TechSpot

Win64/Patched.A.Gen trojan

Solved
By shane grant
Sep 30, 2012
  1. My eset keeps reporting variations of win64 like conedex, sirefef.ap, ba. really nedd some help to remove them. thanks in advance
     
  2. shane grant

    shane grant TS Rookie Topic Starter Posts: 36

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.09.30.06

    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    vernal :: VERNAL-PC [administrator]

    9/30/2012 7:05:01 PM
    mbam-log-2012-09-30 (19-11-53).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 213916
    Time elapsed: 6 minute(s), 19 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\vernal\Local Settings\Application Data\WideSearch\wsearch.exe (Adware.Kraddare) -> No action taken.

    (end)
     
  3. shane grant

    shane grant TS Rookie Topic Starter Posts: 36

    Gmer did not create a log
     
  4. shane grant

    shane grant TS Rookie Topic Starter Posts: 36

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385
    Run by vernal at 20:51:58 on 2012-09-30
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1979.742 [GMT -5:00]
    .
    AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
    SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Windows\system32\lxczcoms.exe
    C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Users\vernal\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Users\vernal\AppData\Local\GetBooks\GetBooks.exe
    C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
    C:\Users\vernal\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Users\vernal\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\vernal\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\vernal\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\vernal\AppData\Local\Google\Chrome\Application\chrome.exe
    "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
    C:\Users\vernal\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com
    mDefault_Page_URL = hxxp://www.yahoo.com
    mStart Page = hxxp://www.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarTlbr.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [Google Update] "C:\Users\vernal\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [cdloader] "C:\Users\vernal\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
    uRun: [GetBooks] "C:\Users\vernal\AppData\Local\GetBooks\GetBooks.exe" 6c6146100970226125bcf29f895ef6ba
    uRun: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
    uRun: [WideSearch] C:\Users\vernal\AppData\Local\WideSearch\wsearch.exe
    mRun: [<NO NAME>]
    mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [NPSStartup]
    StartupFolder: C:\Users\vernal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\vernal\AppData\Roaming\Dropbox\bin\Dropbox.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    TCP: DhcpNameServer = 65.183.0.76 65.183.0.86
    TCP: Interfaces\{2361B0EB-5D07-4ACB-90AA-58BBFFEE8F8D} : DhcpNameServer = 65.183.0.76 65.183.0.86
    TCP: Interfaces\{2361B0EB-5D07-4ACB-90AA-58BBFFEE8F8D}\355707562775966496F54454B414C40275962756C656373702A416D616963616 : DhcpNameServer = 10.1.96.1 172.16.1.26 172.16.1.27
    TCP: Interfaces\{2361B0EB-5D07-4ACB-90AA-58BBFFEE8F8D}\4656661657C647 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{2361B0EB-5D07-4ACB-90AA-58BBFFEE8F8D}\762716E647 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{2E823465-2CA7-4292-B74D-1F5B85E8AD55} : DhcpNameServer = 10.0.0.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll
    BHO-X64: Babylon toolbar helper - No File
    BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarTlbr.dll
    TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [(Default)]
    mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [NPSStartup]
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\vernal\AppData\Roaming\Mozilla\Firefox\Profiles\rlvnub9f.default\
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\9\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Users\vernal\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=98f5492800000000000070f1a1d13d64&q=
    FF - user.js: extensions.BabylonToolbar.id - 98f5492800000000000070f1a1d13d64
    FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
    FF - user.js: extensions.BabylonToolbar.instlDay - 15603
    FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
    FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1216:59:42
    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar.tlbrId - base
    FF - user.js: extensions.BabylonToolbar.instlRef - sst
    FF - user.js: extensions.BabylonToolbar.dfltLng - en
    FF - user.js: extensions.BabylonToolbar.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.admin - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=116107&tt=270912_ctrl2_3912_1
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar.autoRvrt - false
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-4-27 98208]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-9-11 735960]
    R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]
    R2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-6-24 91456]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-3 136176]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-9-19 250288]
    S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]
    S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-3 136176]
    S3 HP8107Fltr;HP-HP8107;C:\Windows\system32\DRIVERS\HP8107.sys --> C:\Windows\system32\DRIVERS\HP8107.sys [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-19 114144]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-4-27 225280]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.Sys [2012-9-26 16448]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-10-01 00:02:28--------d-----w-C:\Users\vernal\AppData\Roaming\Malwarebytes
    2012-10-01 00:02:12--------d-----w-C:\ProgramData\Malwarebytes
    2012-10-01 00:02:1125928----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-10-01 00:02:11--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-30 02:42:35--------d-sh--w-C:\Windows\SysWow64\%APPDATA%
    2012-09-30 02:29:07--------d-----w-C:\Users\vernal\AppData\Local\WideSearch
    2012-09-27 20:35:39--------d-----w-C:\Users\vernal\AppData\Local\PopCap Games
    2012-09-27 05:48:05--------d-----w-C:\Program Files (x86)\Bejeweled Blitz
    2012-09-27 04:54:23--------d-----w-C:\Users\vernal\AppData\Local\GameHouse
    2012-09-27 04:54:20--------d-----w-C:\ProgramData\Trymedia
    2012-09-27 04:50:59--------d-----w-C:\Program Files (x86)\Bejeweled 3
    2012-09-27 03:43:00--------d-----w-C:\Users\vernal\AppData\Roaming\Gamers Digital
    2012-09-27 03:43:00--------d-----w-C:\ProgramData\Gamers Digital
    2012-09-27 03:34:32--------d-----w-C:\Program Files (x86)\Making Mr. Right
    2012-09-26 22:09:1819016----a-w-C:\Windows\System32\drivers\sscdmdfl.sys
    2012-09-26 22:09:18172104----a-w-C:\Windows\System32\drivers\sscdmdm.sys
    2012-09-26 22:09:1815944----a-w-C:\Windows\System32\drivers\sscdwhnt.sys
    2012-09-26 22:09:1815944----a-w-C:\Windows\System32\drivers\sscdwh.sys
    2012-09-26 22:09:1815432----a-w-C:\Windows\System32\drivers\sscdcmnt.sys
    2012-09-26 22:09:1815432----a-w-C:\Windows\System32\drivers\sscdcm.sys
    2012-09-26 22:09:18136264----a-w-C:\Windows\System32\drivers\sscdbus.sys
    2012-09-26 22:06:4325960----a-w-C:\Windows\SysWow64\FsExService64.Exe
    2012-09-26 22:06:4316448----a-w-C:\Windows\SysWow64\drivers\TFsExDisk.Sys
    2012-09-26 22:06:4216448----a-w-C:\Windows\System32\drivers\TFsExDisk.sys
    2012-09-26 22:06:4125960----a-w-C:\Windows\System32\FsExService64.exe
    2012-09-26 22:05:49--------d-----w-C:\Users\vernal\AppData\Roaming\Samsung
    2012-09-26 22:04:40--------d-----w-C:\Program Files (x86)\MarkAny
    2012-09-26 22:03:33--------d-----w-C:\Program Files (x86)\Samsung
    2012-09-26 21:55:57--------d-----w-C:\Program Files\SAMSUNG
    2012-09-26 21:55:05--------d-----w-C:\ProgramData\Samsung
    2012-09-26 08:31:509308616----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B7335E3A-7B40-4A1D-A5BB-11324A4C34A5}\mpengine.dll
    2012-09-20 21:59:40--------d-----w-C:\Program Files (x86)\BabylonToolbar
    2012-09-19 22:30:0873136----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-19 22:30:08696240----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-09-17 05:37:08--------d-----w-C:\Users\vernal\AppData\Roaming\Elephant Games
    2012-09-17 05:37:08--------d-----w-C:\ProgramData\Elephant Games
    2012-09-17 04:35:27--------d-----w-C:\ProgramData\Fugazo
    2012-09-17 04:23:02--------d-----w-C:\Program Files (x86)\bfgclient
    2012-09-17 04:16:28--------d-----w-C:\BigFishGamesCache
    2012-09-13 12:34:33--------d-----w-C:\Users\vernal\AppData\Local\Research In Motion
    2012-09-13 12:34:26--------d-----w-C:\Users\vernal\AppData\Roaming\Research In Motion
    2012-09-13 03:14:03--------d-----w-C:\Windows\SysWow64\Extensions
    2012-09-13 03:14:02--------d-----w-C:\Windows\SysWow64\searchplugins
    2012-09-13 03:13:59--------d-----w-C:\ProgramData\Browser Manager
    2012-09-13 03:13:55--------d-----w-C:\Users\vernal\AppData\Roaming\BabylonToolbar
    2012-09-13 03:12:59--------d-----w-C:\Users\vernal\AppData\Local\GetBooks
    2012-09-13 03:12:38--------d-----w-C:\Users\vernal\AppData\Roaming\Babylon
    2012-09-13 03:12:38--------d-----w-C:\ProgramData\Babylon
    2012-09-12 01:45:32--------d-----w-C:\Users\vernal\AppData\Roaming\GamesCafe
    2012-09-11 22:47:33--------d-----w-C:\Users\vernal\AppData\Roaming\MumboJumbo
    2012-09-11 22:27:52--------d-----w-C:\ProgramData\SnowGlobe
    2012-09-11 22:26:20--------d-----w-C:\Program Files (x86)\Games
    2012-09-09 22:29:10--------d-----w-C:\Users\vernal\AppData\Roaming\URSE Games
    2012-09-09 04:03:44--------d-----w-C:\Program Files\Governor of Poker 2 PE
    2012-09-03 13:46:01--------d-----w-C:\Users\vernal\AppData\Roaming\Boolat Games
    2012-09-03 03:27:59--------d-----w-C:\ProgramData\SugarGames
    2012-09-02 00:21:0344032----a-w-C:\Windows\System32\drivers\RimSerial_AMD64.sys
    2012-09-02 00:20:27--------d-----w-C:\ProgramData\Research In Motion
    2012-09-02 00:20:00--------d-----w-C:\Program Files (x86)\Common Files\XCPCSync.OEM
    2012-09-02 00:20:00--------d-----w-C:\Program Files (x86)\Common Files\Research In Motion
    2012-09-02 00:19:59--------d-----w-C:\Program Files (x86)\Research In Motion
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 20:52:29.20 ===============
     
  5. shane grant

    shane grant TS Rookie Topic Starter Posts: 36

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/9/2010 10:10:23 PM
    System Uptime: 9/30/2012 7:40:31 PM (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 1484
    Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz | CPU | 2194/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 218 GiB total, 83.163 GiB free.
    D: is FIXED (NTFS) - 14 GiB total, 2.352 GiB free.
    E: is FIXED (FAT32) - 0 GiB total, 0.09 GiB free.
    F: is CDROM ()
    G: is CDROM (UDF)
    H: is CDROM ()
    I: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: epfwwfpr
    Device ID: ROOT\LEGACY_EPFWWFPR\0000
    Manufacturer:
    Name: epfwwfpr
    PNP Device ID: ROOT\LEGACY_EPFWWFPR\0000
    Service: epfwwfpr
    .
    ==== System Restore Points ===================
    .
    RP320: 9/16/2012 12:44:13 AM - Scheduled Checkpoint
    RP321: 9/19/2012 8:10:54 PM - HPSF Restore Point
    RP322: 9/26/2012 5:01:14 PM - Installed Samsung New PC Studio
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    µTorrent
    7-Zip 9.20
    Acrobat.com
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Digital Editions
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.2 MUI
    Adobe Shockwave Player
    Adobe Shockwave Player 11.6
    AGEIA PhysX v7.07.09
    Apple Application Support
    Apple Software Update
    AVS Video Converter 6
    AVS4YOU Software Navigator 1.3
    Babylon toolbar on IE
    BabylonObjectInstaller
    Bejeweled 2 Deluxe 1.1
    Bejeweled 3
    Bejeweled Blitz
    Big Fish Games: Game Manager
    BlackBerry Desktop Software 7.1
    CASHFLOW® 202 THE E-GAME
    CASHFLOW® THE E-GAME
    Cheat Engine 6.1
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    CodeBlocks
    Crystal Reports Basic for Visual Studio 2008
    CyberLink DVD Suite
    CyberLink MediaShow
    CyberLink PowerDVD 8
    CyberLink PowerProducer
    CyberLink YouCam
    D3DX10
    Dropbox
    EA Download Manager
    ESU for Microsoft Windows 7
    FIFA 11
    Google Chrome
    Google Earth Plug-in
    Google Update Helper
    Governor of Poker 2 PE 1.0
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
    Hoyle Puzzle and Board Games 2011 (remove only)
    HP Advisor
    HP Customer Experience Enhancements
    HP Games
    HP Setup
    HP Smart Web Printing
    HP Software Framework
    HP Support Assistant
    HP Update
    HP User Guides 0178
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    Intel(R) Control Center
    Intel(R) Graphics Media Accelerator Driver
    Java Auto Updater
    Java(TM) 6 Update 24
    Java(TM) SE Development Kit 6 Update 23
    Junk Mail filter update
    LabelPrint
    Madden NFL 08
    MagicDisc 2.7.106
    magicJack
    Making Mr. Right
    Malwarebytes Anti-Malware version 1.65.0.1400
    Medal of Honor Pacific Assault(tm)
    MergeModules
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Compact Framework 2.0 SP2
    Microsoft .NET Compact Framework 3.5
    Microsoft Application Error Reporting
    Microsoft Document Explorer 2008
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2010
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    Microsoft Office Visual Web Developer 2007
    Microsoft Office Visual Web Developer MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Report Viewer Redistributable 2008 (KB971119)
    Microsoft Report Viewer Redistributable 2008 SP1
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server 2008 R2 Setup (English)
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server Browser
    Microsoft SQL Server Compact 3.5 Design Tools ENU
    Microsoft SQL Server Compact 3.5 for Devices ENU
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Database Publishing Wizard 1.2
    Microsoft SQL Server Setup Support Files (English)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Microsoft Visual Studio 2008 Professional Edition - ENU
    Microsoft Visual Studio Tools for Applications 2.0 - ENU
    Microsoft Visual Studio Web Authoring Component
    Microsoft WSE 3.0 Runtime
    MotoConnect 1.1.31
    Mozilla Firefox 15.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee Reveal
    Nero 7 Ultra Edition
    neroxml
    Norton Online Backup
    Power2Go
    PowerDirector
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek Ethernet Controller Driver For Windows 7
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    REALTEK Wireless LAN Software
    RealUpgrade 1.1
    Recovery Manager
    Sally's Studio Collector's Edition 1.00
    Samsung New PC Studio
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553074)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2464583)
    Security Update for Microsoft Office Groove 2007 (KB2494047)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Skype Toolbars
    Skype™ 5.10
    TextPad 5
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2586924)
    Update Installer for WildTangent Games App
    VC Runtimes MSI
    Visual Studio 2005 Tools for Office Second Edition Runtime
    Visual Studio Tools for the Office system 3.0 Runtime
    VLC media player 0.9.9
    WildTangent Games
    WildTangent Games App
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    Windows Mobile 5.0 SDK R2 for Pocket PC
    Windows Mobile 5.0 SDK R2 for Smartphone
    XviD MPEG-4 Video Codec
    Yahoo! Messenger
    Yahoo! Software Update
    YouTube Downloader 3.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/30/2012 7:43:44 PM, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.
    9/30/2012 7:41:28 PM, Error: Service Control Manager [7003] -
    9/30/2012 7:17:27 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom2.
    9/30/2012 3:56:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    9/30/2012 3:52:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    9/30/2012 3:52:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    9/30/2012 2:19:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    9/30/2012 2:19:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    9/30/2012 2:19:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    9/30/2012 2:19:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    9/30/2012 2:18:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    9/30/2012 2:18:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    9/28/2012 11:09:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}
    9/23/2012 9:23:23 AM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom1.
    .
    ==== End Of File ===========================
     
  6. shane grant

    shane grant TS Rookie Topic Starter Posts: 36

    Looking forward to getting this problem solved thanks in advance
     
  7. Broni

    Broni Malware Annihilator Posts: 47,647   +267

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===========================================

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
     
  8. shane grant

    shane grant TS Rookie Topic Starter Posts: 36

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-09-2012 01
    Ran by SYSTEM at 30-09-2012 22:11:40
    Running from I:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2046760 2010-02-05] (Synaptics Incorporated)
    HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6160928 2010-01-29] (Realtek Semiconductor)
    HKLM\...\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe [995840 2010-01-12] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [2716216 2009-09-11] (ESET)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
    HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-01] (Research In Motion Limited)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [NPSStartup] [x]
    HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
    HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
    HKU\vernal\...\Run: [Google Update] "C:\Users\vernal\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-09-15] (Google Inc.)
    HKU\vernal\...\Run: [cdloader] "C:\Users\vernal\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK [50592 2011-08-23] (magicJack L.P.)
    HKU\vernal\...\Run: [GetBooks] "C:\Users\vernal\AppData\Local\GetBooks\GetBooks.exe" 6c6146100970226125bcf29f895ef6ba [2943058 2012-09-12] ()
    HKU\vernal\...\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
    HKU\vernal\...\Run: [WideSearch] C:\Users\vernal\AppData\Local\WideSearch\wsearch.exe [x]
    Tcpip\Parameters: [DhcpNameServer] 65.183.0.76 65.183.0.86
    Startup: C:\Users\vernal\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)

    ==================== Services (Whitelisted) ===================

    3 EhttpSrv; "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" [23296 2009-09-11] (ESET)
    2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [735960 2009-09-11] (ESET)
    2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] ()
    2 lxcz_device; C:\Windows\system32\lxczcoms.exe -service [566192 2007-04-19] ( )
    2 lxcz_device; C:\Windows\SysWow64\lxczcoms.exe -service [537520 2007-04-19] ( )
    2 MotoConnect Service; C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [91456 2010-06-24] ()
    3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [271920 2007-03-12] (Nero AG)
    2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-06] ()

    ==================== Drivers (Whitelisted) =====================

    2 eamon; C:\Windows\System32\Drivers\eamon.sys [144824 2009-09-11] (ESET)
    1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [136584 2009-09-11] (ESET)
    2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [123200 2009-09-11] (ESET)
    3 HP8107Fltr; C:\Windows\System32\DRIVERS\HP8107.sys [13824 2010-02-04] (Windows (R) Win 7 DDK provider)

