Patched.B.Gen/Agent.BA/Sirefef.AE Trojan

Solved
By Baggins25
Jul 17, 2012
  1. Hello,

    Recently installed ESET Smart Security 5 and the same day began getting numerous error messages relating to Patched.B.Gen, Agent.BA, and Sirefef.AE Trojans.

    First noticed the messages after downloading a Flash update? Saw someone else had mentioned the same in another thread.

    Here are logs:

    MBAB:

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.17.12

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Kyle :: KYLE-PC [administrator]

    7/17/2012 11:48:02 AM
    mbam-log-2012-07-17 (11-48-02).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 226556
    Time elapsed: 2 minute(s), 5 second(s)

    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 3664 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\Users\Kyle\AppData\Local\Temp\0.09328522569109254 (Trojan.Agent.EXPD1) -> Quarantined and deleted successfully.
    C:\Users\Kyle\AppData\Local\Temp\E305.tmp (Trojan.Agent.EXPD1) -> Quarantined and deleted successfully.
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

    (end)
  2. Baggins25

    Baggins25 Newcomer, in training Topic Starter Posts: 24

    GMER didn't produce any logs.

    DDS Log:

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{CDA43325-76F1-4B29-8C01-9D9866AAFD56} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{CDA43325-76F1-4B29-8C01-9D9866AAFD56}\37475627C696E676 : DhcpNameServer = 192.168.1.1
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
    BHO-X64: WinZipBar - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
    TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\u26m9orc.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Users\Kyle\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    ============= SERVICES / DRIVERS ===============
    .
    R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
    R1 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
    R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-3-7 913144]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-25 1262400]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
    R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
    R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
    R3 athur;Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-24 113120]
    S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50a64.sys --> C:\Windows\system32\Drivers\PCAMp50a64.sys [?]
    S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50a64.sys --> C:\Windows\system32\Drivers\PCASp50a64.sys [?]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-07-17 18:54:45 20480 ----a-w- C:\Windows\svchost.exe
    2012-07-17 18:47:28 -------- d-----w- C:\Users\Kyle\AppData\Roaming\Malwarebytes
    2012-07-17 18:47:12 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-07-17 18:47:12 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-07-17 18:47:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-17 16:13:43 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-07-17 16:01:01 1462272 ----a-w- C:\Windows\System32\crypt32.dll
    2012-07-17 16:01:00 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-07-17 16:01:00 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-07-17 16:01:00 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-07-17 16:01:00 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-07-17 12:24:57 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
    2012-07-17 04:18:33 113664 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\2205.tmp
    2012-07-17 04:18:33 113664 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\20AC.tmp.dat
    2012-07-16 02:00:30 113664 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\6431.tmp.dat
    2012-07-15 23:18:31 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E3A9C4F2-90C2-4FAF-86FE-1B21DAAD92EA}\mpengine.dll
    2012-07-15 23:18:31 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-07-15 22:49:31 -------- d-----w- C:\Users\Kyle\AppData\Roaming\ESET
    2012-07-15 22:49:31 -------- d-----w- C:\Users\Kyle\AppData\Local\ESET
    2012-07-15 22:47:09 -------- d-----w- C:\Program Files\ESET
    2012-06-22 16:11:46 -------- d-----w- C:\Users\Kyle\AppData\Local\Macromedia
    2012-06-19 06:32:28 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-19 06:32:20 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-19 06:32:09 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-19 06:32:09 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    .
    ==================== Find3M ====================
    .
    2012-07-17 17:41:29 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-07-17 17:41:29 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-07-17 17:41:08 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-07-17 15:38:08 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-17 15:38:08 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
    2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
    2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
    2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
    2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
    2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll
    2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll
    2012-05-15 09:29:45 2621723 ----a-w- C:\Windows\System32\nvcoproc.bin
    2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
    2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
    2012-05-15 09:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2012-04-28 05:32:05 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
    2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    .
    ============= FINISH: 12:33:38.19 ===============
  3. Baggins25

    Baggins25 Newcomer, in training Topic Starter Posts: 24

    DDS Attach Log:

    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/12/2011 7:39:11 PM
    System Uptime: 7/17/2012 11:53:28 AM (1 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P8Z68-V LE
    Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz | LGA1155 | 3401/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 466 GiB total, 318.815 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP62: 7/11/2012 2:23:45 PM - Scheduled Checkpoint
    RP63: 7/15/2012 3:56:57 PM - Removed AVG 2012
    RP64: 7/15/2012 3:58:04 PM - Removed AVG 2012
    RP65: 7/15/2012 4:18:18 PM - Windows Update
    RP67: 7/16/2012 9:19:12 PM - Windows Defender Checkpoint
    RP68: 7/17/2012 9:03:53 AM - Windows Update
    RP69: 7/17/2012 11:40:53 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.3)
    AIM 7
    Apple Application Support
    Apple Software Update
    Asmedia ASM104x USB 3.0 Host Controller Driver
    Assassin's Creed Revelations
    Batman: Arkham City™ PC
    Battlefield 3™
    Battlelog Web Plugins
    CopyTrans Suite Remove Only
    Diablo III
    Download Updater (AOL LLC)
    Dual-Core Optimizer
    ESN Sonar
    EVGA Precision 2.0.1
    Google Chrome
    Intel(R) Management Engine Components
    Java Auto Updater
    Java(TM) 6 Update 31
    Malwarebytes Anti-Malware version 1.62.0.1300
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mozilla Firefox 13.0.1 (x86 en-US)
    Mozilla Maintenance Service
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    Origin
    PunkBuster Services
  4. Baggins25

    Baggins25 Newcomer, in training Topic Starter Posts: 24

    Any help would be greatly appreciated, and thank you in advance!
  5. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  6. Baggins25

    Baggins25 Newcomer, in training Topic Starter Posts: 24

    Thanks for the quick reply. Ran TDSSKiller, here's the log:


    17:21:53.0806 4556 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
    17:21:54.0267 4556 ============================================================
    17:21:54.0267 4556 Current date / time: 2012/07/17 17:21:54.0267
    17:21:54.0267 4556 SystemInfo:
    17:21:54.0267 4556
    17:21:54.0267 4556 OS Version: 6.1.7601 ServicePack: 1.0
    17:21:54.0267 4556 Product type: Workstation
    17:21:54.0267 4556 ComputerName: KYLE-PC
    17:21:54.0267 4556 UserName: Kyle
    17:21:54.0267 4556 Windows directory: C:\Windows
    17:21:54.0267 4556 System windows directory: C:\Windows
    17:21:54.0267 4556 Running under WOW64
    17:21:54.0267 4556 Processor architecture: Intel x64
    17:21:54.0267 4556 Number of processors: 8
    17:21:54.0267 4556 Page size: 0x1000
    17:21:54.0267 4556 Boot type: Normal boot
    17:21:54.0267 4556 ============================================================
    17:21:54.0985 4556 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    17:21:54.0988 4556 ============================================================
    17:21:54.0988 4556 \Device\Harddisk0\DR0:
    17:21:54.0988 4556 MBR partitions:
    17:21:54.0988 4556 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    17:21:54.0988 4556 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
    17:21:54.0988 4556 ============================================================
    17:21:55.0004 4556 C: <-> \Device\Harddisk0\DR0\Partition1
    17:21:55.0004 4556 ============================================================
    17:21:55.0004 4556 Initialize success
    17:21:55.0004 4556 ============================================================
    17:22:01.0683 5112 ============================================================
    17:22:01.0683 5112 Scan started
    17:22:01.0683 5112 Mode: Manual;
    17:22:01.0683 5112 ============================================================
    17:22:04.0747 5112 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    17:22:04.0750 5112 1394ohci - ok
    17:22:04.0765 5112 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    17:22:04.0768 5112 ACPI - ok
    17:22:04.0774 5112 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    17:22:04.0775 5112 AcpiPmi - ok
    17:22:04.0868 5112 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    17:22:04.0869 5112 AdobeARMservice - ok
    17:22:04.0899 5112 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    17:22:04.0903 5112 adp94xx - ok
    17:22:04.0934 5112 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    17:22:04.0937 5112 adpahci - ok
    17:22:04.0949 5112 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    17:22:04.0951 5112 adpu320 - ok
    17:22:04.0969 5112 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    17:22:04.0970 5112 AeLookupSvc - ok
    17:22:05.0005 5112 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    17:22:05.0009 5112 AFD - ok
    17:22:05.0044 5112 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    17:22:05.0045 5112 agp440 - ok
    17:22:05.0050 5112 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    17:22:05.0051 5112 ALG - ok
    17:22:05.0061 5112 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    17:22:05.0061 5112 aliide - ok
    17:22:05.0065 5112 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    17:22:05.0065 5112 amdide - ok
    17:22:05.0098 5112 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    17:22:05.0099 5112 AmdK8 - ok
    17:22:05.0106 5112 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    17:22:05.0107 5112 AmdPPM - ok
    17:22:05.0122 5112 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
    17:22:05.0123 5112 amdsata - ok
    17:22:05.0137 5112 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    17:22:05.0139 5112 amdsbs - ok
    17:22:05.0152 5112 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
    17:22:05.0152 5112 amdxata - ok
    17:22:05.0196 5112 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    17:22:05.0197 5112 AppID - ok
    17:22:05.0213 5112 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    17:22:05.0214 5112 AppIDSvc - ok
    17:22:05.0249 5112 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    17:22:05.0250 5112 Appinfo - ok
    17:22:05.0344 5112 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    17:22:05.0345 5112 Apple Mobile Device - ok
    17:22:05.0379 5112 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
    17:22:05.0381 5112 AppMgmt - ok
    17:22:05.0402 5112 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    17:22:05.0403 5112 arc - ok
    17:22:05.0416 5112 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    17:22:05.0417 5112 arcsas - ok
    17:22:05.0439 5112 asmthub3 (954950d11ada98ac1b7ee3c770e4622c) C:\Windows\system32\DRIVERS\asmthub3.sys
    17:22:05.0439 5112 asmthub3 - ok
    17:22:05.0456 5112 asmtxhci (01dbb05db1db95803e3c9f2b49afe79c) C:\Windows\system32\DRIVERS\asmtxhci.sys
    17:22:05.0458 5112 asmtxhci - ok
    17:22:05.0479 5112 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    17:22:05.0480 5112 AsyncMac - ok
    17:22:05.0512 5112 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    17:22:05.0513 5112 atapi - ok
    17:22:05.0588 5112 athur (36322190763845975e0d001e90687bf2) C:\Windows\system32\DRIVERS\athurx.sys
    17:22:05.0618 5112 athur - ok
    17:22:05.0724 5112 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    17:22:05.0729 5112 AudioEndpointBuilder - ok
    17:22:05.0732 5112 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    17:22:05.0735 5112 AudioSrv - ok
    17:22:05.0786 5112 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    17:22:05.0787 5112 AxInstSV - ok
    17:22:05.0832 5112 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    17:22:05.0836 5112 b06bdrv - ok
    17:22:05.0858 5112 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    17:22:05.0860 5112 b57nd60a - ok
    17:22:05.0906 5112 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    17:22:05.0907 5112 BDESVC - ok
    17:22:05.0918 5112 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    17:22:05.0919 5112 Beep - ok
    17:22:05.0965 5112 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
    17:22:05.0970 5112 BITS - ok
    17:22:05.0978 5112 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    17:22:05.0979 5112 blbdrive - ok
    17:22:06.0043 5112 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    17:22:06.0046 5112 Bonjour Service - ok
    17:22:06.0072 5112 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    17:22:06.0074 5112 bowser - ok
    17:22:06.0081 5112 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    17:22:06.0082 5112 BrFiltLo - ok
    17:22:06.0094 5112 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    17:22:06.0095 5112 BrFiltUp - ok
    17:22:06.0144 5112 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    17:22:06.0146 5112 Browser - ok
    17:22:06.0191 5112 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    17:22:06.0196 5112 Brserid - ok
    17:22:06.0204 5112 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    17:22:06.0205 5112 BrSerWdm - ok
    17:22:06.0207 5112 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    17:22:06.0208 5112 BrUsbMdm - ok
    17:22:06.0212 5112 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    17:22:06.0213 5112 BrUsbSer - ok
    17:22:06.0224 5112 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    17:22:06.0225 5112 BTHMODEM - ok
    17:22:06.0241 5112 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    17:22:06.0242 5112 bthserv - ok
    17:22:06.0249 5112 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    17:22:06.0250 5112 cdfs - ok
    17:22:06.0298 5112 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    17:22:06.0300 5112 cdrom - ok
    17:22:06.0334 5112 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    17:22:06.0335 5112 CertPropSvc - ok
    17:22:06.0354 5112 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    17:22:06.0356 5112 circlass - ok
    17:22:06.0412 5112 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    17:22:06.0415 5112 CLFS - ok
    17:22:06.0470 5112 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    17:22:06.0471 5112 clr_optimization_v2.0.50727_32 - ok
    17:22:06.0505 5112 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    17:22:06.0506 5112 clr_optimization_v2.0.50727_64 - ok
    17:22:06.0554 5112 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    17:22:06.0555 5112 CmBatt - ok
    17:22:06.0589 5112 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    17:22:06.0590 5112 cmdide - ok
    17:22:06.0647 5112 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
    17:22:06.0650 5112 CNG - ok
    17:22:06.0652 5112 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    17:22:06.0653 5112 Compbatt - ok
    17:22:06.0699 5112 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    17:22:06.0701 5112 CompositeBus - ok
    17:22:06.0709 5112 COMSysApp - ok
    17:22:06.0715 5112 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    17:22:06.0716 5112 crcdisk - ok
    17:22:06.0761 5112 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
    17:22:06.0763 5112 CryptSvc - ok
    17:22:06.0799 5112 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
    17:22:06.0803 5112 CSC - ok
    17:22:06.0823 5112 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
    17:22:06.0827 5112 CscService - ok
    17:22:06.0871 5112 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    17:22:06.0875 5112 DcomLaunch - ok
    17:22:06.0899 5112 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    17:22:06.0901 5112 defragsvc - ok
    17:22:06.0954 5112 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    17:22:06.0955 5112 DfsC - ok
    17:22:06.0986 5112 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    17:22:06.0988 5112 Dhcp - ok
    17:22:07.0007 5112 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    17:22:07.0008 5112 discache - ok
    17:22:07.0018 5112 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    17:22:07.0019 5112 Disk - ok
    17:22:07.0037 5112 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    17:22:07.0039 5112 Dnscache - ok
    17:22:07.0073 5112 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    17:22:07.0075 5112 dot3svc - ok
    17:22:07.0109 5112 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    17:22:07.0111 5112 DPS - ok
    17:22:07.0133 5112 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    17:22:07.0134 5112 drmkaud - ok
    17:22:07.0184 5112 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    17:22:07.0188 5112 DXGKrnl - ok
    17:22:07.0241 5112 eamonm (d00eae9c735a7dee8049e50d73d25434) C:\Windows\system32\DRIVERS\eamonm.sys
    17:22:07.0242 5112 eamonm - ok
    17:22:07.0265 5112 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    17:22:07.0267 5112 EapHost - ok
    17:22:07.0350 5112 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    17:22:07.0393 5112 ebdrv - ok
    17:22:07.0455 5112 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    17:22:07.0471 5112 EFS - ok
    17:22:07.0544 5112 ehdrv (e5edde3c8158dd0cbc5812f201dcded0) C:\Windows\system32\DRIVERS\ehdrv.sys
    17:22:07.0545 5112 ehdrv - ok
    17:22:07.0600 5112 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    17:22:07.0605 5112 ehRecvr - ok
    17:22:07.0625 5112 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    17:22:07.0626 5112 ehSched - ok
    17:22:07.0741 5112 ekrn (ad4faade819e0da9933bea7c01d2c763) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    17:22:07.0745 5112 ekrn - ok
    17:22:07.0814 5112 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    17:22:07.0818 5112 elxstor - ok
    17:22:07.0881 5112 epfw (587f0f4145a1536a6e37efd769b7665f) C:\Windows\system32\DRIVERS\epfw.sys
    17:22:07.0882 5112 epfw - ok
    17:22:07.0894 5112 EpfwLWF (d2f812358ee8ee23cbb5c4daffb5b819) C:\Windows\system32\DRIVERS\EpfwLWF.sys
    17:22:07.0894 5112 EpfwLWF - ok
    17:22:07.0931 5112 epfwwfp (34bf55d69ab74d14c7e7a17259cb7df8) C:\Windows\system32\DRIVERS\epfwwfp.sys
    17:22:07.0931 5112 epfwwfp - ok
    17:22:07.0955 5112 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    17:22:07.0956 5112 ErrDev - ok
    17:22:07.0983 5112 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    17:22:07.0986 5112 EventSystem - ok
    17:22:08.0001 5112 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    17:22:08.0004 5112 exfat - ok
    17:22:08.0019 5112 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    17:22:08.0021 5112 fastfat - ok
    17:22:08.0069 5112 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    17:22:08.0074 5112 Fax - ok
    17:22:08.0086 5112 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    17:22:08.0087 5112 fdc - ok
    17:22:08.0108 5112 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    17:22:08.0109 5112 fdPHost - ok
    17:22:08.0118 5112 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    17:22:08.0119 5112 FDResPub - ok
    17:22:08.0131 5112 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    17:22:08.0132 5112 FileInfo - ok
    17:22:08.0141 5112 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    17:22:08.0142 5112 Filetrace - ok
    17:22:08.0151 5112 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    17:22:08.0152 5112 flpydisk - ok
    17:22:08.0183 5112 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    17:22:08.0186 5112 FltMgr - ok
    17:22:08.0237 5112 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
    17:22:08.0253 5112 FontCache - ok
    17:22:08.0312 5112 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    17:22:08.0313 5112 FontCache3.0.0.0 - ok
    17:22:08.0348 5112 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    17:22:08.0349 5112 FsDepends - ok
    17:22:08.0373 5112 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
    17:22:08.0374 5112 Fs_Rec - ok
    17:22:08.0424 5112 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    17:22:08.0426 5112 fvevol - ok
    17:22:08.0434 5112 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    17:22:08.0435 5112 gagp30kx - ok
    17:22:08.0468 5112 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    17:22:08.0469 5112 GEARAspiWDM - ok
    17:22:08.0748 5112 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    17:22:08.0755 5112 gpsvc - ok
    17:22:08.0769 5112 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    17:22:08.0770 5112 hcw85cir - ok
    17:22:08.0819 5112 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    17:22:08.0822 5112 HdAudAddService - ok
    17:22:08.0841 5112 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    17:22:08.0842 5112 HDAudBus - ok
    17:22:08.0854 5112 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    17:22:08.0855 5112 HidBatt - ok
    17:22:08.0861 5112 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    17:22:08.0862 5112 HidBth - ok
    17:22:08.0869 5112 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    17:22:08.0870 5112 HidIr - ok
    17:22:08.0891 5112 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
    17:22:08.0892 5112 hidserv - ok
    17:22:08.0919 5112 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    17:22:08.0920 5112 HidUsb - ok
    17:22:08.0967 5112 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    17:22:08.0968 5112 hkmsvc - ok
    17:22:09.0006 5112 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    17:22:09.0008 5112 HomeGroupListener - ok
    17:22:09.0020 5112 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    17:22:09.0022 5112 HomeGroupProvider - ok
    17:22:09.0031 5112 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    17:22:09.0032 5112 HpSAMD - ok
    17:22:09.0072 5112 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    17:22:09.0077 5112 HTTP - ok
    17:22:09.0079 5112 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    17:22:09.0080 5112 hwpolicy - ok
    17:22:09.0106 5112 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    17:22:09.0108 5112 i8042prt - ok
    17:22:09.0124 5112 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
    17:22:09.0127 5112 iaStorV - ok
    17:22:09.0186 5112 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    17:22:09.0193 5112 idsvc - ok
    17:22:09.0220 5112 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    17:22:09.0221 5112 iirsp - ok
    17:22:09.0271 5112 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    17:22:09.0276 5112 IKEEXT - ok
    17:22:09.0345 5112 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys
    17:22:09.0355 5112 IntcAzAudAddService - ok
    17:22:09.0416 5112 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    17:22:09.0417 5112 intelide - ok
    17:22:09.0447 5112 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    17:22:09.0448 5112 intelppm - ok
    17:22:09.0476 5112 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    17:22:09.0478 5112 IPBusEnum - ok
    17:22:09.0513 5112 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    17:22:09.0514 5112 IpFilterDriver - ok
    17:22:09.0529 5112 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    17:22:09.0530 5112 IPMIDRV - ok
    17:22:09.0553 5112 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    17:22:09.0555 5112 IPNAT - ok
    17:22:09.0631 5112 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
    17:22:09.0636 5112 iPod Service - ok
    17:22:09.0649 5112 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    17:22:09.0650 5112 IRENUM - ok
    17:22:09.0705 5112 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    17:22:09.0706 5112 isapnp - ok
    17:22:09.0835 5112 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    17:22:09.0838 5112 iScsiPrt - ok
    17:22:09.0860 5112 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    17:22:09.0861 5112 kbdclass - ok
    17:22:09.0899 5112 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    17:22:09.0900 5112 kbdhid - ok
    17:22:09.0927 5112 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:22:09.0928 5112 KeyIso - ok
    17:22:09.0954 5112 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
    17:22:09.0955 5112 KSecDD - ok
    17:22:09.0971 5112 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
    17:22:09.0972 5112 KSecPkg - ok
    17:22:09.0996 5112 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    17:22:09.0997 5112 ksthunk - ok
    17:22:10.0020 5112 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    17:22:10.0023 5112 KtmRm - ok
    17:22:10.0063 5112 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
    17:22:10.0066 5112 LanmanServer - ok
    17:22:10.0101 5112 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    17:22:10.0103 5112 LanmanWorkstation - ok
    17:22:10.0134 5112 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    17:22:10.0136 5112 lltdio - ok
    17:22:10.0156 5112 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    17:22:10.0163 5112 lltdsvc - ok
    17:22:10.0175 5112 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    17:22:10.0176 5112 lmhosts - ok
    17:22:10.0202 5112 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    17:22:10.0203 5112 LSI_FC - ok
    17:22:10.0213 5112 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    17:22:10.0214 5112 LSI_SAS - ok
    17:22:10.0222 5112 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    17:22:10.0223 5112 LSI_SAS2 - ok
    17:22:10.0231 5112 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    17:22:10.0232 5112 LSI_SCSI - ok
    17:22:10.0252 5112 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    17:22:10.0254 5112 luafv - ok
    17:22:10.0290 5112 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    17:22:10.0292 5112 Mcx2Svc - ok
    17:22:10.0298 5112 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    17:22:10.0299 5112 megasas - ok
    17:22:10.0318 5112 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    17:22:10.0321 5112 MegaSR - ok
    17:22:10.0354 5112 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
    17:22:10.0354 5112 MEIx64 - ok
    17:22:10.0378 5112 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    17:22:10.0379 5112 MMCSS - ok
    17:22:10.0382 5112 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    17:22:10.0383 5112 Modem - ok
    17:22:10.0407 5112 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    17:22:10.0407 5112 monitor - ok
    17:22:10.0437 5112 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    17:22:10.0437 5112 mouclass - ok
    17:22:10.0456 5112 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    17:22:10.0457 5112 mouhid - ok
    17:22:10.0485 5112 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    17:22:10.0486 5112 mountmgr - ok
    17:22:10.0586 5112 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    17:22:10.0587 5112 MozillaMaintenance - ok
    17:22:10.0597 5112 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    17:22:10.0599 5112 mpio - ok
    17:22:10.0616 5112 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    17:22:10.0617 5112 mpsdrv - ok
    17:22:10.0654 5112 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    17:22:10.0656 5112 MRxDAV - ok
    17:22:10.0676 5112 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    17:22:10.0677 5112 mrxsmb - ok
    17:22:10.0690 5112 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    17:22:10.0692 5112 mrxsmb10 - ok
    17:22:10.0703 5112 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    17:22:10.0704 5112 mrxsmb20 - ok
    17:22:10.0711 5112 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    17:22:10.0712 5112 msahci - ok
    17:22:10.0730 5112 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    17:22:10.0732 5112 msdsm - ok
    17:22:10.0755 5112 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    17:22:10.0757 5112 MSDTC - ok
    17:22:10.0784 5112 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    17:22:10.0785 5112 Msfs - ok
    17:22:10.0793 5112 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    17:22:10.0794 5112 mshidkmdf - ok
    17:22:10.0796 5112 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    17:22:10.0796 5112 msisadrv - ok
    17:22:10.0818 5112 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    17:22:10.0820 5112 MSiSCSI - ok
    17:22:10.0822 5112 msiserver - ok
    17:22:10.0840 5112 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    17:22:10.0841 5112 MSKSSRV - ok
    17:22:10.0851 5112 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    17:22:10.0852 5112 MSPCLOCK - ok
    17:22:10.0864 5112 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    17:22:10.0865 5112 MSPQM - ok
    17:22:10.0902 5112 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    17:22:10.0904 5112 MsRPC - ok
    17:22:10.0915 5112 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    17:22:10.0915 5112 mssmbios - ok
    17:22:10.0926 5112 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    17:22:10.0927 5112 MSTEE - ok
    17:22:10.0936 5112 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    17:22:10.0936 5112 MTConfig - ok
  7. Baggins25

