 5.8

Synaptics Pointing Device Driver

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Ventrilo Client

VLC media player 2.0.1

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinRAR 4.00 beta 6 (32-bit)

.

==== Event Viewer Messages From Past Week ========

.

12/04/2012 15:56:54, Error: Service Control Manager [7023] - The Nwdls service

terminated with the following error: Access is denied.

12/04/2012 15:41:55, Error: Service Control Manager [7023] - The Cam5603D service

terminated with the following error: Access is denied.

12/04/2012 15:26:54, Error: Service Control Manager [7023] - The AN983 service

terminated with the following error: Access is denied.

12/04/2012 15:11:54, Error: Service Control Manager [7023] - The Nvgts service

terminated with the following error: Access is denied.

12/04/2012 14:56:54, Error: Service Control Manager [7023] - The Ipssvc service

terminated with the following error: Access is denied.

12/04/2012 14:41:54, Error: Service Control Manager [7023] - The Schscnt service

terminated with the following error: Access is denied.

12/04/2012 14:26:54, Error: Service Control Manager [7023] - The Procdd service

terminated with the following error: Access is denied.

12/04/2012 14:11:54, Error: Service Control Manager [7023] - The Pclepci service

terminated with the following error: Access is denied.

12/04/2012 13:56:54, Error: Service Control Manager [7023] - The SE26mgmt service

terminated with the following error: Access is denied.

12/04/2012 13:41:54, Error: Service Control Manager [7023] - The Se45mgmt service

terminated with the following error: Access is denied.

12/04/2012 13:26:55, Error: Service Control Manager [7023] - The Mfetdik service

terminated with the following error: Access is denied.

12/04/2012 13:11:56, Error: Service Control Manager [7023] - The Curtainssyssvc

service terminated with the following error: Access is denied.

12/04/2012 13:00:55, Error: Service Control Manager [7023] - The Lvcomser service

terminated with the following error: Access is denied.

12/04/2012 12:59:55, Error: Service Control Manager [7023] - The Omci service

terminated with the following error: Access is denied.

12/04/2012 12:56:55, Error: Service Control Manager [7023] - The WcesComm service

terminated with the following error: Access is denied.

12/04/2012 12:55:55, Error: Service Control Manager [7023] - The WUSB54GCSVC

service terminated with the following error: Access is denied.

12/04/2012 04:32:21, Error: Service Control Manager [7009] - A timeout was

reached (30000 milliseconds) while waiting for the Windows Search service to

connect.

12/04/2012 04:32:21, Error: Service Control Manager [7000] - The Windows Search

service failed to start due to the following error: The service did not respond

to the start or control request in a timely fashion.

12/04/2012 04:32:21, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got

error "1053" attempting to start the service WSearch with arguments "" in order to

run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

11/04/2012 12:31:03, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address

lease 192.168.1.13 for the Network Card with network address 0022FA2D42D2 has been

denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

10/04/2012 12:29:50, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address

lease 192.168.1.12 for the Network Card with network address 0022FA2D42D2 has been

denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

09/04/2012 08:25:36, Error: Microsoft Antimalware [2001] - Microsoft Antimalware

has encountered an error trying to update signatures. New Signature Version:

Previous Signature Version: 1.123.1315.0 Update Source: Microsoft Update

Server Update Stage: Search Source Path: http://www.microsoft.com

Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM

Current Engine Version: Previous Engine Version: 1.1.8202.0

Error code: 0x8024402f Error description: An unexpected problem occurred

while checking for updates. For information on installing or troubleshooting

updates, see Help and Support.

06/04/2012 09:24:33, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address

lease 192.168.1.11 for the Network Card with network address 0022FA2D42D2 has been

denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

06/04/2012 08:27:44, Error: Microsoft Antimalware [2001] - Microsoft Antimalware

has encountered an error trying to update signatures. New Signature Version:

Previous Signature Version: 1.123.1127.0 Update Source: Microsoft Update

Server Update Stage: Search Source Path: http://www.microsoft.com

Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM

Current Engine Version: Previous Engine Version: 1.1.8202.0

Error code: 0x8024402f Error description: An unexpected problem occurred

while checking for updates. For information on installing or troubleshooting

updates, see Help and Support.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options)

Post back the report.

MrC

Share this post


Link to post
Share on other sites

<p> </p>

<div>RogueKiller V7.3.2 [03/20/2012] by Tigzy</div>

<div>mail: tigzyRK<at>gmail<dot>com</div>

<div>Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/</div>

<div>Blog: http://tigzyrk.blogspot.com</div>

<div> </div>

<div>Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version</div>

<div>Started in : Normal mode</div>

<div>User: Lucifer Morningstar [Admin rights]</div>

<div>Mode: Scan -- Date: 04/14/2012 09:56:36</div>

<div> </div>

<div>¤¤¤ Bad processes: 0 ¤¤¤</div>

<div> </div>

<div>¤¤¤ Registry Entries: 3 ¤¤¤</div>

<div>[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND</div>

<div>[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND</div>

<div>[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND</div>

<div> </div>

<div>¤¤¤ Particular Files / Folders: ¤¤¤</div>

<div> </div>

<div>¤¤¤ Driver: [LOADED] ¤¤¤</div>

<div> </div>

<div>¤¤¤ Infection :  ¤¤¤</div>

<div> </div>

<div>¤¤¤ HOSTS File: ¤¤¤</div>

<div> </div>

<div> </div>

<div>¤¤¤ MBR Check: ¤¤¤</div>

<div> </div>

<div>+++++ PhysicalDrive0: ST9120822AS +++++</div>

<div>--- User ---</div>

<div>[MBR] 1954251629bddb9a2334663d9040e14b</div>

<div>[bSP] e18ab1359e8ab6f1fd6488de27c6f8e6 : Windows Vista MBR Code</div>

<div>Partition table:</div>

<div>0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 114471 Mo</div>

<div>User = LL1 ... OK!</div>

<div>User = LL2 ... OK!</div>

<div> </div>

<div>Finished : << RKreport[1].txt >></div>

<div>RKreport[1].txt</div>

<div> </div>

<div> </div>

<div> </div>

Share this post


Link to post
Share on other sites

Please make sure system restore is running and create a new restore point before continuing.

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

Share this post


Link to post
Share on other sites

13:22:14.0452 2236 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05

13:22:14.0934 2236 ============================================================

13:22:14.0934 2236 Current date / time: 2012/04/14 13:22:14.0934

13:22:14.0934 2236 SystemInfo:

13:22:14.0934 2236

13:22:14.0934 2236 OS Version: 6.0.6002 ServicePack: 2.0

13:22:14.0934 2236 Product type: Workstation

13:22:14.0934 2236 ComputerName: HELL

13:22:14.0934 2236 UserName: Lucifer Morningstar

13:22:14.0934 2236 Windows directory: C:\Windows

13:22:14.0934 2236 System windows directory: C:\Windows

13:22:14.0934 2236 Processor architecture: Intel x86

13:22:14.0934 2236 Number of processors: 2

13:22:14.0934 2236 Page size: 0x1000

13:22:14.0934 2236 Boot type: Normal boot

13:22:14.0934 2236 ============================================================

13:22:15.0587 2236 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

13:22:15.0622 2236 \Device\Harddisk0\DR0:

13:22:15.0622 2236 MBR used

13:22:15.0622 2236 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xDF93800

13:22:15.0666 2236 Initialize success

13:22:15.0666 2236 ============================================================

13:23:12.0398 1120 ============================================================

13:23:12.0398 1120 Scan started

13:23:12.0398 1120 Mode: Manual; SigCheck; TDLFS;