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-09-30 19:03 - 2012-09-30 19:04 - 01456149 ____A (Farbar) C:\Users\vernal\Downloads\FRST64.exe
    2012-09-30 17:48 - 2012-09-30 17:49 - 00302592 ____A C:\Users\vernal\Desktop\1wn4qflt.exe
    2012-09-30 17:09 - 2012-09-30 17:10 - 00607260 ____R (Swearware) C:\Users\vernal\Desktop\dds.com
    2012-09-30 16:24 - 2012-09-30 17:50 - 00000000 ____A C:\Users\vernal\Desktop\gmer.log
    2012-09-30 16:21 - 2012-09-30 16:21 - 00302592 ____A C:\Users\vernal\Downloads\xj98blnt.exe
    2012-09-30 16:02 - 2012-09-30 16:02 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-30 16:02 - 2012-09-30 16:02 - 00000000 ____D C:\Users\vernal\AppData\Roaming\Malwarebytes
    2012-09-30 16:02 - 2012-09-30 16:02 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-09-30 16:02 - 2012-09-30 16:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-30 16:02 - 2012-09-07 14:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-30 15:49 - 2012-09-30 15:52 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\vernal\Downloads\mbam-setup-1.65.0.1400.exe
    2012-09-29 18:42 - 2012-09-29 18:42 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-09-29 18:34 - 2012-09-29 18:34 - 00324259 ____A C:\Users\vernal\Desktop\Salem Falls.epub
    2012-09-29 18:30 - 2012-09-29 18:30 - 00519522 ____A C:\Users\vernal\Desktop\The Litigators .epub
    2012-09-29 18:29 - 2012-09-30 16:16 - 00000000 ____D C:\Users\vernal\AppData\Local\WideSearch
    2012-09-29 18:28 - 2012-09-29 18:29 - 01689682 ____A C:\Users\vernal\Downloads\Salem Falls.exe
    2012-09-29 18:24 - 2012-09-29 18:27 - 01689682 ____A C:\Users\vernal\Downloads\The Litigators.exe
    2012-09-27 14:16 - 2012-09-27 16:38 - 00013766 ____A C:\Users\vernal\Downloads\SHANEFBLIST.xlsx
    2012-09-27 12:35 - 2012-09-27 12:35 - 00000000 ____D C:\Users\vernal\AppData\Local\PopCap Games
    2012-09-26 21:48 - 2012-09-26 21:48 - 00001912 ____A C:\Users\vernal\Desktop\Bejeweled Blitz.lnk
    2012-09-26 21:48 - 2012-09-26 21:48 - 00000000 ____D C:\Program Files (x86)\Bejeweled Blitz
    2012-09-26 20:54 - 2012-09-26 20:54 - 00000000 ____D C:\Users\vernal\AppData\Local\GameHouse
    2012-09-26 20:54 - 2012-09-26 20:54 - 00000000 ____D C:\Users\All Users\Trymedia
    2012-09-26 20:51 - 2012-09-26 20:51 - 00001004 ____A C:\Users\vernal\Desktop\Bejeweled 3.lnk
    2012-09-26 20:50 - 2012-09-26 20:51 - 00000000 ____D C:\Program Files (x86)\Bejeweled 3
    2012-09-26 20:32 - 2012-09-26 21:02 - 57709350 ____A C:\Users\vernal\Downloads\Bejeweled Blitz Setup.exe
    2012-09-26 20:31 - 2012-09-26 20:31 - 00018045 ____A C:\Users\vernal\Downloads\[kat.ph]pc.bejeweled.blitz.full.game.torrent
    2012-09-26 20:30 - 2012-09-26 20:39 - 00000000 ____D C:\Users\vernal\Downloads\Bejeweled 3 {Full-Game} {blaze69}
    2012-09-26 20:29 - 2012-09-26 20:29 - 00017155 ____A C:\Users\vernal\Downloads\[kat.ph]bejeweled.3.full.game.blaze69.torrent
    2012-09-26 20:27 - 2012-09-26 20:27 - 00016729 ____A C:\Users\vernal\Downloads\[isoHunt] 6841A2F13B9C03301CE02F8F7D46CCB305977C02.torrent
    2012-09-26 19:43 - 2012-09-26 19:43 - 00000000 ____D C:\Users\vernal\AppData\Roaming\Gamers Digital
    2012-09-26 19:43 - 2012-09-26 19:43 - 00000000 ____D C:\Users\All Users\Gamers Digital
    2012-09-26 19:34 - 2012-09-26 19:34 - 00001945 ____A C:\Users\Public\Desktop\Play Making Mr. Right.lnk
    2012-09-26 19:34 - 2012-09-26 19:34 - 00001262 ____A C:\Users\Public\Desktop\More Great Games.lnk
    2012-09-26 19:34 - 2012-09-26 19:34 - 00000000 ____D C:\Program Files (x86)\Making Mr. Right
    2012-09-26 14:16 - 2012-09-26 14:16 - 00000000 ____D C:\Users\vernal\Documents\NPS
    2012-09-26 14:16 - 2012-09-26 14:16 - 00000000 ____D C:\Users\vernal\Documents\My Art
    2012-09-26 14:11 - 2012-09-26 14:11 - 00002106 ____A C:\Users\Public\Desktop\Samsung New PC Studio.lnk
    2012-09-26 14:09 - 2010-04-26 18:25 - 00172104 ____A (MCCI Corporation) C:\Windows\System32\Drivers\sscdmdm.sys
    2012-09-26 14:09 - 2010-04-26 18:25 - 00136264 ____A (MCCI Corporation) C:\Windows\System32\Drivers\sscdbus.sys
    2012-09-26 14:09 - 2010-04-26 18:25 - 00019016 ____A (MCCI Corporation) C:\Windows\System32\Drivers\sscdmdfl.sys
    2012-09-26 14:09 - 2010-04-26 18:25 - 00015944 ____A (MCCI Corporation) C:\Windows\System32\Drivers\sscdwhnt.sys
    2012-09-26 14:09 - 2010-04-26 18:25 - 00015944 ____A (MCCI Corporation) C:\Windows\System32\Drivers\sscdwh.sys
    2012-09-26 14:09 - 2010-04-26 18:25 - 00015432 ____A (MCCI Corporation) C:\Windows\System32\Drivers\sscdcmnt.sys
    2012-09-26 14:09 - 2010-04-26 18:25 - 00015432 ____A (MCCI Corporation) C:\Windows\System32\Drivers\sscdcm.sys
    2012-09-26 14:06 - 2010-07-04 16:11 - 00025960 ____A (Teruten Inc) C:\Windows\SysWOW64\FsExService64.Exe
    2012-09-26 14:06 - 2010-07-04 16:11 - 00025960 ____A (Teruten Inc) C:\Windows\System32\FsExService64.exe
    2012-09-26 14:06 - 2010-06-14 06:32 - 00016448 ____A (Teruten Inc) C:\Windows\SysWOW64\Drivers\TFsExDisk.Sys
    2012-09-26 14:06 - 2010-06-14 06:32 - 00016448 ____A (Teruten Inc) C:\Windows\System32\Drivers\TFsExDisk.sys
    2012-09-26 14:05 - 2012-09-26 14:05 - 00000000 ____D C:\Users\vernal\Documents\Samsung
    2012-09-26 14:05 - 2012-09-26 14:05 - 00000000 ____D C:\Users\vernal\Documents\My NPS Files
    2012-09-26 14:05 - 2012-09-26 14:05 - 00000000 ____D C:\Users\vernal\AppData\Roaming\Samsung
    2012-09-26 14:04 - 2012-09-26 14:04 - 00000000 ____D C:\Program Files (x86)\MarkAny
    2012-09-26 14:03 - 2012-09-26 14:08 - 00000000 ____D C:\Program Files (x86)\Samsung
    2012-09-26 13:55 - 2012-09-26 13:55 - 00000000 ____D C:\Users\All Users\Samsung
    2012-09-26 13:55 - 2012-09-26 13:55 - 00000000 ____D C:\Program Files\SAMSUNG
    2012-09-26 13:53 - 2012-09-26 13:58 - 173838160 ____A C:\Users\vernal\Downloads\New_PC_Studio_1.5.1.10064_2.exe
    2012-09-26 13:53 - 2012-09-26 13:54 - 12167176 ____A (SAMSUNG Electronics Co., Ltd.) C:\Users\vernal\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
    2012-09-21 14:24 - 2012-09-21 14:24 - 00172494 ____A C:\Users\vernal\Downloads\draught.zip
    2012-09-21 14:24 - 2012-09-21 14:24 - 00118222 ____A C:\Users\vernal\Downloads\draughtmax.zip
    2012-09-20 13:59 - 2012-09-20 14:00 - 00000315 ____A C:\user.js
    2012-09-20 13:59 - 2012-09-20 13:59 - 00000000 ____D C:\Program Files (x86)\BabylonToolbar
    2012-09-20 13:58 - 2012-09-20 13:58 - 02943058 ____A C:\Users\vernal\Downloads\Fifty shades darker.exe
    2012-09-19 14:33 - 2012-09-29 19:59 - 00000000 ____D C:\Users\vernal\Documents\My Digital Editions
    2012-09-19 14:32 - 2012-09-19 14:32 - 05146031 ____A (Adobe Systems, Inc.) C:\Users\vernal\Downloads\setup.exe
    2012-09-19 14:30 - 2012-09-30 18:51 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-09-19 14:30 - 2012-09-20 16:51 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-09-19 14:30 - 2012-09-20 16:51 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-09-19 14:30 - 2012-09-19 14:30 - 00000000 ____D C:\Windows\System32\Macromed
    2012-09-19 14:27 - 2012-09-19 14:27 - 00001094 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-09-19 14:27 - 2012-09-19 14:27 - 00000000 ____D C:\Users\vernal\AppData\Roaming\Mozilla
    2012-09-19 14:27 - 2012-09-19 14:27 - 00000000 ____D C:\Users\vernal\AppData\Local\Mozilla
    2012-09-19 14:27 - 2012-09-19 14:27 - 00000000 ____D C:\Users\All Users\Mozilla
    2012-09-19 14:27 - 2012-09-19 14:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2012-09-19 14:26 - 2012-09-19 14:27 - 17790056 ____A (Mozilla) C:\Users\vernal\Downloads\Firefox Setup 15.0.1.exe
    2012-09-19 14:23 - 2012-09-19 14:23 - 02943058 ____A C:\Users\vernal\Downloads\Fifty Shades Of Grey.exe
    2012-09-19 14:13 - 2012-09-19 14:13 - 00001309 ____A C:\Users\vernal\Downloads\[isoHunt] 261A429367D05361F91B7DBCC0CF51D22EE25BC7.torrent
    2012-09-19 14:12 - 2012-09-19 14:12 - 00001707 ____A C:\Users\vernal\Downloads\[kat.ph]spellbound.falls.by.janet.chapman.pdf.e.book.torrent
    2012-09-19 14:07 - 2012-09-19 14:07 - 02943058 ____A C:\Users\vernal\Downloads\The Postcard Killers.exe
    2012-09-19 14:04 - 2012-09-19 14:04 - 02943058 ____A C:\Users\vernal\Downloads\The Marriage Bargain.exe
    2012-09-16 21:37 - 2012-09-16 21:37 - 00000000 ____D C:\Users\vernal\AppData\Roaming\Elephant Games
    2012-09-16 21:37 - 2012-09-16 21:37 - 00000000 ____D C:\Users\All Users\Elephant Games
    2012-09-16 20:35 - 2012-09-16 20:35 - 00000000 ____D C:\Users\All Users\Fugazo
    2012-09-16 20:30 - 2012-09-16 20:30 - 00000923 ____A C:\Users\Public\Desktop\Game Manager.lnk
    2012-09-16 20:30 - 2012-09-16 20:30 - 00000231 ____A C:\Users\Public\Desktop\More Great Games.url
    2012-09-16 20:23 - 2012-09-16 20:23 - 00000000 ____D C:\Program Files (x86)\bfgclient
    2012-09-16 20:16 - 2012-09-26 21:01 - 00000000 ____D C:\BigFishGamesCache
    2012-09-16 20:16 - 2012-09-16 20:16 - 00233120 ____A (Big Fish Games) C:\Users\vernal\Downloads\boutique-boulevard_s1_l1_gF7367T1L1_d1864163769.exe
    2012-09-16 20:15 - 2012-09-16 20:16 - 00233120 ____A (Big Fish Games) C:\Users\vernal\Downloads\boutique-boulevard_s1_l1_gF7367T1L1_d1864163592.exe
    2012-09-16 11:04 - 2012-09-16 11:04 - 00001974 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
    2012-09-15 20:54 - 2012-09-15 20:54 - 01347066 ____A C:\Users\vernal\Downloads\02.wmv
    2012-09-15 15:18 - 2012-09-15 15:18 - 00114808 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
    2012-09-15 12:32 - 2012-09-15 12:32 - 00114808 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT
    2012-09-15 12:31 - 2012-09-30 16:40 - 00003202 ____A C:\Windows\setupact.log
    2012-09-15 12:31 - 2012-09-15 12:31 - 00000000 ____A C:\Windows\setuperr.log
    2012-09-15 08:02 - 2012-09-15 08:12 - 00000090 ____A C:\Windows\QBChanUtil_Trigger.ini
    2012-09-13 04:43 - 2012-09-13 12:44 - 00013785 ____A C:\ads_err.adt
    2012-09-13 04:43 - 2012-09-13 04:43 - 00004559 ____A C:\ads_err.adm
    2012-09-13 04:43 - 2012-09-13 04:43 - 00003072 ____A C:\ads_err.adi
    2012-09-13 04:37 - 2012-09-13 04:39 - 00000000 ____D C:\Users\vernal\Desktop\blackberry
    2012-09-13 04:37 - 2012-04-29 17:10 - 31803356 ____A C:\Users\vernal\Desktop\XS_Eng.m4v
    2012-09-13 04:37 - 2012-04-29 17:09 - 36879332 ____A C:\Users\vernal\Desktop\Sales_Marketing_Highlights_Eng.m4v
    2012-09-13 04:37 - 2012-04-29 17:09 - 18869378 ____A C:\Users\vernal\Desktop\Double_X_IBO_Eng.m4v
    2012-09-13 04:37 - 2012-04-29 17:09 - 12399909 ____A C:\Users\vernal\Desktop\Double_X_Benefits_Eng.m4v
    2012-09-13 04:36 - 2012-09-13 04:36 - 00000000 ____D C:\Users\vernal\Documents\BlackBerry
    2012-09-13 04:34 - 2012-09-13 12:44 - 00000077 ____A C:\Users\vernal\AppData\Roaming\Rim.DesktopHelper.Exception.log
    2012-09-13 04:34 - 2012-09-13 12:44 - 00000077 ____A C:\Users\vernal\AppData\Roaming\Rim.Desktop.Exception.log
    2012-09-13 04:34 - 2012-09-13 12:41 - 00000000 ____D C:\Users\vernal\AppData\Local\Research In Motion
    2012-09-13 04:34 - 2012-09-13 04:36 - 00000000 ____D C:\Users\vernal\AppData\Roaming\Research In Motion
    2012-09-13 04:34 - 2012-09-13 04:34 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
    2012-09-12 20:38 - 2012-09-12 20:39 - 02943058 ____A C:\Users\vernal\Downloads\Mystical Warrior.exe
    2012-09-12 19:14 - 2012-09-12 19:14 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
    2012-09-12 19:14 - 2012-09-12 19:14 - 00000000 ____D C:\Windows\SysWOW64\Extensions
    2012-09-12 19:13 - 2012-09-19 14:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-09-12 19:13 - 2012-09-12 19:13 - 00000000 ____D C:\Users\vernal\AppData\Roaming\BabylonToolbar
    2012-09-12 19:13 - 2012-09-12 19:13 - 00000000 ____D C:\Users\All Users\Browser Manager
    2012-09-12 19:12 - 2012-09-12 19:12 - 00000000 ____D C:\Users\vernal\AppData\Roaming\Babylon
    2012-09-12 19:12 - 2012-09-12 19:12 - 00000000 ____D C:\Users\vernal\AppData\Local\GetBooks
    2012-09-12 19:12 - 2012-09-12 19:12 - 00000000 ____D C:\Users\All Users\Babylon
    2012-09-12 19:06 - 2012-09-12 19:07 - 02943058 ____A C:\Users\vernal\Downloads\Dragon Warrior.exe
    2012-09-12 16:57 - 2012-09-12 16:57 - 00010946 ____A C:\Users\vernal\Downloads\[isoHunt] Angelica Weaver - Catch Me When You Can Collector’s Edition.rar.torrent
    2012-09-12 16:45 - 2012-09-12 16:45 - 00002231 ____A C:\Users\vernal\Desktop\Sallys Studio.lnk
    2012-09-11 17:45 - 2012-09-11 17:45 - 00004096 ____A C:\Windows\d3dx.dat
    2012-09-11 17:45 - 2012-09-11 17:45 - 00000000 ____D C:\Users\vernal\AppData\Roaming\GamesCafe
    2012-09-11 14:47 - 2012-09-11 14:47 - 00000000 ____D C:\Users\vernal\AppData\Roaming\MumboJumbo
    2012-09-11 14:27 - 2012-09-11 14:37 - 00000000 ____D C:\Users\All Users\SnowGlobe
    2012-09-11 14:26 - 2012-09-11 14:26 - 00000000 ____D C:\Program Files (x86)\Games
    2012-09-10 20:45 - 2012-09-10 21:01 - 110649428 ____A (Games ) C:\Users\vernal\Downloads\Sally's Studio Collector's Edition Wendy.exe
    2012-09-10 20:44 - 2012-09-10 20:44 - 00017298 ____A C:\Users\vernal\Downloads\[isoHunt] Sally's Studio Collector's Edition - New Dash game - Bigfish.exe.torrent
    2012-09-10 16:03 - 2012-09-10 16:03 - 00013278 ____A C:\Users\vernal\Downloads\133386291FA95C7449C10E7E6C564A39BA8847E7.torrent
    2012-09-10 16:01 - 2012-09-10 16:01 - 00000907 ____A C:\Users\Public\Desktop\µTorrent.lnk
    2012-09-09 14:29 - 2012-09-09 14:29 - 00000000 ____D C:\Users\vernal\AppData\Roaming\URSE Games
    2012-09-09 13:28 - 2012-09-09 13:28 - 01007680 ____A (WildTangent) C:\Users\vernal\Downloads\Setup-wildgames!94dc75bd92d3423399090b0e967bcfb5.exe
    2012-09-09 13:24 - 2012-09-10 15:50 - 00002441 ____N C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
    2012-09-09 13:23 - 2012-09-09 13:23 - 01007680 ____A (WildTangent) C:\Users\vernal\Downloads\Setup-snarkbustersbundle-wildgames!985f5d2152a84c91b81c8dd337e7b107.exe
    2012-09-08 20:03 - 2012-09-08 20:03 - 00001002 ____A C:\Users\vernal\Desktop\Governor of Poker 2 Premium Edition.lnk
    2012-09-08 20:03 - 2012-09-08 20:03 - 00000000 ____D C:\Program Files\Governor of Poker 2 PE
    2012-09-08 07:07 - 2012-09-08 07:07 - 04446208 ____A C:\Users\vernal\Downloads\bc87e4b5.avi
    2012-09-03 19:10 - 2012-09-30 16:16 - 00006968 ____A C:\Windows\PFRO.log
    2012-09-03 05:46 - 2012-09-03 05:46 - 00000000 ____D C:\Users\vernal\AppData\Roaming\Boolat Games
    2012-09-02 19:27 - 2012-09-02 19:27 - 00000000 ____D C:\Users\All Users\SugarGames
    2012-09-02 18:43 - 2012-09-02 18:43 - 00233120 ____A (Big Fish Games) C:\Users\vernal\Downloads\wedding-salon_s1_l1_gF6151T1L1_d1851396217.exe
    2012-09-02 13:37 - 2012-09-02 13:37 - 06955968 ____A (Microsoft Corporation) C:\Users\vernal\Downloads\Silverlight (1).exe
    2012-09-01 16:21 - 2012-09-01 16:21 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
    2012-09-01 16:21 - 2011-07-20 10:58 - 00044032 ____A (Research in Motion Ltd) C:\Windows\System32\Drivers\RimSerial_AMD64.sys
    2012-09-01 16:20 - 2012-09-01 16:20 - 00002191 ____A C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
    2012-09-01 16:20 - 2012-09-01 16:20 - 00001153 ____A C:\Users\vernal\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
    2012-09-01 16:20 - 2012-09-01 16:20 - 00000000 ____D C:\Users\All Users\Research In Motion
    2012-09-01 16:19 - 2012-09-01 16:19 - 00000000 ____D C:\Program Files (x86)\Research In Motion


