Solved Win64/Patched.A.Gen trojan

shane grant

shane grant

Posts: 36   +0
My eset keeps reporting variations of win64 like conedex, sirefef.ap, ba. really nedd some help to remove them. thanks in advance
 
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.30.06

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
vernal :: VERNAL-PC [administrator]

9/30/2012 7:05:01 PM
mbam-log-2012-09-30 (19-11-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213916
Time elapsed: 6 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\vernal\Local Settings\Application Data\WideSearch\wsearch.exe (Adware.Kraddare) -> No action taken.

(end)
 
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by vernal at 20:51:58 on 2012-09-30
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1979.742 [GMT -5:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Windows\system32\lxczcoms.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Users\vernal\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\vernal\AppData\Local\GetBooks\GetBooks.exe
C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Users\vernal\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Users\vernal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\vernal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\vernal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\vernal\AppData\Local\Google\Chrome\Application\chrome.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Users\vernal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarTlbr.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\vernal\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [cdloader] "C:\Users\vernal\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [GetBooks] "C:\Users\vernal\AppData\Local\GetBooks\GetBooks.exe" 6c6146100970226125bcf29f895ef6ba
uRun: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
uRun: [WideSearch] C:\Users\vernal\AppData\Local\WideSearch\wsearch.exe
mRun: [<NO NAME>]
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [NPSStartup]
StartupFolder: C:\Users\vernal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\vernal\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: DhcpNameServer = 65.183.0.76 65.183.0.86
TCP: Interfaces\{2361B0EB-5D07-4ACB-90AA-58BBFFEE8F8D} : DhcpNameServer = 65.183.0.76 65.183.0.86
TCP: Interfaces\{2361B0EB-5D07-4ACB-90AA-58BBFFEE8F8D}\355707562775966496F54454B414C40275962756C656373702A416D616963616 : DhcpNameServer = 10.1.96.1 172.16.1.26 172.16.1.27
TCP: Interfaces\{2361B0EB-5D07-4ACB-90AA-58BBFFEE8F8D}\4656661657C647 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{2361B0EB-5D07-4ACB-90AA-58BBFFEE8F8D}\762716E647 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2E823465-2CA7-4292-B74D-1F5B85E8AD55} : DhcpNameServer = 10.0.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll
BHO-X64: Babylon toolbar helper - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarTlbr.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [(Default)]
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [NPSStartup]
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\vernal\AppData\Roaming\Mozilla\Firefox\Profiles\rlvnub9f.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\9\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\vernal\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=98f5492800000000000070f1a1d13d64&q=
FF - user.js: extensions.BabylonToolbar.id - 98f5492800000000000070f1a1d13d64
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15603
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1216:59:42
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=116107&tt=270912_ctrl2_3912_1
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-4-27 98208]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-9-11 735960]
R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]
R2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-6-24 91456]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-3 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-9-19 250288]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-3 136176]
S3 HP8107Fltr;HP-HP8107;C:\Windows\system32\DRIVERS\HP8107.sys --> C:\Windows\system32\DRIVERS\HP8107.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-19 114144]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-4-27 225280]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.Sys [2012-9-26 16448]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-10-01 00:02:28--------d-----w-C:\Users\vernal\AppData\Roaming\Malwarebytes
2012-10-01 00:02:12--------d-----w-C:\ProgramData\Malwarebytes
