Solved Patched.B.Gen/Agent.BA/Sirefef.AE Trojan

[Baggins25]

Hello,

Recently installed ESET Smart Security 5 and the same day began getting numerous error messages relating to Patched.B.Gen, Agent.BA, and Sirefef.AE Trojans.

First noticed the messages after downloading a Flash update? Saw someone else had mentioned the same in another thread.

Here are logs:

MBAB:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.17.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kyle :: KYLE-PC [administrator]

7/17/2012 11:48:02 AM
mbam-log-2012-07-17 (11-48-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226556
Time elapsed: 2 minute(s), 5 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 3664 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Kyle\AppData\Local\Temp\0.09328522569109254 (Trojan.Agent.EXPD1) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Temp\E305.tmp (Trojan.Agent.EXPD1) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

 

[Baggins25]

GMER didn't produce any logs.

DDS Log:

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{CDA43325-76F1-4B29-8C01-9D9866AAFD56} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{CDA43325-76F1-4B29-8C01-9D9866AAFD56}\37475627C696E676 : DhcpNameServer = 192.168.1.1
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
BHO-X64: WinZipBar - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\u26m9orc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Kyle\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
R1 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-3-7 913144]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-25 1262400]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
R3 athur;Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-24 113120]
S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50a64.sys --> C:\Windows\system32\Drivers\PCAMp50a64.sys [?]
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50a64.sys --> C:\Windows\system32\Drivers\PCASp50a64.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-17 18:54:45 20480 ----a-w- C:\Windows\svchost.exe
2012-07-17 18:47:28 -------- d-----w- C:\Users\Kyle\AppData\Roaming\Malwarebytes
2012-07-17 18:47:12 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-17 18:47:12 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-17 18:47:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-17 16:13:43 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-17 16:01:01 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-07-17 16:01:00 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-07-17 16:01:00 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-07-17 16:01:00 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-07-17 16:01:00 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-07-17 12:24:57 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-17 04:18:33 113664 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\2205.tmp
2012-07-17 04:18:33 113664 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\20AC.tmp.dat
2012-07-16 02:00:30 113664 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\6431.tmp.dat
2012-07-15 23:18:31 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E3A9C4F2-90C2-4FAF-86FE-1B21DAAD92EA}\mpengine.dll
2012-07-15 23:18:31 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-07-15 22:49:31 -------- d-----w- C:\Users\Kyle\AppData\Roaming\ESET
2012-07-15 22:49:31 -------- d-----w- C:\Users\Kyle\AppData\Local\ESET
2012-07-15 22:47:09 -------- d-----w- C:\Program Files\ESET
2012-06-22 16:11:46 -------- d-----w- C:\Users\Kyle\AppData\Local\Macromedia
2012-06-19 06:32:28 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-19 06:32:20 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-19 06:32:09 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-19 06:32:09 186752 ----a-w- C:\Windows\System32\wuwebv.dll
.
==================== Find3M ====================
.
2012-07-17 17:41:29 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-07-17 17:41:29 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-07-17 17:41:08 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-07-17 15:38:08 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-17 15:38:08 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-05-15 09:29:45 2621723 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-05-15 09:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-04-28 05:32:05 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
============= FINISH: 12:33:38.19 ===============

 

[Baggins25]

DDS Attach Log:

DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 11/12/2011 7:39:11 PM
System Uptime: 7/17/2012 11:53:28 AM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P8Z68-V LE
Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz | LGA1155 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 318.815 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP62: 7/11/2012 2:23:45 PM - Scheduled Checkpoint
RP63: 7/15/2012 3:56:57 PM - Removed AVG 2012
RP64: 7/15/2012 3:58:04 PM - Removed AVG 2012
RP65: 7/15/2012 4:18:18 PM - Windows Update
RP67: 7/16/2012 9:19:12 PM - Windows Defender Checkpoint
RP68: 7/17/2012 9:03:53 AM - Windows Update
RP69: 7/17/2012 11:40:53 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
AIM 7
Apple Application Support
Apple Software Update
Asmedia ASM104x USB 3.0 Host Controller Driver
Assassin's Creed Revelations
Batman: Arkham City™ PC
Battlefield 3™
Battlelog Web Plugins
CopyTrans Suite Remove Only
Diablo III
Download Updater (AOL LLC)
Dual-Core Optimizer
ESN Sonar
EVGA Precision 2.0.1
Google Chrome
Intel(R) Management Engine Components
Java Auto Updater
Java(TM) 6 Update 31
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Origin
PunkBuster Services

 

[Baggins25]

Any help would be greatly appreciated, and thank you in advance!

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[Baggins25]

Thanks for the quick reply. Ran TDSSKiller, here's the log:


17:21:53.0806 4556 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
17:21:54.0267 4556 ============================================================
17:21:54.0267 4556 Current date / time: 2012/07/17 17:21:54.0267
17:21:54.0267 4556 SystemInfo:
17:21:54.0267 4556
17:21:54.0267 4556 OS Version: 6.1.7601 ServicePack: 1.0
17:21:54.0267 4556 Product type: Workstation
17:21:54.0267 4556 ComputerName: KYLE-PC
17:21:54.0267 4556 UserName: Kyle
17:21:54.0267 4556 Windows directory: C:\Windows
17:21:54.0267 4556 System windows directory: C:\Windows
17:21:54.0267 4556 Running under WOW64
17:21:54.0267 4556 Processor architecture: Intel x64
17:21:54.0267 4556 Number of processors: 8
17:21:54.0267 4556 Page size: 0x1000
17:21:54.0267 4556 Boot type: Normal boot
17:21:54.0267 4556 ============================================================
17:21:54.0985 4556 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:21:54.0988 4556 ============================================================
17:21:54.0988 4556 \Device\Harddisk0\DR0:
17:21:54.0988 4556 MBR partitions:
17:21:54.0988 4556 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:21:54.0988 4556 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
17:21:54.0988 4556 ============================================================
17:21:55.0004 4556 C: <-> \Device\Harddisk0\DR0\Partition1
17:21:55.0004 4556 ============================================================
17:21:55.0004 4556 Initialize success
17:21:55.0004 4556 ============================================================
17:22:01.0683 5112 ============================================================
17:22:01.0683 5112 Scan started
17:22:01.0683 5112 Mode: Manual;
17:22:01.0683 5112 ============================================================
17:22:04.0747 5112 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:22:04.0750 5112 1394ohci - ok
17:22:04.0765 5112 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:22:04.0768 5112 ACPI - ok
17:22:04.0774 5112 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:22:04.0775 5112 AcpiPmi - ok
17:22:04.0868 5112 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:22:04.0869 5112 AdobeARMservice - ok
17:22:04.0899 5112 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:22:04.0903 5112 adp94xx - ok
17:22:04.0934 5112 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:22:04.0937 5112 adpahci - ok
17:22:04.0949 5112 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:22:04.0951 5112 adpu320 - ok
17:22:04.0969 5112 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:22:04.0970 5112 AeLookupSvc - ok
17:22:05.0005 5112 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:22:05.0009 5112 AFD - ok
17:22:05.0044 5112 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:22:05.0045 5112 agp440 - ok
17:22:05.0050 5112 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:22:05.0051 5112 ALG - ok
17:22:05.0061 5112 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:22:05.0061 5112 aliide - ok
17:22:05.0065 5112 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:22:05.0065 5112 amdide - ok
17:22:05.0098 5112 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:22:05.0099 5112 AmdK8 - ok
17:22:05.0106 5112 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:22:05.0107 5112 AmdPPM - ok
17:22:05.0122 5112 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
17:22:05.0123 5112 amdsata - ok
17:22:05.0137 5112 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:22:05.0139 5112 amdsbs - ok
17:22:05.0152 5112 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
17:22:05.0152 5112 amdxata - ok
17:22:05.0196 5112 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:22:05.0197 5112 AppID - ok
17:22:05.0213 5112 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:22:05.0214 5112 AppIDSvc - ok
17:22:05.0249 5112 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:22:05.0250 5112 Appinfo - ok
17:22:05.0344 5112 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:22:05.0345 5112 Apple Mobile Device - ok
17:22:05.0379 5112 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
17:22:05.0381 5112 AppMgmt - ok
17:22:05.0402 5112 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:22:05.0403 5112 arc - ok
17:22:05.0416 5112 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:22:05.0417 5112 arcsas - ok
17:22:05.0439 5112 asmthub3 (954950d11ada98ac1b7ee3c770e4622c) C:\Windows\system32\DRIVERS\asmthub3.sys
17:22:05.0439 5112 asmthub3 - ok
17:22:05.0456 5112 asmtxhci (01dbb05db1db95803e3c9f2b49afe79c) C:\Windows\system32\DRIVERS\asmtxhci.sys
17:22:05.0458 5112 asmtxhci - ok
17:22:05.0479 5112 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:22:05.0480 5112 AsyncMac - ok
17:22:05.0512 5112 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:22:05.0513 5112 atapi - ok
17:22:05.0588 5112 athur (36322190763845975e0d001e90687bf2) C:\Windows\system32\DRIVERS\athurx.sys
17:22:05.0618 5112 athur - ok
17:22:05.0724 5112 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:22:05.0729 5112 AudioEndpointBuilder - ok
17:22:05.0732 5112 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:22:05.0735 5112 AudioSrv - ok
17:22:05.0786 5112 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:22:05.0787 5112 AxInstSV - ok
17:22:05.0832 5112 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:22:05.0836 5112 b06bdrv - ok
17:22:05.0858 5112 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:22:05.0860 5112 b57nd60a - ok
17:22:05.0906 5112 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:22:05.0907 5112 BDESVC - ok
17:22:05.0918 5112 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:22:05.0919 5112 Beep - ok
17:22:05.0965 5112 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
17:22:05.0970 5112 BITS - ok
17:22:05.0978 5112 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:22:05.0979 5112 blbdrive - ok
17:22:06.0043 5112 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
17:22:06.0046 5112 Bonjour Service - ok
17:22:06.0072 5112 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:22:06.0074 5112 bowser - ok
17:22:06.0081 5112 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:22:06.0082 5112 BrFiltLo - ok
17:22:06.0094 5112 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:22:06.0095 5112 BrFiltUp - ok
17:22:06.0144 5112 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:22:06.0146 5112 Browser - ok
17:22:06.0191 5112 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:22:06.0196 5112 Brserid - ok
17:22:06.0204 5112 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:22:06.0205 5112 BrSerWdm - ok
17:22:06.0207 5112 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:22:06.0208 5112 BrUsbMdm - ok
17:22:06.0212 5112 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:22:06.0213 5112 BrUsbSer - ok
17:22:06.0224 5112 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:22:06.0225 5112 BTHMODEM - ok
17:22:06.0241 5112 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:22:06.0242 5112 bthserv - ok
17:22:06.0249 5112 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:22:06.0250 5112 cdfs - ok
17:22:06.0298 5112 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
17:22:06.0300 5112 cdrom - ok
17:22:06.0334 5112 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:22:06.0335 5112 CertPropSvc - ok
17:22:06.0354 5112 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:22:06.0356 5112 circlass - ok
17:22:06.0412 5112 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:22:06.0415 5112 CLFS - ok
17:22:06.0470 5112 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:22:06.0471 5112 clr_optimization_v2.0.50727_32 - ok
17:22:06.0505 5112 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:22:06.0506 5112 clr_optimization_v2.0.50727_64 - ok
17:22:06.0554 5112 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:22:06.0555 5112 CmBatt - ok
17:22:06.0589 5112 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:22:06.0590 5112 cmdide - ok
17:22:06.0647 5112 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
17:22:06.0650 5112 CNG - ok
17:22:06.0652 5112 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:22:06.0653 5112 Compbatt - ok
17:22:06.0699 5112 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:22:06.0701 5112 CompositeBus - ok
17:22:06.0709 5112 COMSysApp - ok
17:22:06.0715 5112 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:22:06.0716 5112 crcdisk - ok
17:22:06.0761 5112 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
17:22:06.0763 5112 CryptSvc - ok
17:22:06.0799 5112 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
17:22:06.0803 5112 CSC - ok
17:22:06.0823 5112 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
17:22:06.0827 5112 CscService - ok
17:22:06.0871 5112 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:22:06.0875 5112 DcomLaunch - ok
17:22:06.0899 5112 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:22:06.0901 5112 defragsvc - ok
17:22:06.0954 5112 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:22:06.0955 5112 DfsC - ok
17:22:06.0986 5112 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:22:06.0988 5112 Dhcp - ok
17:22:07.0007 5112 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:22:07.0008 5112 discache - ok
17:22:07.0018 5112 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:22:07.0019 5112 Disk - ok
17:22:07.0037 5112 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:22:07.0039 5112 Dnscache - ok
17:22:07.0073 5112 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:22:07.0075 5112 dot3svc - ok
17:22:07.0109 5112 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:22:07.0111 5112 DPS - ok
17:22:07.0133 5112 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:22:07.0134 5112 drmkaud - ok
17:22:07.0184 5112 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:22:07.0188 5112 DXGKrnl - ok
17:22:07.0241 5112 eamonm (d00eae9c735a7dee8049e50d73d25434) C:\Windows\system32\DRIVERS\eamonm.sys
17:22:07.0242 5112 eamonm - ok
17:22:07.0265 5112 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:22:07.0267 5112 EapHost - ok
17:22:07.0350 5112 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:22:07.0393 5112 ebdrv - ok
17:22:07.0455 5112 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:22:07.0471 5112 EFS - ok
17:22:07.0544 5112 ehdrv (e5edde3c8158dd0cbc5812f201dcded0) C:\Windows\system32\DRIVERS\ehdrv.sys
17:22:07.0545 5112 ehdrv - ok
17:22:07.0600 5112 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:22:07.0605 5112 ehRecvr - ok
17:22:07.0625 5112 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:22:07.0626 5112 ehSched - ok
17:22:07.0741 5112 ekrn (ad4faade819e0da9933bea7c01d2c763) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
17:22:07.0745 5112 ekrn - ok
17:22:07.0814 5112 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:22:07.0818 5112 elxstor - ok
17:22:07.0881 5112 epfw (587f0f4145a1536a6e37efd769b7665f) C:\Windows\system32\DRIVERS\epfw.sys
17:22:07.0882 5112 epfw - ok
17:22:07.0894 5112 EpfwLWF (d2f812358ee8ee23cbb5c4daffb5b819) C:\Windows\system32\DRIVERS\EpfwLWF.sys
17:22:07.0894 5112 EpfwLWF - ok
17:22:07.0931 5112 epfwwfp (34bf55d69ab74d14c7e7a17259cb7df8) C:\Windows\system32\DRIVERS\epfwwfp.sys
17:22:07.0931 5112 epfwwfp - ok
17:22:07.0955 5112 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:22:07.0956 5112 ErrDev - ok
17:22:07.0983 5112 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:22:07.0986 5112 EventSystem - ok
17:22:08.0001 5112 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:22:08.0004 5112 exfat - ok
17:22:08.0019 5112 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:22:08.0021 5112 fastfat - ok
17:22:08.0069 5112 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:22:08.0074 5112 Fax - ok
17:22:08.0086 5112 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:22:08.0087 5112 fdc - ok
17:22:08.0108 5112 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:22:08.0109 5112 fdPHost - ok
17:22:08.0118 5112 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:22:08.0119 5112 FDResPub - ok
17:22:08.0131 5112 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:22:08.0132 5112 FileInfo - ok
17:22:08.0141 5112 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:22:08.0142 5112 Filetrace - ok
17:22:08.0151 5112 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:22:08.0152 5112 flpydisk - ok
17:22:08.0183 5112 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:22:08.0186 5112 FltMgr - ok
17:22:08.0237 5112 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
17:22:08.0253 5112 FontCache - ok
17:22:08.0312 5112 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:22:08.0313 5112 FontCache3.0.0.0 - ok
17:22:08.0348 5112 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:22:08.0349 5112 FsDepends - ok
17:22:08.0373 5112 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
17:22:08.0374 5112 Fs_Rec - ok
17:22:08.0424 5112 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:22:08.0426 5112 fvevol - ok
17:22:08.0434 5112 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:22:08.0435 5112 gagp30kx - ok
17:22:08.0468 5112 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:22:08.0469 5112 GEARAspiWDM - ok
17:22:08.0748 5112 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:22:08.0755 5112 gpsvc - ok
17:22:08.0769 5112 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:22:08.0770 5112 hcw85cir - ok
17:22:08.0819 5112 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:22:08.0822 5112 HdAudAddService - ok
17:22:08.0841 5112 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:22:08.0842 5112 HDAudBus - ok
17:22:08.0854 5112 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:22:08.0855 5112 HidBatt - ok
17:22:08.0861 5112 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:22:08.0862 5112 HidBth - ok
17:22:08.0869 5112 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:22:08.0870 5112 HidIr - ok
17:22:08.0891 5112 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
17:22:08.0892 5112 hidserv - ok
17:22:08.0919 5112 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:22:08.0920 5112 HidUsb - ok
17:22:08.0967 5112 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:22:08.0968 5112 hkmsvc - ok
17:22:09.0006 5112 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:22:09.0008 5112 HomeGroupListener - ok
17:22:09.0020 5112 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:22:09.0022 5112 HomeGroupProvider - ok
17:22:09.0031 5112 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:22:09.0032 5112 HpSAMD - ok
17:22:09.0072 5112 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:22:09.0077 5112 HTTP - ok
17:22:09.0079 5112 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:22:09.0080 5112 hwpolicy - ok
17:22:09.0106 5112 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:22:09.0108 5112 i8042prt - ok
17:22:09.0124 5112 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
17:22:09.0127 5112 iaStorV - ok
17:22:09.0186 5112 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:22:09.0193 5112 idsvc - ok
17:22:09.0220 5112 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:22:09.0221 5112 iirsp - ok
17:22:09.0271 5112 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:22:09.0276 5112 IKEEXT - ok
17:22:09.0345 5112 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys
17:22:09.0355 5112 IntcAzAudAddService - ok
17:22:09.0416 5112 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:22:09.0417 5112 intelide - ok
17:22:09.0447 5112 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:22:09.0448 5112 intelppm - ok
17:22:09.0476 5112 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:22:09.0478 5112 IPBusEnum - ok
17:22:09.0513 5112 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:22:09.0514 5112 IpFilterDriver - ok
17:22:09.0529 5112 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:22:09.0530 5112 IPMIDRV - ok
17:22:09.0553 5112 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:22:09.0555 5112 IPNAT - ok
17:22:09.0631 5112 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
17:22:09.0636 5112 iPod Service - ok
17:22:09.0649 5112 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:22:09.0650 5112 IRENUM - ok
17:22:09.0705 5112 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:22:09.0706 5112 isapnp - ok
17:22:09.0835 5112 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:22:09.0838 5112 iScsiPrt - ok
17:22:09.0860 5112 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:22:09.0861 5112 kbdclass - ok
17:22:09.0899 5112 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
17:22:09.0900 5112 kbdhid - ok
17:22:09.0927 5112 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:22:09.0928 5112 KeyIso - ok
17:22:09.0954 5112 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
17:22:09.0955 5112 KSecDD - ok
17:22:09.0971 5112 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
17:22:09.0972 5112 KSecPkg - ok
17:22:09.0996 5112 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:22:09.0997 5112 ksthunk - ok
17:22:10.0020 5112 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:22:10.0023 5112 KtmRm - ok
17:22:10.0063 5112 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
17:22:10.0066 5112 LanmanServer - ok
17:22:10.0101 5112 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:22:10.0103 5112 LanmanWorkstation - ok
17:22:10.0134 5112 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:22:10.0136 5112 lltdio - ok
17:22:10.0156 5112 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:22:10.0163 5112 lltdsvc - ok
17:22:10.0175 5112 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:22:10.0176 5112 lmhosts - ok
17:22:10.0202 5112 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:22:10.0203 5112 LSI_FC - ok
17:22:10.0213 5112 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:22:10.0214 5112 LSI_SAS - ok
17:22:10.0222 5112 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:22:10.0223 5112 LSI_SAS2 - ok
17:22:10.0231 5112 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:22:10.0232 5112 LSI_SCSI - ok
17:22:10.0252 5112 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:22:10.0254 5112 luafv - ok
17:22:10.0290 5112 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:22:10.0292 5112 Mcx2Svc - ok
17:22:10.0298 5112 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:22:10.0299 5112 megasas - ok
17:22:10.0318 5112 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:22:10.0321 5112 MegaSR - ok
17:22:10.0354 5112 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
17:22:10.0354 5112 MEIx64 - ok
17:22:10.0378 5112 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:22:10.0379 5112 MMCSS - ok
17:22:10.0382 5112 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:22:10.0383 5112 Modem - ok
17:22:10.0407 5112 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:22:10.0407 5112 monitor - ok
17:22:10.0437 5112 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:22:10.0437 5112 mouclass - ok
17:22:10.0456 5112 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:22:10.0457 5112 mouhid - ok
17:22:10.0485 5112 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:22:10.0486 5112 mountmgr - ok
17:22:10.0586 5112 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:22:10.0587 5112 MozillaMaintenance - ok
17:22:10.0597 5112 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:22:10.0599 5112 mpio - ok
17:22:10.0616 5112 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:22:10.0617 5112 mpsdrv - ok
17:22:10.0654 5112 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:22:10.0656 5112 MRxDAV - ok
17:22:10.0676 5112 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:22:10.0677 5112 mrxsmb - ok
17:22:10.0690 5112 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:22:10.0692 5112 mrxsmb10 - ok
17:22:10.0703 5112 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:22:10.0704 5112 mrxsmb20 - ok
17:22:10.0711 5112 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:22:10.0712 5112 msahci - ok
17:22:10.0730 5112 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:22:10.0732 5112 msdsm - ok
17:22:10.0755 5112 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:22:10.0757 5112 MSDTC - ok
17:22:10.0784 5112 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:22:10.0785 5112 Msfs - ok
17:22:10.0793 5112 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:22:10.0794 5112 mshidkmdf - ok
17:22:10.0796 5112 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:22:10.0796 5112 msisadrv - ok
17:22:10.0818 5112 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:22:10.0820 5112 MSiSCSI - ok
17:22:10.0822 5112 msiserver - ok
17:22:10.0840 5112 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:22:10.0841 5112 MSKSSRV - ok
17:22:10.0851 5112 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:22:10.0852 5112 MSPCLOCK - ok
17:22:10.0864 5112 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:22:10.0865 5112 MSPQM - ok
17:22:10.0902 5112 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:22:10.0904 5112 MsRPC - ok
17:22:10.0915 5112 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:22:10.0915 5112 mssmbios - ok
17:22:10.0926 5112 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:22:10.0927 5112 MSTEE - ok
17:22:10.0936 5112 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:22:10.0936 5112 MTConfig - ok