    ==================== 3 Months Modified Files ==================

    2012-09-30 19:04 - 2012-09-30 19:03 - 01456149 ____A (Farbar) C:\Users\vernal\Downloads\FRST64.exe
    2012-09-30 19:04 - 2010-11-03 05:51 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-09-30 19:04 - 2010-11-03 05:51 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-09-30 19:04 - 2009-07-13 21:13 - 00796510 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-09-30 18:51 - 2012-09-19 14:30 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-09-30 18:50 - 2010-09-15 07:03 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2774012587-4088809240-1836390705-1000UA.job
    2012-09-30 17:50 - 2012-09-30 16:24 - 00000000 ____A C:\Users\vernal\Desktop\gmer.log
    2012-09-30 17:49 - 2012-09-30 17:48 - 00302592 ____A C:\Users\vernal\Desktop\1wn4qflt.exe
    2012-09-30 17:12 - 2010-04-27 00:29 - 01226262 ____A C:\Windows\WindowsUpdate.log
    2012-09-30 17:10 - 2012-09-30 17:09 - 00607260 ____R (Swearware) C:\Users\vernal\Desktop\dds.com
    2012-09-30 16:48 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-09-30 16:48 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-09-30 16:41 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-09-30 16:40 - 2012-09-15 12:31 - 00003202 ____A C:\Windows\setupact.log
    2012-09-30 16:21 - 2012-09-30 16:21 - 00302592 ____A C:\Users\vernal\Downloads\xj98blnt.exe
    2012-09-30 16:16 - 2012-09-03 19:10 - 00006968 ____A C:\Windows\PFRO.log
    2012-09-30 16:02 - 2012-09-30 16:02 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-30 15:52 - 2012-09-30 15:49 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\vernal\Downloads\mbam-setup-1.65.0.1400.exe
    2012-09-29 18:34 - 2012-09-29 18:34 - 00324259 ____A C:\Users\vernal\Desktop\Salem Falls.epub
    2012-09-29 18:30 - 2012-09-29 18:30 - 00519522 ____A C:\Users\vernal\Desktop\The Litigators .epub
    2012-09-29 18:29 - 2012-09-29 18:28 - 01689682 ____A C:\Users\vernal\Downloads\Salem Falls.exe
    2012-09-29 18:27 - 2012-09-29 18:24 - 01689682 ____A C:\Users\vernal\Downloads\The Litigators.exe
    2012-09-29 10:50 - 2010-09-15 07:03 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2774012587-4088809240-1836390705-1000Core.job
    2012-09-27 17:52 - 2010-09-15 07:06 - 00002493 ____A C:\Users\vernal\Desktop\Google Chrome.lnk
    2012-09-27 16:38 - 2012-09-27 14:16 - 00013766 ____A C:\Users\vernal\Downloads\SHANEFBLIST.xlsx
    2012-09-26 21:48 - 2012-09-26 21:48 - 00001912 ____A C:\Users\vernal\Desktop\Bejeweled Blitz.lnk
    2012-09-26 21:02 - 2012-09-26 20:32 - 57709350 ____A C:\Users\vernal\Downloads\Bejeweled Blitz Setup.exe
    2012-09-26 20:51 - 2012-09-26 20:51 - 00001004 ____A C:\Users\vernal\Desktop\Bejeweled 3.lnk
    2012-09-26 20:31 - 2012-09-26 20:31 - 00018045 ____A C:\Users\vernal\Downloads\[kat.ph]pc.bejeweled.blitz.full.game.torrent
    2012-09-26 20:29 - 2012-09-26 20:29 - 00017155 ____A C:\Users\vernal\Downloads\[kat.ph]bejeweled.3.full.game.blaze69.torrent
    2012-09-26 20:27 - 2012-09-26 20:27 - 00016729 ____A C:\Users\vernal\Downloads\[isoHunt] 6841A2F13B9C03301CE02F8F7D46CCB305977C02.torrent
    2012-09-26 19:34 - 2012-09-26 19:34 - 00001945 ____A C:\Users\Public\Desktop\Play Making Mr. Right.lnk
    2012-09-26 19:34 - 2012-09-26 19:34 - 00001262 ____A C:\Users\Public\Desktop\More Great Games.lnk
    2012-09-26 14:11 - 2012-09-26 14:11 - 00002106 ____A C:\Users\Public\Desktop\Samsung New PC Studio.lnk
    2012-09-26 13:58 - 2012-09-26 13:53 - 173838160 ____A C:\Users\vernal\Downloads\New_PC_Studio_1.5.1.10064_2.exe
    2012-09-26 13:54 - 2012-09-26 13:53 - 12167176 ____A (SAMSUNG Electronics Co., Ltd.) C:\Users\vernal\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
    2012-09-25 14:57 - 2012-07-18 18:19 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForvernal.job
    2012-09-21 14:24 - 2012-09-21 14:24 - 00172494 ____A C:\Users\vernal\Downloads\draught.zip
    2012-09-21 14:24 - 2012-09-21 14:24 - 00118222 ____A C:\Users\vernal\Downloads\draughtmax.zip
    2012-09-20 16:51 - 2012-09-19 14:30 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-09-20 16:51 - 2012-09-19 14:30 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-09-20 14:00 - 2012-09-20 13:59 - 00000315 ____A C:\user.js
    2012-09-20 13:58 - 2012-09-20 13:58 - 02943058 ____A C:\Users\vernal\Downloads\Fifty shades darker.exe
    2012-09-19 14:32 - 2012-09-19 14:32 - 05146031 ____A (Adobe Systems, Inc.) C:\Users\vernal\Downloads\setup.exe
    2012-09-19 14:27 - 2012-09-19 14:27 - 00001094 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-09-19 14:27 - 2012-09-19 14:26 - 17790056 ____A (Mozilla) C:\Users\vernal\Downloads\Firefox Setup 15.0.1.exe
    2012-09-19 14:23 - 2012-09-19 14:23 - 02943058 ____A C:\Users\vernal\Downloads\Fifty Shades Of Grey.exe
    2012-09-19 14:13 - 2012-09-19 14:13 - 00001309 ____A C:\Users\vernal\Downloads\[isoHunt] 261A429367D05361F91B7DBCC0CF51D22EE25BC7.torrent
    2012-09-19 14:12 - 2012-09-19 14:12 - 00001707 ____A C:\Users\vernal\Downloads\[kat.ph]spellbound.falls.by.janet.chapman.pdf.e.book.torrent
    2012-09-19 14:07 - 2012-09-19 14:07 - 02943058 ____A C:\Users\vernal\Downloads\The Postcard Killers.exe
    2012-09-19 14:04 - 2012-09-19 14:04 - 02943058 ____A C:\Users\vernal\Downloads\The Marriage Bargain.exe
    2012-09-17 21:25 - 2012-07-14 12:38 - 00002385 ____N C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
    2012-09-17 21:25 - 2010-12-29 18:36 - 00001121 ____A C:\WildTangent Games App - hp.lnk
    2012-09-17 17:20 - 2010-10-25 11:31 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
    2012-09-16 20:30 - 2012-09-16 20:30 - 00000923 ____A C:\Users\Public\Desktop\Game Manager.lnk
    2012-09-16 20:30 - 2012-09-16 20:30 - 00000231 ____A C:\Users\Public\Desktop\More Great Games.url
    2012-09-16 20:16 - 2012-09-16 20:16 - 00233120 ____A (Big Fish Games) C:\Users\vernal\Downloads\boutique-boulevard_s1_l1_gF7367T1L1_d1864163769.exe
    2012-09-16 20:16 - 2012-09-16 20:15 - 00233120 ____A (Big Fish Games) C:\Users\vernal\Downloads\boutique-boulevard_s1_l1_gF7367T1L1_d1864163592.exe
    2012-09-16 11:04 - 2012-09-16 11:04 - 00001974 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
    2012-09-15 20:54 - 2012-09-15 20:54 - 01347066 ____A C:\Users\vernal\Downloads\02.wmv
    2012-09-15 15:18 - 2012-09-15 15:18 - 00114808 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
    2012-09-15 12:32 - 2012-09-15 12:32 - 00114808 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT
    2012-09-15 12:31 - 2012-09-15 12:31 - 00000000 ____A C:\Windows\setuperr.log
    2012-09-15 12:31 - 2009-07-13 20:45 - 00432968 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-09-15 08:12 - 2012-09-15 08:02 - 00000090 ____A C:\Windows\QBChanUtil_Trigger.ini
    2012-09-13 12:44 - 2012-09-13 04:43 - 00013785 ____A C:\ads_err.adt
    2012-09-13 12:44 - 2012-09-13 04:34 - 00000077 ____A C:\Users\vernal\AppData\Roaming\Rim.DesktopHelper.Exception.log
    2012-09-13 12:44 - 2012-09-13 04:34 - 00000077 ____A C:\Users\vernal\AppData\Roaming\Rim.Desktop.Exception.log
    2012-09-13 04:43 - 2012-09-13 04:43 - 00004559 ____A C:\ads_err.adm
    2012-09-13 04:43 - 2012-09-13 04:43 - 00003072 ____A C:\ads_err.adi
    2012-09-13 04:34 - 2012-09-13 04:34 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
    2012-09-12 20:39 - 2012-09-12 20:38 - 02943058 ____A C:\Users\vernal\Downloads\Mystical Warrior.exe
    2012-09-12 19:07 - 2012-09-12 19:06 - 02943058 ____A C:\Users\vernal\Downloads\Dragon Warrior.exe
    2012-09-12 16:57 - 2012-09-12 16:57 - 00010946 ____A C:\Users\vernal\Downloads\[isoHunt] Angelica Weaver - Catch Me When You Can Collector’s Edition.rar.torrent
    2012-09-12 16:45 - 2012-09-12 16:45 - 00002231 ____A C:\Users\vernal\Desktop\Sallys Studio.lnk
    2012-09-11 17:45 - 2012-09-11 17:45 - 00004096 ____A C:\Windows\d3dx.dat
    2012-09-10 21:01 - 2012-09-10 20:45 - 110649428 ____A (Games ) C:\Users\vernal\Downloads\Sally's Studio Collector's Edition Wendy.exe
    2012-09-10 20:44 - 2012-09-10 20:44 - 00017298 ____A C:\Users\vernal\Downloads\[isoHunt] Sally's Studio Collector's Edition - New Dash game - Bigfish.exe.torrent
    2012-09-10 16:03 - 2012-09-10 16:03 - 00013278 ____A C:\Users\vernal\Downloads\133386291FA95C7449C10E7E6C564A39BA8847E7.torrent
    2012-09-10 16:01 - 2012-09-10 16:01 - 00000907 ____A C:\Users\Public\Desktop\µTorrent.lnk
    2012-09-10 15:50 - 2012-09-09 13:24 - 00002441 ____N C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
    2012-09-10 15:50 - 2011-03-24 14:37 - 00001151 ____A C:\WildTangent Games App - wildgames.lnk
    2012-09-09 13:28 - 2012-09-09 13:28 - 01007680 ____A (WildTangent) C:\Users\vernal\Downloads\Setup-wildgames!94dc75bd92d3423399090b0e967bcfb5.exe
    2012-09-09 13:23 - 2012-09-09 13:23 - 01007680 ____A (WildTangent) C:\Users\vernal\Downloads\Setup-snarkbustersbundle-wildgames!985f5d2152a84c91b81c8dd337e7b107.exe
    2012-09-08 20:03 - 2012-09-08 20:03 - 00001002 ____A C:\Users\vernal\Desktop\Governor of Poker 2 Premium Edition.lnk
    2012-09-08 07:07 - 2012-09-08 07:07 - 04446208 ____A C:\Users\vernal\Downloads\bc87e4b5.avi
    2012-09-07 14:04 - 2012-09-30 16:02 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-02 18:48 - 2009-07-13 21:08 - 00032628 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-09-02 18:43 - 2012-09-02 18:43 - 00233120 ____A (Big Fish Games) C:\Users\vernal\Downloads\wedding-salon_s1_l1_gF6151T1L1_d1851396217.exe
    2012-09-02 13:37 - 2012-09-02 13:37 - 06955968 ____A (Microsoft Corporation) C:\Users\vernal\Downloads\Silverlight (1).exe
    2012-09-01 16:21 - 2012-09-01 16:21 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
    2012-09-01 16:20 - 2012-09-01 16:20 - 00002191 ____A C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
    2012-09-01 16:20 - 2012-09-01 16:20 - 00001153 ____A C:\Users\vernal\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
    2012-08-05 19:45 - 2012-04-06 10:26 - 00002459 ____A C:\Users\vernal\Desktop\Google Chrome (2).lnk
    2012-07-11 15:24 - 2012-07-11 15:24 - 04106865 ____A C:\Users\vernal\Downloads\Attachments_2012_07_11.zip
    2012-07-09 14:06 - 2012-07-09 14:06 - 00946352 ____A (Skype Technologies S.A.) C:\Users\vernal\Downloads\SkypeSetup (2).exe


    ZeroAccess:
    C:\Windows\Installer\{b94f65d8-8653-2d1d-9ea2-98ac1eefdecd}
    C:\Windows\Installer\{b94f65d8-8653-2d1d-9ea2-98ac1eefdecd}\@
    C:\Windows\Installer\{b94f65d8-8653-2d1d-9ea2-98ac1eefdecd}\L
    C:\Windows\Installer\{b94f65d8-8653-2d1d-9ea2-98ac1eefdecd}\U
    C:\Windows\Installer\{b94f65d8-8653-2d1d-9ea2-98ac1eefdecd}\L\00000004.@
    C:\Windows\Installer\{b94f65d8-8653-2d1d-9ea2-98ac1eefdecd}\L\201d3dde
    C:\Windows\Installer\{b94f65d8-8653-2d1d-9ea2-98ac1eefdecd}\U\00000004.@
    C:\Windows\Installer\{b94f65d8-8653-2d1d-9ea2-98ac1eefdecd}\U\00000008.@
    C:\Windows\Installer\{b94f65d8-8653-2d1d-9ea2-98ac1eefdecd}\U\000000cb.@
    C:\Windows\Installer\{b94f65d8-8653-2d1d-9ea2-98ac1eefdecd}\U\80000000.@
    C:\Windows\Installer\{b94f65d8-8653-2d1d-9ea2-98ac1eefdecd}\U\80000032.@
    C:\Windows\Installer\{b94f65d8-8653-2d1d-9ea2-98ac1eefdecd}\U\80000064.@

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-09-15 21:44:27
    Restore point made on: 2012-09-19 17:11:17
    Restore point made on: 2012-09-26 14:01:50

    ==================== Memory info ===========================

    Percentage of memory in use: 32%
    Total physical RAM: 1978.93 MB
    Available physical RAM: 1327.32 MB
    Total Pagefile: 1978.93 MB
    Available Pagefile: 1321.21 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Partitions =============================

    1 Drive c: () (Fixed) (Total:218.34 GB) (Free:83.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive e: (RECOVERY) (Fixed) (Total:14.25 GB) (Free:2.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
    6 Drive I: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT
    7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    8 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 232 GB 0 B
    Disk 1 No Media 0 B 0 B
    Disk 2 Online 961 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 199 MB 1024 KB
    Partition 2 Primary 218 GB 200 MB
    Partition 3 Primary 14 GB 218 GB
    Partition 4 Primary 103 MB 232 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 218 GB Healthy

    =========================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E RECOVERY NTFS Partition 14 GB Healthy

    =========================================================

    Disk: 0
    Partition 4
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

    =========================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 960 MB 764 KB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 06
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 I FAT Removable 960 MB Healthy

    =========================================================

    Last Boot: 2012-09-29 13:57

    ==================== End Of Log =============================
     
  9. shane grant

    shane grant TS Rookie Topic Starter Posts: 36

    Farbar Recovery Scan Tool (x64) Version: 30-09-2012 01
    Ran by SYSTEM at 2012-09-30 22:13:18
    Running from I:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC
    ====== End Of Search ======
     
  10. shane grant

    shane grant TS Rookie Topic Starter Posts: 36

    Thanks those are results patiently awaiting your instructions
     
  11. Broni

    Broni Malware Annihilator Posts: 47,647   +267

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.

    ===================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ====================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ==================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     

    Attached Files:

     
  12. shane grant

    shane grant TS Rookie Topic Starter Posts: 36

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-09-2012 01
    Ran by SYSTEM at 2012-09-30 22:36:19 Run:1
    Running from I:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    HKEY_USERS\vernal\Software\Microsoft\Windows\CurrentVersion\Run\\WideSearch Value deleted successfully.
    C:\Windows\Installer\{b94f65d8-8653-2d1d-9ea2-98ac1eefdecd} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
     