13:23:12.0398 1120 ============================================================

13:23:13.0421 1120 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

13:23:13.0540 1120 ACPI - ok

13:23:13.0731 1120 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

13:23:13.0834 1120 AdobeARMservice - ok

13:23:14.0524 1120 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

13:23:14.0611 1120 AdobeFlashPlayerUpdateSvc - ok

13:23:15.0260 1120 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

13:23:15.0383 1120 adp94xx - ok

13:23:15.0674 1120 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

13:23:15.0741 1120 adpahci - ok

13:23:16.0072 1120 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

13:23:16.0120 1120 adpu160m - ok

13:23:16.0509 1120 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

13:23:16.0542 1120 adpu320 - ok

13:23:16.0959 1120 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

13:23:17.0187 1120 AeLookupSvc - ok

13:23:17.0614 1120 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

13:23:17.0743 1120 AFD - ok

13:23:18.0050 1120 AgereModemAudio (efbc44fbd75e4f80bd927aebf6e7eade) C:\Windows\system32\agrsmsvc.exe

13:23:18.0148 1120 AgereModemAudio - ok

13:23:18.0788 1120 AgereSoftModem (1cfeba39fc613e45b49d3eddfbcda289) C:\Windows\system32\DRIVERS\AGRSM.sys

13:23:18.0963 1120 AgereSoftModem - ok

13:23:19.0214 1120 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

13:23:19.0252 1120 agp440 - ok

13:23:19.0531 1120 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

13:23:19.0557 1120 aic78xx - ok

13:23:19.0801 1120 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe

13:23:19.0974 1120 ALG - ok

13:23:20.0439 1120 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

13:23:20.0474 1120 aliide - ok

13:23:20.0834 1120 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

13:23:20.0884 1120 amdagp - ok

13:23:21.0213 1120 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

13:23:21.0247 1120 amdide - ok

13:23:21.0634 1120 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

13:23:21.0715 1120 AmdK7 - ok

13:23:22.0104 1120 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

13:23:22.0157 1120 AmdK8 - ok

13:23:22.0541 1120 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll

13:23:22.0605 1120 Appinfo - ok

13:23:23.0031 1120 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

13:23:23.0101 1120 arc - ok

13:23:23.0412 1120 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

13:23:23.0453 1120 arcsas - ok

13:23:23.0734 1120 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

13:23:23.0797 1120 aspnet_state - ok

13:23:24.0137 1120 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

13:23:24.0197 1120 AsyncMac - ok

13:23:24.0499 1120 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

13:23:24.0517 1120 atapi - ok

13:23:24.0663 1120 ATSWPDRV - ok

13:23:25.0077 1120 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

13:23:25.0195 1120 AudioEndpointBuilder - ok

13:23:25.0233 1120 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

13:23:25.0269 1120 Audiosrv - ok

13:23:25.0551 1120 bcm4sbxp - ok

13:23:25.0891 1120 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

13:23:25.0997 1120 Beep - ok

13:23:26.0416 1120 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll

13:23:26.0619 1120 BITS - ok

13:23:26.0990 1120 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

13:23:27.0080 1120 blbdrive - ok

13:23:27.0487 1120 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

13:23:27.0539 1120 bowser - ok

13:23:28.0020 1120 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

13:23:28.0093 1120 BrFiltLo - ok

13:23:28.0630 1120 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

13:23:28.0737 1120 BrFiltUp - ok

13:23:29.0277 1120 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll

13:23:29.0337 1120 Browser - ok

13:23:29.0764 1120 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

13:23:30.0054 1120 Brserid - ok

13:23:30.0445 1120 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

13:23:30.0572 1120 BrSerWdm - ok

13:23:31.0157 1120 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

13:23:31.0223 1120 BrUsbMdm - ok

13:23:31.0677 1120 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

13:23:31.0751 1120 BrUsbSer - ok

13:23:32.0152 1120 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

13:23:32.0229 1120 BTHMODEM - ok

13:23:32.0502 1120 catchme - ok

13:23:32.0851 1120 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

13:23:32.0911 1120 cdfs - ok

13:23:33.0244 1120 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

13:23:33.0339 1120 cdrom - ok

13:23:33.0688 1120 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

13:23:33.0760 1120 CertPropSvc - ok

13:23:34.0101 1120 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

13:23:34.0165 1120 circlass - ok

13:23:34.0483 1120 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

13:23:34.0511 1120 CLFS - ok

13:23:34.0590 1120 clr_optimization_v2.0.50215_32 - ok

13:23:34.0786 1120 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:23:34.0869 1120 clr_optimization_v2.0.50727_32 - ok

13:23:35.0379 1120 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

13:23:35.0484 1120 clr_optimization_v4.0.30319_32 - ok

13:23:35.0964 1120 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

13:23:36.0019 1120 CmBatt - ok

13:23:36.0380 1120 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

13:23:36.0398 1120 cmdide - ok

13:23:36.0930 1120 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

13:23:36.0978 1120 Compbatt - ok

13:23:37.0243 1120 COMSysApp - ok

13:23:37.0654 1120 cqmgstor - ok

13:23:37.0983 1120 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

13:23:38.0002 1120 crcdisk - ok

13:23:38.0134 1120 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

13:23:38.0190 1120 Crusoe - ok

13:23:38.0302 1120 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll

13:23:38.0351 1120 CryptSvc - ok

13:23:38.0376 1120 crystaloutputfileserver - ok

13:23:38.0487 1120 CTEDSPFX.DLL - ok

13:23:38.0698 1120 CX88AUD - ok

13:23:39.0241 1120 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

13:23:39.0322 1120 DcomLaunch - ok

13:23:39.0673 1120 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

13:23:39.0757 1120 DfsC - ok

13:23:40.0562 1120 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe

13:23:40.0968 1120 DFSR - ok

13:23:41.0518 1120 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll

13:23:41.0618 1120 Dhcp - ok

13:23:42.0184 1120 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

13:23:42.0253 1120 disk - ok

13:23:42.0475 1120 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll

13:23:42.0559 1120 Dnscache - ok

13:23:42.0851 1120 dnsexit - ok

13:23:43.0107 1120 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll

13:23:43.0143 1120 dot3svc - ok

13:23:43.0278 1120 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll

13:23:43.0352 1120 DPS - ok

13:23:43.0831 1120 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

13:23:43.0901 1120 drmkaud - ok

13:23:44.0106 1120 DSI_SiUSBXp_3_1 - ok

13:23:44.0318 1120 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

13:23:44.0382 1120 DXGKrnl - ok

13:23:44.0448 1120 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

13:23:44.0503 1120 E1G60 - ok

13:23:44.0578 1120 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll

13:23:44.0635 1120 EapHost - ok

13:23:44.0801 1120 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

13:23:44.0847 1120 Ecache - ok

13:23:44.0866 1120 egathdrv - ok

13:23:45.0006 1120 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe

13:23:45.0087 1120 ehRecvr - ok

13:23:45.0166 1120 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe

13:23:45.0230 1120 ehSched - ok

13:23:45.0266 1120 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll

13:23:45.0302 1120 ehstart - ok

13:23:45.0618 1120 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

13:23:45.0688 1120 elxstor - ok

13:23:46.0094 1120 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll

13:23:46.0253 1120 EMDMgmt - ok

13:23:46.0598 1120 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

13:23:46.0633 1120 ErrDev - ok

13:23:47.0059 1120 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll

13:23:47.0141 1120 EventSystem - ok

13:23:47.0383 1120 EvtEng (306ac856622864c761cbdb5e816bb9d8) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

13:23:47.0510 1120 EvtEng ( UnsignedFile.Multi.Generic ) - warning

13:23:47.0511 1120 EvtEng - detected UnsignedFile.Multi.Generic (1)