 

[Baggins25]

Continued...



17:22:10.0953 5112 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:22:10.0954 5112 Mup - ok
17:22:10.0970 5112 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:22:10.0974 5112 napagent - ok
17:22:11.0003 5112 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:22:11.0006 5112 NativeWifiP - ok
17:22:11.0055 5112 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:22:11.0061 5112 NDIS - ok
17:22:11.0080 5112 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:22:11.0081 5112 NdisCap - ok
17:22:11.0093 5112 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:22:11.0094 5112 NdisTapi - ok
17:22:11.0126 5112 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:22:11.0127 5112 Ndisuio - ok
17:22:11.0160 5112 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:22:11.0162 5112 NdisWan - ok
17:22:11.0190 5112 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:22:11.0191 5112 NDProxy - ok
17:22:11.0201 5112 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:22:11.0202 5112 NetBIOS - ok
17:22:11.0232 5112 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:22:11.0234 5112 NetBT - ok
17:22:11.0259 5112 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:22:11.0260 5112 Netlogon - ok
17:22:11.0293 5112 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:22:11.0296 5112 Netman - ok
17:22:11.0311 5112 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:22:11.0315 5112 netprofm - ok
17:22:11.0362 5112 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:22:11.0363 5112 NetTcpPortSharing - ok
17:22:11.0381 5112 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:22:11.0382 5112 nfrd960 - ok
17:22:11.0418 5112 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:22:11.0421 5112 NlaSvc - ok
17:22:11.0430 5112 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:22:11.0431 5112 Npfs - ok
17:22:11.0456 5112 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:22:11.0457 5112 nsi - ok
17:22:11.0463 5112 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:22:11.0464 5112 nsiproxy - ok
17:22:11.0505 5112 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
17:22:11.0532 5112 Ntfs - ok
17:22:11.0602 5112 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:22:11.0603 5112 Null - ok
17:22:11.0622 5112 NVHDA (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys
17:22:11.0624 5112 NVHDA - ok
17:22:11.0925 5112 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:22:11.0973 5112 nvlddmkm - ok
17:22:12.0071 5112 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
17:22:12.0072 5112 nvraid - ok
17:22:12.0084 5112 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
17:22:12.0086 5112 nvstor - ok
17:22:12.0137 5112 NVSvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
17:22:12.0143 5112 NVSvc - ok
17:22:12.0227 5112 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:22:12.0250 5112 nvUpdatusService - ok
17:22:12.0323 5112 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:22:12.0325 5112 nv_agp - ok
17:22:12.0447 5112 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:22:12.0450 5112 odserv - ok
17:22:12.0463 5112 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:22:12.0465 5112 ohci1394 - ok
17:22:12.0482 5112 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:22:12.0484 5112 ose - ok
17:22:12.0510 5112 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:22:12.0513 5112 p2pimsvc - ok
17:22:12.0538 5112 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:22:12.0542 5112 p2psvc - ok
17:22:12.0556 5112 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:22:12.0557 5112 Parport - ok
17:22:12.0584 5112 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
17:22:12.0585 5112 partmgr - ok
17:22:12.0617 5112 PCAMp50a64 (304e6ac43613a9c43896c4300009442b) C:\Windows\system32\Drivers\PCAMp50a64.sys
17:22:12.0618 5112 PCAMp50a64 - ok
17:22:12.0633 5112 PCASp50a64 (18b6869e23937175144e6f1d3cb85fc2) C:\Windows\system32\Drivers\PCASp50a64.sys
17:22:12.0634 5112 PCASp50a64 - ok
17:22:12.0648 5112 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:22:12.0650 5112 PcaSvc - ok
17:22:12.0685 5112 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:22:12.0687 5112 pci - ok
17:22:12.0696 5112 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:22:12.0697 5112 pciide - ok
17:22:12.0718 5112 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:22:12.0720 5112 pcmcia - ok
17:22:12.0727 5112 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:22:12.0727 5112 pcw - ok
17:22:12.0745 5112 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:22:12.0750 5112 PEAUTH - ok
17:22:12.0806 5112 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
17:22:12.0818 5112 PeerDistSvc - ok
17:22:12.0866 5112 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:22:12.0867 5112 PerfHost - ok
17:22:12.0947 5112 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:22:12.0979 5112 pla - ok
17:22:13.0009 5112 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:22:13.0013 5112 PlugPlay - ok
17:22:13.0042 5112 PnkBstrA - ok
17:22:13.0056 5112 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:22:13.0057 5112 PNRPAutoReg - ok
17:22:13.0076 5112 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:22:13.0078 5112 PNRPsvc - ok
17:22:13.0119 5112 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:22:13.0123 5112 PolicyAgent - ok
17:22:13.0140 5112 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:22:13.0143 5112 Power - ok
17:22:13.0199 5112 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:22:13.0200 5112 PptpMiniport - ok
17:22:13.0216 5112 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:22:13.0217 5112 Processor - ok
17:22:13.0233 5112 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
17:22:13.0236 5112 ProfSvc - ok
17:22:13.0265 5112 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:22:13.0266 5112 ProtectedStorage - ok
17:22:13.0300 5112 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:22:13.0302 5112 Psched - ok
17:22:13.0354 5112 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:22:13.0380 5112 ql2300 - ok
17:22:13.0437 5112 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:22:13.0438 5112 ql40xx - ok
17:22:13.0457 5112 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:22:13.0460 5112 QWAVE - ok
17:22:13.0471 5112 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:22:13.0472 5112 QWAVEdrv - ok
17:22:13.0485 5112 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:22:13.0486 5112 RasAcd - ok
17:22:13.0521 5112 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:22:13.0522 5112 RasAgileVpn - ok
17:22:13.0535 5112 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:22:13.0537 5112 RasAuto - ok
17:22:13.0569 5112 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:22:13.0570 5112 Rasl2tp - ok
17:22:13.0610 5112 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:22:13.0613 5112 RasMan - ok
17:22:13.0619 5112 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:22:13.0620 5112 RasPppoe - ok
17:22:13.0651 5112 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:22:13.0653 5112 RasSstp - ok
17:22:13.0668 5112 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:22:13.0671 5112 rdbss - ok
17:22:13.0683 5112 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:22:13.0684 5112 rdpbus - ok
17:22:13.0689 5112 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:22:13.0690 5112 RDPCDD - ok
17:22:13.0721 5112 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
17:22:13.0723 5112 RDPDR - ok
17:22:13.0739 5112 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:22:13.0740 5112 RDPENCDD - ok
17:22:13.0749 5112 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:22:13.0750 5112 RDPREFMP - ok
17:22:13.0825 5112 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
17:22:13.0826 5112 RdpVideoMiniport - ok
17:22:13.0861 5112 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
17:22:13.0863 5112 RDPWD - ok
17:22:13.0888 5112 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:22:13.0890 5112 rdyboost - ok
17:22:13.0920 5112 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:22:13.0922 5112 RemoteAccess - ok
17:22:13.0954 5112 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:22:13.0956 5112 RemoteRegistry - ok
17:22:13.0963 5112 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:22:13.0965 5112 RpcEptMapper - ok
17:22:13.0981 5112 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:22:13.0983 5112 RpcLocator - ok
17:22:14.0020 5112 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:22:14.0022 5112 RpcSs - ok
17:22:14.0043 5112 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:22:14.0044 5112 rspndr - ok
17:22:14.0072 5112 RTL8167 (e50cfb92986dcab49de93788fd695813) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:22:14.0074 5112 RTL8167 - ok
17:22:14.0104 5112 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
17:22:14.0105 5112 s3cap - ok
17:22:14.0131 5112 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:22:14.0132 5112 SamSs - ok
17:22:14.0147 5112 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:22:14.0149 5112 sbp2port - ok
17:22:14.0175 5112 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:22:14.0177 5112 SCardSvr - ok
17:22:14.0210 5112 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:22:14.0211 5112 scfilter - ok
17:22:14.0261 5112 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:22:14.0277 5112 Schedule - ok
17:22:14.0308 5112 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:22:14.0308 5112 SCPolicySvc - ok
17:22:14.0342 5112 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:22:14.0345 5112 SDRSVC - ok
17:22:14.0388 5112 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:22:14.0389 5112 secdrv - ok
17:22:14.0398 5112 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:22:14.0399 5112 seclogon - ok
17:22:14.0419 5112 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
17:22:14.0420 5112 SENS - ok
17:22:14.0429 5112 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:22:14.0430 5112 SensrSvc - ok
17:22:14.0448 5112 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:22:14.0449 5112 Serenum - ok
17:22:14.0473 5112 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:22:14.0474 5112 Serial - ok
17:22:14.0500 5112 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:22:14.0501 5112 sermouse - ok
17:22:14.0535 5112 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:22:14.0537 5112 SessionEnv - ok
17:22:14.0546 5112 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:22:14.0547 5112 sffdisk - ok
17:22:14.0555 5112 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:22:14.0556 5112 sffp_mmc - ok
17:22:14.0558 5112 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:22:14.0559 5112 sffp_sd - ok
17:22:14.0568 5112 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:22:14.0569 5112 sfloppy - ok
17:22:14.0605 5112 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:22:14.0609 5112 ShellHWDetection - ok
17:22:14.0620 5112 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:22:14.0621 5112 SiSRaid2 - ok
17:22:14.0634 5112 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:22:14.0636 5112 SiSRaid4 - ok
17:22:14.0657 5112 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:22:14.0659 5112 Smb - ok
17:22:14.0684 5112 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:22:14.0686 5112 SNMPTRAP - ok
17:22:14.0693 5112 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:22:14.0694 5112 spldr - ok
17:22:14.0716 5112 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:22:14.0720 5112 Spooler - ok
17:22:15.0031 5112 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:22:15.0104 5112 sppsvc - ok
17:22:15.0163 5112 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:22:15.0165 5112 sppuinotify - ok
17:22:15.0205 5112 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:22:15.0209 5112 srv - ok
17:22:15.0221 5112 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:22:15.0225 5112 srv2 - ok
17:22:15.0237 5112 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:22:15.0239 5112 srvnet - ok
17:22:15.0262 5112 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:22:15.0264 5112 SSDPSRV - ok