  13. shane grant

    shane grant TS Rookie Topic Starter Posts: 36

    22:41:26.0835 1640 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    22:41:27.0187 1640 ============================================================
    22:41:27.0187 1640 Current date / time: 2012/09/30 22:41:27.0187
    22:41:27.0187 1640 SystemInfo:
    22:41:27.0187 1640
    22:41:27.0187 1640 OS Version: 6.1.7600 ServicePack: 0.0
    22:41:27.0187 1640 Product type: Workstation
    22:41:27.0187 1640 ComputerName: VERNAL-PC
    22:41:27.0187 1640 UserName: vernal
    22:41:27.0187 1640 Windows directory: C:\Windows
    22:41:27.0187 1640 System windows directory: C:\Windows
    22:41:27.0187 1640 Running under WOW64
    22:41:27.0187 1640 Processor architecture: Intel x64
    22:41:27.0187 1640 Number of processors: 1
    22:41:27.0187 1640 Page size: 0x1000
    22:41:27.0187 1640 Boot type: Normal boot
    22:41:27.0187 1640 ============================================================
    22:41:28.0048 1640 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    22:41:28.0061 1640 Drive \Device\Harddisk1\DR1 - Size: 0x3C100000 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    22:41:28.0063 1640 ============================================================
    22:41:28.0063 1640 \Device\Harddisk0\DR0:
    22:41:28.0063 1640 MBR partitions:
    22:41:28.0063 1640 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
    22:41:28.0063 1640 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B4AE800
    22:41:28.0063 1640 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1B512800, BlocksNum 0x1C7F000
    22:41:28.0063 1640 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x1D191800, BlocksNum 0x33970
    22:41:28.0063 1640 \Device\Harddisk1\DR1:
    22:41:28.0064 1640 MBR partitions:
    22:41:28.0064 1640 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x5F8, BlocksNum 0x1E0208
    22:41:28.0064 1640 ============================================================
    22:41:28.0096 1640 C: <-> \Device\Harddisk0\DR0\Partition2
    22:41:28.0252 1640 D: <-> \Device\Harddisk0\DR0\Partition3
    22:41:28.0304 1640 E: <-> \Device\Harddisk0\DR0\Partition4
    22:41:28.0304 1640 ============================================================
    22:41:28.0304 1640 Initialize success
    22:41:28.0304 1640 ============================================================
    22:41:47.0175 2524 ============================================================
    22:41:47.0175 2524 Scan started
    22:41:47.0175 2524 Mode: Manual;
    22:41:47.0175 2524 ============================================================
    22:41:48.0610 2524 ================ Scan system memory ========================
    22:41:48.0610 2524 System memory - ok
    22:41:48.0613 2524 ================ Scan services =============================
    22:41:49.0323 2524 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
    22:41:49.0354 2524 1394ohci - ok
    22:41:49.0409 2524 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
    22:41:49.0431 2524 ACPI - ok
    22:41:49.0486 2524 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
    22:41:49.0503 2524 AcpiPmi - ok
    22:41:50.0030 2524 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    22:41:50.0038 2524 AdobeFlashPlayerUpdateSvc - ok
    22:41:50.0154 2524 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    22:41:50.0197 2524 adp94xx - ok
    22:41:50.0255 2524 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    22:41:50.0293 2524 adpahci - ok
    22:41:50.0370 2524 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    22:41:50.0391 2524 adpu320 - ok
    22:41:50.0444 2524 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    22:41:50.0462 2524 AeLookupSvc - ok
    22:41:50.0682 2524 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    22:41:50.0702 2524 AERTFilters - ok
    22:41:50.0803 2524 [ 6EF20DDF3172E97D69F596FB90602F29 ] AFD C:\Windows\system32\drivers\afd.sys
    22:41:50.0871 2524 AFD - ok
    22:41:50.0938 2524 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
    22:41:50.0960 2524 agp440 - ok
    22:41:51.0044 2524 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    22:41:51.0057 2524 ALG - ok
    22:41:51.0199 2524 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
    22:41:51.0238 2524 aliide - ok
    22:41:51.0361 2524 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
    22:41:51.0379 2524 amdide - ok
    22:41:51.0424 2524 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    22:41:51.0442 2524 AmdK8 - ok
    22:41:51.0476 2524 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    22:41:51.0503 2524 AmdPPM - ok
    22:41:51.0631 2524 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    22:41:51.0680 2524 amdsata - ok
    22:41:51.0735 2524 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    22:41:51.0757 2524 amdsbs - ok
    22:41:51.0780 2524 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
    22:41:51.0798 2524 amdxata - ok
    22:41:51.0860 2524 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
    22:41:51.0909 2524 AppID - ok
    22:41:51.0977 2524 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    22:41:51.0986 2524 AppIDSvc - ok
    22:41:52.0035 2524 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
    22:41:52.0038 2524 Appinfo - ok
    22:41:52.0184 2524 [ 5AA788D5A2C6737BB9C45933985BC1B8 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    22:41:52.0188 2524 Apple Mobile Device - ok
    22:41:52.0238 2524 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    22:41:52.0257 2524 arc - ok
    22:41:52.0288 2524 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    22:41:52.0292 2524 arcsas - ok
    22:41:52.0328 2524 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    22:41:52.0346 2524 AsyncMac - ok
    22:41:52.0380 2524 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
    22:41:52.0398 2524 atapi - ok
    22:41:52.0467 2524 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    22:41:52.0476 2524 AudioEndpointBuilder - ok
    22:41:52.0496 2524 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
    22:41:52.0500 2524 AudioSrv - ok
    22:41:52.0579 2524 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
    22:41:52.0582 2524 AxInstSV - ok
    22:41:52.0614 2524 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    22:41:52.0622 2524 b06bdrv - ok
    22:41:52.0666 2524 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    22:41:52.0686 2524 b57nd60a - ok
    22:41:52.0734 2524 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    22:41:52.0737 2524 BDESVC - ok
    22:41:52.0761 2524 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    22:41:52.0762 2524 Beep - ok
    22:41:52.0813 2524 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    22:41:52.0832 2524 blbdrive - ok
    22:41:53.0070 2524 [ 673CF4F6BB1FBE09331B526802FBB892 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    22:41:53.0075 2524 Bonjour Service - ok
    22:41:53.0124 2524 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    22:41:53.0158 2524 bowser - ok
    22:41:53.0242 2524 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    22:41:53.0244 2524 BrFiltLo - ok
    22:41:53.0277 2524 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    22:41:53.0289 2524 BrFiltUp - ok
    22:41:53.0326 2524 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
    22:41:53.0330 2524 Browser - ok
    22:41:53.0368 2524 [ E5E9B1625A767CEB6F319C12D33EAB78 ] BrSerIb C:\Windows\system32\DRIVERS\BrSerIb.sys
    22:41:53.0408 2524 BrSerIb - ok
    22:41:53.0491 2524 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    22:41:53.0516 2524 Brserid - ok
    22:41:53.0541 2524 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    22:41:53.0559 2524 BrSerWdm - ok
    22:41:53.0623 2524 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    22:41:53.0651 2524 BrUsbMdm - ok
    22:41:53.0698 2524 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    22:41:53.0715 2524 BrUsbSer - ok
    22:41:53.0764 2524 [ D9F6B30AD93CBD165EC71FADF51DF25E ] BrUsbSIb C:\Windows\system32\DRIVERS\BrUsbSIb.sys
    22:41:53.0766 2524 BrUsbSIb - ok
    22:41:53.0796 2524 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    22:41:53.0813 2524 BTHMODEM - ok
    22:41:53.0874 2524 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    22:41:53.0876 2524 bthserv - ok
    22:41:53.0977 2524 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    22:41:53.0995 2524 cdfs - ok
    22:41:54.0083 2524 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    22:41:54.0104 2524 cdrom - ok
    22:41:54.0142 2524 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
    22:41:54.0144 2524 CertPropSvc - ok
    22:41:54.0171 2524 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    22:41:54.0189 2524 circlass - ok
    22:41:54.0229 2524 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    22:41:54.0266 2524 CLFS - ok
    22:41:54.0409 2524 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    22:41:54.0415 2524 clr_optimization_v2.0.50727_32 - ok
    22:41:54.0469 2524 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    22:41:54.0472 2524 clr_optimization_v2.0.50727_64 - ok
    22:41:54.0583 2524 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    22:41:54.0587 2524 clr_optimization_v4.0.30319_32 - ok
    22:41:54.0652 2524 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    22:41:54.0656 2524 clr_optimization_v4.0.30319_64 - ok
    22:41:54.0735 2524 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    22:41:54.0749 2524 CmBatt - ok
    22:41:54.0782 2524 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
    22:41:54.0811 2524 cmdide - ok
    22:41:54.0847 2524 [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG C:\Windows\system32\Drivers\cng.sys
    22:41:54.0869 2524 CNG - ok
    22:41:54.0960 2524 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    22:41:54.0976 2524 Compbatt - ok
    22:41:55.0012 2524 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
    22:41:55.0014 2524 CompositeBus - ok
    22:41:55.0033 2524 COMSysApp - ok
    22:41:55.0058 2524 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    22:41:55.0067 2524 crcdisk - ok
    22:41:55.0122 2524 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    22:41:55.0126 2524 CryptSvc - ok
    22:41:55.0231 2524 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
    22:41:55.0238 2524 DcomLaunch - ok
    22:41:55.0336 2524 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    22:41:55.0349 2524 defragsvc - ok
    22:41:55.0391 2524 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    22:41:55.0395 2524 DfsC - ok
    22:41:55.0436 2524 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
    22:41:55.0459 2524 Dhcp - ok
    22:41:55.0511 2524 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    22:41:55.0549 2524 discache - ok
    22:41:55.0612 2524 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    22:41:55.0630 2524 Disk - ok
    22:41:55.0657 2524 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
    22:41:55.0663 2524 Dnscache - ok
    22:41:55.0702 2524 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
    22:41:55.0707 2524 dot3svc - ok
    22:41:55.0734 2524 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
    22:41:55.0737 2524 DPS - ok
    22:41:55.0792 2524 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    22:41:55.0818 2524 drmkaud - ok
    22:41:55.0867 2524 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    22:41:55.0875 2524 DXGKrnl - ok
    22:41:56.0012 2524 [ A2D551A61EC9E8A4BC5DF17BC1FEFEAD ] eamon C:\Windows\system32\DRIVERS\eamon.sys
    22:41:56.0031 2524 eamon - ok
    22:41:56.0087 2524 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    22:41:56.0090 2524 EapHost - ok
    22:41:56.0195 2524 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    22:41:56.0244 2524 ebdrv - ok
    22:41:56.0281 2524 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
    22:41:56.0298 2524 EFS - ok
    22:41:56.0379 2524 [ F3448EE861344636DA8ED1B3F5E8E1A8 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
    22:41:56.0398 2524 ehdrv - ok
    22:41:56.0656 2524 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    22:41:56.0666 2524 ehRecvr - ok
    22:41:56.0704 2524 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    22:41:56.0718 2524 ehSched - ok
    22:41:56.0826 2524 [ D881E29C2973427406A1B506F636C971 ] EhttpSrv C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    22:41:56.0833 2524 EhttpSrv - ok
    22:41:57.0075 2524 [ FDDAD27E9A20D0DAC04FACBF67AFBFC1 ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    22:41:57.0081 2524 ekrn - ok
    22:41:57.0234 2524 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    22:41:57.0243 2524 elxstor - ok
    22:41:57.0299 2524 [ 9B7E8CF67DE13F71AE8951D0874AF447 ] epfwwfpr C:\Windows\system32\DRIVERS\epfwwfpr.sys
    22:41:57.0317 2524 epfwwfpr - ok
    22:41:57.0347 2524 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
    22:41:57.0370 2524 ErrDev - ok
    22:41:57.0429 2524 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    22:41:57.0435 2524 EventSystem - ok
    22:41:57.0461 2524 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    22:41:57.0496 2524 exfat - ok
    22:41:57.0523 2524 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    22:41:57.0563 2524 fastfat - ok
    22:41:57.0678 2524 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
    22:41:57.0693 2524 Fax - ok
    22:41:57.0733 2524 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    22:41:57.0765 2524 fdc - ok
    22:41:57.0803 2524 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    22:41:57.0806 2524 fdPHost - ok
    22:41:57.0816 2524 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    22:41:57.0819 2524 FDResPub - ok
    22:41:57.0847 2524 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    22:41:57.0869 2524 FileInfo - ok
    22:41:57.0907 2524 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    22:41:57.0944 2524 Filetrace - ok
    22:41:57.0987 2524 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    22:41:57.0998 2524 flpydisk - ok
    22:41:58.0032 2524 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    22:41:58.0052 2524 FltMgr - ok
    22:41:58.0118 2524 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
    22:41:58.0130 2524 FontCache - ok
    22:41:58.0208 2524 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    22:41:58.0223 2524 FontCache3.0.0.0 - ok
    22:41:58.0249 2524 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    22:41:58.0268 2524 FsDepends - ok
    22:41:58.0310 2524 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
    22:41:58.0329 2524 fssfltr - ok
    22:41:58.0478 2524 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    22:41:58.0497 2524 fsssvc - ok
    22:41:58.0541 2524 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    22:41:58.0557 2524 Fs_Rec - ok
    22:41:58.0609 2524 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    22:41:58.0658 2524 fvevol - ok
    22:41:58.0689 2524 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    22:41:58.0736 2524 gagp30kx - ok
    22:41:58.0923 2524 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    22:41:58.0948 2524 GamesAppService - ok
    22:41:59.0185 2524 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    22:41:59.0187 2524 GEARAspiWDM - ok
    22:41:59.0259 2524 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
    22:41:59.0269 2524 gpsvc - ok
    22:41:59.0403 2524 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    22:41:59.0405 2524 gupdate - ok
    22:41:59.0501 2524 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    22:41:59.0502 2524 gupdatem - ok
    22:41:59.0579 2524 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    22:41:59.0582 2524 hcw85cir - ok
    22:41:59.0627 2524 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    22:41:59.0634 2524 HdAudAddService - ok
    22:41:59.0665 2524 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    22:41:59.0676 2524 HDAudBus - ok
    22:41:59.0708 2524 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    22:41:59.0740 2524 HidBatt - ok
    22:41:59.0766 2524 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    22:41:59.0795 2524 HidBth - ok
    22:41:59.0826 2524 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    22:41:59.0864 2524 HidIr - ok
    22:41:59.0923 2524 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    22:41:59.0935 2524 hidserv - ok
    22:42:00.0001 2524 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    22:42:00.0019 2524 HidUsb - ok
    22:42:00.0045 2524 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
    22:42:00.0049 2524 hkmsvc - ok
    22:42:00.0072 2524 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    22:42:00.0079 2524 HomeGroupListener - ok
    22:42:00.0114 2524 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    22:42:00.0119 2524 HomeGroupProvider - ok
    22:42:00.0215 2524 [ 58C91CCA61A948DC6E789C93C05A1D6F ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    22:42:00.0216 2524 HP Health Check Service - ok
    22:42:00.0257 2524 [ 43A7573A319761ACF57A3825D8402D41 ] HP8107Fltr C:\Windows\system32\DRIVERS\HP8107.sys
    22:42:00.0276 2524 HP8107Fltr - ok
    22:42:00.0357 2524 [ EF3EA06057132138B4E5895A61601DBE ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    22:42:00.0361 2524 hpqwmiex - ok
    22:42:00.0465 2524 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
    22:42:00.0501 2524 HpSAMD - ok
    22:42:00.0573 2524 [ B6492D01712A22FF3FEA25A999DBD321 ] HPWMISVC C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    22:42:00.0594 2524 HPWMISVC - ok
    22:42:00.0639 2524 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    22:42:00.0666 2524 HTTP - ok
    22:42:00.0685 2524 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    22:42:00.0704 2524 hwpolicy - ok
    22:42:00.0735 2524 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    22:42:00.0753 2524 i8042prt - ok
    22:42:00.0796 2524 [ BE7D72FCF442C26975942007E0831241 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
    22:42:00.0800 2524 iaStor - ok
    22:42:00.0855 2524 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    22:42:00.0877 2524 iaStorV - ok
    22:42:00.0976 2524 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    22:42:00.0988 2524 idsvc - ok
    22:42:01.0849 2524 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    22:42:02.0165 2524 igfx - ok
    22:42:02.0196 2524 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    22:42:02.0201 2524 iirsp - ok
    22:42:02.0268 2524 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
    22:42:02.0280 2524 IKEEXT - ok
    22:42:02.0495 2524 [ A3BCBD0F710580A07D1B929D787D36CE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    22:42:02.0540 2524 IntcAzAudAddService - ok
    22:42:02.0591 2524 [ CFC68CA36A63637E8CA69669EE3693DA ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
    22:42:02.0610 2524 IntcHdmiAddService - ok
    22:42:02.0640 2524 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
    22:42:02.0642 2524 intelide - ok
    22:42:02.0686 2524 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    22:42:02.0707 2524 intelppm - ok
    22:42:02.0762 2524 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    22:42:02.0795 2524 IPBusEnum - ok
    22:42:02.0825 2524 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    22:42:02.0833 2524 IpFilterDriver - ok
    22:42:02.0892 2524 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
    22:42:02.0901 2524 IPMIDRV - ok
    22:42:03.0016 2524 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    22:42:03.0037 2524 IPNAT - ok
    22:42:03.0119 2524 [ 3D62FE4FEFE9C67DAFEC52B534DFA1FB ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    22:42:03.0132 2524 iPod Service - ok
    22:42:03.0173 2524 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    22:42:03.0175 2524 IRENUM - ok
    22:42:03.0204 2524 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
    22:42:03.0223 2524 isapnp - ok
    22:42:03.0319 2524 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    22:42:03.0356 2524 iScsiPrt - ok
    22:42:03.0397 2524 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    22:42:03.0399 2524 kbdclass - ok
    22:42:03.0426 2524 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    22:42:03.0429 2524 kbdhid - ok
    22:42:03.0457 2524 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
    22:42:03.0459 2524 KeyIso - ok
    22:42:03.0505 2524 [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    22:42:03.0508 2524 KSecDD - ok
    22:42:03.0536 2524 [ A8C63880EF6F4D3FEC7B616B9C060215 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    22:42:03.0541 2524 KSecPkg - ok
    22:42:03.0565 2524 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    22:42:03.0581 2524 ksthunk - ok
    22:42:03.0641 2524 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    22:42:03.0649 2524 KtmRm - ok
    22:42:03.0689 2524 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
    22:42:03.0695 2524 LanmanServer - ok
    22:42:03.0745 2524 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    22:42:03.0750 2524 LanmanWorkstation - ok
    22:42:03.0797 2524 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    22:42:03.0816 2524 lltdio - ok
    22:42:03.0851 2524 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    22:42:03.0858 2524 lltdsvc - ok
    22:42:03.0918 2524 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    22:42:03.0921 2524 lmhosts - ok
    22:42:04.0019 2524 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    22:42:04.0037 2524 LSI_FC - ok
    22:42:04.0074 2524 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    22:42:04.0092 2524 LSI_SAS - ok
    22:42:04.0122 2524 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    22:42:04.0142 2524 LSI_SAS2 - ok
    22:42:04.0169 2524 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    22:42:04.0188 2524 LSI_SCSI - ok
    22:42:04.0219 2524 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    22:42:04.0222 2524 luafv - ok
    22:42:04.0262 2524 lxcz_device - ok
    22:42:04.0310 2524 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
    22:42:04.0328 2524 mcdbus - ok
    22:42:04.0385 2524 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    22:42:04.0389 2524 Mcx2Svc - ok
    22:42:04.0421 2524 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    22:42:04.0455 2524 megasas - ok
    22:42:04.0499 2524 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    22:42:04.0526 2524 MegaSR - ok
    22:42:04.0618 2524 [ 7C4C76B39D5525C4A465E0BE32528E19 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
    22:42:04.0630 2524 Microsoft Office Groove Audit Service - ok
    22:42:04.0669 2524 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    22:42:04.0673 2524 MMCSS - ok
    22:42:04.0697 2524 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    22:42:04.0700 2524 Modem - ok
    22:42:04.0723 2524 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    22:42:04.0741 2524 monitor - ok
    22:42:04.0788 2524 [ DB83DC223B9133DA3E41AFCBDECC46B5 ] motmodem C:\Windows\system32\DRIVERS\motmodem.sys
    22:42:04.0822 2524 motmodem - ok
    22:42:04.0951 2524 [ 9B2923C59D49672D1205C391A1296525 ] MotoConnect Service C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
    22:42:04.0952 2524 MotoConnect Service - ok
    22:42:05.0053 2524 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    22:42:05.0055 2524 mouclass - ok
    22:42:05.0124 2524 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    22:42:05.0127 2524 mouhid - ok
    22:42:05.0153 2524 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    22:42:05.0175 2524 mountmgr - ok
    22:42:05.0307 2524 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    22:42:05.0312 2524 MozillaMaintenance - ok
    22:42:05.0349 2524 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
    22:42:05.0354 2524 mpio - ok
    22:42:05.0396 2524 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    22:42:05.0415 2524 mpsdrv - ok
    22:42:05.0437 2524 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    22:42:05.0440 2524 MRxDAV - ok
    22:42:05.0480 2524 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    22:42:05.0498 2524 mrxsmb - ok
    22:42:05.0561 2524 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    22:42:05.0567 2524 mrxsmb10 - ok
    22:42:05.0599 2524 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    22:42:05.0617 2524 mrxsmb20 - ok
    22:42:05.0650 2524 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
    22:42:05.0667 2524 msahci - ok
    22:42:05.0706 2524 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
    22:42:05.0725 2524 msdsm - ok
     