13:23:47.0872 1120 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

13:23:47.0948 1120 exfat - ok

13:23:48.0195 1120 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

13:23:48.0262 1120 fastfat - ok

13:23:48.0505 1120 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

13:23:48.0559 1120 fdc - ok

13:23:48.0705 1120 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll

13:23:48.0735 1120 fdPHost - ok

13:23:48.0878 1120 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

13:23:48.0952 1120 FDResPub - ok

13:23:49.0211 1120 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

13:23:49.0239 1120 FileInfo - ok

13:23:49.0407 1120 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

13:23:49.0463 1120 Filetrace - ok

13:23:49.0703 1120 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

13:23:49.0749 1120 flpydisk - ok

13:23:49.0916 1120 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

13:23:49.0952 1120 FltMgr - ok

13:23:50.0136 1120 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll

13:23:50.0267 1120 FontCache - ok

13:23:50.0534 1120 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

13:23:50.0568 1120 FontCache3.0.0.0 - ok

13:23:50.0722 1120 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys

13:23:50.0786 1120 Fs_Rec - ok

13:23:51.0018 1120 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

13:23:51.0046 1120 gagp30kx - ok

13:23:51.0252 1120 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll

13:23:51.0445 1120 gpsvc - ok

13:23:51.0894 1120 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

13:23:51.0975 1120 HdAudAddService - ok

13:23:52.0474 1120 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

13:23:52.0541 1120 HDAudBus - ok

13:23:52.0830 1120 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

13:23:52.0897 1120 HidBth - ok

13:23:53.0103 1120 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

13:23:53.0173 1120 HidIr - ok

13:23:53.0365 1120 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll

13:23:53.0471 1120 hidserv - ok

13:23:53.0547 1120 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

13:23:53.0590 1120 HidUsb - ok

13:23:53.0738 1120 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll

13:23:53.0800 1120 hkmsvc - ok

13:23:54.0135 1120 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

13:23:54.0155 1120 HpCISSs - ok

13:23:54.0605 1120 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

13:23:54.0671 1120 HTTP - ok

13:23:54.0821 1120 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

13:23:54.0856 1120 i2omp - ok

13:23:54.0912 1120 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

13:23:54.0970 1120 i8042prt - ok

13:23:55.0128 1120 IAANTMON (3e42c4691aad4b1e8d0466f9cbf05cbe) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

13:23:55.0236 1120 IAANTMON - ok

13:23:55.0568 1120 iaStor (707c1692214b1c290271067197f075f6) C:\Windows\system32\DRIVERS\iaStor.sys

13:23:55.0598 1120 iaStor - ok

13:23:55.0985 1120 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

13:23:56.0042 1120 iaStorV - ok

13:23:56.0459 1120 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

13:23:56.0629 1120 idsvc - ok

13:23:56.0970 1120 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

13:23:57.0014 1120 iirsp - ok

13:23:57.0222 1120 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll

13:23:57.0430 1120 IKEEXT - ok

13:23:57.0874 1120 IntcAzAudAddService (a963d32ab87a83445e7d21bd5620539a) C:\Windows\system32\drivers\RTKVHDA.sys

13:23:57.0955 1120 IntcAzAudAddService - ok

13:23:58.0305 1120 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

13:23:58.0336 1120 intelide - ok

13:23:58.0409 1120 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

13:23:58.0463 1120 intelppm - ok

13:23:58.0537 1120 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll

13:23:58.0603 1120 IPBusEnum - ok

13:23:58.0672 1120 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:23:58.0733 1120 IpFilterDriver - ok

13:23:59.0143 1120 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll

13:23:59.0253 1120 iphlpsvc - ok

13:23:59.0412 1120 IpInIp - ok

13:23:59.0731 1120 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

13:23:59.0800 1120 IPMIDRV - ok

13:24:00.0038 1120 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

13:24:00.0068 1120 IPNAT - ok

13:24:00.0292 1120 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

13:24:00.0321 1120 IRENUM - ok

13:24:00.0467 1120 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

13:24:00.0493 1120 isapnp - ok

13:24:00.0862 1120 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

13:24:00.0921 1120 iScsiPrt - ok

13:24:01.0248 1120 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

13:24:01.0268 1120 iteatapi - ok

13:24:01.0756 1120 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

13:24:01.0777 1120 iteraid - ok

13:24:01.0912 1120 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

13:24:01.0937 1120 kbdclass - ok

13:24:02.0163 1120 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys

13:24:02.0223 1120 kbdhid - ok

13:24:02.0469 1120 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

13:24:02.0530 1120 KeyIso - ok

13:24:02.0691 1120 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\Windows\system32\DRIVERS\KMWDFILTER.sys

13:24:02.0817 1120 KMWDFILTER - ok

13:24:03.0200 1120 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

13:24:03.0247 1120 KSecDD - ok

13:24:03.0589 1120 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll

13:24:03.0739 1120 KtmRm - ok

13:24:03.0957 1120 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll

13:24:04.0026 1120 LanmanServer - ok

13:24:04.0195 1120 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll

13:24:04.0273 1120 LanmanWorkstation - ok

13:24:04.0535 1120 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

13:24:04.0601 1120 lltdio - ok

13:24:04.0664 1120 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll

13:24:04.0729 1120 lltdsvc - ok

13:24:04.0751 1120 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

13:24:04.0798 1120 lmhosts - ok

13:24:04.0818 1120 LMIRfsDriver - ok

13:24:04.0891 1120 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

13:24:04.0938 1120 LSI_FC - ok

13:24:05.0039 1120 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

13:24:05.0088 1120 LSI_SAS - ok

13:24:05.0209 1120 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

13:24:05.0258 1120 LSI_SCSI - ok

13:24:05.0307 1120 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

13:24:05.0403 1120 luafv - ok

13:24:05.0593 1120 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys

13:24:05.0630 1120 MBAMProtector - ok

13:24:05.0872 1120 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

13:24:06.0012 1120 MBAMService - ok

13:24:06.0279 1120 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll

13:24:06.0329 1120 Mcx2Svc - ok

13:24:06.0469 1120 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

13:24:06.0489 1120 megasas - ok

13:24:06.0681 1120 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

13:24:06.0740 1120 MegaSR - ok

13:24:06.0888 1120 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

13:24:06.0960 1120 MMCSS - ok

13:24:07.0111 1120 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

13:24:07.0172 1120 Modem - ok

13:24:07.0461 1120 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

13:24:07.0530 1120 monitor - ok

13:24:07.0619 1120 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

13:24:07.0641 1120 mouclass - ok

13:24:07.0752 1120 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

13:24:07.0799 1120 mouhid - ok

13:24:07.0894 1120 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

13:24:07.0921 1120 MountMgr - ok

13:24:08.0021 1120 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys

13:24:08.0075 1120 MpFilter - ok

13:24:08.0203 1120 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

13:24:08.0254 1120 mpio - ok

13:24:08.0371 1120 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys

13:24:08.0393 1120 MpNWMon - ok

13:24:08.0819 1120 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

13:24:08.0890 1120 mpsdrv - ok

13:24:09.0125 1120 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

13:24:09.0160 1120 Mraid35x - ok

13:24:09.0301 1120 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

13:24:09.0323 1120 MRxDAV - ok

13:24:09.0507 1120 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

13:24:09.0586 1120 mrxsmb - ok

13:24:09.0789 1120 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:24:09.0831 1120 mrxsmb10 - ok

13:24:10.0040 1120 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:24:10.0104 1120 mrxsmb20 - ok

