Fallen_Angel

No other questions. Thanks for the quick help! Everything's back to normal And I learned something new.

Everything seems to be in an order. Google Chrome isn't redirecting, security licenses looking in an order. I'm not receiving any kind of malicious object blocked msg from MbAM. MSE's not detecting any problems either.

Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.13.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Lucifer Morningstar :: HELL [administrator] Protection: Enabled 14/04/2012 15:13:48 mbam-log-2012-04-14 (15-13-48).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 180244 Time elapsed: 3 minute(s), 16 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

I used ComboFix sometime ago. But it didn't properly run. On my first try, even though I had all my security programs turned off, it gave me an error saying MSE is still running. The program started. Then upon rebooting, combofix itself came up with an error, and kept rebooting the laptop. I intervened and tried to bypass auto-restart on a critical failure. It didn't work. It kept on rebooting. Then again, managed to stop it entering into Safe mode. After this point, I ran TDSSKiller. Tried to run ComboFix, Again it didn't work properly. In safe mode as well. Same error message, and its automatic attempt to run. The program just didn't want to work. Finally, I decided to rename the ComboFix directory as it's visible in the logs. Downloaded it again. Manage to run it properly this time. ComboFix log-> ComboFix 12-04-14.02 - Lucifer Morningstar 14/04/2012 14:12:45.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3038.2017 [GMT 2:00] Running from: c:\users\Lucifer Morningstar\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Roaming c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini c:\programdata\Tarma Installer c:\programdata\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setup.dll c:\programdata\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll c:\programdata\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\Setup.dat c:\programdata\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\Setup.exe c:\programdata\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\Setup.ico c:\windows\$NtUninstallKB32896$ c:\windows\$NtUninstallKB32896$\1889464350\cfg.ini . . ((((((((((((((((((((((((( Files Created from 2012-03-14 to 2012-04-14 ))))))))))))))))))))))))))))))) . . 2012-04-14 12:19 . 2012-04-14 12:21 -------- d-----w- c:\users\Lucifer Morningstar\AppData\Local\temp 2012-04-14 12:19 . 2012-04-14 12:19 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-14 04:04 . 2012-04-14 04:04 -------- d-----w- C:\_OTL 2012-04-13 13:39 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{593D43D1-03A4-4499-BCC6-715E440FF3D5}\mpengine.dll 2012-04-13 12:35 . 2012-04-13 12:35 -------- d-----w- C:\TDSSKiller_Quarantine 2012-04-13 07:03 . 2012-04-13 07:50 -------- d-----w- C:\-ComboFix 2012-04-12 13:29 . 2012-04-12 13:29 -------- d-----w- c:\users\Lucifer Morningstar\AppData\Roaming\Malwarebytes 2012-04-12 13:26 . 2012-04-12 13:26 -------- d-----w- c:\programdata\Malwarebytes 2012-04-12 13:26 . 2012-04-12 13:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-12 13:26 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-12 11:51 . 2012-04-12 11:51 -------- d-----w- c:\users\Lucifer Morningstar\AppData\Local\Demiurge Studios 2012-04-12 11:51 . 2012-04-12 11:51 -------- d-----w- c:\programdata\RELOADED 2012-04-11 11:30 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2012-04-11 05:02 . 2012-04-11 05:02 -------- d-----w- c:\users\Lucifer Morningstar\AppData\Roaming\LegacyGames 2012-04-11 02:03 . 2012-04-11 02:04 -------- d-----w- c:\users\Lucifer Morningstar\AppData\Roaming\vlc 2012-04-11 02:02 . 2012-04-11 02:02 -------- d-----w- c:\program files\VideoLAN 2012-04-02 06:19 . 2012-04-13 18:09 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-03-19 00:58 . 2012-03-19 00:58 -------- d-----w- c:\windows\Sun 2012-03-17 03:18 . 2012-02-29 23:59 61248 ----a-w- c:\windows\system32\OpenCL.dll 2012-03-17 03:18 . 2012-02-29 23:59 5892928 ----a-w- c:\windows\system32\nvcuda.dll 2012-03-17 03:18 . 2012-02-29 23:59 2517312 ----a-w- c:\windows\system32\nvcuvid.dll 2012-03-17 03:18 . 2012-02-29 23:59 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-03-17 03:18 . 2012-02-29 23:59 19444544 ----a-w- c:\windows\system32\nvoglv32.dll 2012-03-17 03:18 . 2012-02-29 23:59 10819392 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-03-17 03:18 . 2012-02-29 23:59 17543488 ----a-w- c:\windows\system32\nvcompiler.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-13 18:09 . 2012-01-24 23:31 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-13 12:37 . 2012-01-24 01:50 185856 ----a-w- c:\windows\system32\drivers\netbt.sys 2012-03-14 02:15 . 2012-01-25 21:10 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-03-08 16:50 . 2012-03-08 16:50 49016 ----a-w- c:\windows\system32\sirenacm.dll 2012-02-29 23:59 . 2012-01-23 20:26 881984 ----a-w- c:\windows\system32\nvgenco32.dll 2012-02-29 23:59 . 2012-01-23 20:26 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll 2012-02-29 23:59 . 2012-01-23 20:26 2301248 ----a-w- c:\windows\system32\nvapi.dll 2012-02-29 23:59 . 2012-01-23 20:26 15009600 ----a-w- c:\windows\system32\nvd3dum.dll 2012-02-29 23:59 . 2012-01-23 20:26 1000256 ----a-w- c:\windows\system32\nvdispco32.dll 2012-02-29 20:56 . 2012-01-23 20:29 3881792 ----a-w- c:\windows\system32\nvcpl.dll 2012-02-29 20:55 . 2012-01-23 20:29 2719040 ----a-w- c:\windows\system32\nvsvc.dll 2012-02-29 20:53 . 2012-01-23 20:29 108352 ----a-w- c:\windows\system32\nvmctray.dll 2012-02-29 20:53 . 2012-01-23 20:29 645440 ----a-w- c:\windows\system32\nvvsvc.exe 2012-02-29 20:53 . 2012-01-23 20:29 62272 ----a-w- c:\windows\system32\nvshext.dll 2012-02-29 20:53 . 2012-01-23 20:29 2561344 ----a-w- c:\windows\system32\nvsvcr.dll 2012-02-29 12:26 . 2012-02-29 12:26 416064 ----a-w- c:\windows\system32\nvStreaming.exe 2012-02-18 15:55 . 2012-01-23 21:03 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-02-14 15:45 . 2012-03-14 07:52 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-02-14 15:45 . 2012-03-14 07:52 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2012-02-13 14:12 . 2012-03-14 07:52 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2012-02-13 13:47 . 2012-03-14 07:52 683008 ----a-w- c:\windows\system32\d2d1.dll 2012-02-13 13:44 . 2012-03-14 07:52 1068544 ----a-w- c:\windows\system32\DWrite.dll 2012-02-10 22:20 . 2012-02-10 22:21 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4FC30983-5D11-43D5-BFC2-50C2D529F04A}\gapaengine.dll 2012-02-02 15:16 . 2012-03-14 07:53 2044416 ----a-w- c:\windows\system32\win32k.sys 2012-01-31 12:44 . 2012-01-23 23:00 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-01-24 21:14 . 2012-02-10 22:21 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-01-24 16:29 . 2011-03-28 17:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-01-24 16:04 . 2012-01-24 16:04 86528 ----a-w- c:\windows\system32\iesysprep.dll 2012-01-24 16:04 . 2012-01-24 16:04 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-01-24 16:04 . 2012-01-24 16:04 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-01-24 16:04 . 2012-01-24 16:04 63488 ----a-w- c:\windows\system32\tdc.ocx 2012-01-24 16:04 . 2012-01-24 16:04 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-01-24 16:04 . 2012-01-24 16:04 367104 ----a-w- c:\windows\system32\html.iec 2012-01-24 16:04 . 2012-01-24 16:04 161792 ----a-w- c:\windows\system32\msls31.dll 2012-01-24 16:04 . 2012-01-24 16:04 74752 ----a-w- c:\windows\system32\iesetup.dll 2012-01-24 16:04 . 2012-01-24 16:04 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-01-24 16:04 . 2012-01-24 16:04 35840 ----a-w- c:\windows\system32\imgutil.dll 2012-01-24 16:04 . 2012-01-24 16:04 23552 ----a-w- c:\windows\system32\licmgr10.dll 2012-01-24 16:04 . 2012-01-24 16:04 152064 ----a-w- c:\windows\system32\wextract.exe 2012-01-24 16:04 . 2012-01-24 16:04 150528 ----a-w- c:\windows\system32\iexpress.exe 2012-01-24 16:04 . 2012-01-24 16:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-01-24 16:04 . 2012-01-24 16:04 11776 ----a-w- c:\windows\system32\mshta.exe 2012-01-24 16:04 . 2012-01-24 16:04 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-01-24 16:04 . 2012-01-24 16:04 101888 ----a-w- c:\windows\system32\admparse.dll 2012-01-24 16:00 . 2012-01-24 16:00 98816 ----a-w- c:\windows\system32\mfps.dll 2012-01-24 16:00 . 2012-01-24 16:00 979456 ----a-w- c:\windows\system32\MFH264Dec.dll 2012-01-24 16:00 . 2012-01-24 16:00 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll 2012-01-24 16:00 . 2012-01-24 16:00 302592 ----a-w- c:\windows\system32\mfmp4src.dll 2012-01-24 16:00 . 2012-01-24 16:00 2873344 ----a-w- c:\windows\system32\mf.dll 2012-01-24 16:00 . 2012-01-24 16:00 261632 ----a-w- c:\windows\system32\mfreadwrite.dll 2012-01-24 16:00 . 2012-01-24 16:00 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2012-01-24 16:00 . 2012-01-24 16:00 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2012-01-24 16:00 . 2012-01-24 16:00 586240 ----a-w- c:\windows\system32\stobject.dll 2012-01-24 16:00 . 2012-01-24 16:00 478720 ----a-w- c:\windows\system32\dxgi.dll 2012-01-24 16:00 . 2012-01-24 16:00 37376 ----a-w- c:\windows\system32\cdd.dll 2012-01-24 16:00 . 2012-01-24 16:00 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2012-01-24 16:00 . 2012-01-24 16:00 258048 ----a-w- c:\windows\system32\winspool.drv 2012-01-24 16:00 . 2012-01-24 16:00 209920 ----a-w- c:\windows\system32\mfplat.dll 2012-01-24 16:00 . 2012-01-24 16:00 135680 ----a-w- c:\windows\system32\XpsRasterService.dll 2012-01-24 15:59 . 2012-01-24 15:59 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2012-01-24 15:59 . 2012-01-24 15:59 519680 ----a-w- c:\windows\system32\d3d11.dll 2012-01-24 15:59 . 2012-01-24 15:59 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui 2012-01-24 15:59 . 2012-01-24 15:59 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2012-01-24 15:59 . 2012-01-24 15:59 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2012-01-24 15:59 . 2012-01-24 15:59 252928 ----a-w- c:\windows\system32\dxdiag.exe 2012-01-24 15:59 . 2012-01-24 15:59 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2012-01-24 15:59 . 2012-01-24 15:59 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2012-01-23 22:30 . 2012-01-23 22:30 784144 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-01-23 20:13 . 2012-01-23 20:13 319456 ----a-w- c:\windows\DIFxAPI.dll 2012-01-23 20:12 . 2012-01-23 20:12 319488 ----a-w- c:\windows\HideWin.exe 2012-01-17 12:46 . 2012-02-21 23:34 27968 ----a-w- c:\windows\system32\nvhdap32.dll 2012-01-17 12:45 . 2012-02-21 23:34 67392 ----a-w- c:\windows\system32\nvapo32v.dll 2012-01-17 12:45 . 2012-02-21 23:34 148800 ----a-w- c:\windows\system32\drivers\nvhda32v.sys 2012-01-17 12:45 . 2012-02-21 23:34 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll 2012-01-17 03:39 . 2012-01-24 15:45 6557240 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2149C6EF-4CD5-41FE-96EA-43779C6C9DC4}\mpengine.