  14. shane grant

    shane grant TS Rookie Topic Starter Posts: 36

    22:42:05.0765 2524 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    22:42:05.0775 2524 MSDTC - ok
    22:42:05.0822 2524 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    22:42:05.0831 2524 Msfs - ok
    22:42:05.0948 2524 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    22:42:05.0950 2524 mshidkmdf - ok
    22:42:05.0999 2524 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
    22:42:06.0015 2524 msisadrv - ok
    22:42:06.0075 2524 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    22:42:06.0080 2524 MSiSCSI - ok
    22:42:06.0090 2524 msiserver - ok
    22:42:06.0129 2524 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    22:42:06.0131 2524 MSKSSRV - ok
    22:42:06.0174 2524 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    22:42:06.0176 2524 MSPCLOCK - ok
    22:42:06.0199 2524 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    22:42:06.0216 2524 MSPQM - ok
    22:42:06.0285 2524 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    22:42:06.0291 2524 MsRPC - ok
    22:42:06.0344 2524 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    22:42:06.0344 2524 mssmbios - ok
    22:42:06.0630 2524 MSSQL$SQLEXPRESS - ok
    22:42:06.0727 2524 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
    22:42:06.0740 2524 MSSQLServerADHelper - ok
    22:42:06.0782 2524 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    22:42:06.0806 2524 MSTEE - ok
    22:42:07.0311 2524 [ 0F4DD44765A7D23E0CD9965EE900558F ] msvsmon90 C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
    22:42:07.0481 2524 msvsmon90 - ok
    22:42:07.0526 2524 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    22:42:07.0541 2524 MTConfig - ok
    22:42:07.0569 2524 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    22:42:07.0587 2524 Mup - ok
    22:42:07.0666 2524 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
    22:42:07.0675 2524 napagent - ok
    22:42:07.0807 2524 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    22:42:07.0848 2524 NativeWifiP - ok
    22:42:08.0045 2524 [ F46070DDADA5C396B1F2EBF1C46DBB08 ] NBService C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
    22:42:08.0057 2524 NBService - ok
    22:42:08.0124 2524 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
    22:42:08.0154 2524 NDIS - ok
    22:42:08.0201 2524 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    22:42:08.0220 2524 NdisCap - ok
    22:42:08.0315 2524 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    22:42:08.0331 2524 NdisTapi - ok
    22:42:08.0431 2524 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    22:42:08.0449 2524 Ndisuio - ok
    22:42:08.0507 2524 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    22:42:08.0525 2524 NdisWan - ok
    22:42:08.0550 2524 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    22:42:08.0569 2524 NDProxy - ok
    22:42:08.0595 2524 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    22:42:08.0613 2524 NetBIOS - ok
    22:42:08.0664 2524 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    22:42:08.0685 2524 NetBT - ok
    22:42:08.0712 2524 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
    22:42:08.0713 2524 Netlogon - ok
    22:42:08.0836 2524 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    22:42:08.0846 2524 Netman - ok
    22:42:09.0035 2524 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    22:42:09.0042 2524 netprofm - ok
    22:42:09.0075 2524 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    22:42:09.0089 2524 NetTcpPortSharing - ok
    22:42:09.0388 2524 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
    22:42:09.0532 2524 netw5v64 - ok
    22:42:09.0598 2524 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    22:42:09.0653 2524 nfrd960 - ok
    22:42:09.0708 2524 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
    22:42:09.0715 2524 NlaSvc - ok
    22:42:09.0907 2524 [ 433049770B810D7C83C5C94CDB3E09D2 ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
    22:42:09.0917 2524 NMIndexingService - ok
    22:42:10.0005 2524 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    22:42:10.0035 2524 Npfs - ok
    22:42:10.0091 2524 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    22:42:10.0114 2524 nsi - ok
    22:42:10.0137 2524 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    22:42:10.0170 2524 nsiproxy - ok
    22:42:10.0235 2524 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    22:42:10.0286 2524 Ntfs - ok
    22:42:10.0306 2524 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    22:42:10.0325 2524 Null - ok
    22:42:10.0375 2524 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    22:42:10.0416 2524 nvraid - ok
    22:42:10.0505 2524 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    22:42:10.0558 2524 nvstor - ok
    22:42:10.0621 2524 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
    22:42:10.0640 2524 nv_agp - ok
    22:42:10.0782 2524 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    22:42:10.0791 2524 odserv - ok
    22:42:10.0809 2524 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
    22:42:10.0831 2524 ohci1394 - ok
    22:42:11.0051 2524 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    22:42:11.0077 2524 ose - ok
    22:42:11.0151 2524 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    22:42:11.0157 2524 p2pimsvc - ok
    22:42:11.0196 2524 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    22:42:11.0205 2524 p2psvc - ok
    22:42:11.0228 2524 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    22:42:11.0246 2524 Parport - ok
    22:42:11.0266 2524 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    22:42:11.0293 2524 partmgr - ok
    22:42:11.0325 2524 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    22:42:11.0331 2524 PcaSvc - ok
    22:42:11.0365 2524 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
    22:42:11.0384 2524 pci - ok
    22:42:11.0410 2524 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
    22:42:11.0431 2524 pciide - ok
    22:42:11.0487 2524 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    22:42:11.0509 2524 pcmcia - ok
    22:42:11.0562 2524 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    22:42:11.0578 2524 pcw - ok
    22:42:11.0634 2524 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    22:42:11.0658 2524 PEAUTH - ok
    22:42:11.0796 2524 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    22:42:11.0800 2524 PerfHost - ok
    22:42:11.0875 2524 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
    22:42:11.0901 2524 pla - ok
    22:42:12.0136 2524 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    22:42:12.0146 2524 PlugPlay - ok
    22:42:12.0157 2524 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    22:42:12.0160 2524 PNRPAutoReg - ok
    22:42:12.0196 2524 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    22:42:12.0201 2524 PNRPsvc - ok
    22:42:12.0319 2524 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    22:42:12.0328 2524 PolicyAgent - ok
    22:42:12.0383 2524 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    22:42:12.0388 2524 Power - ok
    22:42:12.0464 2524 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    22:42:12.0483 2524 PptpMiniport - ok
    22:42:12.0507 2524 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    22:42:12.0525 2524 Processor - ok
    22:42:12.0560 2524 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
    22:42:12.0566 2524 ProfSvc - ok
    22:42:12.0590 2524 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
    22:42:12.0591 2524 ProtectedStorage - ok
    22:42:12.0628 2524 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    22:42:12.0646 2524 Psched - ok
    22:42:12.0709 2524 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    22:42:12.0729 2524 ql2300 - ok
    22:42:12.0750 2524 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    22:42:12.0753 2524 ql40xx - ok
    22:42:12.0786 2524 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    22:42:12.0793 2524 QWAVE - ok
    22:42:12.0848 2524 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    22:42:12.0886 2524 QWAVEdrv - ok
    22:42:12.0942 2524 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    22:42:12.0963 2524 RasAcd - ok
    22:42:13.0024 2524 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    22:42:13.0026 2524 RasAgileVpn - ok
    22:42:13.0051 2524 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    22:42:13.0057 2524 RasAuto - ok
    22:42:13.0081 2524 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    22:42:13.0101 2524 Rasl2tp - ok
    22:42:13.0160 2524 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
    22:42:13.0167 2524 RasMan - ok
    22:42:13.0190 2524 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    22:42:13.0193 2524 RasPppoe - ok
    22:42:13.0218 2524 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    22:42:13.0237 2524 RasSstp - ok
    22:42:13.0329 2524 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    22:42:13.0337 2524 rdbss - ok
    22:42:13.0360 2524 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    22:42:13.0393 2524 rdpbus - ok
    22:42:13.0427 2524 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    22:42:13.0430 2524 RDPCDD - ok
    22:42:13.0469 2524 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    22:42:13.0473 2524 RDPENCDD - ok
    22:42:13.0516 2524 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    22:42:13.0518 2524 RDPREFMP - ok
    22:42:13.0548 2524 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    22:42:13.0569 2524 RDPWD - ok
    22:42:13.0610 2524 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    22:42:13.0632 2524 rdyboost - ok
    22:42:13.0672 2524 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    22:42:13.0676 2524 RemoteAccess - ok
    22:42:13.0709 2524 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    22:42:13.0716 2524 RemoteRegistry - ok
    22:42:13.0838 2524 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    22:42:13.0842 2524 RichVideo - ok
    22:42:13.0980 2524 [ AD42432D22940B4215177BE113E4919C ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
    22:42:14.0007 2524 RimUsb - ok
    22:42:14.0073 2524 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
    22:42:14.0075 2524 RimVSerPort - ok
    22:42:14.0117 2524 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
    22:42:14.0119 2524 ROOTMODEM - ok
    22:42:14.0159 2524 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    22:42:14.0178 2524 RpcEptMapper - ok
    22:42:14.0209 2524 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    22:42:14.0211 2524 RpcLocator - ok
    22:42:14.0239 2524 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
    22:42:14.0246 2524 RpcSs - ok
    22:42:14.0270 2524 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    22:42:14.0290 2524 rspndr - ok
    22:42:14.0341 2524 [ 483DF0B58CA532E5240E59DC41F30AA2 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
    22:42:14.0401 2524 RSUSBSTOR - ok
    22:42:14.0445 2524 [ 777FC2C418465404E3D8A290DC247D24 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    22:42:14.0467 2524 RTL8167 - ok
    22:42:14.0548 2524 [ 03E0627C26943916A7276AC5306206C7 ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
    22:42:14.0558 2524 rtl8192se - ok
    22:42:14.0578 2524 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
    22:42:14.0580 2524 SamSs - ok
    22:42:14.0604 2524 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
    22:42:14.0635 2524 sbp2port - ok
    22:42:14.0724 2524 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    22:42:14.0745 2524 SCardSvr - ok
    22:42:14.0808 2524 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    22:42:14.0826 2524 scfilter - ok
    22:42:14.0979 2524 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
    22:42:14.0994 2524 Schedule - ok
    22:42:15.0084 2524 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
    22:42:15.0085 2524 SCPolicySvc - ok
    22:42:15.0151 2524 [ 54E47AD086782D3AE9417C155CDCEB9B ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
    22:42:15.0154 2524 sdbus - ok
    22:42:15.0196 2524 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    22:42:15.0217 2524 SDRSVC - ok
    22:42:15.0264 2524 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    22:42:15.0282 2524 secdrv - ok
    22:42:15.0301 2524 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
    22:42:15.0305 2524 seclogon - ok
    22:42:15.0324 2524 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    22:42:15.0327 2524 SENS - ok
    22:42:15.0351 2524 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    22:42:15.0356 2524 SensrSvc - ok
    22:42:15.0372 2524 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    22:42:15.0392 2524 Serenum - ok
    22:42:15.0429 2524 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    22:42:15.0506 2524 Serial - ok
    22:42:15.0564 2524 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    22:42:15.0581 2524 sermouse - ok
    22:42:15.0621 2524 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
    22:42:15.0637 2524 SessionEnv - ok
    22:42:15.0688 2524 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
    22:42:15.0727 2524 sffdisk - ok
    22:42:15.0748 2524 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
    22:42:15.0767 2524 sffp_mmc - ok
    22:42:15.0789 2524 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
    22:42:15.0805 2524 sffp_sd - ok
    22:42:15.0852 2524 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    22:42:15.0869 2524 sfloppy - ok
    22:42:15.0990 2524 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    22:42:15.0997 2524 ShellHWDetection - ok
    22:42:16.0029 2524 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    22:42:16.0070 2524 SiSRaid2 - ok
    22:42:16.0116 2524 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    22:42:16.0134 2524 SiSRaid4 - ok
    22:42:16.0402 2524 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    22:42:16.0419 2524 SkypeUpdate - ok
    22:42:16.0473 2524 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    22:42:16.0477 2524 Smb - ok
    22:42:16.0534 2524 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    22:42:16.0537 2524 SNMPTRAP - ok
    22:42:16.0556 2524 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    22:42:16.0574 2524 spldr - ok
    22:42:16.0685 2524 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
    22:42:16.0694 2524 Spooler - ok
    22:42:16.0867 2524 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
    22:42:16.0913 2524 sppsvc - ok
    22:42:16.0972 2524 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    22:42:16.0993 2524 sppuinotify - ok
    22:42:17.0129 2524 [ 7D67C07C63796775CC5492BCFEAFF125 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    22:42:17.0135 2524 SQLBrowser - ok
    22:42:17.0293 2524 [ F98DDFBFE0EE66D4C4B00693512B9527 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    22:42:17.0313 2524 SQLWriter - ok
    22:42:17.0370 2524 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
    22:42:17.0378 2524 srv - ok
    22:42:17.0401 2524 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    22:42:17.0425 2524 srv2 - ok
    22:42:17.0467 2524 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    22:42:17.0474 2524 SrvHsfHDA - ok
    22:42:17.0741 2524 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    22:42:17.0773 2524 SrvHsfV92 - ok
    22:42:17.0804 2524 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    22:42:17.0838 2524 SrvHsfWinac - ok
    22:42:17.0971 2524 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    22:42:17.0995 2524 srvnet - ok
    22:42:18.0187 2524 [ F4F1E1FF6986FE8914525AF751EA3EAC ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
    22:42:18.0193 2524 sscdbus - ok
    22:42:18.0280 2524 [ 5447690D2CFE1BDE1BE3A5A5A3E2F796 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
    22:42:18.0282 2524 sscdmdfl - ok
    22:42:18.0320 2524 [ BFDA292053AEB76A0C1D63B2279D5138 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
    22:42:18.0328 2524 sscdmdm - ok
    22:42:18.0378 2524 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    22:42:18.0399 2524 SSDPSRV - ok
    22:42:18.0430 2524 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    22:42:18.0435 2524 SstpSvc - ok
    22:42:18.0475 2524 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    22:42:18.0487 2524 stexstor - ok
    22:42:18.0536 2524 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
    22:42:18.0546 2524 stisvc - ok
    22:42:18.0581 2524 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    22:42:18.0598 2524 swenum - ok
    22:42:18.0669 2524 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    22:42:18.0690 2524 swprv - ok
    22:42:18.0748 2524 [ 91853F78B68F9F036670291F5EDD4EAE ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
    22:42:18.0781 2524 SynTP - ok
    22:42:18.0901 2524 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
    22:42:18.0922 2524 SysMain - ok
    22:42:18.0996 2524 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
    22:42:19.0000 2524 TabletInputService - ok
    22:42:19.0031 2524 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
    22:42:19.0038 2524 TapiSrv - ok
    22:42:19.0061 2524 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    22:42:19.0064 2524 TBS - ok
    22:42:19.0151 2524 [ B9D87C7707F058AC652A398CD28DE14B ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    22:42:19.0175 2524 Tcpip - ok
    22:42:19.0210 2524 [ B9D87C7707F058AC652A398CD28DE14B ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    22:42:19.0221 2524 TCPIP6 - ok
    22:42:19.0259 2524 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    22:42:19.0274 2524 tcpipreg - ok
    22:42:19.0315 2524 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    22:42:19.0351 2524 TDPIPE - ok
    22:42:19.0371 2524 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    22:42:19.0380 2524 TDTCP - ok
    22:42:19.0412 2524 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    22:42:19.0476 2524 tdx - ok
    22:42:19.0504 2524 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    22:42:19.0506 2524 TermDD - ok
    22:42:19.0559 2524 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
    22:42:19.0570 2524 TermService - ok
    22:42:19.0634 2524 [ 48D9D00C2E0E72C3D4F52772C80355F6 ] TFsExDisk C:\Windows\System32\Drivers\TFsExDisk.sys
    22:42:19.0651 2524 TFsExDisk - ok
    22:42:19.0667 2524 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    22:42:19.0673 2524 Themes - ok
    22:42:19.0701 2524 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    22:42:19.0704 2524 THREADORDER - ok
    22:42:19.0721 2524 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    22:42:19.0725 2524 TrkWks - ok
    22:42:19.0771 2524 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    22:42:19.0775 2524 TrustedInstaller - ok
    22:42:19.0802 2524 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    22:42:19.0805 2524 tssecsrv - ok
    22:42:19.0838 2524 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    22:42:19.0861 2524 tunnel - ok
    22:42:19.0950 2524 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    22:42:19.0983 2524 uagp35 - ok
    22:42:20.0013 2524 [ C06E6F4679CEB8F430B90A51D76D8D3C ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    22:42:20.0019 2524 udfs - ok
    22:42:20.0058 2524 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    22:42:20.0062 2524 UI0Detect - ok
    22:42:20.0116 2524 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
    22:42:20.0150 2524 uliagpkx - ok
    22:42:20.0188 2524 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    22:42:20.0220 2524 umbus - ok
    22:42:20.0268 2524 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    22:42:20.0286 2524 UmPass - ok
    22:42:20.0340 2524 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    22:42:20.0346 2524 upnphost - ok
    22:42:20.0387 2524 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    22:42:20.0407 2524 usbaudio - ok
    22:42:20.0440 2524 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    22:42:20.0467 2524 usbccgp - ok
    22:42:20.0506 2524 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
    22:42:20.0510 2524 usbcir - ok
    22:42:20.0546 2524 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    22:42:20.0564 2524 usbehci - ok
    22:42:20.0647 2524 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    22:42:20.0668 2524 usbhub - ok
    22:42:20.0688 2524 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    22:42:20.0707 2524 usbohci - ok
    22:42:20.0741 2524 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    22:42:20.0760 2524 usbprint - ok
    22:42:20.0821 2524 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    22:42:20.0825 2524 usbscan - ok
    22:42:20.0907 2524 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    22:42:20.0925 2524 USBSTOR - ok
    22:42:21.0022 2524 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    22:42:21.0024 2524 usbuhci - ok
    22:42:21.0054 2524 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    22:42:21.0059 2524 UxSms - ok
    22:42:21.0077 2524 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
    22:42:21.0078 2524 VaultSvc - ok
    22:42:21.0129 2524 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
    22:42:21.0162 2524 vdrvroot - ok
    22:42:21.0192 2524 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
    22:42:21.0202 2524 vds - ok
    22:42:21.0228 2524 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    22:42:21.0231 2524 vga - ok
    22:42:21.0247 2524 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    22:42:21.0266 2524 VgaSave - ok
    22:42:21.0328 2524 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
    22:42:21.0373 2524 vhdmp - ok
    22:42:21.0405 2524 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
    22:42:21.0432 2524 viaide - ok
    22:42:21.0474 2524 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
    22:42:21.0519 2524 volmgr - ok
    22:42:21.0545 2524 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    22:42:21.0552 2524 volmgrx - ok
    22:42:21.0609 2524 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
    22:42:21.0675 2524 volsnap - ok
    22:42:21.0709 2524 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    22:42:21.0730 2524 vsmraid - ok
    22:42:21.0850 2524 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
    22:42:21.0871 2524 VSS - ok
    22:42:21.0936 2524 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    22:42:21.0953 2524 vwifibus - ok
    22:42:22.0052 2524 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    22:42:22.0056 2524 vwififlt - ok
    22:42:22.0107 2524 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
    22:42:22.0125 2524 vwifimp - ok
    22:42:22.0156 2524 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    22:42:22.0164 2524 W32Time - ok
    22:42:22.0217 2524 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    22:42:22.0220 2524 WacomPen - ok
    22:42:22.0281 2524 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    22:42:22.0300 2524 WANARP - ok
    22:42:22.0309 2524 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    22:42:22.0311 2524 Wanarpv6 - ok
    22:42:22.0375 2524 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    22:42:22.0391 2524 WatAdminSvc - ok
    22:42:22.0448 2524 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
    22:42:22.0467 2524 wbengine - ok
    22:42:22.0502 2524 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    22:42:22.0509 2524 WbioSrvc - ok
    22:42:22.0548 2524 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
    22:42:22.0556 2524 wcncsvc - ok
    22:42:22.0578 2524 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    22:42:22.0582 2524 WcsPlugInService - ok
    22:42:22.0615 2524 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    22:42:22.0619 2524 Wd - ok
    22:42:22.0679 2524 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    22:42:22.0690 2524 Wdf01000 - ok
    22:42:22.0716 2524 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    22:42:22.0720 2524 WdiServiceHost - ok
    22:42:22.0729 2524 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    22:42:22.0734 2524 WdiSystemHost - ok
    22:42:22.0780 2524 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
    22:42:22.0786 2524 WebClient - ok
    22:42:22.0854 2524 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    22:42:22.0884 2524 Wecsvc - ok
    22:42:22.0945 2524 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    22:42:22.0949 2524 wercplsupport - ok
    22:42:23.0053 2524 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    22:42:23.0056 2524 WerSvc - ok
    22:42:23.0107 2524 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    22:42:23.0124 2524 WfpLwf - ok
    22:42:23.0165 2524 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    22:42:23.0195 2524 WIMMount - ok
    22:42:23.0209 2524 WinHttpAutoProxySvc - ok
    22:42:23.0264 2524 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    22:42:23.0269 2524 Winmgmt - ok
    22:42:23.0338 2524 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
    22:42:23.0363 2524 WinRM - ok
    22:42:23.0428 2524 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    22:42:23.0443 2524 WinUsb - ok
    22:42:23.0677 2524 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    22:42:23.0689 2524 Wlansvc - ok
    22:42:23.0781 2524 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    22:42:23.0784 2524 wlcrasvc - ok
    22:42:24.0055 2524 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    22:42:24.0082 2524 wlidsvc - ok
    22:42:24.0170 2524 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
    22:42:24.0170 2524 WmiAcpi - ok
    22:42:24.0233 2524 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    22:42:24.0238 2524 wmiApSrv - ok
    22:42:24.0271 2524 WMPNetworkSvc - ok
    22:42:24.0372 2524 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    22:42:24.0384 2524 WPCSvc - ok
    22:42:24.0414 2524 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    22:42:24.0433 2524 WPDBusEnum - ok
    22:42:24.0467 2524 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    22:42:24.0486 2524 ws2ifsl - ok
    22:42:24.0495 2524 WSearch - ok
    22:42:24.0534 2524 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    22:42:24.0569 2524 WudfPf - ok
    22:42:24.0608 2524 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    22:42:24.0629 2524 WUDFRd - ok
    22:42:24.0668 2524 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    22:42:24.0672 2524 wudfsvc - ok
    22:42:24.0696 2524 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    22:42:24.0706 2524 WwanSvc - ok
    22:42:24.0761 2524 [ 38F55D07B1D3391065C40EC065F984E2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
    22:42:24.0781 2524 xusb21 - ok
    22:42:25.0021 2524 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    22:42:25.0030 2524 YahooAUService - ok
    22:42:25.0124 2524 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
    22:42:25.0132 2524 yukonw7 - ok
    22:42:25.0152 2524 ================ Scan global ===============================
    22:42:25.0222 2524 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    22:42:25.0299 2524 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
    22:42:25.0319 2524 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
    22:42:25.0364 2524 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    22:42:25.0416 2524 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    22:42:25.0423 2524 [Global] - ok
    22:42:25.0427 2524 ================ Scan MBR ==================================
    22:42:25.0451 2524 [ 02597A523B281B6030A51866C4982DB4 ] \Device\Harddisk0\DR0
    22:42:25.0752 2524 \Device\Harddisk0\DR0 - ok
    22:42:25.0762 2524 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR1
    22:42:25.0769 2524 \Device\Harddisk1\DR1 - ok
    22:42:25.0773 2524 ================ Scan VBR ==================================
    22:42:25.0778 2524 [ BBEE25C025F5FCDBEF6CEEEB15C51961 ] \Device\Harddisk0\DR0\Partition1
    22:42:25.0794 2524 \Device\Harddisk0\DR0\Partition1 - ok
    22:42:25.0830 2524 [ 282A07DF6F1AB95599F70CE5CF04B044 ] \Device\Harddisk0\DR0\Partition2
    22:42:25.0864 2524 \Device\Harddisk0\DR0\Partition2 - ok
    22:42:25.0906 2524 [ D8CA433110EA11811090FAA80A8EA5B7 ] \Device\Harddisk0\DR0\Partition3
    22:42:25.0908 2524 \Device\Harddisk0\DR0\Partition3 - ok
    22:42:25.0972 2524 [ 924BD74F898844018C1D22E5D4DB807A ] \Device\Harddisk0\DR0\Partition4
    22:42:25.0974 2524 \Device\Harddisk0\DR0\Partition4 - ok
    22:42:25.0984 2524 [ C9695854D4B40443AF7FBE1D97D76BD2 ] \Device\Harddisk1\DR1\Partition1
    22:42:25.0985 2524 \Device\Harddisk1\DR1\Partition1 - ok
    22:42:25.0989 2524 ============================================================
    22:42:25.0989 2524 Scan finished
    22:42:25.0989 2524 ============================================================
    22:42:26.0005 2140 Detected object count: 0
    22:42:26.0005 2140 Actual detected object count: 0
    22:42:32.0860 0708 Deinitialize success
     