2012-10-01 00:02:1125928----a-w-C:\Windows\System32\drivers\mbam.sys
2012-10-01 00:02:11--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-30 02:42:35--------d-sh--w-C:\Windows\SysWow64\%APPDATA%
2012-09-30 02:29:07--------d-----w-C:\Users\vernal\AppData\Local\WideSearch
2012-09-27 20:35:39--------d-----w-C:\Users\vernal\AppData\Local\PopCap Games
2012-09-27 05:48:05--------d-----w-C:\Program Files (x86)\Bejeweled Blitz
2012-09-27 04:54:23--------d-----w-C:\Users\vernal\AppData\Local\GameHouse
2012-09-27 04:54:20--------d-----w-C:\ProgramData\Trymedia
2012-09-27 04:50:59--------d-----w-C:\Program Files (x86)\Bejeweled 3
2012-09-27 03:43:00--------d-----w-C:\Users\vernal\AppData\Roaming\Gamers Digital
2012-09-27 03:43:00--------d-----w-C:\ProgramData\Gamers Digital
2012-09-27 03:34:32--------d-----w-C:\Program Files (x86)\Making Mr. Right
2012-09-26 22:09:1819016----a-w-C:\Windows\System32\drivers\sscdmdfl.sys
2012-09-26 22:09:18172104----a-w-C:\Windows\System32\drivers\sscdmdm.sys
2012-09-26 22:09:1815944----a-w-C:\Windows\System32\drivers\sscdwhnt.sys
2012-09-26 22:09:1815944----a-w-C:\Windows\System32\drivers\sscdwh.sys
2012-09-26 22:09:1815432----a-w-C:\Windows\System32\drivers\sscdcmnt.sys
2012-09-26 22:09:1815432----a-w-C:\Windows\System32\drivers\sscdcm.sys
2012-09-26 22:09:18136264----a-w-C:\Windows\System32\drivers\sscdbus.sys
2012-09-26 22:06:4325960----a-w-C:\Windows\SysWow64\FsExService64.Exe
2012-09-26 22:06:4316448----a-w-C:\Windows\SysWow64\drivers\TFsExDisk.Sys
2012-09-26 22:06:4216448----a-w-C:\Windows\System32\drivers\TFsExDisk.sys
2012-09-26 22:06:4125960----a-w-C:\Windows\System32\FsExService64.exe
2012-09-26 22:05:49--------d-----w-C:\Users\vernal\AppData\Roaming\Samsung
2012-09-26 22:04:40--------d-----w-C:\Program Files (x86)\MarkAny
2012-09-26 22:03:33--------d-----w-C:\Program Files (x86)\Samsung
2012-09-26 21:55:57--------d-----w-C:\Program Files\SAMSUNG
2012-09-26 21:55:05--------d-----w-C:\ProgramData\Samsung
2012-09-26 08:31:509308616----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B7335E3A-7B40-4A1D-A5BB-11324A4C34A5}\mpengine.dll
2012-09-20 21:59:40--------d-----w-C:\Program Files (x86)\BabylonToolbar
2012-09-19 22:30:0873136----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-19 22:30:08696240----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-17 05:37:08--------d-----w-C:\Users\vernal\AppData\Roaming\Elephant Games
2012-09-17 05:37:08--------d-----w-C:\ProgramData\Elephant Games
2012-09-17 04:35:27--------d-----w-C:\ProgramData\Fugazo
2012-09-17 04:23:02--------d-----w-C:\Program Files (x86)\bfgclient
2012-09-17 04:16:28--------d-----w-C:\BigFishGamesCache
2012-09-13 12:34:33--------d-----w-C:\Users\vernal\AppData\Local\Research In Motion
2012-09-13 12:34:26--------d-----w-C:\Users\vernal\AppData\Roaming\Research In Motion
2012-09-13 03:14:03--------d-----w-C:\Windows\SysWow64\Extensions
2012-09-13 03:14:02--------d-----w-C:\Windows\SysWow64\searchplugins
2012-09-13 03:13:59--------d-----w-C:\ProgramData\Browser Manager
2012-09-13 03:13:55--------d-----w-C:\Users\vernal\AppData\Roaming\BabylonToolbar
2012-09-13 03:12:59--------d-----w-C:\Users\vernal\AppData\Local\GetBooks
2012-09-13 03:12:38--------d-----w-C:\Users\vernal\AppData\Roaming\Babylon
2012-09-13 03:12:38--------d-----w-C:\ProgramData\Babylon
2012-09-12 01:45:32--------d-----w-C:\Users\vernal\AppData\Roaming\GamesCafe
2012-09-11 22:47:33--------d-----w-C:\Users\vernal\AppData\Roaming\MumboJumbo
2012-09-11 22:27:52--------d-----w-C:\ProgramData\SnowGlobe
2012-09-11 22:26:20--------d-----w-C:\Program Files (x86)\Games
2012-09-09 22:29:10--------d-----w-C:\Users\vernal\AppData\Roaming\URSE Games
2012-09-09 04:03:44--------d-----w-C:\Program Files\Governor of Poker 2 PE
2012-09-03 13:46:01--------d-----w-C:\Users\vernal\AppData\Roaming\Boolat Games
2012-09-03 03:27:59--------d-----w-C:\ProgramData\SugarGames
2012-09-02 00:21:0344032----a-w-C:\Windows\System32\drivers\RimSerial_AMD64.sys
2012-09-02 00:20:27--------d-----w-C:\ProgramData\Research In Motion
2012-09-02 00:20:00--------d-----w-C:\Program Files (x86)\Common Files\XCPCSync.OEM
2012-09-02 00:20:00--------d-----w-C:\Program Files (x86)\Common Files\Research In Motion
2012-09-02 00:19:59--------d-----w-C:\Program Files (x86)\Research In Motion
.
==================== Find3M ====================
.
.
============= FINISH: 20:52:29.20 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/9/2010 10:10:23 PM
System Uptime: 9/30/2012 7:40:31 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 1484
Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz | CPU | 2194/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 83.163 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 2.352 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0.09 GiB free.
F: is CDROM ()
G: is CDROM (UDF)
H: is CDROM ()
I: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: epfwwfpr
Device ID: ROOT\LEGACY_EPFWWFPR\0000
Manufacturer:
Name: epfwwfpr
PNP Device ID: ROOT\LEGACY_EPFWWFPR\0000
Service: epfwwfpr
.
==== System Restore Points ===================
.
RP320: 9/16/2012 12:44:13 AM - Scheduled Checkpoint
RP321: 9/19/2012 8:10:54 PM - HPSF Restore Point
RP322: 9/26/2012 5:01:14 PM - Installed Samsung New PC Studio
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
7-Zip 9.20
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.2 MUI
Adobe Shockwave Player
Adobe Shockwave Player 11.6
AGEIA PhysX v7.07.09
Apple Application Support
Apple Software Update
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Babylon toolbar on IE
BabylonObjectInstaller
Bejeweled 2 Deluxe 1.1
Bejeweled 3
Bejeweled Blitz
Big Fish Games: Game Manager
BlackBerry Desktop Software 7.1
CASHFLOW® 202 THE E-GAME
CASHFLOW® THE E-GAME
Cheat Engine 6.1
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CodeBlocks
Crystal Reports Basic for Visual Studio 2008
CyberLink DVD Suite
CyberLink MediaShow
CyberLink PowerDVD 8
CyberLink PowerProducer
CyberLink YouCam
D3DX10
Dropbox
EA Download Manager
ESU for Microsoft Windows 7
FIFA 11
Google Chrome
Google Earth Plug-in
Google Update Helper
Governor of Poker 2 PE 1.0
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hoyle Puzzle and Board Games 2011 (remove only)
HP Advisor
HP Customer Experience Enhancements
HP Games
HP Setup
HP Smart Web Printing
HP Software Framework
HP Support Assistant
HP Update
HP User Guides 0178
HP Wireless Assistant
HPAsset component for HP Active Support Library
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 24
Java(TM) SE Development Kit 6 Update 23
Junk Mail filter update
LabelPrint
Madden NFL 08
MagicDisc 2.7.106
magicJack
Making Mr. Right
Malwarebytes Anti-Malware version 1.65.0.1400
Medal of Honor Pacific Assault(tm)
MergeModules
Mesh Runtime
Messenger Companion
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft Application Error Reporting
Microsoft Document Explorer 2008
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Report Viewer Redistributable 2008 (KB971119)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server 2008 R2 Setup (English)
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Browser
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Setup Support Files (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft WSE 3.0 Runtime
MotoConnect 1.1.31
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
Nero 7 Ultra Edition
neroxml
Norton Online Backup
Power2Go
PowerDirector
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
REALTEK Wireless LAN Software
RealUpgrade 1.1
Recovery Manager
Sally's Studio Collector's Edition 1.00
Samsung New PC Studio
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype™ 5.10
TextPad 5
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2586924)
Update Installer for WildTangent Games App
VC Runtimes MSI
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
VLC media player 0.9.9
WildTangent Games
WildTangent Games App
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
XviD MPEG-4 Video Codec
Yahoo! Messenger
Yahoo! Software Update
YouTube Downloader 3.0
.
==== Event Viewer Messages From Past Week ========
.
9/30/2012 7:43:44 PM, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.
9/30/2012 7:41:28 PM, Error: Service Control Manager [7003] -
9/30/2012 7:17:27 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom2.
9/30/2012 3:56:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
9/30/2012 3:52:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
9/30/2012 3:52:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
9/30/2012 2:19:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/30/2012 2:19:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/30/2012 2:19:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
9/30/2012 2:19:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/30/2012 2:18:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/30/2012 2:18:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/28/2012 11:09:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}
9/23/2012 9:23:23 AM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom1.
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===========================================