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-02-22 740216] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17151624] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Keyboard Manager Utility"="c:\program files\Keyboard Manager\Manager Utility\KeyboardManager.exe" [2007-08-02 4128768] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808] "RtHDVCpl"="RtHDVCpl.exe" [2008-07-31 6265376] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . NETSVCS REQUIRES REPAIRS - current entries shown AeLookupSvc wercplsupport Themes CertPropSvc SCPolicySvc lanmanserver gpsvc IKEEXT AudioSrv FastUserSwitchingCompatibility Ias Irmon Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess SENS Sharedaccess SRService rtm crystaloutputfileserver paamsrv mstdc w200mdm qconsvc ser2plms stac97 pchost streamip CTEDSPFX.DLL catchme cqmgstor NETGEAR_MA111 smwdm ndiscm O2SCBUS EQDRV5 fsdfwd nmindexingservice superproserver remotelyanywhere tmlisten awlegacy AKSIFDH sympxsvc e1000 s217bus cbidf2k swmidi jconfigd zpcollector dsunidrv NICSer_WPC54G dvd43llh TMKEmu RadProbe toshidpt speedfan qbposdbextservices mssqlserver bcm4sbxp ATSWPDRV tossmbnt wusb54gv2svc Rawwan ntuneservice winpppoverethernet LMIRfsDriver clr_optimization_v2.0.50215_32 veteboot dnsexit DSI_SiUSBXp_3_1 egathdrv vmkbd2 CX88AUD Tapisrv Wmi WmdmPmSp TermService wuauserv BITS ShellHWDetection LogonHours PCAudit helpsvc uploadmgr iphlpsvc seclogon AppInfo msiscsi MMCSS ProfSvc EapHost winmgmt schedule SessionEnv browser hkmsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs . . Contents of the 'Scheduled Tasks' folder . 2012-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:09] . 2012-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1361915471-2963087161-2656352562-1000Core.job - c:\users\Lucifer Morningstar\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-23 22:02] . 2012-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1361915471-2963087161-2656352562-1000UA.job - c:\users\Lucifer Morningstar\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-23 22:02] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.iminent.com/?appId=E9E0F785-7514-48C0-BA39-8E3268B9ECD5 uInternet Settings,ProxyOverride = local Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.1.1 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . SafeBoot-87011576.sys . . . ************************************************************************** scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe c:\program files\NVIDIA Corporation\Display\nvxdsync.exe c:\windows\system32\nvvsvc.exe c:\windows\system32\WLANExt.exe c:\windows\system32\agrsmsvc.exe c:\program files\Intel\WiFi\bin\EvtEng.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\RtHDVCpl.exe c:\program files\Windows Media Player\wmpnscfg.exe c:\windows\ehome\ehmsas.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe . ************************************************************************** . Completion time: 2012-04-14 14:27:32 - machine was rebooted ComboFix-quarantined-files.txt 2012-04-14 12:27 . Pre-Run: 68,871,892,992 bytes free Post-Run: 68,842,455,040 bytes free . - - End Of File - - 1A0DA2121ED4BC7DF9B35099940A4D92

13:22:14.0452 2236 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05 13:22:14.0934 2236 ============================================================ 13:22:14.0934 2236 Current date / time: 2012/04/14 13:22:14.0934 13:22:14.0934 2236 SystemInfo: 13:22:14.0934 2236 13:22:14.0934 2236 OS Version: 6.0.6002 ServicePack: 2.0 13:22:14.0934 2236 Product type: Workstation 13:22:14.0934 2236 ComputerName: HELL 13:22:14.0934 2236 UserName: Lucifer Morningstar 13:22:14.0934 2236 Windows directory: C:\Windows 13:22:14.0934 2236 System windows directory: C:\Windows 13:22:14.0934 2236 Processor architecture: Intel x86 13:22:14.0934 2236 Number of processors: 2 13:22:14.0934 2236 Page size: 0x1000 13:22:14.0934 2236 Boot type: Normal boot 13:22:14.0934 2236 ============================================================ 13:22:15.0587 2236 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 13:22:15.0622 2236 \Device\Harddisk0\DR0: 13:22:15.0622 2236 MBR used 13:22:15.0622 2236 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xDF93800 13:22:15.0666 2236 Initialize success 13:22:15.0666 2236 ============================================================ 13:23:12.0398 1120 ============================================================ 13:23:12.0398 1120 Scan started 13:23:12.0398 1120 Mode: Manual; SigCheck; TDLFS; 13:23:12.0398 1120 ============================================================ 13:23:13.0421 1120 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 13:23:13.0540 1120 ACPI - ok 13:23:13.0731 1120 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 13:23:13.0834 1120 AdobeARMservice - ok 13:23:14.0524 1120 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 13:23:14.0611 1120 AdobeFlashPlayerUpdateSvc - ok 13:23:15.0260 1120 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 13:23:15.0383 1120 adp94xx - ok 13:23:15.0674 1120 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 13:23:15.0741 1120 adpahci - ok 13:23:16.0072 1120 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 13:23:16.0120 1120 adpu160m - ok 13:23:16.0509 1120 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 13:23:16.0542 1120 adpu320 - ok 13:23:16.0959 1120 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll 13:23:17.0187 1120 AeLookupSvc - ok 13:23:17.0614 1120 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 13:23:17.0743 1120 AFD - ok 13:23:18.0050 1120 AgereModemAudio (efbc44fbd75e4f80bd927aebf6e7eade) C:\Windows\system32\agrsmsvc.exe 13:23:18.0148 1120 AgereModemAudio - ok 13:23:18.0788 1120 AgereSoftModem (1cfeba39fc613e45b49d3eddfbcda289) C:\Windows\system32\DRIVERS\AGRSM.sys 13:23:18.0963 1120 AgereSoftModem - ok 13:23:19.0214 1120 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 13:23:19.0252 1120 agp440 - ok 13:23:19.0531 1120 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 13:23:19.0557 1120 aic78xx - ok 13:23:19.0801 1120 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe 13:23:19.0974 1120 ALG - ok 13:23:20.0439 1120 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 13:23:20.0474 1120 aliide - ok 13:23:20.0834 1120 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 13:23:20.0884 1120 amdagp - ok 13:23:21.0213 1120 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 13:23:21.0247 1120 amdide - ok 13:23:21.0634 1120 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 13:23:21.0715 1120 AmdK7 - ok 13:23:22.0104 1120 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 13:23:22.0157 1120 AmdK8 - ok 13:23:22.0541 1120 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll 13:23:22.0605 1120 Appinfo - ok 13:23:23.0031 1120 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 13:23:23.0101 1120 arc - ok 13:23:23.0412 1120 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 13:23:23.0453 1120 arcsas - ok 13:23:23.0734 1120 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 13:23:23.0797 1120 aspnet_state - ok 13:23:24.0137 1120 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 13:23:24.0197 1120 AsyncMac - ok 13:23:24.0499 1120 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 13:23:24.0517 1120 atapi - ok 13:23:24.0663 1120 ATSWPDRV - ok 13:23:25.0077 1120 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 13:23:25.0195 1120 AudioEndpointBuilder - ok 13:23:25.0233 1120 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 13:23:25.0269 1120 Audiosrv - ok 13:23:25.0551 1120 bcm4sbxp - ok 13:23:25.0891 1120 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 13:23:25.0997 1120 Beep - ok 13:23:26.0416 1120 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll 13:23:26.0619 1120 BITS - ok 13:23:26.0990 1120 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 13:23:27.0080 1120 blbdrive - ok 13:23:27.0487 1120 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 13:23:27.0539 1120 bowser - ok 13:23:28.0020 1120 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 13:23:28.0093 1120 BrFiltLo - ok 13:23:28.0630 1120 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 13:23:28.0737 1120 BrFiltUp - ok 13:23:29.0277 1120 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll 13:23:29.0337 1120 Browser - ok 13:23:29.0764 1120 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 13:23:30.0054 1120 Brserid - ok 13:23:30.0445 1120 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 13:23:30.0572 1120 BrSerWdm - ok 13:23:31.0157 1120 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 13:23:31.0223 1120 BrUsbMdm - ok 13:23:31.0677 1120 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 13:23:31.0751 1120 BrUsbSer - ok 13:23:32.0152 1120 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 13:23:32.0229 1120 BTHMODEM - ok 13:23:32.0502 1120 catchme - ok 13:23:32.0851 1120 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 13:23:32.0911 1120 cdfs - ok 13:23:33.0244 1120 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 13:23:33.0339 1120 cdrom - ok 13:23:33.0688 1120 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 13:23:33.0760 1120 CertPropSvc - ok 13:23:34.0101 1120 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 13:23:34.0165 1120 circlass - ok 13:23:34.0483 1120 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 13:23:34.0511 1120 CLFS - ok 13:23:34.0590 1120 clr_optimization_v2.0.50215_32 - ok 13:23:34.0786 1120 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 13:23:34.0869 1120 clr_optimization_v2.0.50727_32 - ok 13:23:35.0379 1120 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 13:23:35.0484 1120 clr_optimization_v4.0.30319_32 - ok 13:23:35.0964 1120 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 13:23:36.0019 1120 CmBatt - ok 13:23:36.0380 1120 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 13:23:36.0398 1120 cmdide - ok 13:23:36.0930 1120 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 13:23:36.0978 1120 Compbatt - ok 13:23:37.0243 1120 COMSysApp - ok 13:23:37.0654 1120 cqmgstor - ok 13:23:37.0983 1120 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 13:23:38.0002 1120 crcdisk - ok 13:23:38.0134 1120 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 13:23:38.0190 1120 Crusoe - ok 13:23:38.0302 1120 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll 13:23:38.0351 1120 CryptSvc - ok 13:23:38.0376 1120 crystaloutputfileserver - ok 13:23:38.0487 1120 CTEDSPFX.DLL - ok 13:23:38.0698 1120 CX88AUD - ok 13:23:39.0241 1120 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 13:23:39.0322 1120 DcomLaunch - ok 13:23:39.0673 1120 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 13:23:39.0757 1120 DfsC - ok 13:23:40.0562 1120 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe 13:23:40.0968 1120 DFSR - ok 13:23:41.0518 1120 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll 13:23:41.0618 1120 Dhcp - ok 13:23:42.0184 1120 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 13:23:42.0253 1120 disk - ok 13:23:42.0475 1120 