13:24:10.0409 1120 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys

13:24:10.0426 1120 msahci - ok

13:24:10.0512 1120 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

13:24:10.0551 1120 msdsm - ok

13:24:10.0612 1120 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe

13:24:10.0647 1120 MSDTC - ok

13:24:10.0816 1120 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

13:24:10.0874 1120 Msfs - ok

13:24:11.0074 1120 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

13:24:11.0124 1120 msisadrv - ok

13:24:11.0370 1120 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll

13:24:11.0435 1120 MSiSCSI - ok

13:24:11.0654 1120 msiserver - ok

13:24:11.0903 1120 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

13:24:11.0954 1120 MSKSSRV - ok

13:24:12.0159 1120 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

13:24:12.0183 1120 MsMpSvc - ok

13:24:12.0500 1120 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

13:24:12.0532 1120 MSPCLOCK - ok

13:24:12.0708 1120 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

13:24:12.0753 1120 MSPQM - ok

13:24:13.0086 1120 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

13:24:13.0163 1120 MsRPC - ok

13:24:13.0460 1120 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

13:24:13.0501 1120 mssmbios - ok

13:24:13.0564 1120 mssqlserver - ok

13:24:13.0642 1120 mstdc - ok

13:24:13.0940 1120 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

13:24:13.0987 1120 MSTEE - ok

13:24:14.0362 1120 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

13:24:14.0390 1120 Mup - ok

13:24:14.0797 1120 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll

13:24:14.0857 1120 napagent - ok

13:24:15.0218 1120 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

13:24:15.0294 1120 NativeWifiP - ok

13:24:15.0889 1120 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

13:24:15.0988 1120 NDIS - ok

13:24:16.0251 1120 ndiscm - ok

13:24:16.0518 1120 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

13:24:16.0562 1120 NdisTapi - ok

13:24:16.0925 1120 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

13:24:16.0953 1120 Ndisuio - ok

13:24:17.0486 1120 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

13:24:17.0602 1120 NdisWan - ok

13:24:18.0185 1120 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

13:24:18.0250 1120 NDProxy - ok

13:24:18.0878 1120 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

13:24:18.0946 1120 NetBIOS - ok

13:24:19.0612 1120 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

13:24:19.0708 1120 netbt - ok

13:24:20.0015 1120 NETGEAR_MA111 - ok

13:24:20.0313 1120 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

13:24:20.0339 1120 Netlogon - ok

13:24:20.0678 1120 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll

13:24:20.0779 1120 Netman - ok

13:24:21.0013 1120 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

13:24:21.0067 1120 NetMsmqActivator - ok

13:24:21.0091 1120 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

13:24:21.0114 1120 NetPipeActivator - ok

13:24:21.0482 1120 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll

13:24:21.0541 1120 netprofm - ok

13:24:21.0890 1120 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

13:24:21.0916 1120 NetTcpActivator - ok

13:24:21.0943 1120 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

13:24:21.0967 1120 NetTcpPortSharing - ok

13:24:22.0879 1120 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys

13:24:23.0233 1120 NETw5v32 - ok

13:24:23.0579 1120 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

13:24:23.0627 1120 nfrd960 - ok

13:24:23.0927 1120 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

13:24:23.0984 1120 NisDrv - ok

13:24:24.0033 1120 NisSrv (a5cb074f34bbd89948e34a630d459c0c) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

13:24:24.0107 1120 NisSrv - ok

13:24:24.0408 1120 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll

13:24:24.0526 1120 NlaSvc - ok

13:24:24.0805 1120 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

13:24:24.0868 1120 Npfs - ok

13:24:25.0185 1120 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll

13:24:25.0252 1120 nsi - ok

13:24:25.0503 1120 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

13:24:25.0561 1120 nsiproxy - ok

13:24:26.0383 1120 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

13:24:26.0555 1120 Ntfs - ok

13:24:27.0207 1120 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

13:24:27.0310 1120 ntrigdigi - ok

13:24:27.0466 1120 ntuneservice - ok

13:24:27.0639 1120 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

13:24:27.0701 1120 Null - ok

13:24:28.0149 1120 NVHDA (3d7fb57354703809b5f0c23287fac1d6) C:\Windows\system32\drivers\nvhda32v.sys

13:24:28.0212 1120 NVHDA - ok

13:24:31.0031 1120 nvlddmkm (e891b3979f0cf2740c1b073f834221fe) C:\Windows\system32\DRIVERS\nvlddmkm.sys

13:24:32.0555 1120 nvlddmkm - ok

13:24:32.0977 1120 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

13:24:33.0021 1120 nvraid - ok

13:24:33.0551 1120 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

13:24:33.0574 1120 nvstor - ok

13:24:34.0424 1120 nvsvc (ae2de8e165dcb93a66b21748e6f913df) C:\Windows\system32\nvvsvc.exe

13:24:34.0603 1120 nvsvc - ok

13:24:34.0938 1120 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

13:24:34.0961 1120 nv_agp - ok

13:24:35.0266 1120 NwlnkFlt - ok

13:24:35.0340 1120 NwlnkFwd - ok

13:24:35.0367 1120 O2SCBUS - ok

13:24:35.0408 1120 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

13:24:35.0467 1120 ohci1394 - ok

13:24:35.0477 1120 OsaFsLoc - ok

13:24:35.0555 1120 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

13:24:35.0579 1120 ose - ok

13:24:35.0917 1120 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

13:24:36.0010 1120 p2pimsvc - ok

13:24:36.0183 1120 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

13:24:36.0240 1120 p2psvc - ok

13:24:36.0460 1120 paamsrv - ok

13:24:36.0597 1120 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

13:24:36.0656 1120 Parport - ok

13:24:37.0109 1120 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

13:24:37.0137 1120 partmgr - ok

13:24:37.0524 1120 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

13:24:37.0590 1120 Parvdm - ok

13:24:37.0726 1120 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll

13:24:37.0784 1120 PcaSvc - ok

13:24:37.0893 1120 pchost - ok

13:24:38.0299 1120 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

13:24:38.0375 1120 pci - ok

13:24:38.0546 1120 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

13:24:38.0611 1120 pciide - ok

13:24:38.0773 1120 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

13:24:38.0838 1120 pcmcia - ok

13:24:39.0360 1120 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

13:24:39.0471 1120 PEAUTH - ok

13:24:39.0999 1120 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll

13:24:40.0212 1120 pla - ok

13:24:40.0564 1120 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll

13:24:41.0400 1120 PlugPlay - ok

13:24:41.0791 1120 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

13:24:41.0832 1120 PNRPAutoReg - ok

13:24:41.0902 1120 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

13:24:41.0950 1120 PNRPsvc - ok

13:24:42.0394 1120 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll

13:24:42.0469 1120 PolicyAgent - ok

13:24:42.0853 1120 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

13:24:42.0970 1120 PptpMiniport - ok

13:24:43.0386 1120 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

13:24:43.0439 1120 Processor - ok

13:24:43.0736 1120 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll

13:24:43.0815 1120 ProfSvc - ok

13:24:44.0142 1120 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

13:24:44.0168 1120 ProtectedStorage - ok

13:24:44.0507 1120 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

13:24:44.0570 1120 PSched - ok

13:24:44.0766 1120 qbposdbextservices - ok

13:24:45.0177 1120 qconsvc - ok

13:24:45.0613 1120 qkbfiltr (a94f63608371ab232ed75fbab00fb132) C:\Windows\system32\DRIVERS\qkbfiltr.sys

