help I have been going crazy trying to fix this on my own the past 3 months... I suspect a very complex infection involving multiple different infections.. I have done 18 windows 7 installs and 6 windows 8 installs the infection keeps reappearing... I can sense the remote compromise every time... here is my logs please have mercy
GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-04-07 16:26:48
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003c SAMSUNG_SSD_830_Series rev.CXM03B1Q 238.47GB
Running: gmer.exe; Driver: C:\Users\x\AppData\Local\Temp\kwloipob.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[804] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f8e7a41532 4 bytes [A4, E7, F8, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[804] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f8e7a4153a 4 bytes [A4, E7, F8, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[804] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f8e7a4165a 4 bytes [A4, E7, F8, 07]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [464:1516] fffff960008415e8
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -2126526724
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8F0DEEF3-4076-41E9-8B8C-3898CC5C5213}@LeaseObtainedTime 1365376441
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8F0DEEF3-4076-41E9-8B8C-3898CC5C5213}@T1 1365376501
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8F0DEEF3-4076-41E9-8B8C-3898CC5C5213}@T2 1365452041
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8F0DEEF3-4076-41E9-8B8C-3898CC5C5213}@LeaseTerminatesTime 1365462841
---- EOF - GMER 2.1 ----
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16519
Run by x at 9:56:37 on 2013-04-08
AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe
C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\taskhostex.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\taskhost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mStart Page = about:blank
mLocal Page = about:blank
mWindow Title = Microsoft Internet Explorer
mDefault_Page_URL = about:blank
StartupFolder: C:\Users\x\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~1.LNK - C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{8F0DEEF3-4076-41E9-8B8C-3898CC5C5213} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{8F0DEEF3-4076-41E9-8B8C-3898CC5C5213} : DHCPNameServer = 192.168.1.254
SSODL: WebCheck - <orphaned>
x64-Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
x64-Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\WINDOWS\System32\Drivers\epfwwfp.sys [2013-2-20 58416]
R1 eamonm;eamonm;C:\WINDOWS\System32\Drivers\eamonm.sys [2013-2-20 213416]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\WINDOWS\System32\Drivers\EpfwLWF.sys [2013-1-10 59440]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-3-21 1341664]
R2 postgresql-x64-9.2;postgresql-x64-9.2 - PostgreSQL Server 9.2;C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N "postgresql-x64-9.2" -D "C:/Program Files/PostgreSQL/9.2/data" -w --> C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N postgresql-x64-9.2 [?]
R3 cmudaxp;ASUS Xonar Essence STX Audio Interface;C:\WINDOWS\System32\Drivers\cmudaxp.sys [2012-12-17 2734080]
RUnknown asdnet;asdnet; [x]
RUnknown asdws;asdws; [x]
SUnknown asdrm;asdrm; [x]
.
=============== File Associations ===============
.
FileExt: .vbs: VBSFile=C:\WINDOWS\SysWow64\WScript.exe "%1" %*
FileExt: .js: jsfile=C:\WINDOWS\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2013-04-08 16:17:36 -------- d-----w- C:\Users\x\AppData\Roaming\ESET
2013-04-08 16:17:36 -------- d-----w- C:\Users\x\AppData\Local\ESET
2013-04-07 23:31:33 -------- d-----w- C:\Program Files\ESET
2013-04-07 21:33:25 187152 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10197.bin
2013-04-07 21:00:07 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-04-07 21:00:07 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-04-07 19:42:40 -------- d-----w- C:\Users\x\AppData\Roaming\postgresql
2013-04-07 18:02:48 -------- d-----w- C:\Users\x\AppData\Local\Opera
2013-04-07 14:43:22 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{73E347F4-C1D7-4173-86BA-E6C62388A2C5}\mpengine.dll
2013-04-07 11:54:20 -------- d-----w- C:\Program Files (x86)\TableNinja
2013-04-07 11:53:44 -------- d-----w- C:\Users\x\AppData\Local\PokerStars
2013-04-07 11:53:38 -------- d-----w- C:\Program Files (x86)\PokerStars