    Baggins25 Newcomer, in training Topic Starter Posts: 24

    Continued...



    17:22:10.0953 5112 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    17:22:10.0954 5112 Mup - ok
    17:22:10.0970 5112 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    17:22:10.0974 5112 napagent - ok
    17:22:11.0003 5112 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    17:22:11.0006 5112 NativeWifiP - ok
    17:22:11.0055 5112 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    17:22:11.0061 5112 NDIS - ok
    17:22:11.0080 5112 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    17:22:11.0081 5112 NdisCap - ok
    17:22:11.0093 5112 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    17:22:11.0094 5112 NdisTapi - ok
    17:22:11.0126 5112 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    17:22:11.0127 5112 Ndisuio - ok
    17:22:11.0160 5112 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    17:22:11.0162 5112 NdisWan - ok
    17:22:11.0190 5112 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    17:22:11.0191 5112 NDProxy - ok
    17:22:11.0201 5112 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    17:22:11.0202 5112 NetBIOS - ok
    17:22:11.0232 5112 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    17:22:11.0234 5112 NetBT - ok
    17:22:11.0259 5112 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:22:11.0260 5112 Netlogon - ok
    17:22:11.0293 5112 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    17:22:11.0296 5112 Netman - ok
    17:22:11.0311 5112 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    17:22:11.0315 5112 netprofm - ok
    17:22:11.0362 5112 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    17:22:11.0363 5112 NetTcpPortSharing - ok
    17:22:11.0381 5112 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    17:22:11.0382 5112 nfrd960 - ok
    17:22:11.0418 5112 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    17:22:11.0421 5112 NlaSvc - ok
    17:22:11.0430 5112 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    17:22:11.0431 5112 Npfs - ok
    17:22:11.0456 5112 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    17:22:11.0457 5112 nsi - ok
    17:22:11.0463 5112 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    17:22:11.0464 5112 nsiproxy - ok
    17:22:11.0505 5112 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
    17:22:11.0532 5112 Ntfs - ok
    17:22:11.0602 5112 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    17:22:11.0603 5112 Null - ok
    17:22:11.0622 5112 NVHDA (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys
    17:22:11.0624 5112 NVHDA - ok
    17:22:11.0925 5112 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    17:22:11.0973 5112 nvlddmkm - ok
    17:22:12.0071 5112 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
    17:22:12.0072 5112 nvraid - ok
    17:22:12.0084 5112 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
    17:22:12.0086 5112 nvstor - ok
    17:22:12.0137 5112 NVSvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
    17:22:12.0143 5112 NVSvc - ok
    17:22:12.0227 5112 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    17:22:12.0250 5112 nvUpdatusService - ok
    17:22:12.0323 5112 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    17:22:12.0325 5112 nv_agp - ok
    17:22:12.0447 5112 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    17:22:12.0450 5112 odserv - ok
    17:22:12.0463 5112 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    17:22:12.0465 5112 ohci1394 - ok
    17:22:12.0482 5112 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    17:22:12.0484 5112 ose - ok
    17:22:12.0510 5112 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    17:22:12.0513 5112 p2pimsvc - ok
    17:22:12.0538 5112 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    17:22:12.0542 5112 p2psvc - ok
    17:22:12.0556 5112 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    17:22:12.0557 5112 Parport - ok
    17:22:12.0584 5112 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
    17:22:12.0585 5112 partmgr - ok
    17:22:12.0617 5112 PCAMp50a64 (304e6ac43613a9c43896c4300009442b) C:\Windows\system32\Drivers\PCAMp50a64.sys
    17:22:12.0618 5112 PCAMp50a64 - ok
    17:22:12.0633 5112 PCASp50a64 (18b6869e23937175144e6f1d3cb85fc2) C:\Windows\system32\Drivers\PCASp50a64.sys
    17:22:12.0634 5112 PCASp50a64 - ok
    17:22:12.0648 5112 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    17:22:12.0650 5112 PcaSvc - ok
    17:22:12.0685 5112 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    17:22:12.0687 5112 pci - ok
    17:22:12.0696 5112 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    17:22:12.0697 5112 pciide - ok
    17:22:12.0718 5112 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    17:22:12.0720 5112 pcmcia - ok
    17:22:12.0727 5112 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    17:22:12.0727 5112 pcw - ok
    17:22:12.0745 5112 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    17:22:12.0750 5112 PEAUTH - ok
    17:22:12.0806 5112 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
    17:22:12.0818 5112 PeerDistSvc - ok
    17:22:12.0866 5112 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    17:22:12.0867 5112 PerfHost - ok
    17:22:12.0947 5112 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    17:22:12.0979 5112 pla - ok
    17:22:13.0009 5112 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    17:22:13.0013 5112 PlugPlay - ok
    17:22:13.0042 5112 PnkBstrA - ok
    17:22:13.0056 5112 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    17:22:13.0057 5112 PNRPAutoReg - ok
    17:22:13.0076 5112 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    17:22:13.0078 5112 PNRPsvc - ok
    17:22:13.0119 5112 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    17:22:13.0123 5112 PolicyAgent - ok
    17:22:13.0140 5112 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    17:22:13.0143 5112 Power - ok
    17:22:13.0199 5112 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    17:22:13.0200 5112 PptpMiniport - ok
    17:22:13.0216 5112 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    17:22:13.0217 5112 Processor - ok
    17:22:13.0233 5112 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
    17:22:13.0236 5112 ProfSvc - ok
    17:22:13.0265 5112 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:22:13.0266 5112 ProtectedStorage - ok
    17:22:13.0300 5112 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    17:22:13.0302 5112 Psched - ok
    17:22:13.0354 5112 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    17:22:13.0380 5112 ql2300 - ok
    17:22:13.0437 5112 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    17:22:13.0438 5112 ql40xx - ok
    17:22:13.0457 5112 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    17:22:13.0460 5112 QWAVE - ok
    17:22:13.0471 5112 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    17:22:13.0472 5112 QWAVEdrv - ok
    17:22:13.0485 5112 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    17:22:13.0486 5112 RasAcd - ok
    17:22:13.0521 5112 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    17:22:13.0522 5112 RasAgileVpn - ok
    17:22:13.0535 5112 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    17:22:13.0537 5112 RasAuto - ok
    17:22:13.0569 5112 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    17:22:13.0570 5112 Rasl2tp - ok
    17:22:13.0610 5112 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    17:22:13.0613 5112 RasMan - ok
    17:22:13.0619 5112 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    17:22:13.0620 5112 RasPppoe - ok
    17:22:13.0651 5112 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    17:22:13.0653 5112 RasSstp - ok
    17:22:13.0668 5112 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    17:22:13.0671 5112 rdbss - ok
    17:22:13.0683 5112 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    17:22:13.0684 5112 rdpbus - ok
    17:22:13.0689 5112 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    17:22:13.0690 5112 RDPCDD - ok
    17:22:13.0721 5112 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
    17:22:13.0723 5112 RDPDR - ok
    17:22:13.0739 5112 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    17:22:13.0740 5112 RDPENCDD - ok
    17:22:13.0749 5112 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    17:22:13.0750 5112 RDPREFMP - ok
    17:22:13.0825 5112 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
    17:22:13.0826 5112 RdpVideoMiniport - ok
    17:22:13.0861 5112 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
    17:22:13.0863 5112 RDPWD - ok
    17:22:13.0888 5112 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    17:22:13.0890 5112 rdyboost - ok
    17:22:13.0920 5112 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    17:22:13.0922 5112 RemoteAccess - ok
    17:22:13.0954 5112 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    17:22:13.0956 5112 RemoteRegistry - ok
    17:22:13.0963 5112 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    17:22:13.0965 5112 RpcEptMapper - ok
    17:22:13.0981 5112 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    17:22:13.0983 5112 RpcLocator - ok
    17:22:14.0020 5112 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    17:22:14.0022 5112 RpcSs - ok
    17:22:14.0043 5112 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    17:22:14.0044 5112 rspndr - ok
    17:22:14.0072 5112 RTL8167 (e50cfb92986dcab49de93788fd695813) C:\Windows\system32\DRIVERS\Rt64win7.sys
    17:22:14.0074 5112 RTL8167 - ok
    17:22:14.0104 5112 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
    17:22:14.0105 5112 s3cap - ok
    17:22:14.0131 5112 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:22:14.0132 5112 SamSs - ok
    17:22:14.0147 5112 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    17:22:14.0149 5112 sbp2port - ok
    17:22:14.0175 5112 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    17:22:14.0177 5112 SCardSvr - ok
    17:22:14.0210 5112 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    17:22:14.0211 5112 scfilter - ok
    17:22:14.0261 5112 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    17:22:14.0277 5112 Schedule - ok
    17:22:14.0308 5112 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    17:22:14.0308 5112 SCPolicySvc - ok
    17:22:14.0342 5112 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    17:22:14.0345 5112 SDRSVC - ok
    17:22:14.0388 5112 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    17:22:14.0389 5112 secdrv - ok
    17:22:14.0398 5112 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    17:22:14.0399 5112 seclogon - ok
    17:22:14.0419 5112 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
    17:22:14.0420 5112 SENS - ok
    17:22:14.0429 5112 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    17:22:14.0430 5112 SensrSvc - ok
    17:22:14.0448 5112 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    17:22:14.0449 5112 Serenum - ok
    17:22:14.0473 5112 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    17:22:14.0474 5112 Serial - ok
    17:22:14.0500 5112 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    17:22:14.0501 5112 sermouse - ok
    17:22:14.0535 5112 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    17:22:14.0537 5112 SessionEnv - ok
    17:22:14.0546 5112 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    17:22:14.0547 5112 sffdisk - ok
    17:22:14.0555 5112 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    17:22:14.0556 5112 sffp_mmc - ok
    17:22:14.0558 5112 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    17:22:14.0559 5112 sffp_sd - ok
    17:22:14.0568 5112 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    17:22:14.0569 5112 sfloppy - ok
    17:22:14.0605 5112 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    17:22:14.0609 5112 ShellHWDetection - ok
    17:22:14.0620 5112 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    17:22:14.0621 5112 SiSRaid2 - ok
    17:22:14.0634 5112 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    17:22:14.0636 5112 SiSRaid4 - ok
    17:22:14.0657 5112 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    17:22:14.0659 5112 Smb - ok
    17:22:14.0684 5112 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    17:22:14.0686 5112 SNMPTRAP - ok
    17:22:14.0693 5112 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    17:22:14.0694 5112 spldr - ok
    17:22:14.0716 5112 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    17:22:14.0720 5112 Spooler - ok
    17:22:15.0031 5112 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    17:22:15.0104 5112 sppsvc - ok
    17:22:15.0163 5112 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    17:22:15.0165 5112 sppuinotify - ok
    17:22:15.0205 5112 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    17:22:15.0209 5112 srv - ok
    17:22:15.0221 5112 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    17:22:15.0225 5112 srv2 - ok
    17:22:15.0237 5112 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    17:22:15.0239 5112 srvnet - ok
    17:22:15.0262 5112 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    17:22:15.0264 5112 SSDPSRV - ok