13:24:45.0707 1120 qkbfiltr - ok

13:24:46.0543 1120 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

13:24:46.0722 1120 ql2300 - ok

13:24:47.0224 1120 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

13:24:47.0284 1120 ql40xx - ok

13:24:47.0474 1120 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll

13:24:47.0619 1120 QWAVE - ok

13:24:48.0019 1120 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

13:24:48.0043 1120 QWAVEdrv - ok

13:24:48.0418 1120 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

13:24:48.0460 1120 RasAcd - ok

13:24:48.0792 1120 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll

13:24:48.0897 1120 RasAuto - ok

13:24:49.0041 1120 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

13:24:49.0110 1120 Rasl2tp - ok

13:24:49.0205 1120 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll

13:24:49.0260 1120 RasMan - ok

13:24:49.0464 1120 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

13:24:49.0502 1120 RasPppoe - ok

13:24:49.0975 1120 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

13:24:50.0063 1120 RasSstp - ok

13:24:50.0462 1120 Rawwan - ok

13:24:51.0012 1120 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

13:24:51.0116 1120 rdbss - ok

13:24:51.0342 1120 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

13:24:51.0372 1120 RDPCDD - ok

13:24:51.0935 1120 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

13:24:51.0957 1120 rdpdr - ok

13:24:52.0586 1120 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

13:24:52.0668 1120 RDPENCDD - ok

13:24:53.0207 1120 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys

13:24:53.0356 1120 RDPWD - ok

13:24:53.0933 1120 RegSrvc (b33c88df3588acf250b87a004526c31a) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

13:24:54.0092 1120 RegSrvc ( UnsignedFile.Multi.Generic ) - warning

13:24:54.0092 1120 RegSrvc - detected UnsignedFile.Multi.Generic (1)

13:24:54.0467 1120 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll

13:24:54.0606 1120 RemoteAccess - ok

13:24:55.0085 1120 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll

13:24:55.0139 1120 RemoteRegistry - ok

13:24:55.0485 1120 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

13:24:55.0625 1120 RpcLocator - ok

13:24:56.0258 1120 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

13:24:56.0313 1120 RpcSs - ok

13:24:56.0559 1120 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

13:24:56.0666 1120 rspndr - ok

13:24:57.0273 1120 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys

13:24:57.0293 1120 RTL8169 - ok

13:24:57.0540 1120 RtlProt (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys

13:24:57.0567 1120 RtlProt - ok

13:24:57.0602 1120 rtm - ok

13:24:57.0987 1120 RTSTOR (b0538dea03e088b80482ca939f4e8740) C:\Windows\system32\drivers\RTSTOR.SYS

13:24:58.0119 1120 RTSTOR - ok

13:24:58.0488 1120 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

13:24:58.0514 1120 SamSs - ok

13:24:58.0937 1120 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

13:24:58.0969 1120 sbp2port - ok

13:24:59.0341 1120 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll

13:24:59.0384 1120 SCardSvr - ok

13:24:59.0551 1120 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\Windows\system32\drivers\SCDEmu.sys

13:24:59.0589 1120 SCDEmu ( UnsignedFile.Multi.Generic ) - warning

13:24:59.0589 1120 SCDEmu - detected UnsignedFile.Multi.Generic (1)

13:24:59.0891 1120 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll

13:25:00.0008 1120 Schedule - ok

13:25:00.0353 1120 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

13:25:00.0382 1120 SCPolicySvc - ok

13:25:00.0583 1120 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll

13:25:00.0645 1120 SDRSVC - ok

13:25:01.0025 1120 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

13:25:01.0108 1120 secdrv - ok

13:25:01.0492 1120 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll

13:25:01.0549 1120 seclogon - ok

13:25:01.0845 1120 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll

13:25:01.0904 1120 SENS - ok

13:25:01.0977 1120 ser2plms - ok

13:25:02.0177 1120 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

13:25:02.0244 1120 Serenum - ok

13:25:02.0521 1120 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

13:25:02.0617 1120 Serial - ok

13:25:02.0997 1120 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

13:25:03.0039 1120 sermouse - ok

13:25:03.0334 1120 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll

13:25:03.0402 1120 SessionEnv - ok

13:25:03.0644 1120 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

13:25:03.0681 1120 sffdisk - ok

13:25:03.0862 1120 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

13:25:03.0925 1120 sffp_mmc - ok

13:25:04.0015 1120 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

13:25:04.0081 1120 sffp_sd - ok

13:25:04.0332 1120 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

13:25:04.0395 1120 sfloppy - ok

13:25:04.0673 1120 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll

13:25:04.0768 1120 SharedAccess - ok

13:25:05.0099 1120 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll

13:25:05.0223 1120 ShellHWDetection - ok

13:25:05.0484 1120 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

13:25:05.0510 1120 sisagp - ok

13:25:05.0830 1120 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

13:25:05.0857 1120 SiSRaid2 - ok

13:25:05.0923 1120 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

13:25:05.0961 1120 SiSRaid4 - ok

13:25:06.0061 1120 SkypeUpdate (62b825015fa289d2c5ebf8b00846a8ff) C:\Program Files\Skype\Updater\Updater.exe