17:22:15.0273 5112 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:22:15.0275 5112 SstpSvc - ok
17:22:15.0342 5112 Steam Client Service - ok
17:22:15.0429 5112 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:22:15.0432 5112 Stereo Service - ok
17:22:15.0452 5112 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:22:15.0453 5112 stexstor - ok
17:22:15.0497 5112 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:22:15.0501 5112 stisvc - ok
17:22:15.0536 5112 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
17:22:15.0537 5112 storflt - ok
17:22:15.0550 5112 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
17:22:15.0551 5112 storvsc - ok
17:22:15.0559 5112 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:22:15.0559 5112 swenum - ok
17:22:15.0589 5112 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:22:15.0593 5112 swprv - ok
17:22:15.0611 5112 Synth3dVsc - ok
17:22:15.0673 5112 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:22:15.0701 5112 SysMain - ok
17:22:15.0769 5112 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:22:15.0771 5112 TabletInputService - ok
17:22:15.0801 5112 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:22:15.0805 5112 TapiSrv - ok
17:22:15.0827 5112 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:22:15.0829 5112 TBS - ok
17:22:15.0900 5112 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
17:22:15.0928 5112 Tcpip - ok
17:22:16.0009 5112 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
17:22:16.0016 5112 TCPIP6 - ok
17:22:16.0083 5112 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:22:16.0084 5112 tcpipreg - ok
17:22:16.0109 5112 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:22:16.0110 5112 TDPIPE - ok
17:22:16.0143 5112 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:22:16.0144 5112 TDTCP - ok
17:22:16.0192 5112 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:22:16.0193 5112 tdx - ok
17:22:16.0227 5112 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:22:16.0227 5112 TermDD - ok
17:22:16.0246 5112 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:22:16.0252 5112 TermService - ok
17:22:16.0265 5112 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:22:16.0267 5112 Themes - ok
17:22:16.0287 5112 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:22:16.0288 5112 THREADORDER - ok
17:22:16.0302 5112 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:22:16.0304 5112 TrkWks - ok
17:22:16.0346 5112 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:22:16.0348 5112 TrustedInstaller - ok
17:22:16.0366 5112 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:22:16.0367 5112 tssecsrv - ok
17:22:16.0413 5112 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:22:16.0414 5112 TsUsbFlt - ok
17:22:16.0428 5112 tsusbhub - ok
17:22:16.0467 5112 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:22:16.0468 5112 tunnel - ok
17:22:16.0488 5112 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:22:16.0489 5112 uagp35 - ok
17:22:16.0509 5112 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:22:16.0512 5112 udfs - ok
17:22:16.0535 5112 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:22:16.0537 5112 UI0Detect - ok
17:22:16.0567 5112 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:22:16.0568 5112 uliagpkx - ok
17:22:16.0602 5112 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
17:22:16.0603 5112 umbus - ok
17:22:16.0627 5112 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:22:16.0627 5112 UmPass - ok
17:22:16.0646 5112 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
17:22:16.0648 5112 UmRdpService - ok
17:22:16.0663 5112 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:22:16.0667 5112 upnphost - ok
17:22:16.0697 5112 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
17:22:16.0698 5112 usbccgp - ok
17:22:16.0710 5112 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:22:16.0712 5112 usbcir - ok
17:22:16.0725 5112 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
17:22:16.0726 5112 usbehci - ok
17:22:16.0746 5112 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
17:22:16.0749 5112 usbhub - ok
17:22:16.0756 5112 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
17:22:16.0756 5112 usbohci - ok
17:22:16.0769 5112 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:22:16.0770 5112 usbprint - ok
17:22:16.0783 5112 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:22:16.0784 5112 USBSTOR - ok
17:22:16.0798 5112 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
17:22:16.0799 5112 usbuhci - ok
17:22:16.0822 5112 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:22:16.0823 5112 UxSms - ok
17:22:16.0844 5112 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:22:16.0845 5112 VaultSvc - ok
17:22:16.0869 5112 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:22:16.0870 5112 vdrvroot - ok
17:22:16.0911 5112 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:22:16.0916 5112 vds - ok
17:22:16.0947 5112 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:22:16.0948 5112 vga - ok
17:22:16.0966 5112 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:22:16.0967 5112 VgaSave - ok
17:22:16.0984 5112 VGPU - ok
17:22:16.0998 5112 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:22:17.0000 5112 vhdmp - ok
17:22:17.0016 5112 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:22:17.0017 5112 viaide - ok
17:22:17.0035 5112 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
17:22:17.0036 5112 vmbus - ok
17:22:17.0047 5112 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
17:22:17.0048 5112 VMBusHID - ok
17:22:17.0058 5112 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:22:17.0059 5112 volmgr - ok
17:22:17.0095 5112 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:22:17.0097 5112 volmgrx - ok
17:22:17.0129 5112 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:22:17.0132 5112 volsnap - ok
17:22:17.0157 5112 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:22:17.0159 5112 vsmraid - ok
17:22:17.0240 5112 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:22:17.0266 5112 VSS - ok
17:22:17.0322 5112 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
17:22:17.0323 5112 vwifibus - ok
17:22:17.0338 5112 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:22:17.0340 5112 vwififlt - ok
17:22:17.0366 5112 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:22:17.0369 5112 W32Time - ok
17:22:17.0376 5112 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:22:17.0377 5112 WacomPen - ok
17:22:17.0417 5112 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:22:17.0419 5112 WANARP - ok
17:22:17.0420 5112 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:22:17.0421 5112 Wanarpv6 - ok
17:22:17.0469 5112 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:22:17.0493 5112 WatAdminSvc - ok
17:22:17.0557 5112 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:22:17.0587 5112 wbengine - ok
17:22:17.0655 5112 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:22:17.0658 5112 WbioSrvc - ok
17:22:17.0699 5112 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:22:17.0702 5112 wcncsvc - ok
17:22:17.0715 5112 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:22:17.0717 5112 WcsPlugInService - ok
17:22:17.0730 5112 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:22:17.0731 5112 Wd - ok
17:22:17.0754 5112 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:22:17.0758 5112 Wdf01000 - ok
17:22:17.0768 5112 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:22:17.0770 5112 WdiServiceHost - ok
17:22:17.0772 5112 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:22:17.0773 5112 WdiSystemHost - ok
17:22:17.0814 5112 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:22:17.0817 5112 WebClient - ok
17:22:17.0848 5112 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:22:17.0851 5112 Wecsvc - ok
17:22:17.0859 5112 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:22:17.0861 5112 wercplsupport - ok
17:22:17.0875 5112 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:22:17.0877 5112 WerSvc - ok
17:22:17.0914 5112 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:22:17.0915 5112 WfpLwf - ok
17:22:17.0927 5112 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:22:17.0928 5112 WIMMount - ok
17:22:17.0931 5112 WinHttpAutoProxySvc - ok
17:22:17.0967 5112 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:22:17.0970 5112 Winmgmt - ok
17:22:18.0035 5112 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:22:18.0065 5112 WinRM - ok
17:22:18.0154 5112 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:22:18.0160 5112 Wlansvc - ok
17:22:18.0295 5112 wlidsvc (98f138897ef4246381d197cb81846d62) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:22:18.0330 5112 wlidsvc - ok
17:22:18.0411 5112 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:22:18.0412 5112 WmiAcpi - ok
17:22:18.0452 5112 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:22:18.0454 5112 wmiApSrv - ok
17:22:18.0474 5112 WMPNetworkSvc - ok
17:22:18.0491 5112 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:22:18.0493 5112 WPCSvc - ok
17:22:18.0555 5112 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:22:18.0557 5112 WPDBusEnum - ok
17:22:18.0569 5112 WPN111 - ok
17:22:18.0589 5112 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:22:18.0590 5112 ws2ifsl - ok
17:22:18.0591 5112 WSearch - ok
17:22:18.0670 5112 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
17:22:18.0700 5112 wuauserv - ok
17:22:18.0779 5112 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:22:18.0781 5112 WudfPf - ok
17:22:18.0801 5112 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:22:18.0803 5112 WUDFRd - ok
17:22:18.0831 5112 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:22:18.0833 5112 wudfsvc - ok
17:22:18.0876 5112 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:22:18.0879 5112 WwanSvc - ok
17:22:18.0898 5112 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:22:18.0923 5112 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
17:22:18.0924 5112 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
17:22:18.0954 5112 Boot (0x1200) (97a10b9b28b8111029506884808ce141) \Device\Harddisk0\DR0\Partition0
17:22:18.0955 5112 \Device\Harddisk0\DR0\Partition0 - ok
17:22:18.0964 5112 Boot (0x1200) (ce16f9adf728a823cc780f5e0264308f) \Device\Harddisk0\DR0\Partition1
17:22:18.0966 5112 \Device\Harddisk0\DR0\Partition1 - ok
17:22:18.0966 5112 ============================================================
17:22:18.0966 5112 Scan finished
17:22:18.0966 5112 ============================================================
17:22:18.0970 3776 Detected object count: 1
17:22:18.0970 3776 Actual detected object count: 1
17:22:38.0951 3776 \Device\Harddisk0\DR0\# - copied to quarantine
17:22:38.0953 3776 \Device\Harddisk0\DR0 - copied to quarantine
17:22:38.0991 3776 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
17:22:39.0193 3776 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
17:22:39.0343 3776 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
17:22:39.0504 3776 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
17:22:39.0801 3776 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
17:22:40.0017 3776 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
17:22:40.0181 3776 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
17:22:40.0183 3776 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
17:22:40.0207 3776 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
17:22:40.0242 3776 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
17:22:40.0521 3776 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
17:22:40.0695 3776 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
17:22:40.0696 3776 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
17:22:40.0700 3776 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
17:22:40.0712 3776 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
17:22:40.0910 3776 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
17:22:40.0938 3776 \Device\Harddisk0\DR0 - ok
17:22:40.0945 3776 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
17:22:59.0845 4032 Deinitialize success