    17:22:15.0273 5112 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    17:22:15.0275 5112 SstpSvc - ok
    17:22:15.0342 5112 Steam Client Service - ok
    17:22:15.0429 5112 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    17:22:15.0432 5112 Stereo Service - ok
    17:22:15.0452 5112 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    17:22:15.0453 5112 stexstor - ok
    17:22:15.0497 5112 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    17:22:15.0501 5112 stisvc - ok
    17:22:15.0536 5112 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
    17:22:15.0537 5112 storflt - ok
    17:22:15.0550 5112 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
    17:22:15.0551 5112 storvsc - ok
    17:22:15.0559 5112 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    17:22:15.0559 5112 swenum - ok
    17:22:15.0589 5112 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    17:22:15.0593 5112 swprv - ok
    17:22:15.0611 5112 Synth3dVsc - ok
    17:22:15.0673 5112 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    17:22:15.0701 5112 SysMain - ok
    17:22:15.0769 5112 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    17:22:15.0771 5112 TabletInputService - ok
    17:22:15.0801 5112 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    17:22:15.0805 5112 TapiSrv - ok
    17:22:15.0827 5112 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    17:22:15.0829 5112 TBS - ok
    17:22:15.0900 5112 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
    17:22:15.0928 5112 Tcpip - ok
    17:22:16.0009 5112 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
    17:22:16.0016 5112 TCPIP6 - ok
    17:22:16.0083 5112 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    17:22:16.0084 5112 tcpipreg - ok
    17:22:16.0109 5112 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    17:22:16.0110 5112 TDPIPE - ok
    17:22:16.0143 5112 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    17:22:16.0144 5112 TDTCP - ok
    17:22:16.0192 5112 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    17:22:16.0193 5112 tdx - ok
    17:22:16.0227 5112 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    17:22:16.0227 5112 TermDD - ok
    17:22:16.0246 5112 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    17:22:16.0252 5112 TermService - ok
    17:22:16.0265 5112 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    17:22:16.0267 5112 Themes - ok
    17:22:16.0287 5112 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    17:22:16.0288 5112 THREADORDER - ok
    17:22:16.0302 5112 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    17:22:16.0304 5112 TrkWks - ok
    17:22:16.0346 5112 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    17:22:16.0348 5112 TrustedInstaller - ok
    17:22:16.0366 5112 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    17:22:16.0367 5112 tssecsrv - ok
    17:22:16.0413 5112 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    17:22:16.0414 5112 TsUsbFlt - ok
    17:22:16.0428 5112 tsusbhub - ok
    17:22:16.0467 5112 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    17:22:16.0468 5112 tunnel - ok
    17:22:16.0488 5112 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    17:22:16.0489 5112 uagp35 - ok
    17:22:16.0509 5112 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    17:22:16.0512 5112 udfs - ok
    17:22:16.0535 5112 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    17:22:16.0537 5112 UI0Detect - ok
    17:22:16.0567 5112 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    17:22:16.0568 5112 uliagpkx - ok
    17:22:16.0602 5112 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
    17:22:16.0603 5112 umbus - ok
    17:22:16.0627 5112 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    17:22:16.0627 5112 UmPass - ok
    17:22:16.0646 5112 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
    17:22:16.0648 5112 UmRdpService - ok
    17:22:16.0663 5112 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    17:22:16.0667 5112 upnphost - ok
    17:22:16.0697 5112 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
    17:22:16.0698 5112 usbccgp - ok
    17:22:16.0710 5112 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    17:22:16.0712 5112 usbcir - ok
    17:22:16.0725 5112 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
    17:22:16.0726 5112 usbehci - ok
    17:22:16.0746 5112 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
    17:22:16.0749 5112 usbhub - ok
    17:22:16.0756 5112 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
    17:22:16.0756 5112 usbohci - ok
    17:22:16.0769 5112 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    17:22:16.0770 5112 usbprint - ok
    17:22:16.0783 5112 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    17:22:16.0784 5112 USBSTOR - ok
    17:22:16.0798 5112 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
    17:22:16.0799 5112 usbuhci - ok
    17:22:16.0822 5112 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    17:22:16.0823 5112 UxSms - ok
    17:22:16.0844 5112 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:22:16.0845 5112 VaultSvc - ok
    17:22:16.0869 5112 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    17:22:16.0870 5112 vdrvroot - ok
    17:22:16.0911 5112 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    17:22:16.0916 5112 vds - ok
    17:22:16.0947 5112 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    17:22:16.0948 5112 vga - ok
    17:22:16.0966 5112 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    17:22:16.0967 5112 VgaSave - ok
    17:22:16.0984 5112 VGPU - ok
    17:22:16.0998 5112 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    17:22:17.0000 5112 vhdmp - ok
    17:22:17.0016 5112 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    17:22:17.0017 5112 viaide - ok
    17:22:17.0035 5112 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
    17:22:17.0036 5112 vmbus - ok
    17:22:17.0047 5112 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
    17:22:17.0048 5112 VMBusHID - ok
    17:22:17.0058 5112 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    17:22:17.0059 5112 volmgr - ok
    17:22:17.0095 5112 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    17:22:17.0097 5112 volmgrx - ok
    17:22:17.0129 5112 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    17:22:17.0132 5112 volsnap - ok
    17:22:17.0157 5112 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    17:22:17.0159 5112 vsmraid - ok
    17:22:17.0240 5112 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    17:22:17.0266 5112 VSS - ok
    17:22:17.0322 5112 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    17:22:17.0323 5112 vwifibus - ok
    17:22:17.0338 5112 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    17:22:17.0340 5112 vwififlt - ok
    17:22:17.0366 5112 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    17:22:17.0369 5112 W32Time - ok
    17:22:17.0376 5112 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    17:22:17.0377 5112 WacomPen - ok
    17:22:17.0417 5112 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    17:22:17.0419 5112 WANARP - ok
    17:22:17.0420 5112 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    17:22:17.0421 5112 Wanarpv6 - ok
    17:22:17.0469 5112 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    17:22:17.0493 5112 WatAdminSvc - ok
    17:22:17.0557 5112 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    17:22:17.0587 5112 wbengine - ok
    17:22:17.0655 5112 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    17:22:17.0658 5112 WbioSrvc - ok
    17:22:17.0699 5112 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    17:22:17.0702 5112 wcncsvc - ok
    17:22:17.0715 5112 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    17:22:17.0717 5112 WcsPlugInService - ok
    17:22:17.0730 5112 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    17:22:17.0731 5112 Wd - ok
    17:22:17.0754 5112 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    17:22:17.0758 5112 Wdf01000 - ok
    17:22:17.0768 5112 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    17:22:17.0770 5112 WdiServiceHost - ok
    17:22:17.0772 5112 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    17:22:17.0773 5112 WdiSystemHost - ok
    17:22:17.0814 5112 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    17:22:17.0817 5112 WebClient - ok
    17:22:17.0848 5112 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    17:22:17.0851 5112 Wecsvc - ok
    17:22:17.0859 5112 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    17:22:17.0861 5112 wercplsupport - ok
    17:22:17.0875 5112 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    17:22:17.0877 5112 WerSvc - ok
    17:22:17.0914 5112 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    17:22:17.0915 5112 WfpLwf - ok
    17:22:17.0927 5112 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    17:22:17.0928 5112 WIMMount - ok
    17:22:17.0931 5112 WinHttpAutoProxySvc - ok
    17:22:17.0967 5112 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    17:22:17.0970 5112 Winmgmt - ok
    17:22:18.0035 5112 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    17:22:18.0065 5112 WinRM - ok
    17:22:18.0154 5112 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    17:22:18.0160 5112 Wlansvc - ok
    17:22:18.0295 5112 wlidsvc (98f138897ef4246381d197cb81846d62) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    17:22:18.0330 5112 wlidsvc - ok
    17:22:18.0411 5112 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    17:22:18.0412 5112 WmiAcpi - ok
    17:22:18.0452 5112 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    17:22:18.0454 5112 wmiApSrv - ok
    17:22:18.0474 5112 WMPNetworkSvc - ok
    17:22:18.0491 5112 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    17:22:18.0493 5112 WPCSvc - ok
    17:22:18.0555 5112 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    17:22:18.0557 5112 WPDBusEnum - ok
    17:22:18.0569 5112 WPN111 - ok
    17:22:18.0589 5112 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    17:22:18.0590 5112 ws2ifsl - ok
    17:22:18.0591 5112 WSearch - ok
    17:22:18.0670 5112 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
    17:22:18.0700 5112 wuauserv - ok
    17:22:18.0779 5112 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    17:22:18.0781 5112 WudfPf - ok
    17:22:18.0801 5112 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    17:22:18.0803 5112 WUDFRd - ok
    17:22:18.0831 5112 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    17:22:18.0833 5112 wudfsvc - ok
    17:22:18.0876 5112 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    17:22:18.0879 5112 WwanSvc - ok
    17:22:18.0898 5112 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    17:22:18.0923 5112 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    17:22:18.0924 5112 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    17:22:18.0954 5112 Boot (0x1200) (97a10b9b28b8111029506884808ce141) \Device\Harddisk0\DR0\Partition0
    17:22:18.0955 5112 \Device\Harddisk0\DR0\Partition0 - ok
    17:22:18.0964 5112 Boot (0x1200) (ce16f9adf728a823cc780f5e0264308f) \Device\Harddisk0\DR0\Partition1
    17:22:18.0966 5112 \Device\Harddisk0\DR0\Partition1 - ok
    17:22:18.0966 5112 ============================================================
    17:22:18.0966 5112 Scan finished
    17:22:18.0966 5112 ============================================================
    17:22:18.0970 3776 Detected object count: 1
    17:22:18.0970 3776 Actual detected object count: 1
    17:22:38.0951 3776 \Device\Harddisk0\DR0\# - copied to quarantine
    17:22:38.0953 3776 \Device\Harddisk0\DR0 - copied to quarantine
    17:22:38.0991 3776 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    17:22:39.0193 3776 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    17:22:39.0343 3776 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    17:22:39.0504 3776 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    17:22:39.0801 3776 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    17:22:40.0017 3776 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    17:22:40.0181 3776 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    17:22:40.0183 3776 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    17:22:40.0207 3776 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    17:22:40.0242 3776 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    17:22:40.0521 3776 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    17:22:40.0695 3776 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    17:22:40.0696 3776 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    17:22:40.0700 3776 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    17:22:40.0712 3776 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    17:22:40.0910 3776 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    17:22:40.0938 3776 \Device\Harddisk0\DR0 - ok
    17:22:40.0945 3776 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    17:22:59.0845 4032 Deinitialize success
  8. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    Good :)

    Update MBAM, post new log.