13:25:06.0225 1120 SkypeUpdate - ok

13:25:06.0510 1120 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe

13:25:06.0820 1120 slsvc - ok

13:25:07.0150 1120 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll

13:25:07.0220 1120 SLUINotify - ok

13:25:07.0494 1120 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

13:25:07.0560 1120 Smb - ok

13:25:07.0718 1120 smwdm - ok

13:25:07.0964 1120 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

13:25:08.0023 1120 SNMPTRAP - ok

13:25:08.0129 1120 speedfan - ok

13:25:08.0418 1120 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

13:25:08.0437 1120 spldr - ok

13:25:08.0533 1120 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe

13:25:08.0605 1120 Spooler - ok

13:25:08.0888 1120 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

13:25:08.0975 1120 srv - ok

13:25:09.0289 1120 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

13:25:09.0335 1120 srv2 - ok

13:25:09.0462 1120 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

13:25:09.0498 1120 srvnet - ok

13:25:09.0562 1120 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll

13:25:09.0600 1120 SSDPSRV - ok

13:25:09.0694 1120 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll

13:25:09.0735 1120 SstpSvc - ok

13:25:09.0749 1120 stac97 - ok

13:25:09.0971 1120 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

13:25:11.0835 1120 Stereo Service - ok

13:25:12.0158 1120 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll

13:25:12.0314 1120 stisvc - ok

13:25:12.0515 1120 streamip - ok

13:25:12.0883 1120 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

13:25:12.0935 1120 swenum - ok

13:25:13.0260 1120 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll

13:25:13.0341 1120 swprv - ok

13:25:13.0680 1120 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

13:25:13.0700 1120 Symc8xx - ok

13:25:14.0054 1120 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

13:25:14.0073 1120 Sym_hi - ok

13:25:14.0414 1120 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

13:25:14.0444 1120 Sym_u3 - ok

13:25:14.0786 1120 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys

13:25:14.0861 1120 SynTP - ok

13:25:15.0139 1120 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll

13:25:15.0230 1120 SysMain - ok

13:25:15.0592 1120 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

13:25:15.0645 1120 TabletInputService - ok

13:25:15.0913 1120 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll

13:25:15.0947 1120 TapiSrv - ok

13:25:16.0282 1120 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll

13:25:16.0389 1120 TBS - ok

13:25:16.0660 1120 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys

13:25:16.0754 1120 Tcpip - ok

13:25:16.0893 1120 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys

13:25:16.0962 1120 Tcpip6 - ok

13:25:17.0028 1120 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys

13:25:17.0091 1120 tcpipreg - ok

13:25:17.0127 1120 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

13:25:17.0157 1120 TDPIPE - ok

13:25:17.0181 1120 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

13:25:17.0212 1120 TDTCP - ok

13:25:17.0244 1120 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

13:25:17.0305 1120 tdx - ok

13:25:17.0436 1120 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

13:25:17.0465 1120 TermDD - ok

13:25:17.0525 1120 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll

13:25:17.0605 1120 TermService - ok

13:25:17.0646 1120 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll

13:25:17.0676 1120 Themes - ok

13:25:17.0708 1120 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

13:25:17.0739 1120 THREADORDER - ok

13:25:17.0749 1120 tossmbnt - ok

13:25:17.0811 1120 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll

13:25:17.0868 1120 TrkWks - ok

13:25:17.0911 1120 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe

13:25:17.0948 1120 TrustedInstaller - ok

13:25:18.0002 1120 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

13:25:18.0046 1120 tssecsrv - ok

13:25:18.0095 1120 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

13:25:18.0132 1120 tunmp - ok

13:25:18.0170 1120 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

13:25:18.0193 1120 tunnel - ok

13:25:18.0244 1120 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

13:25:18.0271 1120 uagp35 - ok

13:25:18.0307 1120 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

13:25:18.0336 1120 udfs - ok

13:25:18.0429 1120 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe

13:25:18.0477 1120 UI0Detect - ok

13:25:18.0529 1120 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

13:25:18.0560 1120 uliagpkx - ok

13:25:18.0633 1120 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

13:25:18.0699 1120 uliahci - ok

13:25:18.0777 1120 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

13:25:18.0796 1120 UlSata - ok

13:25:18.0812 1120 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

13:25:18.0832 1120 ulsata2 - ok

13:25:18.0901 1120 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

13:25:18.0947 1120 umbus - ok

13:25:19.0008 1120 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll

13:25:19.0062 1120 upnphost - ok

13:25:19.0147 1120 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

13:25:19.0184 1120 usbccgp - ok

13:25:19.0230 1120 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

13:25:19.0283 1120 usbcir - ok

13:25:19.0364 1120 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

13:25:19.0404 1120 usbehci - ok

13:25:19.0464 1120 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

13:25:19.0537 1120 usbhub - ok

13:25:19.0610 1120 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

13:25:19.0656 1120 usbohci - ok

13:25:19.0698 1120 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys

13:25:19.0773 1120 usbprint - ok

13:25:20.0325 1120 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

13:25:20.0404 1120 USBSTOR - ok

13:25:20.0830 1120 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

13:25:20.0894 1120 usbuhci - ok

13:25:21.0273 1120 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

13:25:21.0321 1120 usbvideo - ok

13:25:21.0489 1120 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll

13:25:21.0544 1120 UxSms - ok

13:25:21.0609 1120 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe

13:25:21.0683 1120 vds - ok

13:25:21.0997 1120 veteboot - ok

13:25:22.0280 1120 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

13:25:22.0366 1120 vga - ok

13:25:22.0589 1120 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

13:25:22.0620 1120 VgaSave - ok

13:25:22.0986 1120 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

13:25:23.0042 1120 viaagp - ok

13:25:23.0546 1120 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

13:25:23.0579 1120 ViaC7 - ok

13:25:24.0088 1120 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

13:25:24.0105 1120 viaide - ok

13:25:24.0396 1120 vmkbd2 - ok

13:25:24.0570 1120 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

13:25:24.0634 1120 volmgr - ok

13:25:24.0964 1120 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

13:25:24.0988 1120 volmgrx - ok

13:25:25.0514 1120 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

13:25:25.0625 1120 volsnap - ok

13:25:26.0229 1120 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

13:25:26.0266 1120 vsmraid - ok

13:25:27.0030 1120 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe

13:25:27.0237 1120 VSS - ok

13:25:27.0474 1120 w200mdm - ok

13:25:27.0628 1120 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll

13:25:27.0687 1120 W32Time - ok

13:25:28.0072 1120 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

13:25:28.0115 1120 WacomPen - ok

13:25:28.0573 1120 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

13:25:28.0611 1120 Wanarp - ok

13:25:28.0634 1120 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

13:25:28.0671 1120 Wanarpv6 - ok

13:25:29.0124 1120 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll

13:25:29.0236 1120 wcncsvc - ok

13:25:29.0590 1120 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll

13:25:29.0646 1120 WcsPlugInService - ok

13:25:30.0066 1120 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

13:25:30.0086 1120 Wd - ok

13:25:30.0575 1120 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

13:25:30.0680 1120 Wdf01000 - ok

13:25:31.0068 1120 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

13:25:31.0171 1120 WdiServiceHost - ok

13:25:31.0187 1120 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

13:25:31.0221 1120 WdiSystemHost - ok

13:25:31.0560 1120 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll

13:25:31.0655 1120 WebClient - ok

13:25:32.0026 1120 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll

13:25:32.0077 1120 Wecsvc - ok

13:25:32.0183 1120 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll

13:25:32.0245 1120 wercplsupport - ok

13:25:32.0441 1120 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll

13:25:32.0485 1120 WerSvc - ok

13:25:32.0706 1120 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll

13:25:32.0781 1120 WinDefend - ok

13:25:32.0806 1120 WinHttpAutoProxySvc - ok

13:25:33.0323 1120 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll

13:25:33.0402 1120 Winmgmt - ok

13:25:33.0523 1120 winpppoverethernet - ok

13:25:33.0792 1120 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll

13:25:33.0943 1120 WinRM - ok

13:25:34.0300 1120 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll

13:25:34.0430 1120 Wlansvc - ok

13:25:35.0087 1120 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

13:25:35.0299 1120 wlidsvc - ok

13:25:35.0489 1120 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys

13:25:35.0531 1120 WmiAcpi - ok

13:25:35.0829 1120 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe

13:25:35.0938 1120 wmiApSrv - ok

13:25:36.0203 1120 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe

13:25:36.0468 1120 WMPNetworkSvc - ok

13:25:36.0833 1120 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll

13:25:36.0898 1120 WPCSvc - ok

13:25:37.0166 1120 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll

13:25:37.0231 1120 WPDBusEnum - ok

13:25:37.0667 1120 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

13:25:37.0740 1120 WPFFontCache_v0400 - ok

13:25:37.0933 1120 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

13:25:37.0982 1120 ws2ifsl - ok

13:25:38.0197 1120 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll

13:25:38.0276 1120 wscsvc - ok

13:25:38.0309 1120 WSearch - ok

13:25:38.0476 1120 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll

13:25:38.0677 1120 wuauserv - ok

13:25:38.0730 1120 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

13:25:38.0777 1120 WUDFRd - ok

13:25:38.0827 1120 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll

13:25:38.0891 1120 wudfsvc - ok

13:25:39.0019 1120 wusb54gv2svc - ok

13:25:39.0077 1120 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

13:25:40.0481 1120 \Device\Harddisk0\DR0 - ok

13:25:40.0541 1120 Boot (0x1200) (a0979c308b32317d32153df4715de082) \Device\Harddisk0\DR0\Partition0

13:25:40.0574 1120 \Device\Harddisk0\DR0\Partition0 - ok

13:25:40.0574 1120 ============================================================

13:25:40.0574 1120 Scan finished

13:25:40.0574 1120 ============================================================

13:25:40.0583 5940 Detected object count: 3

13:25:40.0583 5940 Actual detected object count: 3

13:27:21.0062 5940 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user

13:27:21.0062 5940 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:27:21.0063 5940 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user

13:27:21.0063 5940 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:27:21.0064 5940 SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user

13:27:21.0064 5940 SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:27:57.0315 2716 Deinitialize success

Share this post


Link to post
Share on other sites

Clean so far....please do this:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:

If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Share this post


Link to post
Share on other sites

I used ComboFix sometime ago. But it didn't properly run. On my first try, even though I had all my security programs turned off, it gave me an error saying MSE is still running. The program started. Then upon rebooting, combofix itself came up with an error, and kept rebooting the laptop. I intervened and tried to bypass auto-restart on a critical failure. It didn't work. It kept on rebooting. Then again, managed to stop it entering into Safe mode. After this point, I ran TDSSKiller. Tried to run ComboFix, Again it didn't work properly. In safe mode as well. Same error message, and its automatic attempt to run. The program just didn't want to work.