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll 13:23:42.0559 1120 Dnscache - ok 13:23:42.0851 1120 dnsexit - ok 13:23:43.0107 1120 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll 13:23:43.0143 1120 dot3svc - ok 13:23:43.0278 1120 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll 13:23:43.0352 1120 DPS - ok 13:23:43.0831 1120 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 13:23:43.0901 1120 drmkaud - ok 13:23:44.0106 1120 DSI_SiUSBXp_3_1 - ok 13:23:44.0318 1120 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 13:23:44.0382 1120 DXGKrnl - ok 13:23:44.0448 1120 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 13:23:44.0503 1120 E1G60 - ok 13:23:44.0578 1120 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll 13:23:44.0635 1120 EapHost - ok 13:23:44.0801 1120 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 13:23:44.0847 1120 Ecache - ok 13:23:44.0866 1120 egathdrv - ok 13:23:45.0006 1120 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe 13:23:45.0087 1120 ehRecvr - ok 13:23:45.0166 1120 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe 13:23:45.0230 1120 ehSched - ok 13:23:45.0266 1120 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll 13:23:45.0302 1120 ehstart - ok 13:23:45.0618 1120 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 13:23:45.0688 1120 elxstor - ok 13:23:46.0094 1120 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll 13:23:46.0253 1120 EMDMgmt - ok 13:23:46.0598 1120 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 13:23:46.0633 1120 ErrDev - ok 13:23:47.0059 1120 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll 13:23:47.0141 1120 EventSystem - ok 13:23:47.0383 1120 EvtEng (306ac856622864c761cbdb5e816bb9d8) C:\Program Files\Intel\WiFi\bin\EvtEng.exe 13:23:47.0510 1120 EvtEng ( UnsignedFile.Multi.Generic ) - warning 13:23:47.0511 1120 EvtEng - detected UnsignedFile.Multi.Generic (1) 13:23:47.0872 1120 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 13:23:47.0948 1120 exfat - ok 13:23:48.0195 1120 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 13:23:48.0262 1120 fastfat - ok 13:23:48.0505 1120 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 13:23:48.0559 1120 fdc - ok 13:23:48.0705 1120 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll 13:23:48.0735 1120 fdPHost - ok 13:23:48.0878 1120 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll 13:23:48.0952 1120 FDResPub - ok 13:23:49.0211 1120 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 13:23:49.0239 1120 FileInfo - ok 13:23:49.0407 1120 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 13:23:49.0463 1120 Filetrace - ok 13:23:49.0703 1120 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 13:23:49.0749 1120 flpydisk - ok 13:23:49.0916 1120 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 13:23:49.0952 1120 FltMgr - ok 13:23:50.0136 1120 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll 13:23:50.0267 1120 FontCache - ok 13:23:50.0534 1120 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 13:23:50.0568 1120 FontCache3.0.0.0 - ok 13:23:50.0722 1120 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys 13:23:50.0786 1120 Fs_Rec - ok 13:23:51.0018 1120 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 13:23:51.0046 1120 gagp30kx - ok 13:23:51.0252 1120 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll 13:23:51.0445 1120 gpsvc - ok 13:23:51.0894 1120 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 13:23:51.0975 1120 HdAudAddService - ok 13:23:52.0474 1120 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 13:23:52.0541 1120 HDAudBus - ok 13:23:52.0830 1120 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 13:23:52.0897 1120 HidBth - ok 13:23:53.0103 1120 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 13:23:53.0173 1120 HidIr - ok 13:23:53.0365 1120 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll 13:23:53.0471 1120 hidserv - ok 13:23:53.0547 1120 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 13:23:53.0590 1120 HidUsb - ok 13:23:53.0738 1120 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll 13:23:53.0800 1120 hkmsvc - ok 13:23:54.0135 1120 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 13:23:54.0155 1120 HpCISSs - ok 13:23:54.0605 1120 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 13:23:54.0671 1120 HTTP - ok 13:23:54.0821 1120 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 13:23:54.0856 1120 i2omp - ok 13:23:54.0912 1120 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 13:23:54.0970 1120 i8042prt - ok 13:23:55.0128 1120 IAANTMON (3e42c4691aad4b1e8d0466f9cbf05cbe) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe 13:23:55.0236 1120 IAANTMON - ok 13:23:55.0568 1120 iaStor (707c1692214b1c290271067197f075f6) C:\Windows\system32\DRIVERS\iaStor.sys 13:23:55.0598 1120 iaStor - ok 13:23:55.0985 1120 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 13:23:56.0042 1120 iaStorV - ok 13:23:56.0459 1120 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 13:23:56.0629 1120 idsvc - ok 13:23:56.0970 1120 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 13:23:57.0014 1120 iirsp - ok 13:23:57.0222 1120 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll 13:23:57.0430 1120 IKEEXT - ok 13:23:57.0874 1120 IntcAzAudAddService (a963d32ab87a83445e7d21bd5620539a) C:\Windows\system32\drivers\RTKVHDA.sys 13:23:57.0955 1120 IntcAzAudAddService - ok 13:23:58.0305 1120 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 13:23:58.0336 1120 intelide - ok 13:23:58.0409 1120 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 13:23:58.0463 1120 intelppm - ok 13:23:58.0537 1120 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll 13:23:58.0603 1120 IPBusEnum - ok 13:23:58.0672 1120 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 13:23:58.0733 1120 IpFilterDriver - ok 13:23:59.0143 1120 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll 13:23:59.0253 1120 iphlpsvc - ok 13:23:59.0412 1120 IpInIp - ok 13:23:59.0731 1120 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 13:23:59.0800 1120 IPMIDRV - ok 13:24:00.0038 1120 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 13:24:00.0068 1120 IPNAT - ok 13:24:00.0292 1120 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 13:24:00.0321 1120 IRENUM - ok 13:24:00.0467 1120 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 13:24:00.0493 1120 isapnp - ok 13:24:00.0862 1120 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 13:24:00.0921 1120 iScsiPrt - ok 13:24:01.0248 1120 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 13:24:01.0268 1120 iteatapi - ok 13:24:01.0756 1120 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 13:24:01.0777 1120 iteraid - ok 13:24:01.0912 1120 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 13:24:01.0937 1120 kbdclass - ok 13:24:02.0163 1120 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys 13:24:02.0223 1120 kbdhid - ok 13:24:02.0469 1120 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 13:24:02.0530 1120 KeyIso - ok 13:24:02.0691 1120 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\Windows\system32\DRIVERS\KMWDFILTER.sys 13:24:02.0817 1120 KMWDFILTER - ok 13:24:03.0200 1120 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys 13:24:03.0247 1120 KSecDD - ok 13:24:03.0589 1120 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll 13:24:03.0739 1120 KtmRm - ok 13:24:03.0957 1120 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll 13:24:04.0026 1120 LanmanServer - ok 13:24:04.0195 1120 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll 13:24:04.0273 1120 LanmanWorkstation - ok 13:24:04.0535 1120 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 13:24:04.0601 1120 lltdio - ok 13:24:04.0664 1120 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll 13:24:04.0729 1120 lltdsvc - ok 13:24:04.0751 1120 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll 13:24:04.0798 1120 lmhosts - ok 13:24:04.0818 1120 LMIRfsDriver - ok 13:24:04.0891 1120 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 13:24:04.0938 1120 LSI_FC - ok 13:24:05.0039 1120 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 13:24:05.0088 1120 LSI_SAS - ok 13:24:05.0209 1120 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 13:24:05.0258 1120 LSI_SCSI - ok 13:24:05.0307 1120 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 13:24:05.0403 1120 luafv - ok 13:24:05.0593 1120 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys 13:24:05.0630 1120 MBAMProtector - ok 13:24:05.0872 1120 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 13:24:06.0012 1120 MBAMService - ok 13:24:06.0279 1120 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll 13:24:06.0329 1120 Mcx2Svc - ok 13:24:06.0469 1120 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 13:24:06.0489 1120 megasas - ok 13:24:06.0681 1120 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 13:24:06.0740 1120 MegaSR - ok 13:24:06.0888 1120 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 13:24:06.0960 1120 MMCSS - ok 13:24:07.0111 1120 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 13:24:07.0172 1120 Modem - ok 13:24:07.0461 1120 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 13:24:07.0530 1120 monitor - ok 13:24:07.0619 1120 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 13:24:07.0641 1120 mouclass - ok 13:24:07.0752 1120 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 13:24:07.0799 1120 mouhid - ok 13:24:07.0894 1120 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 13:24:07.0921 1120 MountMgr - ok 13:24:08.0021 1120 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys 13:24:08.0075 1120 MpFilter - ok 13:24:08.0203 1120 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 13:24:08.0254 1120 mpio - ok 13:24:08.0371 1120 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys 13:24:08.0393 1120 MpNWMon - ok 13:24:08.0819 1120 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 13:24:08.0890 1120 mpsdrv - ok 13:24:09.0125 1120 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 13:24:09.0160 1120 Mraid35x - ok 13:24:09.0301 1120 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 13:24:09.0323 1120 MRxDAV - ok 13:24:09.0507 1120 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 13:24:09.0586 1120 mrxsmb - ok 13:24:09.0789 1120 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 13:24:09.0831 1120 mrxsmb10 - ok 13:24:10.0040 1120 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 13:24:10.0104 1120 mrxsmb20 - ok 13:24:10.0409 1120 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys 13:24:10.0426 1120 msahci - ok 13:24:10.0512 1120 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 13:24:10.0551 1120 msdsm - ok 13:24:10.0612 1120 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe 13:24:10.0647 1120 MSDTC - ok 13:24:10.0816 1120 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 13:24:10.0874 1120 Msfs - ok 13:24:11.0074 1120 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 13:24:11.0124 1120 msisadrv - ok 13:24:11.0370 1120 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll 13:24:11.0435 1120 MSiSCSI - ok 13:24:11.0654 1120 msiserver - ok 13:24:11.0903 1120 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 13:24:11.0954 1120 MSKSSRV - ok 13:24:12.0159 1120 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe 13:24:12.0183 1120 MsMpSvc - ok 13:24:12.0500 1120 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 13:24:12.0532 1120 MSPCLOCK - ok 13:24:12.0708 1120 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 13:24:12.0753 1120 MSPQM - ok 13:24:13.0086 1120 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 13:24:13.0163 1120 MsRPC - ok 13:24:13.0460 1120 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 13:24:13.0501 1120 mssmbios - ok 13:24:13.0564 1120 mssqlserver - ok 13:24:13.0642 1120 mstdc - ok 13:24:13.0940 1120 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 13:24:13.0987 1120 MSTEE - ok 13:24:14.0362 1120 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 13:24:14.0390 1120 Mup - ok 13:24:14.0797 1120 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll 13:24:14.0857 1120 napagent - ok 13:24:15.0218 1120 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 13:24:15.0294 1120 NativeWifiP - ok 13:24:15.0889 1120 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 13:24:15.0988 1120 NDIS - ok 13:24:16.0251 1120 ndiscm - ok 13:24:16.0518 1120 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 13:24:16.0562 1120 NdisTapi - ok 13:24:16.0925 1120 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 13:24:16.0953 1120 Ndisuio - ok 13:24:17.0486 1120 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 13:24:17.0602 1120 NdisWan - ok 13:24:18.0185 1120 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 13:24:18.0250 1120 NDProxy - ok 13:24:18.0878 1120 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 13:24:18.0946 1120 NetBIOS - ok 13:24:19.0612 1120 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 13:24:19.0708 1120 netbt - ok 13:24:20.0015 1120 NETGEAR_MA111 - ok 13:24:20.0313 1120 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 13:24:20.0339 1120 Netlogon - ok 13:24:20.0678 1120 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll 13:24:20.0779 1120 Netman - ok 13:24:21.0013 1120 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 13:24:21.0067 1120 NetMsmqActivator - ok 13:24:21.0091 1120 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 13:24:21.0114 1120 NetPipeActivator - ok 13:24:21.0482 1120 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll 13:24:21.0541 1120 netprofm - ok 13:24:21.0890 1120 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 13:24:21.0916 1120 NetTcpActivator - ok 13:24:21.0943 1120 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 13:24:21.0967 1120 NetTcpPortSharing - ok 13:24:22.0879 1120 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys 13:24:23.0233 1120 NETw5v32 - ok 13:24:23.0579 1120 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 13:24:23.0627 1120 nfrd960 - ok 13:24:23.0927 1120 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys 13:24:23.0984 1120 NisDrv - ok 13:24:24.0033 1120 NisSrv (a5cb074f34bbd89948e34a630d459c0c) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe 13:24:24.0107 1120 NisSrv - ok 13:24:24.0408 1120 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll 13:24:24.0526 1120 NlaSvc - ok 13:24:24.0805 1120 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 13:24:24.0868 1120 Npfs - ok 13:24:25.0185 1120 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll 13:24:25.0252 1120 nsi - ok 13:24:25.0503 1120 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 13:24:25.0561 1120 nsiproxy - ok 13:24:26.0383 1120 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 13:24:26.0555 1120 Ntfs - ok 13:24:27.0207 1120 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 13:24:27.0310 1120 ntrigdigi - ok 13:24:27.0466 1120 ntuneservice - ok 13:24:27.0639 1120 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 13:24:27.0701 1120 Null - ok 13:24:28.0149 1120 NVHDA (3d7fb57354703809b5f0c23287fac1d6) C:\Windows\system32\drivers\nvhda32v.sys 13:24:28.0212 1120 NVHDA - ok 13:24:31.0031 1120 nvlddmkm (e891b3979f0cf2740c1b073f834221fe) C:\Windows\system32\DRIVERS\nvlddmkm.sys 13:24:32.0555 1120 nvlddmkm - ok 13:24:32.0977 1120 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 13:24:33.0021 1120 nvraid - ok 13:24:33.0551 1120 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 13:24:33.0574 1120 nvstor - ok 13:24:34.0424 1120 nvsvc (ae2de8e165dcb93a66b21748e6f913df) C:\Windows\system32\nvvsvc.exe 13:24:34.0603 1120 nvsvc - ok 13:24:34.0938 1120 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 13:24:34.0961 1120 nv_agp - ok 13:24:35.0266 1120 NwlnkFlt - ok 13:24:35.0340 1120 NwlnkFwd - ok 13:24:35.0367 1120 O2SCBUS - ok 13:24:35.0408 1120 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys 13:24:35.0467 1120 ohci1394 - ok 13:24:35.0477 1120 OsaFsLoc - ok 13:24:35.0555 1120 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 13:24:35.0579 1120 ose - ok 13:24:35.0917 1120 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 13:24:36.0010 1120 p2pimsvc - ok 13:24:36.0183 1120 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 13:24:36.0240 1120 p2psvc - ok 13:24:36.0460 1120 paamsrv - ok 13:24:36.0597 1120 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 13:24:36.0656 1120 Parport - ok 13:24:37.0109 1120 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 13:24:37.0137 1120 partmgr - ok 13:24:37.0524 1120 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 13:24:37.0590 1120 Parvdm - ok 13:24:37.0726 1120 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll 13:24:37.0784 1120 PcaSvc - ok 13:24:37.0893 1120 pchost - ok 13:24:38.0299 1120 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 13:24:38.0375 1120 pci - ok 13:24:38.0546 1120 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys 13:24:38.0611 1120 pciide - ok 13:24:38.0773 1120 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 13:24:38.0838 1120 pcmcia - ok 13:24:39.0360 1120 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 13:24:39.0471 1120 PEAUTH - ok 13:24:39.0999 1120 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll 13:24:40.0212 1120 pla - ok 13:24:40.0564 1120 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll 13:24:41.0400 1120 PlugPlay - ok 13:24:41.0791 1120 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 13:24:41.0832 1120 PNRPAutoReg - ok 13:24:41.0902 1120 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 13:24:41.0950 1120 PNRPsvc - ok 13:24:42.0394 1120 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll 13:24:42.0469 1120 PolicyAgent - ok 13:24:42.0853 1120 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 13:24:42.0970 1120 PptpMiniport - ok 13:24:43.0386 1120 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 13:24:43.0439 1120 Processor - ok 13:24:43.0736 1120 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll 13:24:43.0815 1120 ProfSvc - ok 13:24:44.0142 1120 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 13:24:44.0168 1120 ProtectedStorage - ok 13:24:44.0507 1120 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 13:24:44.0570 1120 PSched - ok 13:24:44.0766 1120 qbposdbextservices - ok 13:24:45.0177 1120 qconsvc - ok 13:24:45.0613 1120 qkbfiltr (a94f63608371ab232ed75fbab00fb132) C:\Windows\system32\DRIVERS\qkbfiltr.sys 13:24:45.0707 1120 qkbfiltr - ok 13:24:46.0543 1120 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 13:24:46.0722 1120 ql2300 - ok 13:24:47.0224 1120 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 13:24:47.0284 1120 ql40xx - ok 13:24:47.0474 1120 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll 13:24:47.0619 1120 QWAVE - ok 13:24:48.0019 1120 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 13:24:48.0043 1120 QWAVEdrv - ok 13:24:48.0418 1120 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 13:24:48.0460 1120 RasAcd - ok 13:24:48.0792 1120 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll 13:24:48.0897 1120 RasAuto - ok 13:24:49.0041 1120 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 13:24:49.0110 1120 Rasl2tp - ok 13:24:49.0205 1120 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll 13:24:49.0260 1120 RasMan - ok 13:24:49.0464 1120 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 13:24:49.0502 1120 RasPppoe - ok 13:24:49.0975 1120 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 13:24:50.0063 1120 RasSstp - ok 13:24:50.0462 1120 Rawwan - ok 13:24:51.0012 1120 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 13:24:51.0116 1120 rdbss - ok 13:24:51.0342 1120 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 13:24:51.0372 1120 RDPCDD - ok 13:24:51.0935 1120 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 13:24:51.0957 1120 rdpdr - ok 13:24:52.0586 1120 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 13:24:52.0668 1120 RDPENCDD - ok 13:24:53.0207 1120 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys 13:24:53.0356 1120 RDPWD - ok 13:24:53.0933 1120 RegSrvc (b33c88df3588acf250b87a004526c31a) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 13:24:54.0092 1120 RegSrvc ( UnsignedFile.Multi.Generic ) - warning 13:24:54.0092 1120 RegSrvc - detected UnsignedFile.Multi.Generic (1) 13:24:54.0467 1120 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll 13:24:54.0606 1120 RemoteAccess - ok 13:24:55.0085 1120 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll 13:24:55.0139 1120 RemoteRegistry - ok 13:24:55.0485 1120 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe 13:24:55.0625 1120 RpcLocator - ok 13:24:56.0258 1120 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 13:24:56.0313 1120 RpcSs - ok 13:24:56.0559 1120 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 13:24:56.0666 1120 rspndr - ok 13:24:57.0273 1120 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys 13:24:57.0293 1120 RTL8169 - ok 13:24:57.0540 1120 RtlProt (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys 13:24:57.0567 1120 RtlProt - ok 13:24:57.0602 1120 rtm - ok 13:24:57.0987 1120 RTSTOR (b0538dea03e088b80482ca939f4e8740) C:\Windows\system32\drivers\RTSTOR.SYS 13:24:58.0119 1120 RTSTOR - ok 13:24:58.0488 1120 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 13:24:58.0514 1120 SamSs - ok 13:24:58.0937 1120 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 13:24:58.0969 1120 sbp2port - ok 13:24:59.0341 1120 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll 13:24:59.0384 1120 SCardSvr - ok 13:24:59.0551 1120 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\Windows\system32\drivers\SCDEmu.sys 13:24:59.0589 1120 SCDEmu ( UnsignedFile.Multi.Generic ) - warning 13:24:59.0589 1120 SCDEmu - detected UnsignedFile.Multi.Generic (1) 13:24:59.0891 1120 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll 13:25:00.0008 1120 Schedule - ok 13:25:00.0353 1120 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 13:25:00.0382 1120 SCPolicySvc - ok 13:25:00.0583 1120 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll 13:25:00.0645 1120 SDRSVC - ok 13:25:01.0025 1120 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 