2013-04-07 11:41:57 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-04-07 11:41:01 -------- d-----w- C:\Users\x\AppData\Local\Hold'em_Manager
2013-04-07 11:40:49 778856 ----a-w- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
2013-04-07 11:40:49 35400 ----a-w- C:\WINDOWS\SysWow64\TsWpfWrp.exe
2013-04-07 11:40:49 35400 ----a-w- C:\WINDOWS\System32\TsWpfWrp.exe
2013-04-07 11:40:49 124040 ----a-w- C:\WINDOWS\System32\PresentationCFFRasterizerNative_v0300.dll
2013-04-07 11:40:49 1166440 ----a-w- C:\WINDOWS\System32\PresentationNative_v0300.dll
2013-04-07 11:40:49 102528 ----a-w- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-04-07 07:11:39 -------- d-----w- C:\HM2Archive
2013-04-07 07:11:37 -------- d-----w- C:\Users\x\AppData\Roaming\HEM Data
2013-04-07 07:06:46 -------- d-----w- C:\Users\x\AppData\Local\IsolatedStorage
2013-04-07 07:06:46 -------- d-----w- C:\ProgramData\XHEO INC
2013-04-07 07:06:39 -------- d-----w- C:\Users\x\AppData\Roaming\HoldemManager
2013-04-07 04:52:48 -------- d-----w- C:\Program Files (x86)\Holdem Manager 2
2013-04-07 04:45:54 -------- d-----w- C:\Program Files\PostgreSQL
2013-04-07 04:42:08 -------- d-----w- C:\ProgramData\Samsung
2013-04-07 04:42:08 -------- d-----w- C:\Program Files (x86)\Samsung Magician
2013-04-07 04:42:02 -------- d-----w- C:\Users\x\AppData\Local\Programs
2013-04-07 04:42:00 82944 ----a-w- C:\WINDOWS\SysWow64\dskquota.dll
2013-04-07 04:42:00 109568 ----a-w- C:\WINDOWS\System32\dskquota.dll
2013-04-07 04:40:51 178176 ----a-w- C:\WINDOWS\System32\SystemEventsBrokerServer.dll
2013-04-07 04:38:58 524768 ----a-w- C:\WINDOWS\difxapi.dll
2013-04-07 04:38:58 359424 ----a-w- C:\WINDOWS\System32\CmiInstallResAll64.dll
2013-04-07 04:38:15 -------- d-----w- C:\Program Files (x86)\PSQLINSTALL
2013-04-07 04:26:54 -------- d-----w- C:\Users\x\AppData\Roaming\Anvisoft
2013-04-07 04:26:49 -------- d-----w- C:\ProgramData\Anvisoft
2013-04-07 04:26:46 -------- d-----w- C:\Program Files (x86)\Anvisoft
2013-04-07 04:22:59 11459584 ----a-w- C:\WINDOWS\System32\glcndFilter.dll
2013-04-07 04:11:13 16114176 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-04-07 04:11:12 15541248 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-04-07 04:07:18 282744 ------w- C:\WINDOWS\System32\MpSigStub.exe
2013-04-07 04:07:12 56832 ----a-w- C:\WINDOWS\System32\OpenCL.DLL
2013-04-07 04:07:12 56320 ----a-w- C:\WINDOWS\SysWow64\OpenCL.DLL
2013-04-07 04:07:12 -------- d-----w- C:\Intel
2013-04-07 04:03:14 17888 ----a-w- C:\WINDOWS\SysWow64\msvcr100_clr0400.dll
2013-04-07 04:03:14 17888 ----a-w- C:\WINDOWS\System32\msvcr100_clr0400.dll
2013-04-07 04:01:23 2893824 ----a-w- C:\WINDOWS\System32\msmpeg2vdec.dll
2013-04-07 04:01:23 2400256 ----a-w- C:\WINDOWS\SysWow64\msmpeg2vdec.dll
2013-04-07 04:01:17 144384 ----a-w- C:\WINDOWS\System32\tssdisai.dll
2013-04-07 04:01:17 135680 ----a-w- C:\WINDOWS\System32\appserverai.dll
2013-04-07 04:01:17 126976 ----a-w- C:\WINDOWS\System32\RDWebAI.dll
2013-04-07 04:01:17 122880 ----a-w- C:\WINDOWS\System32\VmHostAI.dll
2013-04-07 04:01:16 148480 ----a-w- C:\WINDOWS\System32\poqexec.exe
2013-04-07 04:01:16 132608 ----a-w- C:\WINDOWS\SysWow64\poqexec.exe
2013-04-07 03:55:41 -------- d-----w- C:\Users\x\AppData\Local\Diagnostics
2013-04-07 03:36:23 -------- d-----w- C:\WINDOWS\Panther
2013-04-07 01:37:12 -------- d--h--w- C:\ESD
.
==================== Find3M ====================
.
2013-04-07 04:39:06 419840 ----a-w- C:\WINDOWS\System32\wrap_oal.dll
2013-04-07 04:39:06 413696 ----a-w- C:\WINDOWS\SysWow64\wrap_oal.dll
2013-04-07 04:39:06 111616 ----a-w- C:\WINDOWS\System32\OpenAL32.dll
2013-04-07 04:39:06 102400 ----a-w- C:\WINDOWS\SysWow64\OpenAL32.dll
2013-03-05 23:07:25 78168 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2013-03-05 23:07:25 692568 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2013-03-02 08:22:18 361984 ----a-w- C:\WINDOWS\SysWow64\MFMediaEngine.dll
2013-03-02 02:44:30 468992 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll
2013-02-20 18:07:40 58416 ----a-w- C:\WINDOWS\System32\drivers\epfwwfp.sys
2013-02-20 18:07:38 213416 ----a-w- C:\WINDOWS\System32\drivers\eamonm.sys
2013-02-15 07:58:59 39936 ----a-w- C:\WINDOWS\apppatch\apppatch64\acspecfc.dll
2013-02-15 06:35:40 444416 ----a-w- C:\WINDOWS\apppatch\AcSpecfc.dll
2013-02-12 01:30:04 44032 ----a-w- C:\WINDOWS\SysWow64\UXInit.dll
2013-02-12 00:56:19 53760 ----a-w- C:\WINDOWS\System32\UXInit.dll
2013-02-12 00:25:18 4041728 ----a-w- C:\WINDOWS\System32\win32k.sys