Finally, I decided to rename the ComboFix directory as it's visible in the logs. Downloaded it again. Manage to run it properly this time.

ComboFix log->

ComboFix 12-04-14.02 - Lucifer Morningstar 14/04/2012 14:12:45.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3038.2017 [GMT 2:00]

Running from: c:\users\Lucifer Morningstar\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Roaming

c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini

c:\programdata\Tarma Installer

c:\programdata\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setup.dll

c:\programdata\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll

c:\programdata\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\Setup.dat

c:\programdata\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\Setup.exe

c:\programdata\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\Setup.ico

c:\windows\$NtUninstallKB32896$

c:\windows\$NtUninstallKB32896$\1889464350\cfg.ini

.

.

((((((((((((((((((((((((( Files Created from 2012-03-14 to 2012-04-14 )))))))))))))))))))))))))))))))

.

.

2012-04-14 12:19 . 2012-04-14 12:21 -------- d-----w- c:\users\Lucifer Morningstar\AppData\Local\temp

2012-04-14 12:19 . 2012-04-14 12:19 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-14 04:04 . 2012-04-14 04:04 -------- d-----w- C:\_OTL

2012-04-13 13:39 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{593D43D1-03A4-4499-BCC6-715E440FF3D5}\mpengine.dll

2012-04-13 12:35 . 2012-04-13 12:35 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-13 07:03 . 2012-04-13 07:50 -------- d-----w- C:\-ComboFix

2012-04-12 13:29 . 2012-04-12 13:29 -------- d-----w- c:\users\Lucifer Morningstar\AppData\Roaming\Malwarebytes

2012-04-12 13:26 . 2012-04-12 13:26 -------- d-----w- c:\programdata\Malwarebytes

2012-04-12 13:26 . 2012-04-12 13:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-04-12 13:26 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-12 11:51 . 2012-04-12 11:51 -------- d-----w- c:\users\Lucifer Morningstar\AppData\Local\Demiurge Studios

2012-04-12 11:51 . 2012-04-12 11:51 -------- d-----w- c:\programdata\RELOADED

2012-04-11 11:30 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2012-04-11 05:02 . 2012-04-11 05:02 -------- d-----w- c:\users\Lucifer Morningstar\AppData\Roaming\LegacyGames

2012-04-11 02:03 . 2012-04-11 02:04 -------- d-----w- c:\users\Lucifer Morningstar\AppData\Roaming\vlc

2012-04-11 02:02 . 2012-04-11 02:02 -------- d-----w- c:\program files\VideoLAN

2012-04-02 06:19 . 2012-04-13 18:09 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-03-19 00:58 . 2012-03-19 00:58 -------- d-----w- c:\windows\Sun

2012-03-17 03:18 . 2012-02-29 23:59 61248 ----a-w- c:\windows\system32\OpenCL.dll

2012-03-17 03:18 . 2012-02-29 23:59 5892928 ----a-w- c:\windows\system32\nvcuda.dll

2012-03-17 03:18 . 2012-02-29 23:59 2517312 ----a-w- c:\windows\system32\nvcuvid.dll

2012-03-17 03:18 . 2012-02-29 23:59 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-03-17 03:18 . 2012-02-29 23:59 19444544 ----a-w- c:\windows\system32\nvoglv32.dll

2012-03-17 03:18 . 2012-02-29 23:59 10819392 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-03-17 03:18 . 2012-02-29 23:59 17543488 ----a-w- c:\windows\system32\nvcompiler.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-13 18:09 . 2012-01-24 23:31 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-13 12:37 . 2012-01-24 01:50 185856 ----a-w- c:\windows\system32\drivers\netbt.sys

2012-03-14 02:15 . 2012-01-25 21:10 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-03-08 16:50 . 2012-03-08 16:50 49016 ----a-w- c:\windows\system32\sirenacm.dll

2012-02-29 23:59 . 2012-01-23 20:26 881984 ----a-w- c:\windows\system32\nvgenco32.dll

2012-02-29 23:59 . 2012-01-23 20:26 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll

2012-02-29 23:59 . 2012-01-23 20:26 2301248 ----a-w- c:\windows\system32\nvapi.dll

2012-02-29 23:59 . 2012-01-23 20:26 15009600 ----a-w- c:\windows\system32\nvd3dum.dll

2012-02-29 23:59 . 2012-01-23 20:26 1000256 ----a-w- c:\windows\system32\nvdispco32.dll

2012-02-29 20:56 . 2012-01-23 20:29 3881792 ----a-w- c:\windows\system32\nvcpl.dll

2012-02-29 20:55 . 2012-01-23 20:29 2719040 ----a-w- c:\windows\system32\nvsvc.dll

2012-02-29 20:53 . 2012-01-23 20:29 108352 ----a-w- c:\windows\system32\nvmctray.dll

2012-02-29 20:53 . 2012-01-23 20:29 645440 ----a-w- c:\windows\system32\nvvsvc.exe

2012-02-29 20:53 . 2012-01-23 20:29 62272 ----a-w- c:\windows\system32\nvshext.dll

2012-02-29 20:53 . 2012-01-23 20:29 2561344 ----a-w- c:\windows\system32\nvsvcr.dll

2012-02-29 12:26 . 2012-02-29 12:26 416064 ----a-w- c:\windows\system32\nvStreaming.exe

2012-02-18 15:55 . 2012-01-23 21:03 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-14 15:45 . 2012-03-14 07:52 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-02-14 15:45 . 2012-03-14 07:52 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2012-02-13 14:12 . 2012-03-14 07:52 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2012-02-13 13:47 . 2012-03-14 07:52 683008 ----a-w- c:\windows\system32\d2d1.dll

2012-02-13 13:44 . 2012-03-14 07:52 1068544 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 22:20 . 2012-02-10 22:21 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4FC30983-5D11-43D5-BFC2-50C2D529F04A}\gapaengine.dll

2012-02-02 15:16 . 2012-03-14 07:53 2044416 ----a-w- c:\windows\system32\win32k.sys

2012-01-31 12:44 . 2012-01-23 23:00 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-24 21:14 . 2012-02-10 22:21 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-01-24 16:29 . 2011-03-28 17:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-01-24 16:04 . 2012-01-24 16:04 86528 ----a-w- c:\windows\system32\iesysprep.dll

2012-01-24 16:04 . 2012-01-24 16:04 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-01-24 16:04 . 2012-01-24 16:04 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-01-24 16:04 . 2012-01-24 16:04 63488 ----a-w- c:\windows\system32\tdc.ocx

2012-01-24 16:04 . 2012-01-24 16:04 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-01-24 16:04 . 2012-01-24 16:04 367104 ----a-w- c:\windows\system32\html.iec

2012-01-24 16:04 . 2012-01-24 16:04 161792 ----a-w- c:\windows\system32\msls31.dll

2012-01-24 16:04 . 2012-01-24 16:04 74752 ----a-w- c:\windows\system32\iesetup.dll

2012-01-24 16:04 . 2012-01-24 16:04 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-01-24 16:04 . 2012-01-24 16:04 35840 ----a-w- c:\windows\system32\imgutil.dll

2012-01-24 16:04 . 2012-01-24 16:04 23552 ----a-w- c:\windows\system32\licmgr10.dll

2012-01-24 16:04 . 2012-01-24 16:04 152064 ----a-w- c:\windows\system32\wextract.exe

2012-01-24 16:04 . 2012-01-24 16:04 150528 ----a-w- c:\windows\system32\iexpress.exe