13:25:01.0108 1120 secdrv - ok 13:25:01.0492 1120 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll 13:25:01.0549 1120 seclogon - ok 13:25:01.0845 1120 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll 13:25:01.0904 1120 SENS - ok 13:25:01.0977 1120 ser2plms - ok 13:25:02.0177 1120 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 13:25:02.0244 1120 Serenum - ok 13:25:02.0521 1120 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 13:25:02.0617 1120 Serial - ok 13:25:02.0997 1120 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 13:25:03.0039 1120 sermouse - ok 13:25:03.0334 1120 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll 13:25:03.0402 1120 SessionEnv - ok 13:25:03.0644 1120 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 13:25:03.0681 1120 sffdisk - ok 13:25:03.0862 1120 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 13:25:03.0925 1120 sffp_mmc - ok 13:25:04.0015 1120 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 13:25:04.0081 1120 sffp_sd - ok 13:25:04.0332 1120 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 13:25:04.0395 1120 sfloppy - ok 13:25:04.0673 1120 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll 13:25:04.0768 1120 SharedAccess - ok 13:25:05.0099 1120 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll 13:25:05.0223 1120 ShellHWDetection - ok 13:25:05.0484 1120 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 13:25:05.0510 1120 sisagp - ok 13:25:05.0830 1120 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 13:25:05.0857 1120 SiSRaid2 - ok 13:25:05.0923 1120 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 13:25:05.0961 1120 SiSRaid4 - ok 13:25:06.0061 1120 SkypeUpdate (62b825015fa289d2c5ebf8b00846a8ff) C:\Program Files\Skype\Updater\Updater.exe 13:25:06.0225 1120 SkypeUpdate - ok 13:25:06.0510 1120 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe 13:25:06.0820 1120 slsvc - ok 13:25:07.0150 1120 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll 13:25:07.0220 1120 SLUINotify - ok 13:25:07.0494 1120 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 13:25:07.0560 1120 Smb - ok 13:25:07.0718 1120 smwdm - ok 13:25:07.0964 1120 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe 13:25:08.0023 1120 SNMPTRAP - ok 13:25:08.0129 1120 speedfan - ok 13:25:08.0418 1120 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 13:25:08.0437 1120 spldr - ok 13:25:08.0533 1120 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe 13:25:08.0605 1120 Spooler - ok 13:25:08.0888 1120 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 13:25:08.0975 1120 srv - ok 13:25:09.0289 1120 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 13:25:09.0335 1120 srv2 - ok 13:25:09.0462 1120 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 13:25:09.0498 1120 srvnet - ok 13:25:09.0562 1120 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll 13:25:09.0600 1120 SSDPSRV - ok 13:25:09.0694 1120 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll 13:25:09.0735 1120 SstpSvc - ok 13:25:09.0749 1120 stac97 - ok 13:25:09.0971 1120 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 13:25:11.0835 1120 Stereo Service - ok 13:25:12.0158 1120 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll 13:25:12.0314 1120 stisvc - ok 13:25:12.0515 1120 streamip - ok 13:25:12.0883 1120 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 13:25:12.0935 1120 swenum - ok 13:25:13.0260 1120 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll 13:25:13.0341 1120 swprv - ok 13:25:13.0680 1120 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 13:25:13.0700 1120 Symc8xx - ok 13:25:14.0054 1120 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 13:25:14.0073 1120 Sym_hi - ok 13:25:14.0414 1120 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 13:25:14.0444 1120 Sym_u3 - ok 13:25:14.0786 1120 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys 13:25:14.0861 1120 SynTP - ok 13:25:15.0139 1120 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll 13:25:15.0230 1120 SysMain - ok 13:25:15.0592 1120 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll 13:25:15.0645 1120 TabletInputService - ok 13:25:15.0913 1120 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll 13:25:15.0947 1120 TapiSrv - ok 13:25:16.0282 1120 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll 13:25:16.0389 1120 TBS - ok 13:25:16.0660 1120 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys 13:25:16.0754 1120 Tcpip - ok 13:25:16.0893 1120 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys 13:25:16.0962 1120 Tcpip6 - ok 13:25:17.0028 1120 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys 13:25:17.0091 1120 tcpipreg - ok 13:25:17.0127 1120 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 13:25:17.0157 1120 TDPIPE - ok 13:25:17.0181 1120 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 13:25:17.0212 1120 TDTCP - ok 13:25:17.0244 1120 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 13:25:17.0305 1120 tdx - ok 13:25:17.0436 1120 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 13:25:17.0465 1120 TermDD - ok 13:25:17.0525 1120 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll 13:25:17.0605 1120 TermService - ok 13:25:17.0646 1120 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll 13:25:17.0676 1120 Themes - ok 13:25:17.0708 1120 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 13:25:17.0739 1120 THREADORDER - ok 13:25:17.0749 1120 tossmbnt - ok 13:25:17.0811 1120 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll 13:25:17.0868 1120 TrkWks - ok 13:25:17.0911 1120 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe 13:25:17.0948 1120 TrustedInstaller - ok 13:25:18.0002 1120 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 13:25:18.0046 1120 tssecsrv - ok 13:25:18.0095 1120 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 13:25:18.0132 1120 tunmp - ok 13:25:18.0170 1120 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 13:25:18.0193 1120 tunnel - ok 13:25:18.0244 1120 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 13:25:18.0271 1120 uagp35 - ok 13:25:18.0307 1120 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 13:25:18.0336 1120 udfs - ok 13:25:18.0429 1120 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe 13:25:18.0477 1120 UI0Detect - ok 13:25:18.0529 1120 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 13:25:18.0560 1120 uliagpkx - ok 13:25:18.0633 1120 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 13:25:18.0699 1120 uliahci - ok 13:25:18.0777 1120 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 13:25:18.0796 1120 UlSata - ok 13:25:18.0812 1120 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 13:25:18.0832 1120 ulsata2 - ok 13:25:18.0901 1120 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 13:25:18.0947 1120 umbus - ok 13:25:19.0008 1120 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll 13:25:19.0062 1120 upnphost - ok 13:25:19.0147 1120 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 13:25:19.0184 1120 usbccgp - ok 13:25:19.0230 1120 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 13:25:19.0283 1120 usbcir - ok 13:25:19.0364 1120 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 13:25:19.0404 1120 usbehci - ok 13:25:19.0464 1120 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 13:25:19.0537 1120 usbhub - ok 13:25:19.0610 1120 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 13:25:19.0656 1120 usbohci - ok 13:25:19.0698 1120 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys 13:25:19.0773 1120 usbprint - ok 13:25:20.0325 1120 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 13:25:20.0404 1120 USBSTOR - ok 13:25:20.0830 1120 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 13:25:20.0894 1120 usbuhci - ok 13:25:21.0273 1120 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 13:25:21.0321 1120 usbvideo - ok 13:25:21.0489 1120 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll 13:25:21.0544 1120 UxSms - ok 13:25:21.0609 1120 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe 13:25:21.0683 1120 vds - ok 13:25:21.0997 1120 veteboot - ok 13:25:22.0280 1120 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 13:25:22.0366 1120 vga - ok 13:25:22.0589 1120 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 13:25:22.0620 1120 VgaSave - ok 13:25:22.0986 1120 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 13:25:23.0042 1120 viaagp - ok 13:25:23.0546 1120 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 13:25:23.0579 1120 ViaC7 - ok 13:25:24.0088 1120 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 13:25:24.0105 1120 viaide - ok 13:25:24.0396 1120 vmkbd2 - ok 13:25:24.0570 1120 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 13:25:24.0634 1120 volmgr - ok 13:25:24.0964 1120 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 13:25:24.0988 1120 volmgrx - ok 13:25:25.0514 1120 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 13:25:25.0625 1120 volsnap - ok 13:25:26.0229 1120 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 13:25:26.0266 1120 vsmraid - ok 13:25:27.0030 1120 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe 13:25:27.0237 1120 VSS - ok 13:25:27.0474 1120 w200mdm - ok 13:25:27.0628 1120 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll 13:25:27.0687 1120 W32Time - ok 13:25:28.0072 1120 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 13:25:28.0115 1120 WacomPen - ok 13:25:28.0573 1120 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 13:25:28.0611 1120 Wanarp - ok 13:25:28.0634 1120 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 13:25:28.0671 1120 Wanarpv6 - ok 13:25:29.0124 1120 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll 13:25:29.0236 1120 wcncsvc - ok 13:25:29.0590 1120 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll 13:25:29.0646 1120 WcsPlugInService - ok 13:25:30.0066 1120 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 13:25:30.0086 1120 Wd - ok 13:25:30.0575 1120 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 13:25:30.0680 1120 Wdf01000 - ok 13:25:31.0068 1120 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 13:25:31.0171 1120 WdiServiceHost - ok 13:25:31.0187 1120 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 13:25:31.0221 1120 WdiSystemHost - ok 13:25:31.0560 1120 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll 13:25:31.0655 1120 WebClient - ok 13:25:32.0026 1120 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll 13:25:32.0077 1120 Wecsvc - ok 13:25:32.0183 1120 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll 13:25:32.0245 1120 wercplsupport - ok 13:25:32.0441 1120 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll 13:25:32.0485 1120 WerSvc - ok 13:25:32.0706 1120 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll 13:25:32.0781 1120 WinDefend - ok 13:25:32.0806 1120 WinHttpAutoProxySvc - ok 13:25:33.0323 1120 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll 13:25:33.0402 1120 Winmgmt - ok 13:25:33.0523 1120 winpppoverethernet - ok 13:25:33.0792 1120 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll 13:25:33.0943 1120 WinRM - ok 13:25:34.0300 1120 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll 13:25:34.0430 1120 Wlansvc - ok 13:25:35.0087 1120 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 13:25:35.0299 1120 wlidsvc - ok 13:25:35.0489 1120 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys 13:25:35.0531 1120 WmiAcpi - ok 13:25:35.0829 1120 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe 13:25:35.0938 1120 wmiApSrv - ok 13:25:36.0203 1120 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe 13:25:36.0468 1120 WMPNetworkSvc - ok 13:25:36.0833 1120 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll 13:25:36.0898 1120 WPCSvc - ok 13:25:37.0166 1120 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll 13:25:37.0231 1120 WPDBusEnum - ok 13:25:37.0667 1120 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 13:25:37.0740 1120 WPFFontCache_v0400 - ok 13:25:37.0933 1120 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 13:25:37.0982 1120 ws2ifsl - ok 13:25:38.0197 1120 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll 13:25:38.0276 1120 wscsvc - ok 13:25:38.0309 1120 WSearch - ok 13:25:38.0476 1120 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll 13:25:38.0677 1120 wuauserv - ok 13:25:38.0730 1120 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 13:25:38.0777 1120 WUDFRd - ok 13:25:38.0827 1120 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll 13:25:38.0891 1120 wudfsvc - ok 13:25:39.0019 1120 wusb54gv2svc - ok 13:25:39.0077 1120 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 13:25:40.0481 1120 \Device\Harddisk0\DR0 - ok 13:25:40.0541 1120 Boot (0x1200) (a0979c308b32317d32153df4715de082) \Device\Harddisk0\DR0\Partition0 13:25:40.0574 1120 \Device\Harddisk0\DR0\Partition0 - ok 13:25:40.0574 1120 ============================================================ 13:25:40.0574 1120 Scan finished 13:25:40.0574 1120 ============================================================ 13:25:40.0583 5940 Detected object count: 3 13:25:40.0583 5940 Actual detected object count: 3 13:27:21.0062 5940 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user 13:27:21.0062 5940 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:27:21.0063 5940 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user 13:27:21.0063 5940 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:27:21.0064 5940 SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user 13:27:21.0064 5940 SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:27:57.0315 2716 Deinitialize success

<p> </p> <div>RogueKiller V7.3.2 [03/20/2012] by Tigzy</div> <div>mail: tigzyRK<at>gmail<dot>com</div> <div>Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/</div> <div>Blog: http://tigzyrk.blogspot.com</div> <div> </div> <div>Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version</div> <div>Started in : Normal mode</div> <div>User: Lucifer Morningstar [Admin rights]</div> <div>Mode: Scan -- Date: 04/14/2012 09:56:36</div> <div> </div> <div>¤¤¤ Bad processes: 0 ¤¤¤</div> <div> </div> <div>¤¤¤ Registry Entries: 3 ¤¤¤</div> <div>[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND</div> <div>[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND</div> <div>[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND</div> <div> </div> <div>¤¤¤ Particular Files / Folders: ¤¤¤</div> <div> </div> <div>¤¤¤ Driver: [LOADED] ¤¤¤</div> <div> </div> <div>¤¤¤ Infection : ¤¤¤</div> <div> </div> <div>¤¤¤ HOSTS File: ¤¤¤</div> <div> </div> <div> </div> <div>¤¤¤ MBR Check: ¤¤¤</div> <div> </div> <div>+++++ PhysicalDrive0: ST9120822AS +++++</div> <div>--- User ---</div> <div>[MBR] 1954251629bddb9a2334663d9040e14b</div> <div>[bSP] e18ab1359e8ab6f1fd6488de27c6f8e6 : Windows Vista MBR Code</div> <div>Partition table:</div> <div>0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 114471 Mo</div> <div>User = LL1 ... OK!</div> <div>User = LL2 ... OK!</div> <div> </div> <div>Finished : << RKreport[1].txt >></div> <div>RKreport[1].txt</div> <div> </div> <div> </div> <div> </div>

Performed a quick scanned with MbAM but couldn't find anything. Yet, Microsoft Security Essentials kept on detecting Win32/Sirefef.AC. I also saw HTML/IFrameRef.Z before that, tried to remove succeeded, appeared again. After the second removal it didn't appear again. DDS.txt . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by Lucifer Morningstar at 16:03:07 on 2012-04-12 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3038.1416 [GMT 2:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k rpcss c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\agrsmsvc.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Users\Lucifer Morningstar\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\SearchIndexer.exe C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\AIMP2\AIMP2.exe C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\rundll32.exe C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\uTorrent\uTorrent.exe C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.iminent.com/?appId=E9E0F785-7514-48C0-BA39-8E3268B9ECD5 uInternet Settings,ProxyOverride = local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: TBSB01620 Class: {58124a0b-dc32-4180-9bff-e0e21ae34026} - c:\program files\iminent toolbar\tbcore3.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: IMinent Toolbar: {977ae9cc-af83-45e8-9e03-e2798216e2d5} - c:\program files\iminent toolbar\tbcore3.dll uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED uRun: [Google Update] "c:\users\lucifer morningstar\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun mRun: [Keyboard Manager Utility] "c:\program files\keyboard manager\manager utility\KeyboardManager.exe" /lang en /H mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) LSP: mswsock.dll Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 192.168.1.1 TCP: Interfaces\{89FD6307-A626-4384-82FC-F321026DD1E7} : DhcpNameServer = 192.168.1.1 192.168.1.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648] R1 MpKsl2e6f9e0c;MpKsl2e6f9e0c;c:\programdata\microsoft\microsoft antimalware\definition updates\{da1b953d-eae2-468a-8051-45c1cf1eaa9f}\MpKsl2e6f9e0c.sys [2012-4-12 29904] R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2012-1-23 25896] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-12 654408] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-2-29 382272] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-12 22344] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392] R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-2-22 148800] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-15 158856] S2 veteboot;Nwdls;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 253600] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-04-12 13:29:27 -------- d-----w- c:\users\lucifer morningstar\appdata\roaming\Malwarebytes 2012-04-12 13:26:36 -------- d-----w- c:\programdata\Malwarebytes 2012-04-12 13:26:34 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-12 13:26:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-12 12:51:03 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{71DAD5DC-1D75-4E06-811A-178A68C84A4A} 2012-04-12 12:50:53 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{D61B785A-8E2D-4695-8B32-3870F7E805B4} 2012-04-12 11:51:46 -------- d-----w- c:\users\lucifer morningstar\appdata\local\Demiurge Studios 2012-04-12 11:51:46 -------- d-----w- c:\programdata\RELOADED 2012-04-12 10:59:54 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{da1b953d-eae2-468a-8051-45c1cf1eaa9f} \offreg.dll 2012-04-12 10:55:54 0 --sha-w- c:\windows\system32\dds_trash_log.cmd 2012-04-12 10:55:47 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{da1b953d-eae2-468a-8051-45c1cf1eaa9f} \MpKsl2e6f9e0c.sys 2012-04-12 00:50:30 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{2F273D5E-A2D9-489D-8735-539CAE181238} 2012-04-12 00:50:10 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{D92A1CD4-9B04-4975-8BED-1766F2E29835} 2012-04-11 12:49:57 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{E8B63A4E-6154-423A-85E8-B52EBA5F0BB3} 2012-04-11 12:49:36 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{0577ADB0-5F5A-45E9-B9CD-16456722ACC5} 2012-04-11 11:30:31 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat 2012-04-11 06:34:42 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{da1b953d-eae2-468a-8051-45c1cf1eaa9f} \mpengine.dll 2012-04-11 05:02:34 -------- d-----w- c:\users\lucifer morningstar\appdata\roaming\LegacyGames 2012-04-11 05:01:07 -------- d-----w- C:\Downloads 2012-04-11 02:02:24 -------- d-----w- c:\program files\VideoLAN 2012-04-11 00:49:13 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{BA401E3C-A113-4465-B4C0-C7ABF3EA3510} 2012-04-11 00:48:51 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{7B1E52A7-976B-4959-909B-04BFCB2B2197} 2012-04-10 12:48:39 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{2934ADEA-6245-41E8-BD8E-1DFC6752A748} 2012-04-10 12:48:18 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{73930A13-0B20-4022-B07C-3203946DB009} 2012-04-10 00:48:05 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{87E860A6-67B0-4A23-8758-E54D5B0970B7} 2012-04-10 00:47:45 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{5AE5BE77-4798-4406-9798-367052E7EEF0} 2012-04-09 12:47:33 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{70923B0F-8167-4F90-ADB7-18D20098D318} 2012-04-09 12:47:13 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{D0EE2316-8085-47E0-8D04-943FC43D020A} 2012-04-09 00:47:00 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{EF32204F-0BF4-4444-A4D4-492BC6DF3F48} 2012-04-09 00:46:39 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{09D93C46-31E3-4369-BC60-34BDA7E1C78D} 2012-04-08 12:46:26 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{6CE4A77D-EA26-4C77-B327-051EB8F767B3} 2012-04-08 12:46:05 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{A58A18DE-85B2-4C02-ACFE-B634ECBFFC62} 2012-04-08 00:45:51 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{97E5DA56-0488-4E02-902E-423FE704624B} 2012-04-08 00:45:23 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{DDF417D4-7583-4CEC-BD13-B8E339066C19} 2012-04-07 12:45:10 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{A2E28F56-F50E-4D71-BE50-320AB2B5EBDD} 2012-04-07 12:44:50 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{F53912B8-E2C5-43AC-B79D-05B38B50C052} 2012-04-07 00:44:37 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{643C237C-B939-4B97-8827-52600630D168} 2012-04-07 00:44:22 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{11BAAC24-D409-450A-AE2C-AE1B11970794} 2012-04-06 12:44:07 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{DFB791A3-C598-476A-AD0C-A88C492D065D} 2012-04-06 12:43:38 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{8B4695F9-4687-44AF-AC14-1FA6D1B0EF4C} 2012-04-06 00:43:26 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{D6085089-CCD9-4C24-8022-D2CF270194A7} 2012-04-06 00:43:03 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{A08997CC-F9EE-4AD8-AE17-89E18022670E} 2012-04-05 