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Next...

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes in your reply.

I'll expect two logs:
- FRST.txt
- Search.txt
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-09-2012 01
Ran by SYSTEM at 30-09-2012 22:11:40
Running from I:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2046760 2010-02-05] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6160928 2010-01-29] (Realtek Semiconductor)
HKLM\...\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe [995840 2010-01-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [2716216 2009-09-11] (ESET)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-01] (Research In Motion Limited)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NPSStartup] [x]
HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\vernal\...\Run: [Google Update] "C:\Users\vernal\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-09-15] (Google Inc.)
HKU\vernal\...\Run: [cdloader] "C:\Users\vernal\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK [50592 2011-08-23] (magicJack L.P.)
HKU\vernal\...\Run: [GetBooks] "C:\Users\vernal\AppData\Local\GetBooks\GetBooks.exe" 6c6146100970226125bcf29f895ef6ba [2943058 2012-09-12] ()
HKU\vernal\...\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\vernal\...\Run: [WideSearch] C:\Users\vernal\AppData\Local\WideSearch\wsearch.exe [x]
Tcpip\Parameters: [DhcpNameServer] 65.183.0.76 65.183.0.86
Startup: C:\Users\vernal\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ===================

3 EhttpSrv; "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" [23296 2009-09-11] (ESET)
2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [735960 2009-09-11] (ESET)
2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] ()
2 lxcz_device; C:\Windows\system32\lxczcoms.exe -service [566192 2007-04-19] ( )
2 lxcz_device; C:\Windows\SysWow64\lxczcoms.exe -service [537520 2007-04-19] ( )
2 MotoConnect Service; C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [91456 2010-06-24] ()
3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [271920 2007-03-12] (Nero AG)
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-06] ()