 

[Broni]

Good

Update MBAM, post new log.

Next...

• Download RogueKiller on the desktop
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=====================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

[Baggins25]

Here is new MBAM log:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.17.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kyle :: KYLE-PC [administrator]

7/17/2012 5:57:51 PM
mbam-log-2012-07-17 (17-57-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226390
Time elapsed: 1 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

 

[Baggins25]

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Kyle [Admin rights]
Mode: Scan -- Date: 07/17/2012 18:11:04

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : c:\windows\installer\{8b4e39ff-0b71-afcd-5af9-30b0ff0a6e3c}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\windows\installer\{8b4e39ff-0b71-afcd-5af9-30b0ff0a6e3c}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{8b4e39ff-0b71-afcd-5af9-30b0ff0a6e3c}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 validation.sls.microsoft.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3500413AS ATA Device +++++
--- User ---
[MBR] c9b42bef9e6b5090c9c8f76dd0bcba14
[BSP] 0797790bf659416055ec6f3eb7fa251a : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

 

[Broni]

On a top of TDL rootkit we have ZeroAccess rootkit infection as well.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • 
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

[Baggins25]

Here is aswMBR log:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-17 18:13:22
-----------------------------
18:13:22.742 OS Version: Windows x64 6.1.7601 Service Pack 1
18:13:22.742 Number of processors: 8 586 0x2A07
18:13:22.742 ComputerName: KYLE-PC UserName: Kyle
18:13:24.482 Initialize success
18:15:08.507 AVAST engine defs: 12071701
18:15:17.056 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:15:17.056 Disk 0 Vendor: ST3500413AS JC4B Size: 476940MB BusType: 11
18:15:17.072 Disk 0 MBR read successfully
18:15:17.072 Disk 0 MBR scan
18:15:17.088 Disk 0 Windows 7 default MBR code
18:15:17.088 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:15:17.103 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
18:15:17.119 Disk 0 scanning C:\Windows\system32\drivers
18:15:27.118 Service scanning
18:15:46.376 Modules scanning
18:15:46.376 Disk 0 trace - called modules:
18:15:46.392 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
18:15:46.407 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077fa790]
18:15:46.906 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa800751e040]
18:15:46.906 5 ACPI.sys[fffff88000f187a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800751b060]
18:15:50.713 AVAST engine scan C:\Windows
18:15:55.486 AVAST engine scan C:\Windows\system32
18:18:09.472 AVAST engine scan C:\Windows\system32\drivers
18:18:21.488 AVAST engine scan C:\Users\Kyle
18:23:26.470 AVAST engine scan C:\ProgramData
18:23:55.360 File: C:\ProgramData\Microsoft\Windows\DRM\20AC.tmp.dat **INFECTED** Win32:Crypt-NIR [Trj]
18:23:56.964 File: C:\ProgramData\Microsoft\Windows\DRM\2205.tmp **INFECTED** Win32:Crypt-NIR [Trj]
18:23:58.574 File: C:\ProgramData\Microsoft\Windows\DRM\6431.tmp.dat **INFECTED** Win32:Crypt-NIN [Trj]
18:24:07.419 Scan finished successfully
18:24:26.130 Disk 0 MBR has been saved successfully to "C:\Users\Kyle\Desktop\MBR.dat"
18:24:26.133 The log file has been saved successfully to "C:\Users\Kyle\Desktop\aswMBR.txt"

 

[Broni]

Very well.
Please read my previous reply.

 

[Baggins25]

Thank you for your continued support...

Here is the next log:

Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 02
Ran by SYSTEM at 17-07-2012 18:56:09
Running from F:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [4081008 2012-03-07] (ESET)
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKU\Kyle\...\Run: [Google Update] "C:\Users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-05-21] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

==================== Services (Whitelisted) ======

2 ekrn; "C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" [913144 2012-03-07] (ESET)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-03-25] ()

========================== Drivers (Whitelisted) =============

1 eamonm; C:\Windows\System32\Drivers\eamonm.sys [209768 2012-03-14] (ESET)
1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [148528 2012-03-14] (ESET)
2 epfw; C:\Windows\System32\Drivers\epfw.sys [187632 2012-03-14] (ESET)
1 EpfwLWF; C:\Windows\System32\Drivers\EpfwLWF.sys [38288 2012-03-14] (ESET)
0 epfwwfp; C:\Windows\System32\Drivers\epfwwfp.sys [62496 2012-03-14] (ESET)
3 PCAMp50a64; C:\Windows\System32\Drivers\PCAMp50a64.sys [43328 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
3 WPN111; C:\Windows\System32\DRIVERS\WPN111vx.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-17 18:56 - 2012-07-17 18:56 - 00000000 ____D C:\FRST
2012-07-17 17:24 - 2012-07-17 17:24 - 00002249 ____A C:\Users\Kyle\Desktop\aswMBR.txt
2012-07-17 17:24 - 2012-07-17 17:24 - 00000512 ____A C:\Users\Kyle\Desktop\MBR.dat
2012-07-17 17:12 - 2012-07-17 17:13 - 04731392 ____A (AVAST Software) C:\Users\Kyle\Downloads\aswMBR.exe
2012-07-17 17:11 - 2012-07-17 17:11 - 00001710 ____A C:\Users\Kyle\Desktop\RKreport[1].txt
2012-07-17 17:10 - 2012-07-17 17:11 - 00000000 ____D C:\Users\Kyle\Desktop\RK_Quarantine
2012-07-17 17:05 - 2012-07-17 17:05 - 01552384 ____A C:\Users\Kyle\Downloads\RogueKiller.exe
2012-07-17 16:22 - 2012-07-17 16:22 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-07-17 16:17 - 2012-07-17 16:17 - 02117152 ____A C:\Users\Kyle\Downloads\tdsskiller.zip
2012-07-17 11:31 - 2012-07-17 11:31 - 00607260 ____R (Swearware) C:\Users\Kyle\Downloads\dds.scr
2012-07-17 10:55 - 2012-07-17 10:55 - 00302592 ____A C:\Users\Kyle\Downloads\drl6rorn.exe
2012-07-17 10:47 - 2012-07-17 10:47 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-17 10:47 - 2012-07-17 10:47 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Malwarebytes
2012-07-17 10:47 - 2012-07-17 10:47 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-17 10:47 - 2012-07-17 10:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-17 10:47 - 2012-07-03 12:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-17 10:46 - 2012-07-17 10:46 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Kyle\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-17 08:13 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-17 08:11 - 2012-07-17 08:11 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-07-17 08:11 - 2012-07-17 08:11 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-07-17 08:11 - 2012-07-17 08:11 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-17 08:11 - 2012-07-17 08:11 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-17 08:11 - 2012-07-17 08:11 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-17 08:11 - 2012-07-17 08:11 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-17 08:11 - 2012-07-17 08:11 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-07-17 08:11 - 2012-07-17 08:11 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-07-17 08:11 - 2012-07-17 08:11 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-17 08:11 - 2012-07-17 08:11 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-07-17 08:11 - 2012-07-17 08:11 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-07-17 08:11 - 2012-07-17 08:11 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-07-17 08:11 - 2012-07-17 08:11 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-07-17 08:11 - 2012-07-17 08:11 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-17 08:11 - 2012-07-17 08:11 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-07-17 08:11 - 2012-07-17 08:11 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-07-17 08:11 - 2012-07-17 08:11 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-07-17 08:11 - 2012-07-17 08:11 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-07-17 08:11 - 2012-07-17 08:11 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-07-17 08:11 - 2012-07-17 08:11 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-07-17 08:11 - 2012-07-17 08:11 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-07-17 08:11 - 2012-07-17 08:11 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-07-17 08:11 - 2012-07-17 08:11 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-07-17 08:11 - 2012-07-17 08:11 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-07-17 08:11 - 2012-07-17 08:11 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-07-17 08:11 - 2012-07-17 08:11 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-07-17 08:10 - 2012-07-17 08:12 - 00003249 ____A C:\Windows\IE9_main.log
2012-07-17 08:09 - 2012-07-17 08:09 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-07-17 08:02 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-17 08:02 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-17 08:02 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-17 08:02 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-17 08:02 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-17 08:02 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-17 08:02 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-17 08:02 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-17 08:02 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-17 08:02 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-17 08:02 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-17 08:02 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-17 08:02 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-17 08:02 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-17 08:02 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-17 08:02 - 2012-04-27 21:32 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-07-17 08:02 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-07-17 08:02 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-07-17 08:02 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-07-17 08:02 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-07-17 08:02 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-17 08:02 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-17 08:01 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-07-17 08:01 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-07-17 08:01 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-07-17 08:01 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-07-17 08:01 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-07-17 08:00 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-17 08:00 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-17 08:00 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-07-17 04:24 - 2012-07-17 04:24 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-17 04:14 - 2012-07-17 04:14 - 00000000 ____D C:\Windows\Sun
2012-07-16 21:11 - 2012-07-17 16:21 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Kyle\Desktop\TDSSKiller.exe
2012-07-16 17:54 - 2012-07-16 17:54 - 00293552 ____A C:\Windows\Minidump\071612-19188-01.dmp
2012-07-15 15:18 - 2012-05-31 11:25 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-07-15 14:49 - 2012-07-15 14:49 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\ESET
2012-07-15 14:49 - 2012-07-15 14:49 - 00000000 ____D C:\Users\Kyle\AppData\Local\ESET
2012-07-15 14:47 - 2012-07-15 14:47 - 00000000 ____D C:\Users\All Users\ESET
2012-07-15 14:47 - 2012-07-15 14:47 - 00000000 ____D C:\Program Files\ESET
2012-07-15 14:43 - 2012-07-15 14:43 - 01263344 ____A (ESET) C:\Users\Kyle\Downloads\eset_smart_security_live_installer.exe
2012-07-12 18:19 - 2012-05-15 02:48 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-07-12 18:19 - 2012-05-15 02:48 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-07-12 18:19 - 2012-05-15 02:48 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-07-12 18:19 - 2012-05-15 02:48 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-07-12 18:19 - 2012-05-15 02:48 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-07-12 18:19 - 2012-05-15 02:48 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-07-12 18:19 - 2012-05-15 02:48 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-07-12 18:19 - 2012-05-15 02:48 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-07-12 18:19 - 2012-05-15 02:48 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-07-12 18:19 - 2012-05-15 02:48 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-07-12 18:19 - 2012-05-15 02:48 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-07-12 18:19 - 2012-05-15 02:48 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-07-12 18:19 - 2012-05-15 02:48 - 00818496 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2012-07-12 18:19 - 2012-05-15 02:48 - 00364352 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll
2012-07-12 18:19 - 2012-05-15 02:48 - 00301376 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll
2012-07-12 18:19 - 2012-05-15 02:48 - 00246592 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2012-07-12 18:19 - 2012-05-15 02:48 - 00202048 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2012-07-12 18:19 - 2012-04-18 09:08 - 00188736 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2012-07-12 18:19 - 2012-04-18 09:08 - 00031040 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2012-07-12 18:14 - 2012-07-12 18:16 - 168454136 ____A (NVIDIA Corporation) C:\Users\Kyle\Downloads\301.42-desktop-win7-winvista-64bit-english-whql.exe
2012-07-12 09:30 - 2012-07-12 09:30 - 03878112 ____A C:\Users\Kyle\Downloads\battlelog-web-plugins-1.122.0-retail-prod.exe
2012-07-05 18:52 - 2012-07-05 18:53 - 00293552 ____A C:\Windows\Minidump\070512-23478-01.dmp
2012-06-22 08:11 - 2012-06-22 08:11 - 00000000 ____D C:\Users\Kyle\AppData\Local\Macromedia
2012-06-18 22:32 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-18 22:32 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-18 22:32 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-18 22:32 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-18 22:32 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-18 22:32 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-18 22:32 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-18 22:32 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-18 22:32 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