12:42:51 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{DC9EA5A4-A521-41EC-ACE2-177AB78AD910} 2012-04-05 12:42:41 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{8DCFA5E9-E4D7-4A97-8118-EBBB82B4BD39} 2012-04-05 00:53:16 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{91FEA736-4ACD-4787-8400-00B0FDF37865} 2012-04-04 12:52:53 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{4A2BB2B4-B0C4-444B-A0CD-04C9E9DE7174} 2012-04-04 00:52:31 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{7DE3DB63-BE08-4904-BE5A-B18E4361AF67} 2012-04-03 12:52:05 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{3A64DE54-42E2-4171-9A9A-C74E24938C17} 2012-04-03 00:51:44 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{A17CEE97-E36A-4C33-8724-8A8AAA541E08} 2012-04-02 12:51:08 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{892BF3F3-28BA-4F18-A55E-D3A7BCF171D8} 2012-04-02 06:19:53 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-04-02 00:50:36 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{1D25CE55-E236-4ECD-99EF-3EC6DACD4BBE} 2012-04-01 12:50:12 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{80E27944-6219-4C79-B0BD-3A1E8A6609F4} 2012-04-01 00:49:40 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{D81CF393-4D1E-43F2-AA05-932D7DF2CA5D} 2012-03-31 12:49:17 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{F11C77A1-5BA6-4668-8656-A540CBB03CFD} 2012-03-31 00:48:55 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{F0E3C9FB-B083-481B-9109-AA532FC0BAB9} 2012-03-30 12:48:31 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{9E0616FB-0816-49D7-844A-8868B88E79D2} 2012-03-30 00:48:10 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{26392DF8-8D78-4975-9E78-81D7EE162A41} 2012-03-29 12:47:48 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{6AE221ED-CC8A-402A-AF95-DD40D09351E7} 2012-03-29 00:47:26 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{6AC600AA-CC45-485C-8927-ED49B229D2E7} 2012-03-28 12:47:14 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{1E52ADB8-972D-4B2D-AE7F-E66E23786BC8} 2012-03-28 12:46:52 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{653CF04D-4CDA-4C3A-B762-48A38D16EC10} 2012-03-28 00:46:39 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{72721852-39C8-42E0-8143-E2CE5B106AEE} 2012-03-28 00:46:07 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{BC0A694F-2453-4605-A2D4-8626959E5D28} 2012-03-27 12:45:55 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{27FEE192-6245-479F-88C3-C6B3C6E3A825} 2012-03-27 12:45:33 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{CF101359-2ADD-4EEA-8E7B-D54D1364E9FB} 2012-03-27 00:45:21 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{86143203-5646-4CD4-BD12-0FA16667FBFB} 2012-03-27 00:44:57 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{F5A2BBE0-361A-4963-940A-EA4BC48BE4AE} 2012-03-26 12:44:05 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{49E56C3F-D6AA-4E0B-9F2A-F698EE0CF92A} 2012-03-26 12:43:44 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{6B942774-4B1A-4CA2-B781-14FA408DE943} 2012-03-26 00:43:31 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{2826F660-BB7F-4DD7-A692-AB89299CF0DE} 2012-03-26 00:43:06 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{EBEBCFC6-337E-49E5-BC55-9DB654B5CD0A} 2012-03-25 12:42:46 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{261EA3E4-99C6-48ED-9DDE-6DDD6026EFCA} 2012-03-25 12:42:22 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{95065EA2-2541-417F-BCB8-D6EDB01F4A01} 2012-03-25 00:42:09 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{32827740-BFE1-4E21-9B20-E0F78B8298CA} 2012-03-25 00:41:48 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{0AD6C045-B9FB-4AF9-98FA-E251B580893E} 2012-03-24 12:41:24 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{85FF4C89-4618-4A13-8E10-9CCDD7C8C1EF} 2012-03-24 12:40:59 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{87688520-7A34-4DEA-AFAF-10539B2582B3} 2012-03-24 00:40:43 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{0BD9D965-1B00-4CE5-8172-DCA853194E52} 2012-03-24 00:40:22 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{54355B4B-0EA9-4D44-9028-13C7091E03B1} 2012-03-23 12:40:09 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{8ED6A8AB-28AA-49AF-A33C-E7D338DB3B6D} 2012-03-23 12:39:54 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{53F02F02-2AC8-432A-8E0A-59DF140CCFE2} 2012-03-23 00:39:42 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{FFBC80BE-2812-4E90-8DB6-971F564217BF} 2012-03-23 00:39:20 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{1FA6EB43-4DA3-4B16-9545-36F6ACEFA5DA} 2012-03-22 12:39:00 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{1E202924-2A5E-4461-8A94-82F930C42A06} 2012-03-22 12:38:37 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{A068F838-0EDF-49A8-820E-E73494F21685} 2012-03-22 00:38:25 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{382518EC-2E9E-4282-8E02-523C28F582DF} 2012-03-22 00:38:05 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{939BE9C0-747B-4EC3-9128-6500038C932A} 2012-03-21 12:37:53 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{DC1FD0E2-141A-4DF8-B9A1-E432E8394D27} 2012-03-21 12:37:39 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{65EF405D-1677-4473-AEBC-0B4529E17EB5} 2012-03-21 00:37:26 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{305279AC-D386-4A52-A43D-5EDB5BFC2F52} 2012-03-21 00:37:00 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{078F571F-C683-4E5A-995F-10F81897EFE9} 2012-03-20 12:36:36 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{585EFD36-8CFF-4D5C-AD73-A501EA2FFA42} 2012-03-20 12:36:22 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{D060223D-D964-493F-B967-7DDC4D5A1881} 2012-03-20 00:36:10 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{3A1F69CC-9BFA-419A-96CA-AFFB96D37B6A} 2012-03-20 00:35:42 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{0A23B819-51B4-4856-BA85-C1385C54EB4F} 2012-03-19 12:35:31 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{CE3B35D2-BB08-44F6-8AEA-73208C44AB49} 2012-03-19 12:35:20 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{4F391BA0-55C9-4AA0-A915-15B59BCB2C7C} 2012-03-19 00:35:08 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{C2F7477E-6915-4F37-9BB9-082393AF2CD9} 2012-03-19 00:34:47 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{43D24ED7-DEF6-4318-9EF2-DB88CAEFAF90} 2012-03-18 12:34:33 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{D8298081-7D8D-4472-A19F-ED1809209348} 2012-03-18 12:34:21 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{C62BBB40-A77C-437B-B2FA-717331741FF8} 2012-03-18 00:34:09 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{EB898A16-EEEC-4BB7-91FA-360CD199631C} 2012-03-18 00:33:44 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{A75FD805-A923-4FBA-A7A3-A55A40C8991F} 2012-03-17 12:33:33 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{2CCDAF47-273E-43E3-BE10-9E73956DCB6E} 2012-03-17 12:33:11 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{CDB74869-C7B6-480D-AF50-417CD97503F4} 2012-03-17 03:18:53 61248 ----a-w- c:\windows\system32\OpenCL.dll 2012-03-17 03:18:53 5892928 ----a-w- c:\windows\system32\nvcuda.dll 2012-03-17 03:18:53 2517312 ----a-w- c:\windows\system32\nvcuvid.dll 2012-03-17 03:18:53 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-03-17 03:18:53 19444544 ----a-w- c:\windows\system32\nvoglv32.dll 2012-03-17 03:18:53 10819392 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-03-17 03:18:51 17543488 ----a-w- c:\windows\system32\nvcompiler.dll 2012-03-17 00:32:49 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{8EEDF2AF-CD92-4ED6-8EC5-3C4C85F6E96F} 2012-03-17 00:32:27 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{51D6D035-8738-4132-A473-2DA4AF18F22B} 2012-03-16 12:32:15 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{BEF3B710-60D7-47EB-B597-CF6738E1F0AB} 2012-03-16 12:31:53 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{0A614804-FCC5-4BBD-BD41-EFC1D7E13ACA} 2012-03-16 00:31:40 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{A107AFF9-AB87-4D9C-AE85-665BC47281E9} 2012-03-16 00:31:13 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{61C96FC5-C336-4380-A9A2-A5FD739D2B8E} 2012-03-15 12:31:02 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{C2EBB115-36E6-4BA5-B211-D3DCA0DA3E26} 2012-03-15 12:30:41 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{08CA1834-14B8-469D-861D-CDEE80C7BB1D} 2012-03-15 00:30:29 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{91DF2A8D-A376-44B2-9680-6F51C28E44B1} 2012-03-15 00:30:04 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{6E8188AD-73A4-49F2-9056-9778B46D4EA2} 2012-03-14 17:45:10 -------- d-----w- c:\program files\IMinent Toolbar 2012-03-14 17:39:05 -------- d-----w- c:\programdata\Tarma Installer 2012-03-14 17:36:59 -------- d-----w- c:\program files\fbphotozoom 2012-03-14 12:29:39 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{037C7424-07A6-44FA-9835-2D3D88923F39} 2012-03-14 12:29:07 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{A3F14A3E-258F-4BBD-A9D6-ED0A3D28E625} 2012-03-14 07:53:20 2044416 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 07:52:38 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-03-14 07:52:38 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2012-03-14 07:52:38 1068544 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 07:52:37 683008 ----a-w- c:\windows\system32\d2d1.dll 2012-03-14 07:52:37 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2012-03-14 07:44:19 613376 ----a-w- c:\windows\system32\rdpencom.dll 2012-03-14 07:44:19 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-14 06:13:19 -------- d--h--w- c:\program files\common files\EAInstaller 2012-03-14 06:02:51 -------- d-----w- c:\program files\HHD Software 2012-03-13 18:03:17 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{A90A339E-DA9E-4B19-AE80-F078A738B809} 2012-03-13 18:02:54 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{03A2993C-FB21-4614-BDB6-587E27FB3348} . ==================== Find3M ==================== . 