2013-02-12 00:17:50 20992 ----a-w- C:\WINDOWS\System32\drivers\usb8023.sys
2013-02-07 04:09:56 69864 ----a-w- C:\WINDOWS\System32\drivers\pdc.sys
2013-02-07 03:34:58 10115072 ----a-w- C:\WINDOWS\System32\twinui.dll
2013-02-07 03:33:47 2302464 ----a-w- C:\WINDOWS\System32\authui.dll
2013-02-07 03:33:42 2146816 ----a-w- C:\WINDOWS\System32\actxprxy.dll
2013-02-07 01:34:00 8856576 ----a-w- C:\WINDOWS\SysWow64\twinui.dll
2013-02-07 01:33:03 2033664 ----a-w- C:\WINDOWS\SysWow64\authui.dll
2013-02-07 01:33:01 754176 ----a-w- C:\WINDOWS\SysWow64\actxprxy.dll
2013-02-05 22:31:11 622080 ----a-w- C:\WINDOWS\System32\drivers\srv2.sys
2013-02-05 22:29:09 370688 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb.sys
2013-02-05 22:28:48 247808 ----a-w- C:\WINDOWS\System32\drivers\srvnet.sys
2013-02-05 22:28:36 215552 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb20.sys
2013-02-05 04:58:01 1766912 ----a-w- C:\WINDOWS\SysWow64\wininet.dll
2013-02-05 04:56:33 2877952 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2013-02-05 04:56:27 61440 ----a-w- C:\WINDOWS\SysWow64\iesetup.dll
2013-02-05 04:56:27 109056 ----a-w- C:\WINDOWS\SysWow64\iesysprep.dll
2013-02-05 03:55:27 2706432 ----a-w- C:\WINDOWS\SysWow64\mshtml.tlb
2013-02-05 01:44:50 534528 ----a-w- C:\WINDOWS\SysWow64\uxtheme.dll
2013-02-04 22:39:47 2246656 ----a-w- C:\WINDOWS\System32\wininet.dll
2013-02-04 22:39:39 907776 ----a-w- C:\WINDOWS\System32\uxtheme.dll
2013-02-04 22:38:55 3966464 ----a-w- C:\WINDOWS\System32\jscript9.dll
2013-02-04 22:38:53 136704 ----a-w- C:\WINDOWS\System32\iesysprep.dll
2013-02-02 11:19:44 496872 ----a-w- C:\WINDOWS\System32\drivers\usbhub.sys
2013-02-02 11:19:44 446184 ----a-w- C:\WINDOWS\System32\drivers\USBHUB3.SYS
2013-02-02 11:19:41 329960 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
2013-02-02 11:19:33 61672 ----a-w- C:\WINDOWS\System32\drivers\crashdmp.sys
2013-02-02 10:54:54 1933544 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2013-02-02 10:28:54 993512 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
2013-02-02 10:28:54 2226408 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2013-02-02 08:40:58 375808 ----a-w- C:\WINDOWS\SysWow64\wbem\WmiPrvSE.exe
2013-02-02 08:40:55 80896 ----a-w- C:\WINDOWS\SysWow64\tasklist.exe
2013-02-02 08:40:55 79360 ----a-w- C:\WINDOWS\SysWow64\taskkill.exe
2013-02-02 08:40:36 155136 ----a-w- C:\WINDOWS\SysWow64\XpsRasterService.dll
2013-02-02 08:40:35 370688 ----a-w- C:\WINDOWS\SysWow64\WWanAPI.dll
2013-02-02 08:40:27 131072 ----a-w- C:\WINDOWS\SysWow64\wbem\WmiDcPrv.dll
2013-02-02 08:40:26 410624 ----a-w- C:\WINDOWS\SysWow64\wlroamextension.dll
2013-02-02 08:40:22 197632 ----a-w- C:\WINDOWS\SysWow64\Windows.Networking.Connectivity.dll
2013-02-02 08:40:22 10792448 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2013-02-02 08:40:01 356352 ----a-w- C:\WINDOWS\SysWow64\SettingSync.dll
2013-02-02 08:39:59 325632 ----a-w- C:\WINDOWS\SysWow64\schannel.dll
2013-02-02 08:39:47 18432 ----a-w- C:\WINDOWS\SysWow64\npmproxy.dll
2013-02-02 08:39:34 55296 ----a-w- C:\WINDOWS\SysWow64\nlaapi.dll
2013-02-02 08:39:34 15872 ----a-w- C:\WINDOWS\SysWow64\nlmproxy.dll
2013-02-02 08:39:34 12288 ----a-w- C:\WINDOWS\SysWow64\nlmsprep.dll
2013-02-02 08:39:33 115712 ----a-w- C:\WINDOWS\SysWow64\netprofm.dll
2013-02-02 08:39:28 5090816 ----a-w- C:\WINDOWS\SysWow64\mstscax.dll
2013-02-02 08:39:15 157696 ----a-w- C:\WINDOWS\SysWow64\mbsmsapi.dll
2013-02-02 08:38:54 567808 ----a-w- C:\WINDOWS\SysWow64\duser.dll
2013-02-02 08:24:19 107520 ----a-w- C:\WINDOWS\System32\taskkill.exe
2013-02-02 08:24:19 102400 ----a-w- C:\WINDOWS\System32\tasklist.exe
2013-02-02 08:23:44 228352 ----a-w- C:\WINDOWS\System32\XpsRasterService.dll
2013-02-02 08:23:43 475136 ----a-w- C:\WINDOWS\System32\WWanAPI.dll
2013-02-02 08:23:37 611840 ----a-w- C:\WINDOWS\System32\wpd_ci.dll
2013-02-02 08:23:37 105472 ----a-w- C:\WINDOWS\System32\wpdbusenum.dll
2013-02-02 08:23:30 830464 ----a-w- C:\WINDOWS\System32\wbem\WmiPrvSD.dll
2013-02-02 08:23:28 543232 ----a-w- C:\WINDOWS\System32\wlroamextension.dll
2013-02-02 08:23:21 13643264 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2013-02-02 08:23:19 293376 ----a-w- C:\WINDOWS\System32\Windows.Networking.Connectivity.dll
2013-02-02 08:23:18 731648 ----a-w- C:\WINDOWS\System32\win32spl.dll
2013-02-02 08:23:16 87552 ----a-w- C:\WINDOWS\System32\wersvc.dll
2013-02-02 08:22:28 448512 ----a-w- C:\WINDOWS\System32\SettingSync.dll