    Next...

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    =====================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  9. Baggins25

    Baggins25 Newcomer, in training Topic Starter Posts: 24

    Here is new MBAM log:

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.17.12

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Kyle :: KYLE-PC [administrator]

    7/17/2012 5:57:51 PM
    mbam-log-2012-07-17 (17-57-51).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 226390
    Time elapsed: 1 minute(s), 51 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    (end)
  10. Baggins25

    Baggins25 Newcomer, in training Topic Starter Posts: 24

    RogueKiller V7.6.4 [07/17/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User: Kyle [Admin rights]
    Mode: Scan -- Date: 07/17/2012 18:11:04

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Registry Entries: 2 ¤¤¤
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] @ : c:\windows\installer\{8b4e39ff-0b71-afcd-5af9-30b0ff0a6e3c}\@ --> FOUND
    [ZeroAccess][FOLDER] U : c:\windows\installer\{8b4e39ff-0b71-afcd-5af9-30b0ff0a6e3c}\U --> FOUND
    [ZeroAccess][FOLDER] L : c:\windows\installer\{8b4e39ff-0b71-afcd-5af9-30b0ff0a6e3c}\L --> FOUND
    [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND
    [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 validation.sls.microsoft.com


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST3500413AS ATA Device +++++
    --- User ---
    [MBR] c9b42bef9e6b5090c9c8f76dd0bcba14
    [BSP] 0797790bf659416055ec6f3eb7fa251a : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt
  11. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    On a top of TDL rootkit we have ZeroAccess rootkit infection as well.

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  12. Baggins25

    Baggins25 Newcomer, in training Topic Starter Posts: 24

    Here is aswMBR log:

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-07-17 18:13:22
    -----------------------------
    18:13:22.742 OS Version: Windows x64 6.1.7601 Service Pack 1
    18:13:22.742 Number of processors: 8 586 0x2A07
    18:13:22.742 ComputerName: KYLE-PC UserName: Kyle
    18:13:24.482 Initialize success
    18:15:08.507 AVAST engine defs: 12071701
    18:15:17.056 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    18:15:17.056 Disk 0 Vendor: ST3500413AS JC4B Size: 476940MB BusType: 11
    18:15:17.072 Disk 0 MBR read successfully
    18:15:17.072 Disk 0 MBR scan
    18:15:17.088 Disk 0 Windows 7 default MBR code
    18:15:17.088 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    18:15:17.103 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
    18:15:17.119 Disk 0 scanning C:\Windows\system32\drivers
    18:15:27.118 Service scanning
    18:15:46.376 Modules scanning
    18:15:46.376 Disk 0 trace - called modules:
    18:15:46.392 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    18:15:46.407 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077fa790]
    18:15:46.906 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa800751e040]
    18:15:46.906 5 ACPI.sys[fffff88000f187a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800751b060]
    18:15:50.713 AVAST engine scan C:\Windows
    18:15:55.486 AVAST engine scan C:\Windows\system32
    18:18:09.472 AVAST engine scan C:\Windows\system32\drivers
    18:18:21.488 AVAST engine scan C:\Users\Kyle
    18:23:26.470 AVAST engine scan C:\ProgramData
    18:23:55.360 File: C:\ProgramData\Microsoft\Windows\DRM\20AC.tmp.dat **INFECTED** Win32:Crypt-NIR [Trj]
    18:23:56.964 File: C:\ProgramData\Microsoft\Windows\DRM\2205.tmp **INFECTED** Win32:Crypt-NIR [Trj]
    18:23:58.574 File: C:\ProgramData\Microsoft\Windows\DRM\6431.tmp.dat **INFECTED** Win32:Crypt-NIN [Trj]
    18:24:07.419 Scan finished successfully
    18:24:26.130 Disk 0 MBR has been saved successfully to "C:\Users\Kyle\Desktop\MBR.dat"
    18:24:26.133 The log file has been saved successfully to "C:\Users\Kyle\Desktop\aswMBR.txt"
  13. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    Very well.
    Please read my previous reply.
  14. Baggins25

    Baggins25 Newcomer, in training Topic Starter Posts: 24

    Thank you for your continued support...

    Here is the next log:

    Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 02
    Ran by SYSTEM at 17-07-2012 18:56:09
    Running from F:\
    Windows 7 Ultimate (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11613288 2010-11-19] (Realtek Semiconductor)
    HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [4081008 2012-03-07] (ESET)
    HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
    HKU\Kyle\...\Run: [Google Update] "C:\Users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-05-21] (Google Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    ==================== Services (Whitelisted) ======

    2 ekrn; "C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" [913144 2012-03-07] (ESET)
    2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-03-25] ()

    ========================== Drivers (Whitelisted) =============

    1 eamonm; C:\Windows\System32\Drivers\eamonm.sys [209768 2012-03-14] (ESET)
    1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [148528 2012-03-14] (ESET)
    2 epfw; C:\Windows\System32\Drivers\epfw.sys [187632 2012-03-14] (ESET)
    1 EpfwLWF; C:\Windows\System32\Drivers\EpfwLWF.sys [38288 2012-03-14] (ESET)
    0 epfwwfp; C:\Windows\System32\Drivers\epfwwfp.sys [62496 2012-03-14] (ESET)
    3 PCAMp50a64; C:\Windows\System32\Drivers\PCAMp50a64.sys [43328 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
    3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
    3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
    3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
    3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
    3 WPN111; C:\Windows\System32\DRIVERS\WPN111vx.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-17 18:56 - 2012-07-17 18:56 - 00000000 ____D C:\FRST
    2012-07-17 17:24 - 2012-07-17 17:24 - 00002249 ____A C:\Users\Kyle\Desktop\aswMBR.txt
    2012-07-17 17:24 - 2012-07-17 17:24 - 00000512 ____A C:\Users\Kyle\Desktop\MBR.dat
    2012-07-17 17:12 - 2012-07-17 17:13 - 04731392 ____A (AVAST Software) C:\Users\Kyle\Downloads\aswMBR.exe
    2012-07-17 17:11 - 2012-07-17 17:11 - 00001710 ____A C:\Users\Kyle\Desktop\RKreport[1].txt
    2012-07-17 17:10 - 2012-07-17 17:11 - 00000000 ____D C:\Users\Kyle\Desktop\RK_Quarantine
    2012-07-17 17:05 - 2012-07-17 17:05 - 01552384 ____A C:\Users\Kyle\Downloads\RogueKiller.exe
    2012-07-17 16:22 - 2012-07-17 16:22 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-07-17 16:17 - 2012-07-17 16:17 - 02117152 ____A C:\Users\Kyle\Downloads\tdsskiller.zip
    2012-07-17 11:31 - 2012-07-17 11:31 - 00607260 ____R (Swearware) C:\Users\Kyle\Downloads\dds.scr
    2012-07-17 10:55 - 2012-07-17 10:55 - 00302592 ____A C:\Users\Kyle\Downloads\drl6rorn.exe
    2012-07-17 10:47 - 2012-07-17 10:47 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-17 10:47 - 2012-07-17 10:47 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Malwarebytes
    2012-07-17 10:47 - 2012-07-17 10:47 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-07-17 10:47 - 2012-07-17 10:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-17 10:47 - 2012-07-03 12:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-17 10:46 - 2012-07-17 10:46 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Kyle\Downloads\mbam-setup-1.62.0.1300.exe
    2012-07-17 08:13 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-17 08:11 - 2012-07-17 08:11 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
    2012-07-17 08:11 - 2012-07-17 08:11 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
    2012-07-17 08:11 - 2012-07-17 08:11 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-07-17 08:11 - 2012-07-17 08:11 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-07-17 08:11 - 2012-07-17 08:11 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-07-17 08:11 - 2012-07-17 08:11 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-07-17 08:11 - 2012-07-17 08:11 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2012-07-17 08:11 - 2012-07-17 08:11 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2012-07-17 08:11 - 2012-07-17 08:11 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-07-17 08:11 - 2012-07-17 08:11 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
    2012-07-17 08:11 - 2012-07-17 08:11 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
    2012-07-17 08:11 - 2012-07-17 08:11 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
    2012-07-17 08:11 - 2012-07-17 08:11 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
    2012-07-17 08:11 - 2012-07-17 08:11 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-07-17 08:11 - 2012-07-17 08:11 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
    2012-07-17 08:11 - 2012-07-17 08:11 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
    2012-07-17 08:11 - 2012-07-17 08:11 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2012-07-17 08:11 - 2012-07-17 08:11 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
    2012-07-17 08:11 - 2012-07-17 08:11 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
    2012-07-17 08:11 - 2012-07-17 08:11 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2012-07-17 08:11 - 2012-07-17 08:11 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
    2012-07-17 08:11 - 2012-07-17 08:11 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2012-07-17 08:11 - 2012-07-17 08:11 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
    2012-07-17 08:11 - 2012-07-17 08:11 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2012-07-17 08:11 - 2012-07-17 08:11 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2012-07-17 08:11 - 2012-07-17 08:11 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    2012-07-17 08:10 - 2012-07-17 08:12 - 00003249 ____A C:\Windows\IE9_main.log
    2012-07-17 08:09 - 2012-07-17 08:09 - 00000129 ____A C:\Windows\System32\MRT.INI
    2012-07-17 08:02 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-07-17 08:02 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-07-17 08:02 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-07-17 08:02 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-07-17 08:02 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-07-17 08:02 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-07-17 08:02 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-07-17 08:02 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-07-17 08:02 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-07-17 08:02 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-07-17 08:02 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-07-17 08:02 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-07-17 08:02 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-07-17 08:02 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-07-17 08:02 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-07-17 08:02 - 2012-04-27 21:32 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
    2012-07-17 08:02 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-07-17 08:02 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-07-17 08:02 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-07-17 08:02 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-07-17 08:02 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
    2012-07-17 08:02 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2012-07-17 08:01 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-07-17 08:01 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-07-17 08:01 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-07-17 08:01 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-07-17 08:01 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-07-17 08:00 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-07-17 08:00 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-07-17 08:00 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-07-17 04:24 - 2012-07-17 04:24 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-07-17 04:14 - 2012-07-17 04:14 - 00000000 ____D C:\Windows\Sun
    2012-07-16 21:11 - 2012-07-17 16:21 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Kyle\Desktop\TDSSKiller.exe
    2012-07-16 17:54 - 2012-07-16 17:54 - 00293552 ____A C:\Windows\Minidump\071612-19188-01.dmp
    2012-07-15 15:18 - 2012-05-31 11:25 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2012-07-15 14:49 - 2012-07-15 14:49 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\ESET
    2012-07-15 14:49 - 2012-07-15 14:49 - 00000000 ____D C:\Users\Kyle\AppData\Local\ESET
    2012-07-15 14:47 - 2012-07-15 14:47 - 00000000 ____D C:\Users\All Users\ESET
    2012-07-15 14:47 - 2012-07-15 14:47 - 00000000 ____D C:\Program Files\ESET
    2012-07-15 14:43 - 2012-07-15 14:43 - 01263344 ____A (ESET) C:\Users\Kyle\Downloads\eset_smart_security_live_installer.exe
    2012-07-12 18:19 - 2012-05-15 02:48 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
    2012-07-12 18:19 - 2012-05-15 02:48 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
    2012-07-12 18:19 - 2012-05-15 02:48 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2012-07-12 18:19 - 2012-05-15 02:48 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
    2012-07-12 18:19 - 2012-05-15 02:48 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2012-07-12 18:19 - 2012-05-15 02:48 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
    2012-07-12 18:19 - 2012-05-15 02:48 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
    2012-07-12 18:19 - 2012-05-15 02:48 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2012-07-12 18:19 - 2012-05-15 02:48 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
    2012-07-12 18:19 - 2012-05-15 02:48 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
    2012-07-12 18:19 - 2012-05-15 02:48 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2012-07-12 18:19 - 2012-05-15 02:48 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
    2012-07-12 18:19 - 2012-05-15 02:48 - 00818496 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
    2012-07-12 18:19 - 2012-05-15 02:48 - 00364352 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll
    2012-07-12 18:19 - 2012-05-15 02:48 - 00301376 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll
    2012-07-12 18:19 - 2012-05-15 02:48 - 00246592 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
    2012-07-12 18:19 - 2012-05-15 02:48 - 00202048 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
    2012-07-12 18:19 - 2012-04-18 09:08 - 00188736 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
    2012-07-12 18:19 - 2012-04-18 09:08 - 00031040 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
    2012-07-12 18:14 - 2012-07-12 18:16 - 168454136 ____A (NVIDIA Corporation) C:\Users\Kyle\Downloads\301.42-desktop-win7-winvista-64bit-english-whql.exe
    2012-07-12 09:30 - 2012-07-12 09:30 - 03878112 ____A C:\Users\Kyle\Downloads\battlelog-web-plugins-1.122.0-retail-prod.exe
    2012-07-05 18:52 - 2012-07-05 18:53 - 00293552 ____A C:\Windows\Minidump\070512-23478-01.dmp
    2012-06-22 08:11 - 2012-06-22 08:11 - 00000000 ____D C:\Users\Kyle\AppData\Local\Macromedia
    2012-06-18 22:32 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-18 22:32 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-18 22:32 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-18 22:32 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-18 22:32 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-18 22:32 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-18 22:32 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-18 22:32 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-18 22:32 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
  15. Baggins25