==================== Drivers (Whitelisted) =====================

2 eamon; C:\Windows\System32\Drivers\eamon.sys [144824 2009-09-11] (ESET)
1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [136584 2009-09-11] (ESET)
2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [123200 2009-09-11] (ESET)
3 HP8107Fltr; C:\Windows\System32\DRIVERS\HP8107.sys [13824 2010-02-04] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-09-30 19:03 - 2012-09-30 19:04 - 01456149 ____A (Farbar) C:\Users\vernal\Downloads\FRST64.exe
2012-09-30 17:48 - 2012-09-30 17:49 - 00302592 ____A C:\Users\vernal\Desktop\1wn4qflt.exe
2012-09-30 17:09 - 2012-09-30 17:10 - 00607260 ____R (Swearware) C:\Users\vernal\Desktop\dds.com
2012-09-30 16:24 - 2012-09-30 17:50 - 00000000 ____A C:\Users\vernal\Desktop\gmer.log
2012-09-30 16:21 - 2012-09-30 16:21 - 00302592 ____A C:\Users\vernal\Downloads\xj98blnt.exe
2012-09-30 16:02 - 2012-09-30 16:02 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-30 16:02 - 2012-09-30 16:02 - 00000000 ____D C:\Users\vernal\AppData\Roaming\Malwarebytes
2012-09-30 16:02 - 2012-09-30 16:02 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-09-30 16:02 - 2012-09-30 16:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-30 16:02 - 2012-09-07 14:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-30 15:49 - 2012-09-30 15:52 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\vernal\Downloads\mbam-setup-1.65.0.1400.exe
2012-09-29 18:42 - 2012-09-29 18:42 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-09-29 18:34 - 2012-09-29 18:34 - 00324259 ____A C:\Users\vernal\Desktop\Salem Falls.epub
2012-09-29 18:30 - 2012-09-29 18:30 - 00519522 ____A C:\Users\vernal\Desktop\The Litigators .epub
2012-09-29 18:29 - 2012-09-30 16:16 - 00000000 ____D C:\Users\vernal\AppData\Local\WideSearch
2012-09-29 18:28 - 2012-09-29 18:29 - 01689682 ____A C:\Users\vernal\Downloads\Salem Falls.exe
2012-09-29 18:24 - 2012-09-29 18:27 - 01689682 ____A C:\Users\vernal\Downloads\The Litigators.exe
2012-09-27 14:16 - 2012-09-27 16:38 - 00013766 ____A C:\Users\vernal\Downloads\SHANEFBLIST.xlsx
2012-09-27 12:35 - 2012-09-27 12:35 - 00000000 ____D C:\Users\vernal\AppData\Local\PopCap Games
2012-09-26 21:48 - 2012-09-26 21:48 - 00001912 ____A C:\Users\vernal\Desktop\Bejeweled Blitz.lnk
2012-09-26 21:48 - 2012-09-26 21:48 - 00000000 ____D C:\Program Files (x86)\Bejeweled Blitz
2012-09-26 20:54 - 2012-09-26 20:54 - 00000000 ____D C:\Users\vernal\AppData\Local\GameHouse
2012-09-26 20:54 - 2012-09-26 20:54 - 00000000 ____D C:\Users\All Users\Trymedia
2012-09-26 20:51 - 2012-09-26 20:51 - 00001004 ____A C:\Users\vernal\Desktop\Bejeweled 3.lnk
2012-09-26 20:50 - 2012-09-26 20:51 - 00000000 ____D C:\Program Files (x86)\Bejeweled 3
2012-09-26 20:32 - 2012-09-26 21:02 - 57709350 ____A C:\Users\vernal\Downloads\Bejeweled Blitz Setup.exe
2012-09-26 20:31 - 2012-09-26 20:31 - 00018045 ____A C:\Users\vernal\Downloads\[kat.ph]pc.bejeweled.blitz.full.game.torrent
2012-09-26 20:30 - 2012-09-26 20:39 - 00000000 ____D C:\Users\vernal\Downloads\Bejeweled 3 {Full-Game} {blaze69}
2012-09-26 20:29 - 2012-09-26 20:29 - 00017155 ____A C:\Users\vernal\Downloads\[kat.ph]bejeweled.3.full.game.blaze69.torrent
2012-09-26 20:27 - 2012-09-26 20:27 - 00016729 ____A C:\Users\vernal\Downloads\[isoHunt] 6841A2F13B9C03301CE02F8F7D46CCB305977C02.torrent
2012-09-26 19:43 - 2012-09-26 19:43 - 00000000 ____D C:\Users\vernal\AppData\Roaming\Gamers Digital
2012-09-26 19:43 - 2012-09-26 19:43 - 00000000 ____D C:\Users\All Users\Gamers Digital
2012-09-26 19:34 - 2012-09-26 19:34 - 00001945 ____A C:\Users\Public\Desktop\Play Making Mr. Right.lnk