2012-01-24 16:04 . 2012-01-24 16:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-01-24 16:04 . 2012-01-24 16:04 11776 ----a-w- c:\windows\system32\mshta.exe

2012-01-24 16:04 . 2012-01-24 16:04 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-01-24 16:04 . 2012-01-24 16:04 101888 ----a-w- c:\windows\system32\admparse.dll

2012-01-24 16:00 . 2012-01-24 16:00 98816 ----a-w- c:\windows\system32\mfps.dll

2012-01-24 16:00 . 2012-01-24 16:00 979456 ----a-w- c:\windows\system32\MFH264Dec.dll

2012-01-24 16:00 . 2012-01-24 16:00 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll

2012-01-24 16:00 . 2012-01-24 16:00 302592 ----a-w- c:\windows\system32\mfmp4src.dll

2012-01-24 16:00 . 2012-01-24 16:00 2873344 ----a-w- c:\windows\system32\mf.dll

2012-01-24 16:00 . 2012-01-24 16:00 261632 ----a-w- c:\windows\system32\mfreadwrite.dll

2012-01-24 16:00 . 2012-01-24 16:00 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe

2012-01-24 16:00 . 2012-01-24 16:00 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2012-01-24 16:00 . 2012-01-24 16:00 586240 ----a-w- c:\windows\system32\stobject.dll

2012-01-24 16:00 . 2012-01-24 16:00 478720 ----a-w- c:\windows\system32\dxgi.dll

2012-01-24 16:00 . 2012-01-24 16:00 37376 ----a-w- c:\windows\system32\cdd.dll

2012-01-24 16:00 . 2012-01-24 16:00 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll

2012-01-24 16:00 . 2012-01-24 16:00 258048 ----a-w- c:\windows\system32\winspool.drv

2012-01-24 16:00 . 2012-01-24 16:00 209920 ----a-w- c:\windows\system32\mfplat.dll

2012-01-24 16:00 . 2012-01-24 16:00 135680 ----a-w- c:\windows\system32\XpsRasterService.dll

2012-01-24 15:59 . 2012-01-24 15:59 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll

2012-01-24 15:59 . 2012-01-24 15:59 519680 ----a-w- c:\windows\system32\d3d11.dll

2012-01-24 15:59 . 2012-01-24 15:59 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui

2012-01-24 15:59 . 2012-01-24 15:59 369664 ----a-w- c:\windows\system32\WMPhoto.dll

2012-01-24 15:59 . 2012-01-24 15:59 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll

2012-01-24 15:59 . 2012-01-24 15:59 252928 ----a-w- c:\windows\system32\dxdiag.exe

2012-01-24 15:59 . 2012-01-24 15:59 195584 ----a-w- c:\windows\system32\dxdiagn.dll

2012-01-24 15:59 . 2012-01-24 15:59 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2012-01-23 22:30 . 2012-01-23 22:30 784144 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-01-23 20:13 . 2012-01-23 20:13 319456 ----a-w- c:\windows\DIFxAPI.dll

2012-01-23 20:12 . 2012-01-23 20:12 319488 ----a-w- c:\windows\HideWin.exe

2012-01-17 12:46 . 2012-02-21 23:34 27968 ----a-w- c:\windows\system32\nvhdap32.dll

2012-01-17 12:45 . 2012-02-21 23:34 67392 ----a-w- c:\windows\system32\nvapo32v.dll

2012-01-17 12:45 . 2012-02-21 23:34 148800 ----a-w- c:\windows\system32\drivers\nvhda32v.sys

2012-01-17 12:45 . 2012-02-21 23:34 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll

2012-01-17 03:39 . 2012-01-24 15:45 6557240 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2149C6EF-4CD5-41FE-96EA-43779C6C9DC4}\mpengine.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-02-22 740216]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17151624]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Keyboard Manager Utility"="c:\program files\Keyboard Manager\Manager Utility\KeyboardManager.exe" [2007-08-02 4128768]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]

"RtHDVCpl"="RtHDVCpl.exe" [2008-07-31 6265376]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

NETSVCS REQUIRES REPAIRS - current entries shown

AeLookupSvc

wercplsupport

Themes

CertPropSvc

SCPolicySvc

lanmanserver

gpsvc

IKEEXT

AudioSrv

FastUserSwitchingCompatibility

Ias

Irmon

Nla

Ntmssvc

NWCWorkstation

Nwsapagent

Rasauto

Rasman

Remoteaccess

SENS

Sharedaccess

SRService

rtm

crystaloutputfileserver

paamsrv

mstdc

w200mdm

qconsvc

ser2plms

stac97

pchost

streamip

CTEDSPFX.DLL

catchme

cqmgstor

NETGEAR_MA111

smwdm

ndiscm

O2SCBUS

EQDRV5

fsdfwd

nmindexingservice

superproserver

remotelyanywhere

tmlisten

awlegacy

AKSIFDH

sympxsvc

e1000

s217bus

cbidf2k

swmidi

jconfigd

zpcollector

dsunidrv

NICSer_WPC54G

dvd43llh

TMKEmu

RadProbe

toshidpt

speedfan

qbposdbextservices

mssqlserver

bcm4sbxp

ATSWPDRV

tossmbnt

wusb54gv2svc

Rawwan

ntuneservice

winpppoverethernet

LMIRfsDriver

clr_optimization_v2.0.50215_32

veteboot

dnsexit

DSI_SiUSBXp_3_1

egathdrv

vmkbd2

CX88AUD

Tapisrv

Wmi

WmdmPmSp

TermService

wuauserv

BITS

ShellHWDetection

LogonHours

PCAudit

helpsvc

uploadmgr

iphlpsvc

seclogon

AppInfo

msiscsi

MMCSS

ProfSvc

EapHost

winmgmt

schedule

SessionEnv

browser

hkmsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:09]

.

2012-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1361915471-2963087161-2656352562-1000Core.job

- c:\users\Lucifer Morningstar\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-23 22:02]

.

2012-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1361915471-2963087161-2656352562-1000UA.job

- c:\users\Lucifer Morningstar\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-23 22:02]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.iminent.com/?appId=E9E0F785-7514-48C0-BA39-8E3268B9ECD5

uInternet Settings,ProxyOverride = local

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.1.1 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-87011576.sys

.

.

.

**************************************************************************

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files:

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\program files\NVIDIA Corporation\Display\nvxdsync.exe

c:\windows\system32\nvvsvc.exe

c:\windows\system32\WLANExt.exe

c:\windows\system32\agrsmsvc.exe

c:\program files\Intel\WiFi\bin\EvtEng.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\RtHDVCpl.exe

c:\program files\Windows Media Player\wmpnscfg.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Synaptics\SynTP\SynTPHelper.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

.

**************************************************************************

.

Completion time: 2012-04-14 14:27:32 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-14 12:27

.

Pre-Run: 68,871,892,992 bytes free

Post-Run: 68,842,455,040 bytes free

.

- - End Of File - - 1A0DA2121ED4BC7DF9B35099940A4D92

Share this post


Link to post
Share on other sites

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how it is, MrC

Share this post


Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.13.05

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Lucifer Morningstar :: HELL [administrator]

Protection: Enabled

14/04/2012 15:13:48

mbam-log-2012-04-14 (15-13-48).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 180244

Time elapsed: 3 minute(s), 16 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

How's the computer acting now?? MrC

Share this post


Link to post
Share on other sites

Everything seems to be in an order. Google Chrome isn't redirecting, security licenses looking in an order. I'm not receiving any kind of malicious object blocked msg from MbAM. MSE's not detecting any problems either.

Share this post


Link to post
Share on other sites

Great :)

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

-----------------------------------------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Share this post


Link to post
Share on other sites

No other questions. Thanks for the quick help! Everything's back to normal :D And I learned something new.

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.