 

[Baggins25]

============ 3 Months Modified Files ========================

2012-07-17 17:53 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-17 17:53 - 2009-07-13 20:51 - 00038840 ____A C:\Windows\setupact.log
2012-07-17 17:41 - 2011-11-12 19:39 - 01724499 ____A C:\Windows\WindowsUpdate.log
2012-07-17 17:41 - 2009-07-13 20:45 - 00014512 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-17 17:41 - 2009-07-13 20:45 - 00014512 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-17 17:29 - 2009-07-13 21:13 - 00713888 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-17 17:24 - 2012-07-17 17:24 - 00002249 ____A C:\Users\Kyle\Desktop\aswMBR.txt
2012-07-17 17:24 - 2012-07-17 17:24 - 00000512 ____A C:\Users\Kyle\Desktop\MBR.dat
2012-07-17 17:13 - 2012-07-17 17:12 - 04731392 ____A (AVAST Software) C:\Users\Kyle\Downloads\aswMBR.exe
2012-07-17 17:11 - 2012-07-17 17:11 - 00001710 ____A C:\Users\Kyle\Desktop\RKreport[1].txt
2012-07-17 17:06 - 2011-11-12 19:56 - 00279802 ____A C:\Windows\PFRO.log
2012-07-17 17:05 - 2012-07-17 17:05 - 01552384 ____A C:\Users\Kyle\Downloads\RogueKiller.exe
2012-07-17 16:46 - 2012-05-21 11:36 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1223303338-2475979266-795682110-1000UA.job
2012-07-17 16:21 - 2012-07-16 21:11 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Kyle\Desktop\TDSSKiller.exe
2012-07-17 16:17 - 2012-07-17 16:17 - 02117152 ____A C:\Users\Kyle\Downloads\tdsskiller.zip
2012-07-17 11:31 - 2012-07-17 11:31 - 00607260 ____R (Swearware) C:\Users\Kyle\Downloads\dds.scr
2012-07-17 10:55 - 2012-07-17 10:55 - 00302592 ____A C:\Users\Kyle\Downloads\drl6rorn.exe
2012-07-17 10:47 - 2012-07-17 10:47 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-17 10:46 - 2012-07-17 10:46 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Kyle\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-17 09:41 - 2011-11-12 22:28 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-07-17 09:41 - 2011-11-12 21:46 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-07-17 09:41 - 2011-11-12 21:46 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-07-17 08:46 - 2012-05-21 11:36 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1223303338-2475979266-795682110-1000Core.job
2012-07-17 08:16 - 2009-07-13 20:45 - 00303728 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-17 08:12 - 2012-07-17 08:10 - 00003249 ____A C:\Windows\IE9_main.log
2012-07-17 08:11 - 2012-07-17 08:11 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-07-17 08:11 - 2012-07-17 08:11 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-07-17 08:11 - 2012-07-17 08:11 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-17 08:11 - 2012-07-17 08:11 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-17 08:11 - 2012-07-17 08:11 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-17 08:11 - 2012-07-17 08:11 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-17 08:11 - 2012-07-17 08:11 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-07-17 08:11 - 2012-07-17 08:11 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-07-17 08:11 - 2012-07-17 08:11 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-17 08:11 - 2012-07-17 08:11 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-07-17 08:11 - 2012-07-17 08:11 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-07-17 08:11 - 2012-07-17 08:11 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-07-17 08:11 - 2012-07-17 08:11 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-07-17 08:11 - 2012-07-17 08:11 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-17 08:11 - 2012-07-17 08:11 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-07-17 08:11 - 2012-07-17 08:11 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-07-17 08:11 - 2012-07-17 08:11 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-07-17 08:11 - 2012-07-17 08:11 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-07-17 08:11 - 2012-07-17 08:11 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-07-17 08:11 - 2012-07-17 08:11 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-07-17 08:11 - 2012-07-17 08:11 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-07-17 08:11 - 2012-07-17 08:11 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-07-17 08:11 - 2012-07-17 08:11 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-07-17 08:11 - 2012-07-17 08:11 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-07-17 08:11 - 2012-07-17 08:11 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-07-17 08:11 - 2012-07-17 08:11 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-07-17 08:11 - 2012-07-17 08:11 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-07-17 08:09 - 2012-07-17 08:09 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-07-17 07:38 - 2012-04-06 08:40 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-17 07:38 - 2011-11-13 02:38 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-16 17:54 - 2012-07-16 17:54 - 00293552 ____A C:\Windows\Minidump\071612-19188-01.dmp
2012-07-16 17:54 - 2012-04-23 15:07 - 581251893 ____A C:\Windows\MEMORY.DMP
2012-07-15 14:43 - 2012-07-15 14:43 - 01263344 ____A (ESET) C:\Users\Kyle\Downloads\eset_smart_security_live_installer.exe
2012-07-12 18:16 - 2012-07-12 18:14 - 168454136 ____A (NVIDIA Corporation) C:\Users\Kyle\Downloads\301.42-desktop-win7-winvista-64bit-english-whql.exe
2012-07-12 09:30 - 2012-07-12 09:30 - 03878112 ____A C:\Users\Kyle\Downloads\battlelog-web-plugins-1.122.0-retail-prod.exe
2012-07-05 18:53 - 2012-07-05 18:52 - 00293552 ____A C:\Windows\Minidump\070512-23478-01.dmp
2012-07-03 12:46 - 2012-07-17 10:47 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-03 02:19 - 2011-11-13 21:19 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-11 19:08 - 2012-07-17 08:13 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-17 08:02 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-17 08:02 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-08 08:07 - 2009-07-13 21:08 - 00032600 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-05 22:06 - 2012-07-17 08:02 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-17 08:02 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-17 08:00 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-17 08:02 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-17 08:02 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-17 08:00 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-05 11:39 - 2012-06-05 11:38 - 36586472 ____A C:\Users\Kyle\Downloads\SMOV0001.AVI
2012-06-02 14:19 - 2012-06-18 22:32 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-18 22:32 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-18 22:32 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:19 - 2012-06-18 22:32 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-18 22:32 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-18 22:32 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-18 22:32 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-18 22:32 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:15 - 2012-06-18 22:32 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 21:50 - 2012-07-17 08:02 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-17 08:02 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-17 08:02 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-17 08:02 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-17 08:02 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-17 08:02 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-17 08:02 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-17 08:02 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-17 08:02 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-31 11:25 - 2012-07-15 15:18 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-28 21:09 - 2012-05-28 21:09 - 00254853 ____A C:\Users\Kyle\Downloads\Queue2.htm
2012-05-28 21:08 - 2012-05-28 21:08 - 00254837 ____A C:\Users\Kyle\Downloads\Queue.htm
2012-05-21 11:36 - 2012-05-21 11:36 - 00739856 ____A (Google Inc.) C:\Users\Kyle\Downloads\ChromeSetup.exe
2012-05-17 10:46 - 2012-05-17 10:46 - 00010299 ____A C:\Users\Kyle\Documents\Uninstall STAR WARS The Old Republic.log
2012-05-15 11:21 - 2012-05-15 10:47 - 00001189 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-05-15 10:45 - 2012-05-15 10:45 - 32288896 ____A (Blizzard Entertainment) C:\Users\Kyle\Downloads\Diablo-III-Setup-enUS.exe
2012-05-15 02:48 - 2012-07-12 18:19 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-05-15 02:48 - 2012-07-12 18:19 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-05-15 02:48 - 2012-07-12 18:19 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-05-15 02:48 - 2012-07-12 18:19 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-05-15 02:48 - 2012-07-12 18:19 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-05-15 02:48 - 2012-07-12 18:19 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-05-15 02:48 - 2012-07-12 18:19 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-05-15 02:48 - 2012-07-12 18:19 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-05-15 02:48 - 2012-07-12 18:19 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-05-15 02:48 - 2012-07-12 18:19 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-05-15 02:48 - 2012-07-12 18:19 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-05-15 02:48 - 2012-07-12 18:19 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-05-15 02:48 - 2012-07-12 18:19 - 00818496 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2012-05-15 02:48 - 2012-07-12 18:19 - 00364352 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll
2012-05-15 02:48 - 2012-07-12 18:19 - 00301376 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll
2012-05-15 02:48 - 2012-07-12 18:19 - 00246592 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2012-05-15 02:48 - 2012-07-12 18:19 - 00202048 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2012-05-15 02:48 - 2012-04-01 13:28 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-05-15 02:48 - 2012-04-01 13:28 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-05-15 02:48 - 2012-04-01 13:28 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-05-15 02:48 - 2012-04-01 13:28 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-05-15 02:48 - 2012-02-25 18:50 - 00949056 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2012-05-15 02:48 - 2011-11-12 20:58 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-05-15 02:48 - 2011-11-12 20:58 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-05-15 02:48 - 2011-11-12 20:58 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
2012-05-15 02:48 - 2011-11-12 20:02 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-05-15 02:48 - 2011-11-12 20:02 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-05-15 02:48 - 2011-11-12 20:02 - 00014324 ____A C:\Windows\System32\nvinfo.pb
2012-05-15 01:29 - 2012-02-25 18:51 - 02621723 ____A C:\Windows\System32\nvcoproc.bin
2012-05-15 01:29 - 2010-12-27 11:54 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-05-15 01:29 - 2010-12-27 11:54 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-05-15 01:29 - 2010-12-27 11:54 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-05-15 01:29 - 2010-12-27 11:54 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-05-15 01:28 - 2010-12-27 11:55 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-05-15 01:21 - 2012-05-15 01:21 - 00423744 ____A C:\Windows\SysWOW64\nvStreaming.exe
2012-04-27 21:32 - 2012-07-17 08:02 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-04-27 19:55 - 2012-07-17 08:02 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-07-17 08:02 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-07-17 08:02 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-07-17 08:02 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-25 20:55 - 2011-11-12 21:02 - 00063960 ____A C:\Users\Kyle\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-24 17:53 - 2012-04-24 17:52 - 166448312 ____A (NVIDIA Corporation) C:\Users\Kyle\Downloads\296.10-desktop-win7-winvista-64bit-english-whql(1).exe
2012-04-23 21:37 - 2012-07-17 08:01 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-07-17 08:01 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-07-17 08:01 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-07-17 08:01 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-07-17 08:01 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-07-17 08:00 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-23 15:07 - 2012-04-23 15:07 - 00293488 ____A C:\Windows\Minidump\042312-21231-01.dmp
2012-04-19 10:35 - 2012-04-19 10:35 - 00035840 ____A C:\Users\Kyle\Documents\8-30-11 pricing spreadsheet.xls
2012-04-19 10:31 - 2012-04-19 10:30 - 00035840 ____A C:\Users\Kyle\Downloads\8-30-11 pricing spreadsheet.xls