  15. shane grant

    shane grant TS Rookie Topic Starter Posts: 36

    RogueKiller V8.1.0 [09/28/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7600 ) 64 bits version
    Started in : Normal mode
    User : vernal [Admin rights]
    Mode : Scan -- Date : 09/30/2012 22:44:19
    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] GetBooks.exe -- C:\Users\vernal\AppData\Local\GetBooks\GetBooks.exe -> KILLED [TermProc]
    ¤¤¤ Registry Entries : 10 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : cdloader ("C:\Users\vernal\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
    [RUN][SUSP PATH] HKCU\[...]\Run : GetBooks ("C:\Users\vernal\AppData\Local\GetBooks\GetBooks.exe" 6c6146100970226125bcf29f895ef6ba) -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-2774012587-4088809240-1836390705-1000[...]\Run : cdloader ("C:\Users\vernal\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-2774012587-4088809240-1836390705-1000[...]\Run : GetBooks ("C:\Users\vernal\AppData\Local\GetBooks\GetBooks.exe" 6c6146100970226125bcf29f895ef6ba) -> FOUND
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts
    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: SAMSUNG HM250HI +++++
    --- User ---
    [MBR] c9bc3bbbf903ce0aeb11b131a99fdb46
    [BSP] 0a65c0212f07a850c80e0bd52403cd63 : Windows Vista/7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 223581 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 458303488 | Size: 14590 Mo
    3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 488183808 | Size: 103 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: Generic Flash Disk USB Device +++++
    --- User ---
    [MBR] 76e31d85ef2b8baf65344d59a1cc437e
    [BSP] 4b8b702b557e3455c4e0f1b634afd5c4 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 1528 | Size: 960 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[1].txt >>
    RKreport[1].txt
     
  16. shane grant

    shane grant TS Rookie Topic Starter Posts: 36

    RogueKiller V8.1.0 [09/28/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7600 ) 64 bits version
    Started in : Normal mode
    User : vernal [Admin rights]
    Mode : Remove -- Date : 09/30/2012 22:44:46
    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] GetBooks.exe -- C:\Users\vernal\AppData\Local\GetBooks\GetBooks.exe -> KILLED [TermProc]
    ¤¤¤ Registry Entries : 6 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : cdloader ("C:\Users\vernal\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> DELETED
    [RUN][SUSP PATH] HKCU\[...]\Run : GetBooks ("C:\Users\vernal\AppData\Local\GetBooks\GetBooks.exe" 6c6146100970226125bcf29f895ef6ba) -> DELETED
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
    [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts
    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: SAMSUNG HM250HI +++++
    --- User ---
    [MBR] c9bc3bbbf903ce0aeb11b131a99fdb46
    [BSP] 0a65c0212f07a850c80e0bd52403cd63 : Windows Vista/7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 223581 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 458303488 | Size: 14590 Mo
    3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 488183808 | Size: 103 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: Generic Flash Disk USB Device +++++
    --- User ---
    [MBR] 76e31d85ef2b8baf65344d59a1cc437e
    [BSP] 4b8b702b557e3455c4e0f1b634afd5c4 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 1528 | Size: 960 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
     
  17. shane grant

    shane grant TS Rookie Topic Starter Posts: 36

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-30 22:45:35
    -----------------------------
    22:45:35.092 OS Version: Windows x64 6.1.7600
    22:45:35.092 Number of processors: 1 586 0x170A
    22:45:35.093 ComputerName: VERNAL-PC UserName: vernal
    22:45:35.853 Initialize success
    22:53:18.181 AVAST engine defs: 12093001
    22:57:10.295 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    22:57:10.297 Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 238475MB BusType: 3
    22:57:10.315 Disk 0 MBR read successfully
    22:57:10.318 Disk 0 MBR scan
    22:57:10.325 Disk 0 unknown MBR code
    22:57:10.336 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
    22:57:10.350 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 223581 MB offset 409600
    22:57:10.382 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14590 MB offset 458303488
    22:57:10.403 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
    22:57:10.454 Disk 0 scanning C:\Windows\system32\drivers
    22:57:36.150 Service scanning
    22:58:11.519 Modules scanning
    22:58:11.527 Disk 0 trace - called modules:
    22:58:11.894 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
    22:58:11.899 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800324b060]
    22:58:11.905 3 CLASSPNP.SYS[fffff880013a943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80025ef050]
    22:58:13.129 AVAST engine scan C:\Windows
    22:58:17.284 AVAST engine scan C:\Windows\system32
    23:04:05.108 AVAST engine scan C:\Windows\system32\drivers
    23:04:24.150 AVAST engine scan C:\Users\vernal
    23:06:47.979 File: C:\Users\vernal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J2BZCVY8\DownloadFast_0.6.2[1].exe **INFECTED** Win32:Delf-SUV [Trj]
    23:09:00.128 File: C:\Users\vernal\AppData\Local\Temp\DownloadFast_0.6.2.exe **INFECTED** Win32:Delf-SUV [Trj]
    23:16:06.044 AVAST engine scan C:\ProgramData
    23:19:07.099 Scan finished successfully
    23:19:30.750 Disk 0 MBR has been saved successfully to "C:\Users\vernal\Desktop\MBR.dat"
    23:19:30.757 The log file has been saved successfully to "C:\Users\vernal\Desktop\aswMBR.txt"
     
  18. Broni

    Broni Malware Annihilator Posts: 47,647   +267

    Good :)

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ====================================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If restarting doesn't help use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  19. shane grant

    shane grant TS Rookie Topic Starter Posts: 36

    My antivirus has stopped detecting the virus however I will not do anything unless you say so until you deem my pc clean
     
  20. Broni

    Broni Malware Annihilator Posts: 47,647   +267

    Good :)

    Read my previous reply.
     
  21. shane grant

    shane grant TS Rookie Topic Starter Posts: 36

    ComboFix 12-09-30.01 - vernal 09/30/2012 23:36:17.1.1 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1979.873 [GMT -5:00]
    Running from: c:\users\vernal\Desktop\ComboFix.exe
    AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
    SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\vernal\AppData\Local\WideSearch
    c:\users\vernal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
    c:\windows\SysWow64\html
    c:\windows\SysWow64\html\calendar.html
    c:\windows\SysWow64\html\calendarbottom.html
    c:\windows\SysWow64\html\calendartop.html
    c:\windows\SysWow64\html\crystalexportdialog.htm
    c:\windows\SysWow64\html\crystalprinthost.html
    c:\windows\SysWow64\images
    c:\windows\SysWow64\images\toolbar\calendar.gif
    c:\windows\SysWow64\images\toolbar\crlogo.gif
    c:\windows\SysWow64\images\toolbar\export.gif
    c:\windows\SysWow64\images\toolbar\export_over.gif
    c:\windows\SysWow64\images\toolbar\exportd.gif
    c:\windows\SysWow64\images\toolbar\First.gif
    c:\windows\SysWow64\images\toolbar\first_over.gif
    c:\windows\SysWow64\images\toolbar\Firstd.gif
    c:\windows\SysWow64\images\toolbar\gotopage.gif
    c:\windows\SysWow64\images\toolbar\gotopage_over.gif
    c:\windows\SysWow64\images\toolbar\gotopaged.gif
    c:\windows\SysWow64\images\toolbar\grouptree.gif
    c:\windows\SysWow64\images\toolbar\grouptree_over.gif
    c:\windows\SysWow64\images\toolbar\grouptreed.gif
    c:\windows\SysWow64\images\toolbar\grouptreepressed.gif
    c:\windows\SysWow64\images\toolbar\Last.gif
    c:\windows\SysWow64\images\toolbar\last_over.gif
    c:\windows\SysWow64\images\toolbar\Lastd.gif
    c:\windows\SysWow64\images\toolbar\Next.gif
    c:\windows\SysWow64\images\toolbar\next_over.gif
    c:\windows\SysWow64\images\toolbar\Nextd.gif
    c:\windows\SysWow64\images\toolbar\Prev.gif
    c:\windows\SysWow64\images\toolbar\prev_over.gif
    c:\windows\SysWow64\images\toolbar\Prevd.gif
    c:\windows\SysWow64\images\toolbar\print.gif
    c:\windows\SysWow64\images\toolbar\print_over.gif
    c:\windows\SysWow64\images\toolbar\printd.gif
    c:\windows\SysWow64\images\toolbar\Refresh.gif
    c:\windows\SysWow64\images\toolbar\refresh_over.gif
    c:\windows\SysWow64\images\toolbar\refreshd.gif
    c:\windows\SysWow64\images\toolbar\Search.gif
    c:\windows\SysWow64\images\toolbar\search_over.gif
    c:\windows\SysWow64\images\toolbar\searchd.gif
    c:\windows\SysWow64\images\toolbar\up.gif
    c:\windows\SysWow64\images\toolbar\up_over.gif
    c:\windows\SysWow64\images\toolbar\upd.gif
    c:\windows\SysWow64\images\tree\begindots.gif
    c:\windows\SysWow64\images\tree\beginminus.gif
    c:\windows\SysWow64\images\tree\beginplus.gif
    c:\windows\SysWow64\images\tree\blank.gif
    c:\windows\SysWow64\images\tree\blankdots.gif
    c:\windows\SysWow64\images\tree\dots.gif
    c:\windows\SysWow64\images\tree\lastdots.gif
    c:\windows\SysWow64\images\tree\lastminus.gif
    c:\windows\SysWow64\images\tree\lastplus.gif
    c:\windows\SysWow64\images\tree\Magnify.gif
    c:\windows\SysWow64\images\tree\minus.gif
    c:\windows\SysWow64\images\tree\minusbox.gif
    c:\windows\SysWow64\images\tree\plus.gif
    c:\windows\SysWow64\images\tree\plusbox.gif
    c:\windows\SysWow64\images\tree\singleminus.gif
    c:\windows\SysWow64\images\tree\singleplus.gif
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-01 to 2012-10-01 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-01 06:11 . 2012-10-01 06:11--------d-----w-C:\FRST
    2012-10-01 04:52 . 2012-10-01 04:52--------d-----w-c:\users\Default\AppData\Local\temp
    2012-10-01 00:02 . 2012-10-01 00:02--------d-----w-c:\users\vernal\AppData\Roaming\Malwarebytes
    2012-10-01 00:02 . 2012-10-01 00:02--------d-----w-c:\programdata\Malwarebytes
    2012-10-01 00:02 . 2012-10-01 00:02--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-10-01 00:02 . 2012-09-07 22:0425928----a-w-c:\windows\system32\drivers\mbam.sys
    2012-09-30 02:42 . 2012-09-30 02:42--------d-sh--w-c:\windows\SysWow64\%APPDATA%
    2012-09-27 20:35 . 2012-09-27 20:35--------d-----w-c:\users\vernal\AppData\Local\PopCap Games
    2012-09-27 05:48 . 2012-09-27 05:48--------d-----w-c:\program files (x86)\Bejeweled Blitz
    2012-09-27 04:54 . 2012-09-27 04:54--------d-----w-c:\users\vernal\AppData\Local\GameHouse
    2012-09-27 04:54 . 2012-09-27 04:54--------d-----w-c:\programdata\Trymedia
    2012-09-27 04:50 . 2012-09-27 04:51--------d-----w-c:\program files (x86)\Bejeweled 3
    2012-09-27 03:43 . 2012-09-27 03:43--------d-----w-c:\users\vernal\AppData\Roaming\Gamers Digital
    2012-09-27 03:43 . 2012-09-27 03:43--------d-----w-c:\programdata\Gamers Digital
    2012-09-27 03:34 . 2012-09-27 03:34--------d-----w-c:\program files (x86)\Making Mr. Right
    2012-09-26 22:09 . 2010-04-27 02:2519016----a-w-c:\windows\system32\drivers\sscdmdfl.sys
    2012-09-26 22:09 . 2010-04-27 02:25172104----a-w-c:\windows\system32\drivers\sscdmdm.sys
    2012-09-26 22:09 . 2010-04-27 02:2515944----a-w-c:\windows\system32\drivers\sscdwhnt.sys
    2012-09-26 22:09 . 2010-04-27 02:2515944----a-w-c:\windows\system32\drivers\sscdwh.sys
    2012-09-26 22:09 . 2010-04-27 02:2515432----a-w-c:\windows\system32\drivers\sscdcmnt.sys
    2012-09-26 22:09 . 2010-04-27 02:2515432----a-w-c:\windows\system32\drivers\sscdcm.sys
    2012-09-26 22:09 . 2010-04-27 02:25136264----a-w-c:\windows\system32\drivers\sscdbus.sys
    2012-09-26 22:06 . 2010-07-05 00:1125960----a-w-c:\windows\SysWow64\FsExService64.Exe
    2012-09-26 22:06 . 2010-06-14 14:3216448----a-w-c:\windows\SysWow64\drivers\TFsExDisk.Sys
    2012-09-26 22:06 . 2010-06-14 14:3216448----a-w-c:\windows\system32\drivers\TFsExDisk.sys
    2012-09-26 22:06 . 2010-07-05 00:1125960----a-w-c:\windows\system32\FsExService64.exe
    2012-09-26 22:05 . 2012-09-26 22:05--------d-----w-c:\users\vernal\AppData\Roaming\Samsung
    2012-09-26 22:04 . 2012-09-26 22:04--------d-----w-c:\program files (x86)\MarkAny
    2012-09-26 22:03 . 2012-09-26 22:08--------d-----w-c:\program files (x86)\Samsung
    2012-09-26 21:55 . 2012-09-26 21:55--------d-----w-c:\program files\SAMSUNG
    2012-09-26 21:55 . 2012-09-26 21:55--------d-----w-c:\programdata\Samsung
    2012-09-26 08:31 . 2012-08-30 07:279308616----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7335E3A-7B40-4A1D-A5BB-11324A4C34A5}\mpengine.dll
    2012-09-20 21:59 . 2012-09-20 22:00315----a-w-C:\user.js
    2012-09-20 21:59 . 2012-09-20 21:59--------d-----w-c:\program files (x86)\BabylonToolbar
    2012-09-19 22:30 . 2012-09-21 00:5173136----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-19 22:30 . 2012-09-21 00:51696240----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-09-19 22:30 . 2012-09-19 22:30--------d-----w-c:\windows\system32\Macromed
    2012-09-19 22:27 . 2012-09-19 22:27--------d-----w-c:\users\vernal\AppData\Local\Mozilla
    2012-09-13 03:12 . 2012-09-13 03:12--------d-----w-c:\users\vernal\AppData\Local\GetBooks
    2012-09-13 03:12 . 2012-09-13 03:12--------d-----w-c:\users\vernal\AppData\Roaming\Babylon
    2012-09-13 03:12 . 2012-09-13 03:12--------d-----w-c:\programdata\Babylon
    2012-09-12 01:45 . 2012-09-12 01:45--------d-----w-c:\users\vernal\AppData\Roaming\GamesCafe
    2012-09-11 22:47 . 2012-09-11 22:47--------d-----w-c:\users\vernal\AppData\Roaming\MumboJumbo
    2012-09-11 22:27 . 2012-09-11 22:37--------d-----w-c:\programdata\SnowGlobe
    2012-09-11 22:26 . 2012-09-11 22:26--------d-----w-c:\program files (x86)\Games
    2012-09-09 22:29 . 2012-09-09 22:29--------d-----w-c:\users\vernal\AppData\Roaming\URSE Games
    2012-09-09 04:03 . 2012-09-09 04:03--------d-----w-c:\program files\Governor of Poker 2 PE
    2012-09-03 13:46 . 2012-09-03 13:46--------d-----w-c:\users\vernal\AppData\Roaming\Boolat Games
    2012-09-03 03:27 . 2012-09-03 03:27--------d-----w-c:\programdata\SugarGames
    2012-09-02 00:21 . 2011-07-20 18:5844032----a-w-c:\windows\system32\drivers\RimSerial_AMD64.sys
    2012-09-02 00:20 . 2012-09-02 00:20--------d-----w-c:\programdata\Research In Motion
    2012-09-02 00:20 . 2012-09-02 00:20--------d-----w-c:\program files (x86)\Common Files\Research In Motion
    2012-09-02 00:20 . 2012-09-02 00:20--------d-----w-c:\program files (x86)\Common Files\XCPCSync.OEM
    2012-09-02 00:19 . 2012-09-02 00:19--------d-----w-c:\program files (x86)\Research In Motion
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1294208----a-w-c:\users\vernal\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1294208----a-w-c:\users\vernal\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1294208----a-w-c:\users\vernal\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1294208----a-w-c:\users\vernal\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-05 95576]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
    "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
    .
    c:\users\vernal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\vernal\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14 136176]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
    R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 281088]
    R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-06-10 15360]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14 136176]
    R3 HP8107Fltr;HP-HP8107;c:\windows\system32\DRIVERS\HP8107.sys [2010-02-05 13824]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-17 1255736]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-11 136584]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-09-11 735960]
    S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-09-11 123200]
    S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
    S2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-06-24 91456]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-05 144896]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-28 295424]
    S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-01-20 1088544]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-01 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-19 00:52]
    .
    2012-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-03 13:46]
    .
    2012-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-03 13:46]
    .
    2012-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2774012587-4088809240-1836390705-1000Core.job
    - c:\users\vernal\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-15 15:03]
    .
    2012-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2774012587-4088809240-1836390705-1000UA.job
    - c:\users\vernal\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-15 15:03]
    .
    2012-09-25 c:\windows\Tasks\HPCeeScheduleForvernal.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1297792----a-w-c:\users\vernal\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1297792----a-w-c:\users\vernal\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1297792----a-w-c:\users\vernal\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1297792----a-w-c:\users\vernal\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-01-29 6160928]
    "RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-01-13 995840]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2716216]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com
    uLocal Page = c:\windows\system32\blank.htm
    mDefault_Page_URL = hxxp://www.yahoo.com
    mStart Page = hxxp://www.yahoo.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 65.183.0.76 65.183.0.86
    FF - ProfilePath - c:\users\vernal\AppData\Roaming\Mozilla\Firefox\Profiles\rlvnub9f.default\
    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=98f5492800000000000070f1a1d13d64&q=
    FF - user.js: extensions.BabylonToolbar.id - 98f5492800000000000070f1a1d13d64
    FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
    FF - user.js: extensions.BabylonToolbar.instlDay - 15603
    FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
    FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1216:59
    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar.tlbrId - base
    FF - user.js: extensions.BabylonToolbar.instlRef - sst
    FF - user.js: extensions.BabylonToolbar.dfltLng - en
    FF - user.js: extensions.BabylonToolbar.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.admin - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=116107&tt=270912_ctrl2_3912_1
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar.autoRvrt - false
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-NPSStartup - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-{B60DCA15-56A3-4D2D-8747-22CF7D7B588B} - c:\program files (x86)\InstallShield Installation Information\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}\setup.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2774012587-4088809240-1836390705-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*,%P*ˆ%]
    @Class="Shell"
    .
    [HKEY_USERS\S-1-5-21-2774012587-4088809240-1836390705-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*,%P*ˆ%\OpenWithList]
    @Class="Shell"
    "a"="WINWORD.EXE"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2774012587-4088809240-1836390705-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*,%P*ˆ%\OpenWithProgids]
    "-P¦_auto_file"=hex(0):
    .
    [HKEY_USERS\S-1-5-21-2774012587-4088809240-1836390705-1000_Classes\.*,%P*ˆ%]
    @Allowed: (Read) (RestrictedCode)
    @="-P¦_auto_file"
    .
    [HKEY_USERS\S-1-5-21-2774012587-4088809240-1836390705-1000_Classes\,%P*ˆ%_*a*u*t*o*_*f*I*l*e*\shell\edit]
    @="&Edit"
    .
    [HKEY_USERS\S-1-5-21-2774012587-4088809240-1836390705-1000_Classes\,%P*ˆ%_*a*u*t*o*_*f*I*l*e*\shell\edit\command]
    @="\"c:\\Program Files (x86)\\Microsoft Office\\Office12\\WINWORD.EXE\" /n /dde"
    .
    [HKEY_USERS\S-1-5-21-2774012587-4088809240-1836390705-1000_Classes\,%P*ˆ%_*a*u*t*o*_*f*I*l*e*\shell\edit\ddeexec]
    @="[REM _DDE_Direct][FileOpen(\"%1\")]"
    .
    [HKEY_USERS\S-1-5-21-2774012587-4088809240-1836390705-1000_Classes\,%P*ˆ%_*a*u*t*o*_*f*I*l*e*\shell\edit\ddeexec\Application]
    @="WinWord"
    .
    [HKEY_USERS\S-1-5-21-2774012587-4088809240-1836390705-1000_Classes\,%P*ˆ%_*a*u*t*o*_*f*I*l*e*\shell\edit\ddeexec\Topic]
    @="System"
    DUMPHIVE0.003 (REGF)
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
    @Denied: (A) (Everyone)
    "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
    "Key"="ActionsPane"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files (x86)\Motorola\MotoConnectService\MotoConnect.exe
    .
    **************************************************************************
    .
    Completion time: 2012-10-01 00:26:51 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-10-01 05:26
    .
    Pre-Run: 88,478,781,440 bytes free
    Post-Run: 89,132,806,144 bytes free
    .
    - - End Of File - - 2DBF7711876D2971441140D898DD64D5
     