2013-02-02 08:22:22 416256 ----a-w- C:\WINDOWS\System32\schannel.dll
2013-02-02 08:21:45 467456 ----a-w- C:\WINDOWS\System32\netprofmsvc.dll
2013-02-02 08:21:44 385024 ----a-w- C:\WINDOWS\System32\ncsi.dll
2013-02-02 08:21:38 5977600 ----a-w- C:\WINDOWS\System32\mstscax.dll
2013-02-02 08:21:10 225280 ----a-w- C:\WINDOWS\System32\mbsmsapi.dll
2013-02-02 08:20:47 260096 ----a-w- C:\WINDOWS\System32\hotspotauth.dll
2013-02-02 08:20:31 729600 ----a-w- C:\WINDOWS\System32\duser.dll
2013-02-02 07:30:05 2706432 ----a-w- C:\WINDOWS\System32\mshtml.tlb
2013-02-02 07:25:52 297984 ----a-w- C:\WINDOWS\System32\drivers\ks.sys
2013-02-02 07:25:26 82944 ----a-w- C:\WINDOWS\System32\drivers\hidclass.sys
2013-02-02 07:25:23 37632 ----a-w- C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
2013-02-02 05:41:57 1437184 ----a-w- C:\WINDOWS\SysWow64\GdiPlus.dll
2013-02-02 05:31:54 1690624 ----a-w- C:\WINDOWS\System32\GdiPlus.dll
2013-01-29 01:57:05 35232 ----a-w- C:\WINDOWS\System32\drivers\WdBoot.sys
2013-01-28 23:08:22 230904 ----a-w- C:\WINDOWS\System32\drivers\WdFilter.sys
2013-01-14 03:56:14 6967016 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2013-01-12 02:02:34 64624 ----a-w- C:\WINDOWS\System32\drivers\HECIx64.sys
2013-01-10 22:08:16 59440 ----a-w- C:\WINDOWS\System32\drivers\EpfwLWF.sys
2013-01-10 22:08:16 190232 ----a-w- C:\WINDOWS\System32\drivers\epfw.sys
2013-01-10 22:08:14 150616 ----a-w- C:\WINDOWS\System32\drivers\ehdrv.sys
2013-01-10 01:53:32 28904 ----a-w- C:\WINDOWS\System32\drivers\msgpiowin32.sys
2013-01-10 01:40:39 1448168 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2013-01-10 01:40:38 303848 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2013-01-10 01:39:29 194280 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys
.
============= FINISH: 9:56:42.05 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume1
Install Date: 4/6/2013 8:39:05 PM
System Uptime: 4/8/2013 9:14:58 AM (0 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | SABERTOOTH Z77
Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz | LGA1155 | 3501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 215 GiB total, 170.079 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96a-e325-11ce-bfc1-08002be10318}
Description: Standard SATA AHCI Controller
Device ID: PCI\VEN_8086&DEV_1E02&SUBSYS_84CA1043&REV_04\3&11583659&0&FA
Manufacturer: Standard SATA AHCI Controller
Name: Standard SATA AHCI Controller
PNP Device ID: PCI\VEN_8086&DEV_1E02&SUBSYS_84CA1043&REV_04\3&11583659&0&FA
Service: storahci
.
==== System Restore Points ===================
.
RP1: 4/6/2013 8:49:52 PM - a
.
==== Installed Programs ======================
.
ASUS Xonar Essence STX Audio
ESET Smart Security
Holdem Manager 2
Intel(R) Processor Graphics
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
OpenAL
Opera 12.15
PokerStars
PostgreSQL 9.2
Samsung Magician
TableNinja
.
==== Event Viewer Messages From Past Week ========
.
4/7/2013 8:14:25 AM, Error: Schannel [36888] - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.
4/7/2013 4:31:40 PM, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
4/7/2013 4:29:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/7/2013 4:28:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "Unavailable" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
4/7/2013 4:28:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "Unavailable" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
4/7/2013 4:28:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/7/2013 4:19:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/7/2013 4:12:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
4/7/2013 4:03:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server: {7022A3B3-D004-4F52-AF11-E9E987FEE25F}
4/7/2013 4:03:05 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/7/2013 4:03:03 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
4/7/2013 4:03:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/6/2013 9:10:12 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070103: Intel driver update for Intel(R) Management Engine Interface.
4/6/2013 8:36:31 PM, Error: Service Control Manager [7023] - The Network List Service service terminated with the following error: The device is not ready.
4/6/2013 8:36:31 PM, Error: Service Control Manager [7023] - The IP Helper service terminated with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/6/2013 8:36:20 PM, Error: volmgr [46] - Crash dump initialization failed!