ZeroAccess:
C:\Windows\Installer\{8b4e39ff-0b71-afcd-5af9-30b0ff0a6e3c}
C:\Windows\Installer\{8b4e39ff-0b71-afcd-5af9-30b0ff0a6e3c}\@
C:\Windows\Installer\{8b4e39ff-0b71-afcd-5af9-30b0ff0a6e3c}\L
C:\Windows\Installer\{8b4e39ff-0b71-afcd-5af9-30b0ff0a6e3c}\U
C:\Windows\Installer\{8b4e39ff-0b71-afcd-5af9-30b0ff0a6e3c}\L\00000004.@
C:\Windows\Installer\{8b4e39ff-0b71-afcd-5af9-30b0ff0a6e3c}\L\1afb2d56
C:\Windows\Installer\{8b4e39ff-0b71-afcd-5af9-30b0ff0a6e3c}\U\00000004.@
C:\Windows\Installer\{8b4e39ff-0b71-afcd-5af9-30b0ff0a6e3c}\U\00000008.@
C:\Windows\Installer\{8b4e39ff-0b71-afcd-5af9-30b0ff0a6e3c}\U\000000cb.@
C:\Windows\Installer\{8b4e39ff-0b71-afcd-5af9-30b0ff0a6e3c}\U\80000032.@
C:\Windows\Installer\{8b4e39ff-0b71-afcd-5af9-30b0ff0a6e3c}\U\80000064.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8172.12 MB
Available physical RAM: 7377 MB
Total Pagefile: 8170.27 MB
Available Pagefile: 7362.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:320.76 GB) NTFS
3 Drive f: (PATRIOT) (Removable) (Total:3.63 GB) (Free:3.63 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 3728 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 465 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 465 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3724 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F PATRIOT FAT32 Removable 3724 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-08 16:39

======================= End Of Log ==========================

 

[Broni]

In Vista or Windows 7: Boot to System Recovery Options and run FRST.
In Windows XP: Please boot to UBCD and run FRST.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.

 

[Baggins25]

Here is the Search log:

Farbar Recovery Scan Tool Version: 16-07-2012 02
Ran by SYSTEM at 2012-07-17 19:48:21
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

 

[Broni]

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

Restart normally.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

• Double-click on the Rkill icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[Baggins25]

Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 16-07-2012 02
Ran by SYSTEM at 2012-07-17 20:04:52 Run:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
C:\Windows\svchost.exe not found.
C:\ProgramData\Microsoft\Windows\DRM\20AC.tmp.dat moved successfully.
C:\ProgramData\Microsoft\Windows\DRM\2205.tmp moved successfully.
C:\ProgramData\Microsoft\Windows\DRM\6431.tmp.dat moved successfully.
C:\Windows\Installer\{8b4e39ff-0b71-afcd-5af9-30b0ff0a6e3c} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====


ComboFix Log:

ComboFix 12-07-16.01 - Kyle 07/17/2012 20:20:52.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8172.6785 [GMT -7:00]
Running from: C:\Users\Kyle\Desktop\ComboFix.exe
AV: ESET Smart Security 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((( Files Created from 2012-06-18 to 2012-07-18 )))))))))))))))))))))))))))))))