    Baggins25 Newcomer, in training Topic Starter Posts: 24

    ============ 3 Months Modified Files ========================

    2012-07-17 17:53 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-17 17:53 - 2009-07-13 20:51 - 00038840 ____A C:\Windows\setupact.log
    2012-07-17 17:41 - 2011-11-12 19:39 - 01724499 ____A C:\Windows\WindowsUpdate.log
    2012-07-17 17:41 - 2009-07-13 20:45 - 00014512 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-17 17:41 - 2009-07-13 20:45 - 00014512 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-17 17:29 - 2009-07-13 21:13 - 00713888 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-17 17:24 - 2012-07-17 17:24 - 00002249 ____A C:\Users\Kyle\Desktop\aswMBR.txt
    2012-07-17 17:24 - 2012-07-17 17:24 - 00000512 ____A C:\Users\Kyle\Desktop\MBR.dat
    2012-07-17 17:13 - 2012-07-17 17:12 - 04731392 ____A (AVAST Software) C:\Users\Kyle\Downloads\aswMBR.exe
    2012-07-17 17:11 - 2012-07-17 17:11 - 00001710 ____A C:\Users\Kyle\Desktop\RKreport[1].txt
    2012-07-17 17:06 - 2011-11-12 19:56 - 00279802 ____A C:\Windows\PFRO.log
    2012-07-17 17:05 - 2012-07-17 17:05 - 01552384 ____A C:\Users\Kyle\Downloads\RogueKiller.exe
    2012-07-17 16:46 - 2012-05-21 11:36 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1223303338-2475979266-795682110-1000UA.job
    2012-07-17 16:21 - 2012-07-16 21:11 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Kyle\Desktop\TDSSKiller.exe
    2012-07-17 16:17 - 2012-07-17 16:17 - 02117152 ____A C:\Users\Kyle\Downloads\tdsskiller.zip
    2012-07-17 11:31 - 2012-07-17 11:31 - 00607260 ____R (Swearware) C:\Users\Kyle\Downloads\dds.scr
    2012-07-17 10:55 - 2012-07-17 10:55 - 00302592 ____A C:\Users\Kyle\Downloads\drl6rorn.exe
    2012-07-17 10:47 - 2012-07-17 10:47 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-17 10:46 - 2012-07-17 10:46 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Kyle\Downloads\mbam-setup-1.62.0.1300.exe
    2012-07-17 09:41 - 2011-11-12 22:28 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
    2012-07-17 09:41 - 2011-11-12 21:46 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.exe
    2012-07-17 09:41 - 2011-11-12 21:46 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
    2012-07-17 08:46 - 2012-05-21 11:36 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1223303338-2475979266-795682110-1000Core.job
    2012-07-17 08:16 - 2009-07-13 20:45 - 00303728 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-17 08:12 - 2012-07-17 08:10 - 00003249 ____A C:\Windows\IE9_main.log
    2012-07-17 08:11 - 2012-07-17 08:11 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
    2012-07-17 08:11 - 2012-07-17 08:11 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
    2012-07-17 08:11 - 2012-07-17 08:11 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-07-17 08:11 - 2012-07-17 08:11 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-07-17 08:11 - 2012-07-17 08:11 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-07-17 08:11 - 2012-07-17 08:11 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-07-17 08:11 - 2012-07-17 08:11 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2012-07-17 08:11 - 2012-07-17 08:11 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2012-07-17 08:11 - 2012-07-17 08:11 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-07-17 08:11 - 2012-07-17 08:11 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
    2012-07-17 08:11 - 2012-07-17 08:11 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
    2012-07-17 08:11 - 2012-07-17 08:11 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
    2012-07-17 08:11 - 2012-07-17 08:11 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
    2012-07-17 08:11 - 2012-07-17 08:11 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-07-17 08:11 - 2012-07-17 08:11 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
    2012-07-17 08:11 - 2012-07-17 08:11 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
    2012-07-17 08:11 - 2012-07-17 08:11 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2012-07-17 08:11 - 2012-07-17 08:11 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
    2012-07-17 08:11 - 2012-07-17 08:11 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
    2012-07-17 08:11 - 2012-07-17 08:11 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2012-07-17 08:11 - 2012-07-17 08:11 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
    2012-07-17 08:11 - 2012-07-17 08:11 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2012-07-17 08:11 - 2012-07-17 08:11 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2012-07-17 08:11 - 2012-07-17 08:11 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
    2012-07-17 08:11 - 2012-07-17 08:11 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2012-07-17 08:11 - 2012-07-17 08:11 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2012-07-17 08:11 - 2012-07-17 08:11 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    2012-07-17 08:09 - 2012-07-17 08:09 - 00000129 ____A C:\Windows\System32\MRT.INI
    2012-07-17 07:38 - 2012-04-06 08:40 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-17 07:38 - 2011-11-13 02:38 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-16 17:54 - 2012-07-16 17:54 - 00293552 ____A C:\Windows\Minidump\071612-19188-01.dmp
    2012-07-16 17:54 - 2012-04-23 15:07 - 581251893 ____A C:\Windows\MEMORY.DMP
    2012-07-15 14:43 - 2012-07-15 14:43 - 01263344 ____A (ESET) C:\Users\Kyle\Downloads\eset_smart_security_live_installer.exe
    2012-07-12 18:16 - 2012-07-12 18:14 - 168454136 ____A (NVIDIA Corporation) C:\Users\Kyle\Downloads\301.42-desktop-win7-winvista-64bit-english-whql.exe
    2012-07-12 09:30 - 2012-07-12 09:30 - 03878112 ____A C:\Users\Kyle\Downloads\battlelog-web-plugins-1.122.0-retail-prod.exe
    2012-07-05 18:53 - 2012-07-05 18:52 - 00293552 ____A C:\Windows\Minidump\070512-23478-01.dmp
    2012-07-03 12:46 - 2012-07-17 10:47 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-03 02:19 - 2011-11-13 21:19 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-11 19:08 - 2012-07-17 08:13 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-08 21:43 - 2012-07-17 08:02 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-08 20:41 - 2012-07-17 08:02 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-06-08 08:07 - 2009-07-13 21:08 - 00032600 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-06-05 22:06 - 2012-07-17 08:02 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-05 22:06 - 2012-07-17 08:02 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-05 22:02 - 2012-07-17 08:00 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-06-05 21:05 - 2012-07-17 08:02 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-06-05 21:05 - 2012-07-17 08:02 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-06-05 21:03 - 2012-07-17 08:00 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-06-05 11:39 - 2012-06-05 11:38 - 36586472 ____A C:\Users\Kyle\Downloads\SMOV0001.AVI
    2012-06-02 14:19 - 2012-06-18 22:32 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-18 22:32 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-18 22:32 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 14:19 - 2012-06-18 22:32 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-18 22:32 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-18 22:32 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-18 22:32 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-18 22:32 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 14:15 - 2012-06-18 22:32 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-01 21:50 - 2012-07-17 08:02 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-06-01 21:48 - 2012-07-17 08:02 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-06-01 21:48 - 2012-07-17 08:02 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-06-01 21:45 - 2012-07-17 08:02 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-06-01 21:44 - 2012-07-17 08:02 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-06-01 20:40 - 2012-07-17 08:02 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-06-01 20:40 - 2012-07-17 08:02 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-06-01 20:39 - 2012-07-17 08:02 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-06-01 20:34 - 2012-07-17 08:02 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-05-31 11:25 - 2012-07-15 15:18 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2012-05-28 21:09 - 2012-05-28 21:09 - 00254853 ____A C:\Users\Kyle\Downloads\Queue2.htm
    2012-05-28 21:08 - 2012-05-28 21:08 - 00254837 ____A C:\Users\Kyle\Downloads\Queue.htm
    2012-05-21 11:36 - 2012-05-21 11:36 - 00739856 ____A (Google Inc.) C:\Users\Kyle\Downloads\ChromeSetup.exe
    2012-05-17 10:46 - 2012-05-17 10:46 - 00010299 ____A C:\Users\Kyle\Documents\Uninstall STAR WARS The Old Republic.log
    2012-05-15 11:21 - 2012-05-15 10:47 - 00001189 ____A C:\Users\Public\Desktop\Diablo III.lnk
    2012-05-15 10:45 - 2012-05-15 10:45 - 32288896 ____A (Blizzard Entertainment) C:\Users\Kyle\Downloads\Diablo-III-Setup-enUS.exe
    2012-05-15 02:48 - 2012-07-12 18:19 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
    2012-05-15 02:48 - 2012-07-12 18:19 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
    2012-05-15 02:48 - 2012-07-12 18:19 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2012-05-15 02:48 - 2012-07-12 18:19 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
    2012-05-15 02:48 - 2012-07-12 18:19 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2012-05-15 02:48 - 2012-07-12 18:19 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
    2012-05-15 02:48 - 2012-07-12 18:19 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
    2012-05-15 02:48 - 2012-07-12 18:19 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2012-05-15 02:48 - 2012-07-12 18:19 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
    2012-05-15 02:48 - 2012-07-12 18:19 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
    2012-05-15 02:48 - 2012-07-12 18:19 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2012-05-15 02:48 - 2012-07-12 18:19 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
    2012-05-15 02:48 - 2012-07-12 18:19 - 00818496 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
    2012-05-15 02:48 - 2012-07-12 18:19 - 00364352 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll
    2012-05-15 02:48 - 2012-07-12 18:19 - 00301376 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll
    2012-05-15 02:48 - 2012-07-12 18:19 - 00246592 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
    2012-05-15 02:48 - 2012-07-12 18:19 - 00202048 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
    2012-05-15 02:48 - 2012-04-01 13:28 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
    2012-05-15 02:48 - 2012-04-01 13:28 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2012-05-15 02:48 - 2012-04-01 13:28 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
    2012-05-15 02:48 - 2012-04-01 13:28 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
    2012-05-15 02:48 - 2012-02-25 18:50 - 00949056 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
    2012-05-15 02:48 - 2011-11-12 20:58 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
    2012-05-15 02:48 - 2011-11-12 20:58 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
    2012-05-15 02:48 - 2011-11-12 20:58 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
    2012-05-15 02:48 - 2011-11-12 20:02 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
    2012-05-15 02:48 - 2011-11-12 20:02 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
    2012-05-15 02:48 - 2011-11-12 20:02 - 00014324 ____A C:\Windows\System32\nvinfo.pb
    2012-05-15 01:29 - 2012-02-25 18:51 - 02621723 ____A C:\Windows\System32\nvcoproc.bin
    2012-05-15 01:29 - 2010-12-27 11:54 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
    2012-05-15 01:29 - 2010-12-27 11:54 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    2012-05-15 01:29 - 2010-12-27 11:54 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
    2012-05-15 01:29 - 2010-12-27 11:54 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
    2012-05-15 01:28 - 2010-12-27 11:55 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
    2012-05-15 01:21 - 2012-05-15 01:21 - 00423744 ____A C:\Windows\SysWOW64\nvStreaming.exe
    2012-04-27 21:32 - 2012-07-17 08:02 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
    2012-04-27 19:55 - 2012-07-17 08:02 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-25 21:41 - 2012-07-17 08:02 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-25 21:41 - 2012-07-17 08:02 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-25 21:34 - 2012-07-17 08:02 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-25 20:55 - 2011-11-12 21:02 - 00063960 ____A C:\Users\Kyle\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-04-24 17:53 - 2012-04-24 17:52 - 166448312 ____A (NVIDIA Corporation) C:\Users\Kyle\Downloads\296.10-desktop-win7-winvista-64bit-english-whql(1).exe
    2012-04-23 21:37 - 2012-07-17 08:01 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-23 21:37 - 2012-07-17 08:01 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-23 21:37 - 2012-07-17 08:01 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-23 20:36 - 2012-07-17 08:01 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-04-23 20:36 - 2012-07-17 08:01 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-04-23 20:36 - 2012-07-17 08:00 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-04-23 15:07 - 2012-04-23 15:07 - 00293488 ____A C:\Windows\Minidump\042312-21231-01.dmp
    2012-04-19 10:35 - 2012-04-19 10:35 - 00035840 ____A C:\Users\Kyle\Documents\8-30-11 pricing spreadsheet.xls
    2012-04-19 10:31 - 2012-04-19 10:30 - 00035840 ____A C:\Users\Kyle\Downloads\8-30-11 pricing spreadsheet.xls