2012-09-26 19:34 - 2012-09-26 19:34 - 00001262 ____A C:\Users\Public\Desktop\More Great Games.lnk
2012-09-26 19:34 - 2012-09-26 19:34 - 00000000 ____D C:\Program Files (x86)\Making Mr. Right
2012-09-26 14:16 - 2012-09-26 14:16 - 00000000 ____D C:\Users\vernal\Documents\NPS
2012-09-26 14:16 - 2012-09-26 14:16 - 00000000 ____D C:\Users\vernal\Documents\My Art
2012-09-26 14:11 - 2012-09-26 14:11 - 00002106 ____A C:\Users\Public\Desktop\Samsung New PC Studio.lnk
2012-09-26 14:09 - 2010-04-26 18:25 - 00172104 ____A (MCCI Corporation) C:\Windows\System32\Drivers\sscdmdm.sys
2012-09-26 14:09 - 2010-04-26 18:25 - 00136264 ____A (MCCI Corporation) C:\Windows\System32\Drivers\sscdbus.sys
2012-09-26 14:09 - 2010-04-26 18:25 - 00019016 ____A (MCCI Corporation) C:\Windows\System32\Drivers\sscdmdfl.sys
2012-09-26 14:09 - 2010-04-26 18:25 - 00015944 ____A (MCCI Corporation) C:\Windows\System32\Drivers\sscdwhnt.sys
2012-09-26 14:09 - 2010-04-26 18:25 - 00015944 ____A (MCCI Corporation) C:\Windows\System32\Drivers\sscdwh.sys
2012-09-26 14:09 - 2010-04-26 18:25 - 00015432 ____A (MCCI Corporation) C:\Windows\System32\Drivers\sscdcmnt.sys
2012-09-26 14:09 - 2010-04-26 18:25 - 00015432 ____A (MCCI Corporation) C:\Windows\System32\Drivers\sscdcm.sys
2012-09-26 14:06 - 2010-07-04 16:11 - 00025960 ____A (Teruten Inc) C:\Windows\SysWOW64\FsExService64.Exe
2012-09-26 14:06 - 2010-07-04 16:11 - 00025960 ____A (Teruten Inc) C:\Windows\System32\FsExService64.exe
2012-09-26 14:06 - 2010-06-14 06:32 - 00016448 ____A (Teruten Inc) C:\Windows\SysWOW64\Drivers\TFsExDisk.Sys
2012-09-26 14:06 - 2010-06-14 06:32 - 00016448 ____A (Teruten Inc) C:\Windows\System32\Drivers\TFsExDisk.sys
2012-09-26 14:05 - 2012-09-26 14:05 - 00000000 ____D C:\Users\vernal\Documents\Samsung
2012-09-26 14:05 - 2012-09-26 14:05 - 00000000 ____D C:\Users\vernal\Documents\My NPS Files
2012-09-26 14:05 - 2012-09-26 14:05 - 00000000 ____D C:\Users\vernal\AppData\Roaming\Samsung
2012-09-26 14:04 - 2012-09-26 14:04 - 00000000 ____D C:\Program Files (x86)\MarkAny
2012-09-26 14:03 - 2012-09-26 14:08 - 00000000 ____D C:\Program Files (x86)\Samsung
2012-09-26 13:55 - 2012-09-26 13:55 - 00000000 ____D C:\Users\All Users\Samsung
2012-09-26 13:55 - 2012-09-26 13:55 - 00000000 ____D C:\Program Files\SAMSUNG
2012-09-26 13:53 - 2012-09-26 13:58 - 173838160 ____A C:\Users\vernal\Downloads\New_PC_Studio_1.5.1.10064_2.exe
2012-09-26 13:53 - 2012-09-26 13:54 - 12167176 ____A (SAMSUNG Electronics Co., Ltd.) C:\Users\vernal\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
2012-09-21 14:24 - 2012-09-21 14:24 - 00172494 ____A C:\Users\vernal\Downloads\draught.zip
2012-09-21 14:24 - 2012-09-21 14:24 - 00118222 ____A C:\Users\vernal\Downloads\draughtmax.zip
2012-09-20 13:59 - 2012-09-20 14:00 - 00000315 ____A C:\user.js
2012-09-20 13:59 - 2012-09-20 13:59 - 00000000 ____D C:\Program Files (x86)\BabylonToolbar
2012-09-20 13:58 - 2012-09-20 13:58 - 02943058 ____A C:\Users\vernal\Downloads\Fifty shades darker.exe
2012-09-19 14:33 - 2012-09-29 19:59 - 00000000 ____D C:\Users\vernal\Documents\My Digital Editions
2012-09-19 14:32 - 2012-09-19 14:32 - 05146031 ____A (Adobe Systems, Inc.) C:\Users\vernal\Downloads\setup.exe
2012-09-19 14:30 - 2012-09-30 18:51 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-19 14:30 - 2012-09-20 16:51 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-09-19 14:30 - 2012-09-20 16:51 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-19 14:30 - 2012-09-19 14:30 - 00000000 ____D C:\Windows\System32\Macromed