2012-07-18 02:56:05 . 2012-07-18 02:56:09 -------- d-----w- C:\FRST
2012-07-18 00:22:38 . 2012-07-18 00:22:38 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-17 18:47:28 . 2012-07-17 18:47:28 -------- d-----w- C:\Users\Kyle\AppData\Roaming\Malwarebytes
2012-07-17 18:47:12 . 2012-07-17 18:47:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-17 18:47:12 . 2012-07-17 18:47:12 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-17 18:47:12 . 2012-07-03 20:46:44 24904 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-07-17 16:13:43 . 2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\system32\win32k.sys
2012-07-17 16:01:01 . 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\system32\crypt32.dll
2012-07-17 16:01:00 . 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\system32\cryptsvc.dll
2012-07-17 16:01:00 . 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\system32\cryptnet.dll
2012-07-17 16:01:00 . 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-07-17 16:01:00 . 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-07-17 12:24:57 . 2012-07-17 12:24:57 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-17 12:14:42 . 2012-07-17 12:14:42 -------- d-----w- C:\Windows\Sun
2012-07-15 23:18:31 . 2012-06-18 10:12:50 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E3A9C4F2-90C2-4FAF-86FE-1B21DAAD92EA}\mpengine.dll
2012-07-15 23:18:31 . 2012-05-31 19:25:12 279656 ------w- C:\Windows\system32\MpSigStub.exe
2012-07-15 22:49:31 . 2012-07-15 22:49:31 -------- d-----w- C:\Users\Kyle\AppData\Local\ESET
2012-07-15 22:47:09 . 2012-07-15 22:47:09 -------- d-----w- C:\Program Files\ESET
2012-06-22 16:11:46 . 2012-06-22 16:11:46 -------- d-----w- C:\Users\Kyle\AppData\Local\Macromedia
2012-06-19 06:32:28 . 2012-06-02 22:19:43 2428952 ----a-w- C:\Windows\system32\wuaueng.dll
2012-06-19 06:32:28 . 2012-06-02 22:19:42 57880 ----a-w- C:\Windows\system32\wuauclt.exe
2012-06-19 06:32:28 . 2012-06-02 22:19:42 44056 ----a-w- C:\Windows\system32\wups2.dll
2012-06-19 06:32:28 . 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\system32\wucltux.dll
2012-06-19 06:32:20 . 2012-06-02 22:19:46 38424 ----a-w- C:\Windows\system32\wups.dll
2012-06-19 06:32:20 . 2012-06-02 22:19:23 701976 ----a-w- C:\Windows\system32\wuapi.dll
2012-06-19 06:32:20 . 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\system32\wudriver.dll
2012-06-19 06:32:09 . 2012-06-02 22:19:42 186752 ----a-w- C:\Windows\system32\wuwebv.dll
2012-06-19 06:32:09 . 2012-06-02 22:15:12 36864 ----a-w- C:\Windows\system32\wuapp.exe
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-07-17 17:41:29 . 2011-11-13 06:28:46 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-07-17 17:41:29 . 2011-11-13 05:46:31 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-07-17 17:41:08 . 2011-11-13 05:46:31 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-07-17 15:38:08 . 2012-04-06 16:40:05 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-17 15:38:08 . 2011-11-13 10:38:47 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-15 10:48:00 . 2012-04-01 21:28:57 8105280 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48:00 . 2012-04-01 21:28:57 68928 ----a-w- C:\Windows\system32\OpenCL.dll
2012-05-15 10:48:00 . 2012-04-01 21:28:57 61248 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-05-15 10:48:00 . 2012-04-01 21:28:57 2368832 ----a-w- C:\Windows\SysWow64\nvapi.dll
2012-05-15 10:48:00 . 2012-02-26 02:50:17 949056 ----a-w- C:\Windows\system32\nvumdshimx.dll
2012-05-15 10:48:00 . 2011-11-13 04:58:40 1738048 ----a-w- C:\Windows\system32\nvdispco64.dll
2012-05-15 10:48:00 . 2011-11-13 04:58:40 1468224 ----a-w- C:\Windows\system32\nvgenco64.dll
2012-05-15 10:48:00 . 2011-11-13 04:58:40 10194752 ----a-w- C:\Windows\system32\nvwgf2umx.dll
2012-05-15 10:48:00 . 2011-11-13 04:02:48 2741568 ----a-w- C:\Windows\system32\nvapi64.dll
2012-05-15 10:48:00 . 2011-11-13 04:02:48 15322432 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2012-05-15 09:29:47 . 2010-12-27 19:54:40 889664 ----a-w- C:\Windows\system32\nvvsvc.exe
2012-05-15 09:29:46 . 2010-12-27 19:54:42 118080 ----a-w- C:\Windows\system32\nvmctray.dll
2012-05-15 09:29:46 . 2010-12-27 19:54:40 63296 ----a-w- C:\Windows\system32\nvshext.dll
2012-05-15 09:29:45 . 2012-02-26 02:51:01 2621723 ----a-w- C:\Windows\system32\nvcoproc.bin
2012-05-15 09:29:25 . 2010-12-27 19:54:54 3149632 ----a-w- C:\Windows\system32\nvsvc64.dll
2012-05-15 09:28:42 . 2010-12-27 19:55:10 6151488 ----a-w- C:\Windows\system32\nvcpl.dll
2012-05-15 09:21:50 . 2012-05-15 09:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}"= "C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll" [2011-05-09 08:49:38 176936]

[HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
2011-05-09 08:49:38 176936 ----a-w- C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}"= "C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll" [2011-05-09 08:49:38 176936]

[HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 21:53:10 77824]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 04:28:32 59240]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 13:10:42 843712]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 21:02:04 254696]
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 12:09:24 421736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R3 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys [2012-03-14 15:40:02 209768]
R3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 00:09:23 113120]
R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50a64.sys [2006-11-29 05:46:20 43328]
R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50a64.sys [2006-11-29 05:46:20 41280]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [2010-11-20 11:03:42 20992]
R3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 11:07:05 59392]
R3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;C:\Windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2011-11-14 05:22:39 1255736]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\Windows\system32\DRIVERS\WPN111vx.sys [x]
S0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 15:40:04 62496]
S1 ehdrv;ehdrv;C:\Windows\system32\DRIVERS\ehdrv.sys [2012-03-14 15:40:02 148528]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 15:40:04 38288]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 00:07:22 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 13:10:42 63928]
S2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 22:40:34 913144]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 10:48:00 1262400]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 09:21:40 382272]
S3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys [2011-02-24 18:30:50 126952]
S3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys [2011-02-24 18:30:50 389608]
S3 athur;Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys [2010-01-06 03:23:18 1847296]
S3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-20 00:34:26 56344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys [2012-04-18 17:08:03 188736]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-05-16 14:55:28 533096]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - WS2IFSL

Contents of the 'Scheduled Tasks' folder

2012-07-17 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1223303338-2475979266-795682110-1000Core.job
- C:\Users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-21 19:36:39 . 2012-05-21 19:36:38]

2012-07-18 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1223303338-2475979266-795682110-1000UA.job
- C:\Users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-21 19:36:39 . 2012-05-21 19:36:38]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 10:15:44 11613288]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2012-03-07 22:40:30 4081008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

------- Supplementary Scan -------

uLocal Page = C:\Windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3106777
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\u26m9orc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - user.js: network.protocol-handler.warn-external.dnupdate - false

- - - - ORPHANS REMOVED - - - -

AddRemove-Battlelog Web Plugins - C:\Program Files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-ESN Sonar-0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe
AddRemove-PunkBusterSvc - C:\Windows\system32\pbsvc.exe

 

[Broni]

Combofix log is incomplete.
Bottom part is missing.

 

[Baggins25]

That is the entire contents of my ComboFix.txt file. Did I do something wrong?

Edit: What did I do wrong?

 

[Broni]

Re-run it one more time.

 

[Baggins25]

Okay, here is the complete log. I think I accidentally closed ComboFix early the first time.

ComboFix 12-07-16.01 - Kyle 07/17/2012 20:49:26.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8172.6564 [GMT -7:00]
Running from: c:\users\Kyle\Desktop\ComboFix.exe
AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-18 to 2012-07-18 )))))))))))))))))))))))))))))))
.
.
2012-07-18 03:51 . 2012-07-18 03:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-18 03:51 . 2012-07-18 03:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-18 02:56 . 2012-07-18 02:56 -------- d-----w- C:\FRST
2012-07-18 00:22 . 2012-07-18 00:22 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-17 18:47 . 2012-07-17 18:47 -------- d-----w- c:\users\Kyle\AppData\Roaming\Malwarebytes
2012-07-17 18:47 . 2012-07-17 18:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-17 18:47 . 2012-07-17 18:47 -------- d-----w- c:\programdata\Malwarebytes
2012-07-17 18:47 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-17 16:13 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-17 16:01 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-07-17 16:01 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-07-17 16:01 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-07-17 16:01 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-07-17 16:01 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-07-17 12:24 . 2012-07-17 12:24 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-17 12:14 . 2012-07-17 12:14 -------- d-----w- c:\windows\Sun
2012-07-15 23:18 . 2012-06-18 10:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E3A9C4F2-90C2-4FAF-86FE-1B21DAAD92EA}\mpengine.dll
2012-07-15 23:18 . 2012-05-31 19:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-07-15 22:49 . 2012-07-15 22:49 -------- d-----w- c:\users\Kyle\AppData\Local\ESET
2012-07-15 22:47 . 2012-07-15 22:47 -------- d-----w- c:\program files\ESET
2012-06-22 16:11 . 2012-06-22 16:11 -------- d-----w- c:\users\Kyle\AppData\Local\Macromedia
2012-06-19 06:32 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 06:32 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 06:32 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 06:32 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 06:32 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 06:32 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 06:32 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 06:32 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 06:32 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-17 17:41 . 2011-11-13 06:28 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-17 17:41 . 2011-11-13 05:46 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-17 17:41 . 2011-11-13 05:46 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-17 15:38 . 2012-04-06 16:40 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-17 15:38 . 2011-11-13 10:38 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-15 10:48 . 2012-04-01 21:28 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2012-04-01 21:28 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-04-01 21:28 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-04-01 21:28 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2012-02-26 02:50 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2011-11-13 04:58 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-11-13 04:58 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2011-11-13 04:58 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2011-11-13 04:02 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2011-11-13 04:02 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 09:29 . 2010-12-27 19:54 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2010-12-27 19:54 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2010-12-27 19:54 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2012-02-26 02:51 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2010-12-27 19:54 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2010-12-27 19:55 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:21 . 2012-05-15 09:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-18_03.25.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-13 04:08 . 2012-07-18 03:27 32126 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-18 03:27 30610 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-11-13 03:58 . 2012-07-18 03:27 11318 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1223303338-2475979266-795682110-1000_UserData.bin
+ 2011-11-14 05:11 . 2012-07-18 03:51 1604 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-07-18 03:52 . 2012-07-18 03:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-18 03:52 . 2012-07-18 03:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-18 03:25 . 2012-07-18 03:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-07-18 03:12 615122 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-18 03:31 615122 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-18 03:31 103496 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-18 03:12 103496 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-07-18 03:24 261984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-18 03:51 261984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-11-13 10:52 . 2012-07-18 03:24 26467624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1223303338-2475979266-795682110-1000-8192.dat
+ 2011-11-13 10:52 . 2012-07-18 03:51 26467624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1223303338-2475979266-795682110-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}"= "c:\program files (x86)\WinZipBar\prxtbWinZ.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\WinZipBar\prxtbWinZ.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}"= "c:\program files (x86)\WinZipBar\prxtbWinZ.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R3 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys [2006-11-29 43328]
R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [2006-11-29 41280]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-14 1255736]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111vx.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 62496]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 38288]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 913144]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-02-24 126952]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-02-24 389608]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-01-06 1847296]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-16 533096]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1223303338-2475979266-795682110-1000Core.job
- c:\users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-21 19:36]
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1223303338-2475979266-795682110-1000UA.job
- c:\users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-21 19:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 4081008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3106777
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\u26m9orc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-07-17 20:57:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-18 03:57
.
Pre-Run: 346,657,468,416 bytes free
Post-Run: 346,367,713,280 bytes free
.
- - End Of File - - E0BD287B7F7F8E381CF16FF669EB2AF9

 

[Broni]

Looks good

Any current issues?

===================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

======================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Baggins25]

No longer receiving any notifications for Patched.B.Gen, Agent.BA, or Sirefef.AE

Here are logs:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.17.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kyle :: KYLE-PC [administrator]

7/17/2012 9:02:39 PM
mbam-log-2012-07-17 (21-02-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228929
Time elapsed: 1 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)