4/6/2013 10:01:17 PM, Error: Service Control Manager [7022] - The AD Blocker Service service hung on starting.
.
==== End Of File ===========================
GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-04-07 16:26:48
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003c SAMSUNG_SSD_830_Series rev.CXM03B1Q 238.47GB
Running: gmer.exe; Driver: C:\Users\x\AppData\Local\Temp\kwloipob.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[804] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f8e7a41532 4 bytes [A4, E7, F8, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[804] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f8e7a4153a 4 bytes [A4, E7, F8, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[804] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f8e7a4165a 4 bytes [A4, E7, F8, 07]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [464:1516] fffff960008415e8
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -2126526724
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8F0DEEF3-4076-41E9-8B8C-3898CC5C5213}@LeaseObtainedTime 1365376441
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8F0DEEF3-4076-41E9-8B8C-3898CC5C5213}@T1 1365376501
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8F0DEEF3-4076-41E9-8B8C-3898CC5C5213}@T2 1365452041
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8F0DEEF3-4076-41E9-8B8C-3898CC5C5213}@LeaseTerminatesTime 1365462841
---- EOF - GMER 2.1 ----
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16519
Run by x at 9:56:37 on 2013-04-08
AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe
C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\taskhostex.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\taskhost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mStart Page = about:blank
mLocal Page = about:blank
mWindow Title = Microsoft Internet Explorer
mDefault_Page_URL = about:blank
StartupFolder: C:\Users\x\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~1.LNK - C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{8F0DEEF3-4076-41E9-8B8C-3898CC5C5213} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{8F0DEEF3-4076-41E9-8B8C-3898CC5C5213} : DHCPNameServer = 192.168.1.254
SSODL: WebCheck - <orphaned>
x64-Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
x64-Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\WINDOWS\System32\Drivers\epfwwfp.sys [2013-2-20 58416]
R1 eamonm;eamonm;C:\WINDOWS\System32\Drivers\eamonm.sys [2013-2-20 213416]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\WINDOWS\System32\Drivers\EpfwLWF.sys [2013-1-10 59440]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-3-21 1341664]
R2 postgresql-x64-9.2;postgresql-x64-9.2 - PostgreSQL Server 9.2;C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N "postgresql-x64-9.2" -D "C:/Program Files/PostgreSQL/9.2/data" -w --> C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N postgresql-x64-9.2 [?]
R3 cmudaxp;ASUS Xonar Essence STX Audio Interface;C:\WINDOWS\System32\Drivers\cmudaxp.sys [2012-12-17 2734080]
RUnknown asdnet;asdnet; [x]
RUnknown asdws;asdws; [x]
SUnknown asdrm;asdrm; [x]
.
=============== File Associations ===============
.
FileExt: .vbs: VBSFile=C:\WINDOWS\SysWow64\WScript.exe "%1" %*
FileExt: .js: jsfile=C:\WINDOWS\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2013-04-08 16:17:36 -------- d-----w- C:\Users\x\AppData\Roaming\ESET
2013-04-08 16:17:36 -------- d-----w- C:\Users\x\AppData\Local\ESET
2013-04-07 23:31:33 -------- d-----w- C:\Program Files\ESET
2013-04-07 21:33:25 187152 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10197.bin
2013-04-07 21:00:07 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-04-07 21:00:07 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-04-07 19:42:40 -------- d-----w- C:\Users\x\AppData\Roaming\postgresql
2013-04-07 18:02:48 -------- d-----w- C:\Users\x\AppData\Local\Opera
2013-04-07 14:43:22 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{73E347F4-C1D7-4173-86BA-E6C62388A2C5}\mpengine.dll
2013-04-07 11:54:20 -------- d-----w- C:\Program Files (x86)\TableNinja
2013-04-07 11:53:44 -------- d-----w- C:\Users\x\AppData\Local\PokerStars
2013-04-07 11:53:38 -------- d-----w- C:\Program Files (x86)\PokerStars
2013-04-07 11:41:57 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-04-07 11:41:01 -------- d-----w- C:\Users\x\AppData\Local\Hold'em_Manager
2013-04-07 11:40:49 778856 ----a-w- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