    ZeroAccess:
    C:\Windows\Installer\{8b4e39ff-0b71-afcd-5af9-30b0ff0a6e3c}
    C:\Windows\Installer\{8b4e39ff-0b71-afcd-5af9-30b0ff0a6e3c}\@
    C:\Windows\Installer\{8b4e39ff-0b71-afcd-5af9-30b0ff0a6e3c}\L
    C:\Windows\Installer\{8b4e39ff-0b71-afcd-5af9-30b0ff0a6e3c}\U
    C:\Windows\Installer\{8b4e39ff-0b71-afcd-5af9-30b0ff0a6e3c}\L\00000004.@
    C:\Windows\Installer\{8b4e39ff-0b71-afcd-5af9-30b0ff0a6e3c}\L\1afb2d56
    C:\Windows\Installer\{8b4e39ff-0b71-afcd-5af9-30b0ff0a6e3c}\U\00000004.@
    C:\Windows\Installer\{8b4e39ff-0b71-afcd-5af9-30b0ff0a6e3c}\U\00000008.@
    C:\Windows\Installer\{8b4e39ff-0b71-afcd-5af9-30b0ff0a6e3c}\U\000000cb.@
    C:\Windows\Installer\{8b4e39ff-0b71-afcd-5af9-30b0ff0a6e3c}\U\80000032.@
    C:\Windows\Installer\{8b4e39ff-0b71-afcd-5af9-30b0ff0a6e3c}\U\80000064.@

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 9%
    Total physical RAM: 8172.12 MB
    Available physical RAM: 7377 MB
    Total Pagefile: 8170.27 MB
    Available Pagefile: 7362.92 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:465.66 GB) (Free:320.76 GB) NTFS
    3 Drive f: (PATRIOT) (Removable) (Total:3.63 GB) (Free:3.63 GB) FAT32
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B
    Disk 1 Online 3728 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 465 GB 101 MB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System Rese NTFS Partition 100 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 465 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3724 MB 4032 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F PATRIOT FAT32 Removable 3724 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-08 16:39

    ======================= End Of Log ==========================
  16. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    In Vista or Windows 7: Boot to System Recovery Options and run FRST.
    In Windows XP: Please boot to UBCD and run FRST.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes to your reply.
  17. Baggins25

    Baggins25 Newcomer, in training Topic Starter Posts: 24

    Here is the Search log:

    Farbar Recovery Scan Tool Version: 16-07-2012 02
    Ran by SYSTEM at 2012-07-17 19:48:21
    Running from F:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======
  18. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

    Attached Files:

  19. Baggins25

    Baggins25 Newcomer, in training Topic Starter Posts: 24

    Fixlog:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 16-07-2012 02
    Ran by SYSTEM at 2012-07-17 20:04:52 Run:1
    Running from F:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    C:\Windows\svchost.exe not found.
    C:\ProgramData\Microsoft\Windows\DRM\20AC.tmp.dat moved successfully.
    C:\ProgramData\Microsoft\Windows\DRM\2205.tmp moved successfully.
    C:\ProgramData\Microsoft\Windows\DRM\6431.tmp.dat moved successfully.
    C:\Windows\Installer\{8b4e39ff-0b71-afcd-5af9-30b0ff0a6e3c} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====


    ComboFix Log:

    ComboFix 12-07-16.01 - Kyle 07/17/2012 20:20:52.1.8 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8172.6785 [GMT -7:00]
    Running from: C:\Users\Kyle\Desktop\ComboFix.exe
    AV: ESET Smart Security 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    SP: ESET Smart Security 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


    ((((((((((((((((((((((((( Files Created from 2012-06-18 to 2012-07-18 )))))))))))))))))))))))))))))))


    2012-07-18 02:56:05 . 2012-07-18 02:56:09 -------- d-----w- C:\FRST
    2012-07-18 00:22:38 . 2012-07-18 00:22:38 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-07-17 18:47:28 . 2012-07-17 18:47:28 -------- d-----w- C:\Users\Kyle\AppData\Roaming\Malwarebytes
    2012-07-17 18:47:12 . 2012-07-17 18:47:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-17 18:47:12 . 2012-07-17 18:47:12 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-07-17 18:47:12 . 2012-07-03 20:46:44 24904 ----a-w- C:\Windows\system32\drivers\mbam.sys
    2012-07-17 16:13:43 . 2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\system32\win32k.sys
    2012-07-17 16:01:01 . 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\system32\crypt32.dll
    2012-07-17 16:01:00 . 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\system32\cryptsvc.dll
    2012-07-17 16:01:00 . 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\system32\cryptnet.dll
    2012-07-17 16:01:00 . 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-07-17 16:01:00 . 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-07-17 12:24:57 . 2012-07-17 12:24:57 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
    2012-07-17 12:14:42 . 2012-07-17 12:14:42 -------- d-----w- C:\Windows\Sun
    2012-07-15 23:18:31 . 2012-06-18 10:12:50 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E3A9C4F2-90C2-4FAF-86FE-1B21DAAD92EA}\mpengine.dll
    2012-07-15 23:18:31 . 2012-05-31 19:25:12 279656 ------w- C:\Windows\system32\MpSigStub.exe
    2012-07-15 22:49:31 . 2012-07-15 22:49:31 -------- d-----w- C:\Users\Kyle\AppData\Local\ESET
    2012-07-15 22:47:09 . 2012-07-15 22:47:09 -------- d-----w- C:\Program Files\ESET
    2012-06-22 16:11:46 . 2012-06-22 16:11:46 -------- d-----w- C:\Users\Kyle\AppData\Local\Macromedia
    2012-06-19 06:32:28 . 2012-06-02 22:19:43 2428952 ----a-w- C:\Windows\system32\wuaueng.dll
    2012-06-19 06:32:28 . 2012-06-02 22:19:42 57880 ----a-w- C:\Windows\system32\wuauclt.exe
    2012-06-19 06:32:28 . 2012-06-02 22:19:42 44056 ----a-w- C:\Windows\system32\wups2.dll
    2012-06-19 06:32:28 . 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\system32\wucltux.dll
    2012-06-19 06:32:20 . 2012-06-02 22:19:46 38424 ----a-w- C:\Windows\system32\wups.dll
    2012-06-19 06:32:20 . 2012-06-02 22:19:23 701976 ----a-w- C:\Windows\system32\wuapi.dll
    2012-06-19 06:32:20 . 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\system32\wudriver.dll
    2012-06-19 06:32:09 . 2012-06-02 22:19:42 186752 ----a-w- C:\Windows\system32\wuwebv.dll
    2012-06-19 06:32:09 . 2012-06-02 22:15:12 36864 ----a-w- C:\Windows\system32\wuapp.exe
    .