  22. shane grant

    shane grant TS Rookie Topic Starter Posts: 36

    Whats next
     
  23. Broni

    Broni Malware Annihilator Posts: 47,647   +267

    Looks good.

    Any current issues?

    ===============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  24. shane grant

    shane grant TS Rookie Topic Starter Posts: 36

    OTL logfile created on: 10/2/2012 12:07:11 AM - Run 1
    OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\vernal\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.93 Gb Total Physical Memory | 0.67 Gb Available Physical Memory | 34.43% Memory free
    4.83 Gb Paging File | 3.23 Gb Available in Paging File | 66.89% Paging File free
    Paging file location(s): c:\pagefile.sys 2967 2968 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 218.34 Gb Total Space | 76.32 Gb Free Space | 34.95% Space Free | Partition Type: NTFS
    Drive D: | 14.25 Gb Total Space | 2.35 Gb Free Space | 16.51% Space Free | Partition Type: NTFS
    Drive E: | 99.18 Mb Total Space | 92.52 Mb Free Space | 93.28% Space Free | Partition Type: FAT32
    Drive G: | 2.11 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive I: | 584.29 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: VERNAL-PC | User Name: vernal | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/02 00:05:02 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\vernal\Desktop\OTL.exe
    PRC - [2012/05/24 13:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\vernal\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    PRC - [2010/07/04 19:13:56 | 000,095,576 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
    PRC - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
    PRC - [2010/06/24 14:34:50 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
    PRC - [2009/09/11 07:24:32 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/09/25 04:42:58 | 000,460,312 | ---- | M] () -- C:\Users\vernal\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppgooglenaclpluginchrome.dll
    MOD - [2012/09/25 04:42:57 | 012,278,808 | ---- | M] () -- C:\Users\vernal\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
    MOD - [2012/09/25 04:42:55 | 004,005,912 | ---- | M] () -- C:\Users\vernal\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
    MOD - [2012/09/25 04:41:39 | 000,578,072 | ---- | M] () -- C:\Users\vernal\AppData\Local\Google\Chrome\Application\22.0.1229.79\libglesv2.dll
    MOD - [2012/09/25 04:41:38 | 000,123,416 | ---- | M] () -- C:\Users\vernal\AppData\Local\Google\Chrome\Application\22.0.1229.79\libegl.dll
    MOD - [2012/09/25 04:41:27 | 000,156,712 | ---- | M] () -- C:\Users\vernal\AppData\Local\Google\Chrome\Application\22.0.1229.79\avutil-51.dll
    MOD - [2012/09/25 04:41:26 | 000,275,496 | ---- | M] () -- C:\Users\vernal\AppData\Local\Google\Chrome\Application\22.0.1229.79\avformat-54.dll
    MOD - [2012/09/25 04:41:24 | 002,168,360 | ---- | M] () -- C:\Users\vernal\AppData\Local\Google\Chrome\Application\22.0.1229.79\avcodec-54.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/01/18 17:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
    SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
    SRV:64bit: - [2009/09/11 07:33:20 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
    SRV:64bit: - [2009/09/11 07:24:32 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2007/11/07 09:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
    SRV:64bit: - [2007/04/19 15:43:56 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxczcoms.exe -- (lxcz_device)
    SRV - [2012/09/20 19:52:00 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/09/05 20:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2007/04/19 15:43:42 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxczcoms.exe -- (lxcz_device)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/07/25 17:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
    DRV:64bit: - [2011/07/20 13:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
    DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/06/18 15:09:42 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
    DRV:64bit: - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
    DRV:64bit: - [2010/04/26 21:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
    DRV:64bit: - [2010/04/26 21:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
    DRV:64bit: - [2010/04/26 21:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
    DRV:64bit: - [2010/03/05 14:57:18 | 000,144,896 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
    DRV:64bit: - [2010/02/05 19:49:04 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/02/04 22:20:28 | 000,013,824 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HP8107.sys -- (HP8107Fltr)
    DRV:64bit: - [2010/01/19 20:55:34 | 001,088,544 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
    DRV:64bit: - [2009/11/27 20:45:00 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/10/13 13:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/09/22 20:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2009/09/11 07:27:16 | 000,123,200 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
    DRV:64bit: - [2009/09/11 07:23:52 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
    DRV:64bit: - [2009/09/11 07:17:20 | 000,144,824 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 20:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
    DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
    DRV:64bit: - [2009/07/13 18:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 15:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSIb.sys -- (BrUsbSIb)
    DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
    DRV - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
    DRV - [2009/09/22 20:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A9AE75D-6D91-42B6-9654-FE3C6A556323}
    IE:64bit: - HKLM\..\SearchScopes\{02CF5538-6F85-4C6F-94EA-8169B1D8D21D}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
    IE:64bit: - HKLM\..\SearchScopes\{6A9AE75D-6D91-42B6-9654-FE3C6A556323}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    IE - HKLM\..\SearchScopes,DefaultScope = {6A9AE75D-6D91-42B6-9654-FE3C6A556323}
    IE - HKLM\..\SearchScopes\{02CF5538-6F85-4C6F-94EA-8169B1D8D21D}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
    IE - HKLM\..\SearchScopes\{6A9AE75D-6D91-42B6-9654-FE3C6A556323}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2774012587-4088809240-1836390705-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    IE - HKU\S-1-5-21-2774012587-4088809240-1836390705-1000\..\SearchScopes,DefaultScope = {6A9AE75D-6D91-42B6-9654-FE3C6A556323}
    IE - HKU\S-1-5-21-2774012587-4088809240-1836390705-1000\..\SearchScopes\{02CF5538-6F85-4C6F-94EA-8169B1D8D21D}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
    IE - HKU\S-1-5-21-2774012587-4088809240-1836390705-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searc...ss_cr&mntrId=98f5492800000000000070f1a1d13d64
    IE - HKU\S-1-5-21-2774012587-4088809240-1836390705-1000\..\SearchScopes\{6A9AE75D-6D91-42B6-9654-FE3C6A556323}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-2774012587-4088809240-1836390705-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
    IE - HKU\S-1-5-21-2774012587-4088809240-1836390705-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2774012587-4088809240-1836390705-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========



    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\9\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\vernal\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\vernal\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/15 02:03:16 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/15 02:04:06 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/19 17:27:23 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/03/15 02:03:54 | 000,000,000 | ---D | M]

    [2012/09/19 17:27:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vernal\AppData\Roaming\Mozilla\Extensions
    [2012/09/20 16:59:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vernal\AppData\Roaming\Mozilla\Firefox\Profiles\rlvnub9f.default\Extensions
    [2012/09/20 16:59:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vernal\AppData\Roaming\Mozilla\Firefox\Profiles\rlvnub9f.default\Extensions\ffxtlbr@babylon.com
    [2012/09/20 16:59:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vernal\AppData\Roaming\Mozilla\Firefox\Profiles\rlvnub9f.default\Extensions\staged
    [2012/09/19 17:27:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/09/05 20:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/09/05 20:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/09/05 20:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\vernal\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\vernal\AppData\Local\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\vernal\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\vernal\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
    CHR - plugin: Babylon ToolBar (Enabled) = C:\Users\vernal\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\BabylonChromeToolBar.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files (x86)\TVUPlayer\npTVUAx.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
     