2013-04-07 11:40:49 35400 ----a-w- C:\WINDOWS\SysWow64\TsWpfWrp.exe
2013-04-07 11:40:49 35400 ----a-w- C:\WINDOWS\System32\TsWpfWrp.exe
2013-04-07 11:40:49 124040 ----a-w- C:\WINDOWS\System32\PresentationCFFRasterizerNative_v0300.dll
2013-04-07 11:40:49 1166440 ----a-w- C:\WINDOWS\System32\PresentationNative_v0300.dll
2013-04-07 11:40:49 102528 ----a-w- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-04-07 07:11:39 -------- d-----w- C:\HM2Archive
2013-04-07 07:11:37 -------- d-----w- C:\Users\x\AppData\Roaming\HEM Data
2013-04-07 07:06:46 -------- d-----w- C:\Users\x\AppData\Local\IsolatedStorage
2013-04-07 07:06:46 -------- d-----w- C:\ProgramData\XHEO INC
2013-04-07 07:06:39 -------- d-----w- C:\Users\x\AppData\Roaming\HoldemManager
2013-04-07 04:52:48 -------- d-----w- C:\Program Files (x86)\Holdem Manager 2
2013-04-07 04:45:54 -------- d-----w- C:\Program Files\PostgreSQL
2013-04-07 04:42:08 -------- d-----w- C:\ProgramData\Samsung
2013-04-07 04:42:08 -------- d-----w- C:\Program Files (x86)\Samsung Magician
2013-04-07 04:42:02 -------- d-----w- C:\Users\x\AppData\Local\Programs
2013-04-07 04:42:00 82944 ----a-w- C:\WINDOWS\SysWow64\dskquota.dll
2013-04-07 04:42:00 109568 ----a-w- C:\WINDOWS\System32\dskquota.dll
2013-04-07 04:40:51 178176 ----a-w- C:\WINDOWS\System32\SystemEventsBrokerServer.dll
2013-04-07 04:38:58 524768 ----a-w- C:\WINDOWS\difxapi.dll
2013-04-07 04:38:58 359424 ----a-w- C:\WINDOWS\System32\CmiInstallResAll64.dll
2013-04-07 04:38:15 -------- d-----w- C:\Program Files (x86)\PSQLINSTALL
2013-04-07 04:26:54 -------- d-----w- C:\Users\x\AppData\Roaming\Anvisoft
2013-04-07 04:26:49 -------- d-----w- C:\ProgramData\Anvisoft
2013-04-07 04:26:46 -------- d-----w- C:\Program Files (x86)\Anvisoft
2013-04-07 04:22:59 11459584 ----a-w- C:\WINDOWS\System32\glcndFilter.dll
2013-04-07 04:11:13 16114176 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-04-07 04:11:12 15541248 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-04-07 04:07:18 282744 ------w- C:\WINDOWS\System32\MpSigStub.exe
2013-04-07 04:07:12 56832 ----a-w- C:\WINDOWS\System32\OpenCL.DLL
2013-04-07 04:07:12 56320 ----a-w- C:\WINDOWS\SysWow64\OpenCL.DLL
2013-04-07 04:07:12 -------- d-----w- C:\Intel
2013-04-07 04:03:14 17888 ----a-w- C:\WINDOWS\SysWow64\msvcr100_clr0400.dll
2013-04-07 04:03:14 17888 ----a-w- C:\WINDOWS\System32\msvcr100_clr0400.dll
2013-04-07 04:01:23 2893824 ----a-w- C:\WINDOWS\System32\msmpeg2vdec.dll
2013-04-07 04:01:23 2400256 ----a-w- C:\WINDOWS\SysWow64\msmpeg2vdec.dll
2013-04-07 04:01:17 144384 ----a-w- C:\WINDOWS\System32\tssdisai.dll
2013-04-07 04:01:17 135680 ----a-w- C:\WINDOWS\System32\appserverai.dll
2013-04-07 04:01:17 126976 ----a-w- C:\WINDOWS\System32\RDWebAI.dll
2013-04-07 04:01:17 122880 ----a-w- C:\WINDOWS\System32\VmHostAI.dll
2013-04-07 04:01:16 148480 ----a-w- C:\WINDOWS\System32\poqexec.exe
2013-04-07 04:01:16 132608 ----a-w- C:\WINDOWS\SysWow64\poqexec.exe
2013-04-07 03:55:41 -------- d-----w- C:\Users\x\AppData\Local\Diagnostics
2013-04-07 03:36:23 -------- d-----w- C:\WINDOWS\Panther
2013-04-07 01:37:12 -------- d--h--w- C:\ESD
.
==================== Find3M ====================
.
2013-04-07 04:39:06 419840 ----a-w- C:\WINDOWS\System32\wrap_oal.dll
2013-04-07 04:39:06 413696 ----a-w- C:\WINDOWS\SysWow64\wrap_oal.dll
2013-04-07 04:39:06 111616 ----a-w- C:\WINDOWS\System32\OpenAL32.dll
2013-04-07 04:39:06 102400 ----a-w- C:\WINDOWS\SysWow64\OpenAL32.dll
2013-03-05 23:07:25 78168 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2013-03-05 23:07:25 692568 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2013-03-02 08:22:18 361984 ----a-w- C:\WINDOWS\SysWow64\MFMediaEngine.dll
2013-03-02 02:44:30 468992 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll
2013-02-20 18:07:40 58416 ----a-w- C:\WINDOWS\System32\drivers\epfwwfp.sys
2013-02-20 18:07:38 213416 ----a-w- C:\WINDOWS\System32\drivers\eamonm.sys
2013-02-15 07:58:59 39936 ----a-w- C:\WINDOWS\apppatch\apppatch64\acspecfc.dll
2013-02-15 06:35:40 444416 ----a-w- C:\WINDOWS\apppatch\AcSpecfc.dll
2013-02-12 01:30:04 44032 ----a-w- C:\WINDOWS\SysWow64\UXInit.dll
2013-02-12 00:56:19 53760 ----a-w- C:\WINDOWS\System32\UXInit.dll
2013-02-12 00:25:18 4041728 ----a-w- C:\WINDOWS\System32\win32k.sys
2013-02-12 00:17:50 20992 ----a-w- C:\WINDOWS\System32\drivers\usb8023.sys
2013-02-07 04:09:56 69864 ----a-w- C:\WINDOWS\System32\drivers\pdc.sys
2013-02-07 03:34:58 10115072 ----a-w- C:\WINDOWS\System32\twinui.dll