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2012-07-17 17:41:29 . 2011-11-13 06:28:46 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-07-17 17:41:29 . 2011-11-13 05:46:31 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-07-17 17:41:08 . 2011-11-13 05:46:31 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-07-17 15:38:08 . 2012-04-06 16:40:05 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-07-17 15:38:08 . 2011-11-13 10:38:47 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-15 10:48:00 . 2012-04-01 21:28:57 8105280 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
    2012-05-15 10:48:00 . 2012-04-01 21:28:57 68928 ----a-w- C:\Windows\system32\OpenCL.dll
    2012-05-15 10:48:00 . 2012-04-01 21:28:57 61248 ----a-w- C:\Windows\SysWow64\OpenCL.dll
    2012-05-15 10:48:00 . 2012-04-01 21:28:57 2368832 ----a-w- C:\Windows\SysWow64\nvapi.dll
    2012-05-15 10:48:00 . 2012-02-26 02:50:17 949056 ----a-w- C:\Windows\system32\nvumdshimx.dll
    2012-05-15 10:48:00 . 2011-11-13 04:58:40 1738048 ----a-w- C:\Windows\system32\nvdispco64.dll
    2012-05-15 10:48:00 . 2011-11-13 04:58:40 1468224 ----a-w- C:\Windows\system32\nvgenco64.dll
    2012-05-15 10:48:00 . 2011-11-13 04:58:40 10194752 ----a-w- C:\Windows\system32\nvwgf2umx.dll
    2012-05-15 10:48:00 . 2011-11-13 04:02:48 2741568 ----a-w- C:\Windows\system32\nvapi64.dll
    2012-05-15 10:48:00 . 2011-11-13 04:02:48 15322432 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
    2012-05-15 09:29:47 . 2010-12-27 19:54:40 889664 ----a-w- C:\Windows\system32\nvvsvc.exe
    2012-05-15 09:29:46 . 2010-12-27 19:54:42 118080 ----a-w- C:\Windows\system32\nvmctray.dll
    2012-05-15 09:29:46 . 2010-12-27 19:54:40 63296 ----a-w- C:\Windows\system32\nvshext.dll
    2012-05-15 09:29:45 . 2012-02-26 02:51:01 2621723 ----a-w- C:\Windows\system32\nvcoproc.bin
    2012-05-15 09:29:25 . 2010-12-27 19:54:54 3149632 ----a-w- C:\Windows\system32\nvsvc64.dll
    2012-05-15 09:28:42 . 2010-12-27 19:55:10 6151488 ----a-w- C:\Windows\system32\nvcpl.dll
    2012-05-15 09:21:50 . 2012-05-15 09:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}"= "C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll" [2011-05-09 08:49:38 176936]

    [HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]

    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
    2011-05-09 08:49:38 176936 ----a-w- C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}"= "C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll" [2011-05-09 08:49:38 176936]

    [HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "amd_dc_opt"="C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 21:53:10 77824]
    "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 04:28:32 59240]
    "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 13:10:42 843712]
    "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 21:02:04 254696]
    "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 12:09:24 421736]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    R3 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys [2012-03-14 15:40:02 209768]
    R3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 00:09:23 113120]
    R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50a64.sys [2006-11-29 05:46:20 43328]
    R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50a64.sys [2006-11-29 05:46:20 41280]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [2010-11-20 11:03:42 20992]
    R3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 11:07:05 59392]
    R3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;C:\Windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2011-11-14 05:22:39 1255736]
    R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\Windows\system32\DRIVERS\WPN111vx.sys [x]
    S0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 15:40:04 62496]
    S1 ehdrv;ehdrv;C:\Windows\system32\DRIVERS\ehdrv.sys [2012-03-14 15:40:02 148528]
    S1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 15:40:04 38288]
    S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 00:07:22 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 13:10:42 63928]
    S2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 22:40:34 913144]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 10:48:00 1262400]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 09:21:40 382272]
    S3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys [2011-02-24 18:30:50 126952]
    S3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys [2011-02-24 18:30:50 389608]
    S3 athur;Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys [2010-01-06 03:23:18 1847296]
    S3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-20 00:34:26 56344]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys [2012-04-18 17:08:03 188736]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-05-16 14:55:28 533096]


    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - WS2IFSL

    Contents of the 'Scheduled Tasks' folder

    2012-07-17 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1223303338-2475979266-795682110-1000Core.job
    - C:\Users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-21 19:36:39 . 2012-05-21 19:36:38]

    2012-07-18 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1223303338-2475979266-795682110-1000UA.job
    - C:\Users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-21 19:36:39 . 2012-05-21 19:36:38]


    --------- X64 Entries -----------


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 10:15:44 11613288]
    "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2012-03-07 22:40:30 4081008]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0

    ------- Supplementary Scan -------

    uLocal Page = C:\Windows\system32\blank.htm
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3106777
    mLocal Page = C:\Windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\u26m9orc.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false

    - - - - ORPHANS REMOVED - - - -

    AddRemove-Battlelog Web Plugins - C:\Program Files (x86)\Battlelog Web Plugins\uninstall.exe
    AddRemove-ESN Sonar-0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe
    AddRemove-PunkBusterSvc - C:\Windows\system32\pbsvc.exe
  20. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    Combofix log is incomplete.
    Bottom part is missing.
  21. Baggins25

    Baggins25 Newcomer, in training Topic Starter Posts: 24

    That is the entire contents of my ComboFix.txt file. Did I do something wrong?

    Edit: What did I do wrong? :)
  22. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    Re-run it one more time.
  23. Baggins25

    Baggins25 Newcomer, in training Topic Starter Posts: 24

    Okay, here is the complete log. I think I accidentally closed ComboFix early the first time.

    ComboFix 12-07-16.01 - Kyle 07/17/2012 20:49:26.2.8 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8172.6564 [GMT -7:00]
    Running from: c:\users\Kyle\Desktop\ComboFix.exe
    AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-18 to 2012-07-18 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-18 03:51 . 2012-07-18 03:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-07-18 03:51 . 2012-07-18 03:51 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-18 02:56 . 2012-07-18 02:56 -------- d-----w- C:\FRST
    2012-07-18 00:22 . 2012-07-18 00:22 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-07-17 18:47 . 2012-07-17 18:47 -------- d-----w- c:\users\Kyle\AppData\Roaming\Malwarebytes
    2012-07-17 18:47 . 2012-07-17 18:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-17 18:47 . 2012-07-17 18:47 -------- d-----w- c:\programdata\Malwarebytes
    2012-07-17 18:47 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-17 16:13 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-17 16:01 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
    2012-07-17 16:01 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-07-17 16:01 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-07-17 16:01 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-07-17 16:01 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-07-17 12:24 . 2012-07-17 12:24 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-07-17 12:14 . 2012-07-17 12:14 -------- d-----w- c:\windows\Sun
    2012-07-15 23:18 . 2012-06-18 10:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E3A9C4F2-90C2-4FAF-86FE-1B21DAAD92EA}\mpengine.dll
    2012-07-15 23:18 . 2012-05-31 19:25 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-07-15 22:49 . 2012-07-15 22:49 -------- d-----w- c:\users\Kyle\AppData\Local\ESET
    2012-07-15 22:47 . 2012-07-15 22:47 -------- d-----w- c:\program files\ESET
    2012-06-22 16:11 . 2012-06-22 16:11 -------- d-----w- c:\users\Kyle\AppData\Local\Macromedia
    2012-06-19 06:32 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-19 06:32 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-19 06:32 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-19 06:32 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-19 06:32 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-19 06:32 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-19 06:32 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-19 06:32 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-19 06:32 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-17 17:41 . 2011-11-13 06:28 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-07-17 17:41 . 2011-11-13 05:46 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-07-17 17:41 . 2011-11-13 05:46 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-07-17 15:38 . 2012-04-06 16:40 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-17 15:38 . 2011-11-13 10:38 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-15 10:48 . 2012-04-01 21:28 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2012-05-15 10:48 . 2012-04-01 21:28 68928 ----a-w- c:\windows\system32\OpenCL.dll
    2012-05-15 10:48 . 2012-04-01 21:28 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2012-05-15 10:48 . 2012-04-01 21:28 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
    2012-05-15 10:48 . 2012-02-26 02:50 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
    2012-05-15 10:48 . 2011-11-13 04:58 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
    2012-05-15 10:48 . 2011-11-13 04:58 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
    2012-05-15 10:48 . 2011-11-13 04:58 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2012-05-15 10:48 . 2011-11-13 04:02 2741568 ----a-w- c:\windows\system32\nvapi64.dll
    2012-05-15 10:48 . 2011-11-13 04:02 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2012-05-15 09:29 . 2010-12-27 19:54 889664 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-05-15 09:29 . 2010-12-27 19:54 118080 ----a-w- c:\windows\system32\nvmctray.dll
    2012-05-15 09:29 . 2010-12-27 19:54 63296 ----a-w- c:\windows\system32\nvshext.dll
    2012-05-15 09:29 . 2012-02-26 02:51 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
    2012-05-15 09:29 . 2010-12-27 19:54 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
    2012-05-15 09:28 . 2010-12-27 19:55 6151488 ----a-w- c:\windows\system32\nvcpl.dll
    2012-05-15 09:21 . 2012-05-15 09:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-07-18_03.25.46 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-11-13 04:08 . 2012-07-18 03:27 32126 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-07-18 03:27 30610 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-11-13 03:58 . 2012-07-18 03:27 11318 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1223303338-2475979266-795682110-1000_UserData.bin
    + 2011-11-14 05:11 . 2012-07-18 03:51 1604 c:\windows\system32\wdi\ERCQueuedResolutions.dat
    + 2012-07-18 03:52 . 2012-07-18 03:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-07-18 03:52 . 2012-07-18 03:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-07-18 03:25 . 2012-07-18 03:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-07-14 02:36 . 2012-07-18 03:12 615122 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-07-18 03:31 615122 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-07-18 03:31 103496 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2012-07-18 03:12 103496 c:\windows\system32\perfc009.dat
    - 2009-07-14 05:01 . 2012-07-18 03:24 261984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-07-18 03:51 261984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2011-11-13 10:52 . 2012-07-18 03:24 26467624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1223303338-2475979266-795682110-1000-8192.dat
    + 2011-11-13 10:52 . 2012-07-18 03:51 26467624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1223303338-2475979266-795682110-1000-8192.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}"= "c:\program files (x86)\WinZipBar\prxtbWinZ.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
    2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\WinZipBar\prxtbWinZ.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}"= "c:\program files (x86)\WinZipBar\prxtbWinZ.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R3 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
    R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys [2006-11-29 43328]
    R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [2006-11-29 41280]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-14 1255736]
    R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111vx.sys [x]
    S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 62496]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
    S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 38288]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 913144]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-02-24 126952]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-02-24 389608]
    S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-01-06 1847296]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-16 533096]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1223303338-2475979266-795682110-1000Core.job
    - c:\users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-21 19:36]
    .
    2012-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1223303338-2475979266-795682110-1000UA.job
    - c:\users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-21 19:36]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 4081008]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3106777
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\u26m9orc.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-17 20:57:02 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-18 03:57
    .
    Pre-Run: 346,657,468,416 bytes free
    Post-Run: 346,367,713,280 bytes free
    .
    - - End Of File - - E0BD287B7F7F8E381CF16FF669EB2AF9
  24. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    Looks good :)

    Any current issues?

    ===================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ======================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  25. Baggins25

    Baggins25 Newcomer, in training Topic Starter Posts: 24

    No longer receiving any notifications for Patched.B.Gen, Agent.BA, or Sirefef.AE :)

    Here are logs:

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.17.12

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Kyle :: KYLE-PC [administrator]

    7/17/2012 9:02:39 PM
    mbam-log-2012-07-17 (21-02-39).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 228929
    Time elapsed: 1 minute(s), 33 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.