  25. shane grant

    shane grant TS Rookie Topic Starter Posts: 36

    O1 HOSTS File: ([2012/10/01 00:06:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll (Babylon BHO)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarTlbr.dll (Babylon Ltd.)
    O3 - HKU\S-1-5-21-2774012587-4088809240-1836390705-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
    O4 - HKU\S-1-5-21-2774012587-4088809240-1836390705-1000..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - Startup: C:\Users\vernal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\vernal\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2774012587-4088809240-1836390705-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2774012587-4088809240-1836390705-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Unable to open value key)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Unable to open value key)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.183.0.76 65.183.0.86
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2361B0EB-5D07-4ACB-90AA-58BBFFEE8F8D}: DhcpNameServer = 65.183.0.76 65.183.0.86
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E823465-2CA7-4292-B74D-1F5B85E8AD55}: DhcpNameServer = 10.0.0.1
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/05/01 11:23:41 | 000,000,148 | R--- | M] () - G:\AUTORUN.inf -- [ UDF ]
    O32 - AutoRun File - [2007/07/03 21:32:31 | 000,000,000 | R--D | M] - G:\AutoRun -- [ UDF ]
    O32 - AutoRun File - [2007/07/03 21:32:31 | 000,634,880 | R--- | M] (Electronic Arts Inc.) - G:\AutoRun.exe -- [ UDF ]
    O32 - AutoRun File - [2007/07/03 21:23:42 | 000,585,728 | R--- | M] (Electronic Arts Inc.) - G:\AutoRunGUI.dll -- [ UDF ]
    O32 - AutoRun File - [2004/04/08 03:53:26 | 000,000,046 | R--- | M] () - I:\Autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/02 00:04:47 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\vernal\Desktop\OTL.exe
    [2012/10/01 21:04:04 | 000,000,000 | ---D | C] -- C:\Users\vernal\Desktop\New folder
    [2012/10/01 01:11:33 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/10/01 00:06:44 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/09/30 23:52:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/09/30 23:34:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/09/30 23:34:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/09/30 23:34:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/09/30 23:32:00 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/09/30 23:31:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/09/30 23:25:12 | 004,759,143 | R--- | C] (Swearware) -- C:\Users\vernal\Desktop\ComboFix.exe
    [2012/09/30 22:43:52 | 000,000,000 | ---D | C] -- C:\Users\vernal\Desktop\RK_Quarantine
    [2012/09/30 22:41:23 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\vernal\Desktop\TDSSKiller.exe
    [2012/09/30 22:41:12 | 000,000,000 | ---D | C] -- C:\Users\vernal\Desktop\tdsskiller
    [2012/09/30 22:30:09 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\vernal\Desktop\aswMBR.exe
    [2012/09/30 22:03:45 | 001,456,149 | ---- | C] (Farbar) -- C:\Users\vernal\Desktop\FRST64.exe
    [2012/09/30 20:09:55 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\vernal\Desktop\dds.com
    [2012/09/30 19:02:28 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Roaming\Malwarebytes
    [2012/09/30 19:02:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/09/30 19:02:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/09/30 19:02:11 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/09/30 19:02:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/09/30 18:49:17 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\vernal\Desktop\mbam-setup-1.65.0.1400.exe
    [2012/09/29 21:42:35 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
    [2012/09/27 15:35:39 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Local\PopCap Games
    [2012/09/27 00:48:24 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bejeweled Blitz
    [2012/09/27 00:48:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bejeweled Blitz
    [2012/09/26 23:54:23 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Local\GameHouse
    [2012/09/26 23:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
    [2012/09/26 23:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bejeweled 3
    [2012/09/26 22:43:00 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Roaming\Gamers Digital
    [2012/09/26 22:43:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Gamers Digital
    [2012/09/26 22:34:32 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Making Mr. Right
    [2012/09/26 22:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Making Mr. Right
    [2012/09/26 22:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Making Mr. Right
    [2012/09/26 17:16:25 | 000,000,000 | ---D | C] -- C:\Users\vernal\Documents\NPS
    [2012/09/26 17:16:14 | 000,000,000 | ---D | C] -- C:\Users\vernal\Documents\My Art
    [2012/09/26 17:11:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung New PC Studio
    [2012/09/26 17:09:18 | 000,172,104 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdm.sys
    [2012/09/26 17:09:18 | 000,136,264 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdbus.sys
    [2012/09/26 17:09:18 | 000,019,016 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdfl.sys
    [2012/09/26 17:09:18 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwhnt.sys
    [2012/09/26 17:09:18 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwh.sys
    [2012/09/26 17:09:18 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcmnt.sys
    [2012/09/26 17:09:18 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcm.sys
    [2012/09/26 17:06:43 | 000,025,960 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\FsExService64.Exe
    [2012/09/26 17:06:43 | 000,016,448 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\drivers\TFsExDisk.Sys
    [2012/09/26 17:06:42 | 000,016,448 | ---- | C] (Teruten Inc) -- C:\Windows\SysNative\drivers\TFsExDisk.sys
    [2012/09/26 17:06:41 | 000,025,960 | ---- | C] (Teruten Inc) -- C:\Windows\SysNative\FsExService64.exe
    [2012/09/26 17:05:49 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Roaming\Samsung
    [2012/09/26 17:05:49 | 000,000,000 | ---D | C] -- C:\Users\vernal\Documents\My NPS Files
    [2012/09/26 17:05:26 | 000,000,000 | ---D | C] -- C:\Users\vernal\Documents\Samsung
    [2012/09/26 17:04:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
    [2012/09/26 17:03:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
    [2012/09/26 16:55:57 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
    [2012/09/26 16:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
    [2012/09/20 16:59:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
    [2012/09/19 17:33:12 | 000,000,000 | ---D | C] -- C:\Users\vernal\Documents\My Digital Editions
    [2012/09/19 17:32:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
    [2012/09/19 17:30:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
    [2012/09/19 17:27:35 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Roaming\Mozilla
    [2012/09/19 17:27:35 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Local\Mozilla
    [2012/09/19 17:27:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
    [2012/09/19 17:27:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2012/09/17 00:37:08 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Roaming\Elephant Games
    [2012/09/17 00:37:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Elephant Games
    [2012/09/16 23:35:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Fugazo
    [2012/09/16 23:23:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\bfgclient
    [2012/09/16 23:16:28 | 000,000,000 | ---D | C] -- C:\BigFishGamesCache
    [2012/09/13 07:37:51 | 000,000,000 | ---D | C] -- C:\Users\vernal\Desktop\blackberry
    [2012/09/13 07:36:27 | 000,000,000 | ---D | C] -- C:\Users\vernal\Documents\BlackBerry
    [2012/09/13 07:34:33 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Local\Research In Motion
    [2012/09/13 07:34:26 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Roaming\Research In Motion
    [2012/09/12 22:14:13 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
    [2012/09/12 22:14:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
    [2012/09/12 22:14:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
    [2012/09/12 22:13:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
    [2012/09/12 22:13:55 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Roaming\BabylonToolbar
    [2012/09/12 22:13:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2012/09/12 22:12:59 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Local\GetBooks
    [2012/09/12 22:12:38 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Roaming\Babylon
    [2012/09/12 22:12:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
    [2012/09/11 20:45:32 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Roaming\GamesCafe
    [2012/09/11 17:47:33 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Roaming\MumboJumbo
    [2012/09/11 17:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SnowGlobe
    [2012/09/11 17:26:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Games
    [2012/09/09 17:29:10 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Roaming\URSE Games
    [2012/09/08 23:03:55 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Governor of Poker 2 PE 1.0
    [2012/09/08 23:03:44 | 000,000,000 | ---D | C] -- C:\Program Files\Governor of Poker 2 PE
    [2012/09/03 08:46:01 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Roaming\Boolat Games
    [2012/09/02 22:27:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SugarGames
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Users\vernal\Documents\*.tmp files -> C:\Users\vernal\Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/10/02 00:10:34 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/10/02 00:10:34 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/10/02 00:05:02 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\vernal\Desktop\OTL.exe
    [2012/10/02 00:04:08 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/10/02 00:03:11 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/10/02 00:02:49 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForvernal.job
    [2012/10/02 00:02:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/10/02 00:02:34 | 1556,291,584 | -HS- | M] () -- C:\hiberfil.sys
    [2012/10/01 21:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/10/01 21:50:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2774012587-4088809240-1836390705-1000UA.job
    [2012/10/01 02:14:39 | 000,796,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/10/01 02:14:39 | 000,674,232 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/10/01 02:14:39 | 000,125,450 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/10/01 00:06:37 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/09/30 23:26:17 | 004,759,143 | R--- | M] (Swearware) -- C:\Users\vernal\Desktop\ComboFix.exe
    [2012/09/30 23:19:30 | 000,000,512 | ---- | M] () -- C:\Users\vernal\Desktop\MBR.dat
    [2012/09/30 22:32:11 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\vernal\Desktop\aswMBR.exe
    [2012/09/30 22:29:46 | 001,412,096 | ---- | M] () -- C:\Users\vernal\Desktop\RogueKiller.exe
    [2012/09/30 22:29:45 | 002,193,278 | ---- | M] () -- C:\Users\vernal\Desktop\tdsskiller.zip
    [2012/09/30 22:04:08 | 001,456,149 | ---- | M] (Farbar) -- C:\Users\vernal\Desktop\FRST64.exe
    [2012/09/30 20:49:03 | 000,302,592 | ---- | M] () -- C:\Users\vernal\Desktop\1wn4qflt.exe
    [2012/09/30 20:10:12 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\vernal\Desktop\dds.com
    [2012/09/30 19:21:26 | 000,302,592 | ---- | M] () -- C:\Users\vernal\Desktop\xj98blnt.exe
    [2012/09/30 19:02:13 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/30 18:52:01 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\vernal\Desktop\mbam-setup-1.65.0.1400.exe
    [2012/09/29 21:34:31 | 000,324,259 | ---- | M] () -- C:\Users\vernal\Desktop\Salem Falls.epub
    [2012/09/29 21:30:33 | 000,519,522 | ---- | M] () -- C:\Users\vernal\Desktop\The Litigators .epub
    [2012/09/29 13:50:14 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2774012587-4088809240-1836390705-1000Core.job
    [2012/09/27 20:52:54 | 000,002,493 | ---- | M] () -- C:\Users\vernal\Desktop\Google Chrome.lnk
    [2012/09/27 00:48:24 | 000,001,912 | ---- | M] () -- C:\Users\vernal\Desktop\Bejeweled Blitz.lnk
    [2012/09/26 23:51:35 | 000,001,004 | ---- | M] () -- C:\Users\vernal\Desktop\Bejeweled 3.lnk
    [2012/09/26 17:11:36 | 000,002,130 | ---- | M] () -- C:\Users\vernal\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung New PC Studio.lnk
    [2012/09/26 17:11:36 | 000,002,106 | ---- | M] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
    [2012/09/26 17:09:14 | 000,254,511 | ---- | M] () -- C:\Users\vernal\Desktop\The Postcard Killers.pdf
    [2012/09/25 22:22:23 | 000,370,367 | ---- | M] () -- C:\Users\vernal\Desktop\001.jpg
    [2012/09/20 17:00:04 | 000,000,315 | ---- | M] () -- C:\user.js
    [2012/09/19 17:32:59 | 000,002,166 | ---- | M] () -- C:\Users\vernal\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
    [2012/09/19 17:27:30 | 000,001,094 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/09/18 00:25:41 | 000,001,121 | ---- | M] () -- C:\WildTangent Games App - hp.lnk
    [2012/09/18 00:25:31 | 000,002,385 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
    [2012/09/17 19:25:14 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\vernal\Desktop\TDSSKiller.exe
    [2012/09/16 14:04:42 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2012/09/15 15:31:09 | 000,432,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/09/15 11:12:56 | 000,000,090 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
    [2012/09/13 15:44:29 | 000,013,785 | ---- | M] () -- C:\ads_err.adt
    [2012/09/13 15:29:56 | 000,001,051 | ---- | M] () -- C:\Users\vernal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2012/09/13 07:43:30 | 000,004,559 | ---- | M] () -- C:\ads_err.adm
    [2012/09/13 07:43:30 | 000,003,072 | ---- | M] () -- C:\ads_err.adi
    [2012/09/13 07:34:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
    [2012/09/13 07:24:33 | 001,695,134 | ---- | M] () -- C:\Users\vernal\Desktop\Vashawn Mitchell - Nobody Greater.mp3
    [2012/09/11 20:45:32 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat
    [2012/09/10 19:01:59 | 000,000,931 | ---- | M] () -- C:\Users\vernal\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
    [2012/09/10 19:01:59 | 000,000,907 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
    [2012/09/10 18:50:33 | 000,001,151 | ---- | M] () -- C:\WildTangent Games App - wildgames.lnk
    [2012/09/10 18:50:32 | 000,002,441 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
    [2012/09/08 23:03:55 | 000,001,002 | ---- | M] () -- C:\Users\vernal\Desktop\Governor of Poker 2 Premium Edition.lnk
    [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Users\vernal\Documents\*.tmp files -> C:\Users\vernal\Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/09/30 23:34:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/09/30 23:34:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/09/30 23:34:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/09/30 23:34:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/09/30 23:34:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/09/30 23:19:30 | 000,000,512 | ---- | C] () -- C:\Users\vernal\Desktop\MBR.dat
    [2012/09/30 22:29:27 | 001,412,096 | ---- | C] () -- C:\Users\vernal\Desktop\RogueKiller.exe
    [2012/09/30 22:28:46 | 002,193,278 | ---- | C] () -- C:\Users\vernal\Desktop\tdsskiller.zip
    [2012/09/30 20:48:54 | 000,302,592 | ---- | C] () -- C:\Users\vernal\Desktop\1wn4qflt.exe
    [2012/09/30 19:21:15 | 000,302,592 | ---- | C] () -- C:\Users\vernal\Desktop\xj98blnt.exe
    [2012/09/30 19:02:13 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/29 21:34:22 | 000,324,259 | ---- | C] () -- C:\Users\vernal\Desktop\Salem Falls.epub
    [2012/09/29 21:30:19 | 000,519,522 | ---- | C] () -- C:\Users\vernal\Desktop\The Litigators .epub
    [2012/09/27 00:48:24 | 000,001,912 | ---- | C] () -- C:\Users\vernal\Desktop\Bejeweled Blitz.lnk
    [2012/09/26 23:51:35 | 000,001,004 | ---- | C] () -- C:\Users\vernal\Desktop\Bejeweled 3.lnk
    [2012/09/26 17:11:36 | 000,002,130 | ---- | C] () -- C:\Users\vernal\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung New PC Studio.lnk
    [2012/09/26 17:11:36 | 000,002,106 | ---- | C] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
    [2012/09/26 17:08:54 | 000,254,511 | ---- | C] () -- C:\Users\vernal\Desktop\The Postcard Killers.pdf
    [2012/09/25 22:19:10 | 000,370,367 | ---- | C] () -- C:\Users\vernal\Desktop\001.jpg
    [2012/09/20 16:59:47 | 000,000,315 | ---- | C] () -- C:\user.js
    [2012/09/19 17:32:59 | 000,002,166 | ---- | C] () -- C:\Users\vernal\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
    [2012/09/19 17:32:59 | 000,002,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions.lnk
    [2012/09/19 17:30:10 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/09/19 17:27:30 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/09/19 17:27:30 | 000,001,094 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/09/16 23:23:18 | 000,001,891 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
    [2012/09/16 23:23:18 | 000,001,248 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk
    [2012/09/16 14:04:42 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2012/09/15 11:02:57 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
    [2012/09/13 15:25:36 | 000,001,051 | ---- | C] () -- C:\Users\vernal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2012/09/13 07:43:10 | 000,013,785 | ---- | C] () -- C:\ads_err.adt
    [2012/09/13 07:43:10 | 000,004,559 | ---- | C] () -- C:\ads_err.adm
    [2012/09/13 07:43:10 | 000,003,072 | ---- | C] () -- C:\ads_err.adi
    [2012/09/13 07:37:32 | 031,803,356 | ---- | C] () -- C:\Users\vernal\Desktop\XS_Eng.m4v
    [2012/09/13 07:37:29 | 036,879,332 | ---- | C] () -- C:\Users\vernal\Desktop\Sales_Marketing_Highlights_Eng.m4v
    [2012/09/13 07:37:27 | 018,869,378 | ---- | C] () -- C:\Users\vernal\Desktop\Double_X_IBO_Eng.m4v
    [2012/09/13 07:37:26 | 012,399,909 | ---- | C] () -- C:\Users\vernal\Desktop\Double_X_Benefits_Eng.m4v
    [2012/09/13 07:34:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
    [2012/09/13 07:20:00 | 001,695,134 | ---- | C] () -- C:\Users\vernal\Desktop\Vashawn Mitchell - Nobody Greater.mp3
    [2012/09/11 20:45:32 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
    [2012/09/10 19:01:59 | 000,000,931 | ---- | C] () -- C:\Users\vernal\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
    [2012/09/10 19:01:59 | 000,000,907 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
    [2012/09/09 16:24:48 | 000,002,441 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
    [2012/09/08 23:03:55 | 000,001,002 | ---- | C] () -- C:\Users\vernal\Desktop\Governor of Poker 2 Premium Edition.lnk
    [2012/03/06 19:41:10 | 000,000,200 | -H-- | C] () -- C:\ProgramData\~xwwY3sIKhIEjyVr
    [2012/03/06 19:41:09 | 000,000,288 | -H-- | C] () -- C:\ProgramData\~xwwY3sIKhIEjyV
    [2012/03/06 19:41:00 | 000,000,448 | -H-- | C] () -- C:\ProgramData\xwwY3sIKhIEjyV
    [2012/02/17 00:13:00 | 000,000,000 | -H-- | C] () -- C:\Users\vernal\AppData\Local\{601DB9A1-E2ED-4E2B-9358-B785D763AA2F}
    [2011/10/12 22:41:52 | 000,000,000 | -H-- | C] () -- C:\Users\vernal\AppData\Local\{6380B6E2-2E8D-45CC-8AB3-BB5EDEAB930A}
    [2011/10/12 22:41:52 | 000,000,000 | -H-- | C] () -- C:\Users\vernal\AppData\Local\{090E4CA0-2F1C-414B-85B6-B4610CB2C7CA}
    [2011/09/06 21:33:48 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
    [2011/09/06 21:33:48 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7345N.DAT
    [2011/06/28 20:25:48 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
    [2011/05/30 14:30:49 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
    [2011/05/30 14:14:20 | 000,000,108 | -HS- | C] () -- C:\Windows\WSYS049.SYS
    [2011/05/29 19:49:06 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
    [2011/05/28 16:57:28 | 000,901,406 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2010/11/05 06:50:10 | 000,000,269 | ---- | C] () -- C:\Windows\Lexstat.ini
    [2010/11/05 06:39:38 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpmui.dll
    [2010/11/05 06:39:38 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxczutil.dll
    [2010/11/05 06:39:38 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczinpa.dll
    [2010/11/05 06:39:38 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcziesc.dll
    [2010/11/05 06:39:38 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXCZinst.dll
    [2010/11/05 06:39:37 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczserv.dll
    [2010/11/05 06:39:37 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczusb1.dll
    [2010/11/05 06:39:37 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczhbn3.dll
    [2010/11/05 06:39:37 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomc.dll
    [2010/11/05 06:39:37 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczlmpm.dll
    [2010/11/05 06:39:37 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcoms.exe
    [2010/11/05 06:39:37 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomm.dll
    [2010/11/05 06:39:37 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczih.exe
    [2010/11/05 06:39:37 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcfg.exe
    [2010/11/05 06:39:37 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczppls.exe
    [2010/11/05 06:39:37 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczprox.dll
    [2010/11/05 06:39:37 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpplc.dll

    ========== ZeroAccess Check ==========

    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2010/07/27 09:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2010/07/27 09:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/09/12 22:12:38 | 000,000,000 | ---D | M] -- C:\Users\vernal\AppData\Roaming\Babylon
    [2012/09/12 22:13:56 | 000,000,000 | ---D | M] -- C:\Users\vernal\AppData\Roaming\BabylonToolbar
    [2012/09/03 08:46:01 | 000,000,000 | ---D | M] -- C:\Users\vernal\AppData\Roaming\Boolat Games
    [2010/11/18 21:29:22 | 000,000,000 | -H-D | M] -- C:\Users\vernal\AppData\Roaming\Brawsome
    [2012/10/02 00:03:27 | 000,000,000 | ---D | M] -- C:\Users\vernal\AppData\Roaming\Dropbox
    [2012/09/17 00:37:08 | 000,000,000 | ---D | M] -- C:\Users\vernal\AppData\Roaming\Elephant Games
    [2012/03/15 02:04:26 | 000,000,000 | ---D | M] -- C:\Users\vernal\AppData\Roaming\funkitron
    [2010/11/05 22:38:23 | 000,000,000 | -H-D | M] -- C:\Users\vernal\AppData\Roaming\Gamelab
    [2012/09/26 22:43:00 | 000,000,000 | ---D | M] -- C:\Users\vernal\AppData\Roaming\Gamers Digital
    [2012/09/11 20:45:32 | 000,000,000 | ---D | M] -- C:\Users\vernal\AppData\Roaming\GamesCafe
    [2011/04/03 16:50:27 | 000,000,000 | -H-D | M] -- C:\Users\vernal\AppData\Roaming\Helios
    [2012/03/15 02:04:26 | 000,000,000 | ---D | M] -- C:\Users\vernal\AppData\Roaming\Hoyle FaceCreator
    [2012/09/30 13:01:20 | 000,000,000 | ---D | M] -- C:\Users\vernal\AppData\Roaming\Hoyle Puzzle and Board Games
    [2011/01/30 16:20:51 | 000,000,000 | -H-D | M] -- C:\Users\vernal\AppData\Roaming\InImages
    [2012/03/15 02:04:26 | 000,000,000 | ---D | M] -- C:\Users\vernal\AppData\Roaming\Jane s Hotel 3
    [2010/12/07 08:59:15 | 000,000,000 | -H-D | M] -- C:\Users\vernal\AppData\Roaming\Leadertech
    [2010/12/15 19:20:44 | 000,000,000 | -H-D | M] -- C:\Users\vernal\AppData\Roaming\MasterThief
    [2012/03/18 21:20:32 | 000,000,000 | ---D | M] -- C:\Users\vernal\AppData\Roaming\mjusbsp
    [2012/09/11 17:47:33 | 000,000,000 | ---D | M] -- C:\Users\vernal\AppData\Roaming\MumboJumbo
    [2012/09/19 22:11:37 | 000,000,000 | -H-D | M] -- C:\Users\vernal\AppData\Roaming\playfirst
    [2012/02/22 08:57:14 | 000,000,000 | -H-D | M] -- C:\Users\vernal\AppData\Roaming\Product_RM
    [2011/09/08 19:29:16 | 000,000,000 | -H-D | M] -- C:\Users\vernal\AppData\Roaming\Registry Mechanic
    [2012/09/13 07:36:13 | 000,000,000 | ---D | M] -- C:\Users\vernal\AppData\Roaming\Research In Motion
    [2012/09/26 17:05:49 | 000,000,000 | ---D | M] -- C:\Users\vernal\AppData\Roaming\Samsung
    [2010/11/20 00:37:18 | 000,000,000 | -H-D | M] -- C:\Users\vernal\AppData\Roaming\SBTT
    [2010/12/03 21:35:16 | 000,000,000 | -H-D | M] -- C:\Users\vernal\AppData\Roaming\Sky Bros
    [2010/12/27 11:46:54 | 000,000,000 | -H-D | M] -- C:\Users\vernal\AppData\Roaming\Tific
    [2012/03/15 01:41:33 | 000,000,000 | ---D | M] -- C:\Users\vernal\AppData\Roaming\TuneUp Software
    [2012/09/09 17:29:10 | 000,000,000 | ---D | M] -- C:\Users\vernal\AppData\Roaming\URSE Games
    [2012/09/27 00:50:36 | 000,000,000 | ---D | M] -- C:\Users\vernal\AppData\Roaming\uTorrent
    [2012/08/22 20:09:15 | 000,000,000 | -H-D | M] -- C:\Users\vernal\AppData\Roaming\ViquaSoft
    [2012/09/09 16:24:14 | 000,000,000 | ---D | M] -- C:\Users\vernal\AppData\Roaming\WildTangent
    [2011/02/19 07:57:19 | 000,000,000 | -H-D | M] -- C:\Users\vernal\AppData\Roaming\Windows Live Writer
    [2011/06/23 11:45:18 | 000,000,000 | -H-D | M] -- C:\Users\vernal\AppData\Roaming\YoudaGames

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:E31EDFDE
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:D621CFB8
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:5ACE199E
    @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:6301CE40
    @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:1E288DA3
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:FD786DCA
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:2EB79F01
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:56C66609
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:D0757AAB
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:014BC3B4
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:93B0BB6F
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:4C16B46B
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:C0913157
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:25BB767E
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1

    < End of report >
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.