2013-02-07 03:33:47 2302464 ----a-w- C:\WINDOWS\System32\authui.dll
2013-02-07 03:33:42 2146816 ----a-w- C:\WINDOWS\System32\actxprxy.dll
2013-02-07 01:34:00 8856576 ----a-w- C:\WINDOWS\SysWow64\twinui.dll
2013-02-07 01:33:03 2033664 ----a-w- C:\WINDOWS\SysWow64\authui.dll
2013-02-07 01:33:01 754176 ----a-w- C:\WINDOWS\SysWow64\actxprxy.dll
2013-02-05 22:31:11 622080 ----a-w- C:\WINDOWS\System32\drivers\srv2.sys
2013-02-05 22:29:09 370688 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb.sys
2013-02-05 22:28:48 247808 ----a-w- C:\WINDOWS\System32\drivers\srvnet.sys
2013-02-05 22:28:36 215552 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb20.sys
2013-02-05 04:58:01 1766912 ----a-w- C:\WINDOWS\SysWow64\wininet.dll
2013-02-05 04:56:33 2877952 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2013-02-05 04:56:27 61440 ----a-w- C:\WINDOWS\SysWow64\iesetup.dll
2013-02-05 04:56:27 109056 ----a-w- C:\WINDOWS\SysWow64\iesysprep.dll
2013-02-05 03:55:27 2706432 ----a-w- C:\WINDOWS\SysWow64\mshtml.tlb
2013-02-05 01:44:50 534528 ----a-w- C:\WINDOWS\SysWow64\uxtheme.dll
2013-02-04 22:39:47 2246656 ----a-w- C:\WINDOWS\System32\wininet.dll
2013-02-04 22:39:39 907776 ----a-w- C:\WINDOWS\System32\uxtheme.dll
2013-02-04 22:38:55 3966464 ----a-w- C:\WINDOWS\System32\jscript9.dll
2013-02-04 22:38:53 136704 ----a-w- C:\WINDOWS\System32\iesysprep.dll
2013-02-02 11:19:44 496872 ----a-w- C:\WINDOWS\System32\drivers\usbhub.sys
2013-02-02 11:19:44 446184 ----a-w- C:\WINDOWS\System32\drivers\USBHUB3.SYS
2013-02-02 11:19:41 329960 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
2013-02-02 11:19:33 61672 ----a-w- C:\WINDOWS\System32\drivers\crashdmp.sys
2013-02-02 10:54:54 1933544 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2013-02-02 10:28:54 993512 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
2013-02-02 10:28:54 2226408 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2013-02-02 08:40:58 375808 ----a-w- C:\WINDOWS\SysWow64\wbem\WmiPrvSE.exe
2013-02-02 08:40:55 80896 ----a-w- C:\WINDOWS\SysWow64\tasklist.exe
2013-02-02 08:40:55 79360 ----a-w- C:\WINDOWS\SysWow64\taskkill.exe
2013-02-02 08:40:36 155136 ----a-w- C:\WINDOWS\SysWow64\XpsRasterService.dll
2013-02-02 08:40:35 370688 ----a-w- C:\WINDOWS\SysWow64\WWanAPI.dll
2013-02-02 08:40:27 131072 ----a-w- C:\WINDOWS\SysWow64\wbem\WmiDcPrv.dll
2013-02-02 08:40:26 410624 ----a-w- C:\WINDOWS\SysWow64\wlroamextension.dll
2013-02-02 08:40:22 197632 ----a-w- C:\WINDOWS\SysWow64\Windows.Networking.Connectivity.dll
2013-02-02 08:40:22 10792448 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2013-02-02 08:40:01 356352 ----a-w- C:\WINDOWS\SysWow64\SettingSync.dll
2013-02-02 08:39:59 325632 ----a-w- C:\WINDOWS\SysWow64\schannel.dll
2013-02-02 08:39:47 18432 ----a-w- C:\WINDOWS\SysWow64\npmproxy.dll
2013-02-02 08:39:34 55296 ----a-w- C:\WINDOWS\SysWow64\nlaapi.dll
2013-02-02 08:39:34 15872 ----a-w- C:\WINDOWS\SysWow64\nlmproxy.dll
2013-02-02 08:39:34 12288 ----a-w- C:\WINDOWS\SysWow64\nlmsprep.dll
2013-02-02 08:39:33 115712 ----a-w- C:\WINDOWS\SysWow64\netprofm.dll
2013-02-02 08:39:28 5090816 ----a-w- C:\WINDOWS\SysWow64\mstscax.dll
2013-02-02 08:39:15 157696 ----a-w- C:\WINDOWS\SysWow64\mbsmsapi.dll
2013-02-02 08:38:54 567808 ----a-w- C:\WINDOWS\SysWow64\duser.dll
2013-02-02 08:24:19 107520 ----a-w- C:\WINDOWS\System32\taskkill.exe
2013-02-02 08:24:19 102400 ----a-w- C:\WINDOWS\System32\tasklist.exe
2013-02-02 08:23:44 228352 ----a-w- C:\WINDOWS\System32\XpsRasterService.dll
2013-02-02 08:23:43 475136 ----a-w- C:\WINDOWS\System32\WWanAPI.dll
2013-02-02 08:23:37 611840 ----a-w- C:\WINDOWS\System32\wpd_ci.dll
2013-02-02 08:23:37 105472 ----a-w- C:\WINDOWS\System32\wpdbusenum.dll
2013-02-02 08:23:30 830464 ----a-w- C:\WINDOWS\System32\wbem\WmiPrvSD.dll
2013-02-02 08:23:28 543232 ----a-w- C:\WINDOWS\System32\wlroamextension.dll
2013-02-02 08:23:21 13643264 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2013-02-02 08:23:19 293376 ----a-w- C:\WINDOWS\System32\Windows.Networking.Connectivity.dll
2013-02-02 08:23:18 731648 ----a-w- C:\WINDOWS\System32\win32spl.dll
2013-02-02 08:23:16 87552 ----a-w- C:\WINDOWS\System32\wersvc.dll
2013-02-02 08:22:28 448512 ----a-w- C:\WINDOWS\System32\SettingSync.dll
2013-02-02 08:22:22 416256 ----a-w- C:\WINDOWS\System32\schannel.dll
2013-02-02 08:21:45 467456 ----a-w- C:\WINDOWS\System32\netprofmsvc.dll
2013-02-02 08:21:44 385024 ----a-w- C:\WINDOWS\System32\ncsi.dll