2012-04-02 06:19:53 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-08 16:50:28 49016 ----a-w- c:\windows\system32\sirenacm.dll 2012-03-06 06:39:00 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-06 06:39:00 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-02-29 23:59:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll 2012-02-29 23:59:00 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll 2012-02-29 23:59:00 2301248 ----a-w- c:\windows\system32\nvapi.dll 2012-02-29 23:59:00 15009600 ----a-w- c:\windows\system32\nvd3dum.dll 2012-02-29 23:59:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll 2012-02-29 20:56:41 3881792 ----a-w- c:\windows\system32\nvcpl.dll 2012-02-29 20:55:16 2719040 ----a-w- c:\windows\system32\nvsvc.dll 2012-02-29 20:53:47 108352 ----a-w- c:\windows\system32\nvmctray.dll 2012-02-29 20:53:46 645440 ----a-w- c:\windows\system32\nvvsvc.exe 2012-02-29 20:53:46 62272 ----a-w- c:\windows\system32\nvshext.dll 2012-02-29 20:53:45 2561344 ----a-w- c:\windows\system32\nvsvcr.dll 2012-02-29 15:11:45 5120 ----a-w- c:\windows\system32\wmi.dll 2012-02-29 15:11:42 172032 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 15:09:53 157696 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 13:32:37 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-02-29 12:26:56 416064 ----a-w- c:\windows\system32\nvStreaming.exe 2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-18 15:55:45 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-01-25 02:07:19 0 ----a-w- C:\DFRC602.tmp 2012-01-24 16:00:12 98816 ----a-w- c:\windows\system32\mfps.dll 2012-01-24 15:59:50 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2012-01-24 15:59:50 519680 ----a-w- c:\windows\system32\d3d11.dll 2012-01-24 15:59:50 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui 2012-01-24 15:59:50 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2012-01-24 15:59:50 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2012-01-24 15:59:50 252928 ----a-w- c:\windows\system32\dxdiag.exe 2012-01-24 15:59:50 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2012-01-24 15:59:50 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2012-01-23 20:13:02 319456 ----a-w- c:\windows\DIFxAPI.dll 2012-01-23 20:12:55 319488 ----a-w- c:\windows\HideWin.exe 2012-01-17 12:46:00 27968 ----a-w- c:\windows\system32\nvhdap32.dll 2012-01-17 12:45:59 67392 ----a-w- c:\windows\system32\nvapo32v.dll 2012-01-17 12:45:56 148800 ----a-w- c:\windows\system32\drivers\nvhda32v.sys 2012-01-17 12:45:54 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll . ============= FINISH: 16:03:44.90 =============== Attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 23/01/2012 21:18:49 System Uptime: 12/04/2012 04:20:02 (12 hours ago) . Motherboard: Quanta | | TW8/SW8/DW8 Processor: Intel® Core™2 Duo CPU P8700 @ 2.53GHz | CPU | 2534/1066mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 112 GiB total, 61.872 GiB free. D: is CDROM (CDFS) E: is FIXED (NTFS) - 149 GiB total, 13.228 GiB free. F: is FIXED (NTFS) - 149 GiB total, 48.579 GiB free. G: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP183: 04/04/2012 00:56:19 - Scheduled Checkpoint RP184: 04/04/2012 08:55:47 - Windows Update RP186: 05/04/2012 04:13:49 - Windows Live Essentials RP187: 05/04/2012 08:26:24 - Windows Update RP188: 06/04/2012 09:04:40 - Windows Update RP189: 07/04/2012 04:41:32 - Scheduled Checkpoint RP190: 07/04/2012 08:26:34 - Windows Update RP191: 08/04/2012 07:52:37 - Scheduled Checkpoint RP192: 08/04/2012 08:25:45 - Windows Update RP193: 09/04/2012 08:30:25 - Windows Update RP194: 10/04/2012 08:27:31 - Windows Update RP195: 11/04/2012 08:31:55 - Windows Update RP196: 12/04/2012 - Scheduled Checkpoint RP197: 12/04/2012 03:00:12 - Windows Update . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.3) Agere Systems HDA Modem AIMP2 Anathema µTorrent Combined Community Codec Pack 2010-10-10 Compatibility Pack for the 2007 Office system D3DX10 Google Chrome HHD Software Hex Editor Neo 5.01 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) IMinent Toolbar Intel PROSet Wireless Intel® PROSet/Wireless WiFi Software Intel® Matrix Storage Manager Java Auto Updater Java™ 6 Update 31 Keyboard Manager Utility Kingdoms of Amalur - Reckoning "Update" version 1.0.0.2 Kingdoms of Amalur Reckoning Malwarebytes Anti-Malware version 1.61.0.1400 Mass Effect™ 3 Master Of Magic Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Antimalware Microsoft Application Error Reporting Microsoft Office Word Viewer 2003 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft XNA Framework Redistributable 3.1 MSVCRT Mumble 1.2.3 NC Launcher (GameForge) Nexus Mod Manager NVIDIA 3D Vision Driver 296.10 NVIDIA Control Panel 296.10 NVIDIA Graphics Driver 296.10 NVIDIA HD Audio Driver 1.3.12.0 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.12.0213 NVIDIA Stereoscopic 3D Driver PL-2303 Vista Driver Installer PowerISO Real Alternative 2.0.2 Realtek Ethernet Controller Driver For Windows Vista Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Segoe UI Shoot Many Robots © Demiurge Studios version 1 Skype™ 5.8 Synaptics Pointing Device Driver Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Ventrilo Client VLC media player 2.0.1 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Messenger Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack WinRAR 4.00 beta 6 (32-bit) . ==== Event Viewer Messages From Past Week ======== . 12/04/2012 15:56:54, Error: Service Control Manager [7023] - The Nwdls service terminated with the following error: Access is denied. 12/04/2012 15:41:55, Error: Service Control Manager [7023] - The Cam5603D service terminated with the following error: Access is denied. 12/04/2012 15:26:54, Error: Service Control Manager [7023] - The AN983 service terminated with the following error: Access is denied. 12/04/2012 15:11:54, Error: Service Control Manager [7023] - The Nvgts service terminated with the following error: Access is denied. 12/04/2012 14:56:54, Error: Service Control Manager [7023] - The Ipssvc service terminated with the following error: Access is denied. 12/04/2012 14:41:54, Error: Service Control Manager [7023] - The Schscnt service terminated with the following error: Access is denied. 12/04/2012 14:26:54, Error: Service Control Manager [7023] - The Procdd service terminated with the following error: Access is denied. 12/04/2012 14:11:54, Error: Service Control Manager [7023] - The Pclepci service terminated with the following error: Access is denied. 12/04/2012 13:56:54, Error: Service Control Manager [7023] - The SE26mgmt service terminated with the following error: Access is denied. 12/04/2012 13:41:54, Error: Service Control Manager [7023] - The Se45mgmt service terminated with the following error: Access is denied. 12/04/2012 13:26:55, Error: Service Control Manager [7023] - The Mfetdik service terminated with the following error: Access is denied. 12/04/2012 13:11:56, Error: Service Control Manager [7023] - The Curtainssyssvc service terminated with the following error: Access is denied. 12/04/2012 13:00:55, Error: Service Control Manager [7023] - The Lvcomser service terminated with the following error: Access is denied. 12/04/2012 12:59:55, Error: Service Control Manager [7023] - The Omci service terminated with the following error: Access is denied. 12/04/2012 12:56:55, Error: Service Control Manager [7023] - The WcesComm service terminated with the following error: Access is denied. 12/04/2012 12:55:55, Error: Service Control Manager [7023] - The WUSB54GCSVC service terminated with the following error: Access is denied. 12/04/2012 04:32:21, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 12/04/2012 04:32:21, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 12/04/2012 04:32:21, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 11/04/2012 12:31:03, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.13 for the Network Card with network address 0022FA2D42D2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 10/04/2012 12:29:50, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.12 for the Network Card with network address 0022FA2D42D2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 09/04/2012 08:25:36, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1315.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8024402f Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 06/04/2012 09:24:33, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.11 for the Network Card with network address 0022FA2D42D2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 06/04/2012 08:27:44, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1127.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8024402f Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. . ==== End Of File ===========================

Everything's sound and clean. Laptop's working well, and much better. Laptop number 2 had only broken registry -something like that- problem MBAM solved it. Thanks for all the help!

Temps're cleaned. Java's updated. Well, my laptop runs pretty much smoother right now, especially it's warming less. If that's all, I would like to ask a question. I have one more laptop with Windows 7 running on it. Should I, in case I encounter something, post the info in this thread or in a new one? It's having some network problems for a while, and working slow.

INFO.txt info.txt logfile of random's system information tool 1.06 2009-09-16 09:42:27 ======Uninstall list====== -->msiexec /I {236BB7C4-4419-42FD-0C0A-1E257A25E34D} -->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B} 32 Bit HP CIO Components Installer-->MsiExec.exe /I{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB} Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101} Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5103} Adobe Creative Suite 2-->C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=e:\/lang=040a Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-551D-4478-9682-DBB587257110} Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1437-443D-B06E-79A00FE45110} AIMP2-->C:\Program Files\AIMP2\Uninstall.exe CDisplay 1.8-->"C:\Program Files\CDisplay\unins000.exe" Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} Combined Community Codec Pack 2008-09-21 16:18-->"C:\Program Files\CCCP\unins000.exe" Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} Foxit Reader-->C:\Program Files\Foxit Reader\Uninstall.exe Hamachi 1.0.2.1-->C:\Program Files\Hamachi\uninstall.exe HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat HP Photosmart C4400 All-In-One Driver Software 11.0 Rel .3-->C:\Program Files\HP\Digital Imaging\{86732AE7-CB91-4f15-B091-FBA3D3926CD6}\setup\hpzscr01.exe -datfile hposcr29.dat -onestop HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B-->C:\Program Files\HP\Digital Imaging\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}\setup\hpzscr01.exe -datfile hposcr19.dat -onestop -showdisconnect -forcereboot HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat Intel PROSet Wireless-->Intel PROSet Wireless Intel

LOG.txt Logfile of random's system information tool 1.06 (written by random/random) Run by NIRVANA at 2009-09-16 09:42:17 Microsoft

No threats found. =D It means I'm clean now?

OTL log: All processes killed Error: Unable to interpret <[emptytemp]> in the current context! Error: Unable to interpret <[start explorer]> in the current context! Error: Unable to interpret <[Reboot]> in the current context! OTL by OldTimer - Version 3.0.11.0 log created on 09142009_192402 Files\Folders moved on Reboot... File move failed. E:\autorun.exe scheduled to be moved on reboot. Registry entries deleted on Reboot... It gave me range fix error window right after everything shut down and while it was cleaning the temps. btw, E:\autorun.exe -> I guess I better move the dvd. >_>

Root Repeal is just crashing in the middle of the scan. And I'm unable to see what's the problem for it's only giving me the borderlines of the root repeal and the error window, and my desktop is visible through. ;