2013-02-02 08:21:38 5977600 ----a-w- C:\WINDOWS\System32\mstscax.dll
2013-02-02 08:21:10 225280 ----a-w- C:\WINDOWS\System32\mbsmsapi.dll
2013-02-02 08:20:47 260096 ----a-w- C:\WINDOWS\System32\hotspotauth.dll
2013-02-02 08:20:31 729600 ----a-w- C:\WINDOWS\System32\duser.dll
2013-02-02 07:30:05 2706432 ----a-w- C:\WINDOWS\System32\mshtml.tlb
2013-02-02 07:25:52 297984 ----a-w- C:\WINDOWS\System32\drivers\ks.sys
2013-02-02 07:25:26 82944 ----a-w- C:\WINDOWS\System32\drivers\hidclass.sys
2013-02-02 07:25:23 37632 ----a-w- C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
2013-02-02 05:41:57 1437184 ----a-w- C:\WINDOWS\SysWow64\GdiPlus.dll
2013-02-02 05:31:54 1690624 ----a-w- C:\WINDOWS\System32\GdiPlus.dll
2013-01-29 01:57:05 35232 ----a-w- C:\WINDOWS\System32\drivers\WdBoot.sys
2013-01-28 23:08:22 230904 ----a-w- C:\WINDOWS\System32\drivers\WdFilter.sys
2013-01-14 03:56:14 6967016 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2013-01-12 02:02:34 64624 ----a-w- C:\WINDOWS\System32\drivers\HECIx64.sys
2013-01-10 22:08:16 59440 ----a-w- C:\WINDOWS\System32\drivers\EpfwLWF.sys
2013-01-10 22:08:16 190232 ----a-w- C:\WINDOWS\System32\drivers\epfw.sys
2013-01-10 22:08:14 150616 ----a-w- C:\WINDOWS\System32\drivers\ehdrv.sys
2013-01-10 01:53:32 28904 ----a-w- C:\WINDOWS\System32\drivers\msgpiowin32.sys
2013-01-10 01:40:39 1448168 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2013-01-10 01:40:38 303848 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2013-01-10 01:39:29 194280 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys
.
============= FINISH: 9:56:42.05 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume1
Install Date: 4/6/2013 8:39:05 PM
System Uptime: 4/8/2013 9:14:58 AM (0 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | SABERTOOTH Z77
Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz | LGA1155 | 3501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 215 GiB total, 170.079 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96a-e325-11ce-bfc1-08002be10318}
Description: Standard SATA AHCI Controller
Device ID: PCI\VEN_8086&DEV_1E02&SUBSYS_84CA1043&REV_04\3&11583659&0&FA
Manufacturer: Standard SATA AHCI Controller
Name: Standard SATA AHCI Controller
PNP Device ID: PCI\VEN_8086&DEV_1E02&SUBSYS_84CA1043&REV_04\3&11583659&0&FA
Service: storahci
.
==== System Restore Points ===================
.
RP1: 4/6/2013 8:49:52 PM - a
.
==== Installed Programs ======================
.
ASUS Xonar Essence STX Audio
ESET Smart Security
Holdem Manager 2
Intel(R) Processor Graphics
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
OpenAL
Opera 12.15
PokerStars
PostgreSQL 9.2
Samsung Magician
TableNinja
.
==== Event Viewer Messages From Past Week ========
.
4/7/2013 8:14:25 AM, Error: Schannel [36888] - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.
4/7/2013 4:31:40 PM, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
4/7/2013 4:29:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/7/2013 4:28:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "Unavailable" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
4/7/2013 4:28:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "Unavailable" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
4/7/2013 4:28:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/7/2013 4:19:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/7/2013 4:12:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
4/7/2013 4:03:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server: {7022A3B3-D004-4F52-AF11-E9E987FEE25F}
4/7/2013 4:03:05 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/7/2013 4:03:03 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
4/7/2013 4:03:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/6/2013 9:10:12 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070103: Intel driver update for Intel(R) Management Engine Interface.
4/6/2013 8:36:31 PM, Error: Service Control Manager [7023] - The Network List Service service terminated with the following error: The device is not ready.
4/6/2013 8:36:31 PM, Error: Service Control Manager [7023] - The IP Helper service terminated with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/6/2013 8:36:20 PM, Error: volmgr [46] - Crash dump initialization failed!
4/6/2013 10:01:17 PM, Error: Service Control Manager [7022] - The AD Blocker Service service hung on starting.
.
==== End Of File ===========================