2012-09-19 14:27 - 2012-09-19 14:27 - 00001094 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-09-19 14:27 - 2012-09-19 14:27 - 00000000 ____D C:\Users\vernal\AppData\Roaming\Mozilla
2012-09-19 14:27 - 2012-09-19 14:27 - 00000000 ____D C:\Users\vernal\AppData\Local\Mozilla
2012-09-19 14:27 - 2012-09-19 14:27 - 00000000 ____D C:\Users\All Users\Mozilla
2012-09-19 14:27 - 2012-09-19 14:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-09-19 14:26 - 2012-09-19 14:27 - 17790056 ____A (Mozilla) C:\Users\vernal\Downloads\Firefox Setup 15.0.1.exe
2012-09-19 14:23 - 2012-09-19 14:23 - 02943058 ____A C:\Users\vernal\Downloads\Fifty Shades Of Grey.exe
2012-09-19 14:13 - 2012-09-19 14:13 - 00001309 ____A C:\Users\vernal\Downloads\[isoHunt] 261A429367D05361F91B7DBCC0CF51D22EE25BC7.torrent
2012-09-19 14:12 - 2012-09-19 14:12 - 00001707 ____A C:\Users\vernal\Downloads\[kat.ph]spellbound.falls.by.janet.chapman.pdf.e.book.torrent
2012-09-19 14:07 - 2012-09-19 14:07 - 02943058 ____A C:\Users\vernal\Downloads\The Postcard Killers.exe
2012-09-19 14:04 - 2012-09-19 14:04 - 02943058 ____A C:\Users\vernal\Downloads\The Marriage Bargain.exe
2012-09-16 21:37 - 2012-09-16 21:37 - 00000000 ____D C:\Users\vernal\AppData\Roaming\Elephant Games
2012-09-16 21:37 - 2012-09-16 21:37 - 00000000 ____D C:\Users\All Users\Elephant Games
2012-09-16 20:35 - 2012-09-16 20:35 - 00000000 ____D C:\Users\All Users\Fugazo
2012-09-16 20:30 - 2012-09-16 20:30 - 00000923 ____A C:\Users\Public\Desktop\Game Manager.lnk
2012-09-16 20:30 - 2012-09-16 20:30 - 00000231 ____A C:\Users\Public\Desktop\More Great Games.url
2012-09-16 20:23 - 2012-09-16 20:23 - 00000000 ____D C:\Program Files (x86)\bfgclient
2012-09-16 20:16 - 2012-09-26 21:01 - 00000000 ____D C:\BigFishGamesCache
2012-09-16 20:16 - 2012-09-16 20:16 - 00233120 ____A (Big Fish Games) C:\Users\vernal\Downloads\boutique-boulevard_s1_l1_gF7367T1L1_d1864163769.exe
2012-09-16 20:15 - 2012-09-16 20:16 - 00233120 ____A (Big Fish Games) C:\Users\vernal\Downloads\boutique-boulevard_s1_l1_gF7367T1L1_d1864163592.exe
2012-09-16 11:04 - 2012-09-16 11:04 - 00001974 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-09-15 20:54 - 2012-09-15 20:54 - 01347066 ____A C:\Users\vernal\Downloads\02.wmv
2012-09-15 15:18 - 2012-09-15 15:18 - 00114808 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2012-09-15 12:32 - 2012-09-15 12:32 - 00114808 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT
2012-09-15 12:31 - 2012-09-30 16:40 - 00003202 ____A C:\Windows\setupact.log
2012-09-15 12:31 - 2012-09-15 12:31 - 00000000 ____A C:\Windows\setuperr.log
2012-09-15 08:02 - 2012-09-15 08:12 - 00000090 ____A C:\Windows\QBChanUtil_Trigger.ini
2012-09-13 04:43 - 2012-09-13 12:44 - 00013785 ____A C:\ads_err.adt
2012-09-13 04:43 - 2012-09-13 04:43 - 00004559 ____A C:\ads_err.adm
2012-09-13 04:43 - 2012-09-13 04:43 - 00003072 ____A C:\ads_err.adi
2012-09-13 04:37 - 2012-09-13 04:39 - 00000000 ____D C:\Users\vernal\Desktop\blackberry
2012-09-13 04:37 - 2012-04-29 17:10 - 31803356 ____A C:\Users\vernal\Desktop\XS_Eng.m4v
2012-09-13 04:37 - 2012-04-29 17:09 - 36879332 ____A C:\Users\vernal\Desktop\Sales_Marketing_Highlights_Eng.m4v
2012-09-13 04:37 - 2012-04-29 17:09 - 18869378 ____A C:\Users\vernal\Desktop\Double_X_IBO_Eng.m4v
2012-09-13 04:37 - 2012-04-29 17:09 - 12399909 ____A C:\Users\vernal\Desktop\Double_X_Benefits_Eng.m4v
2012-09-13 04:36 - 2012-09-13 04:36 - 00000000 ____D C:\Users\vernal\Documents\BlackBerry
2012-09-13 04:34 - 2012-09-13 12:44 - 00000077 ____A C:\Users\vernal\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-09-13 04:34 - 2012-09-13 12:44 - 00000077 ____A C:\Users\vernal\AppData\Roaming\Rim.Desktop.Exception.log
2012-09-13 04:34 - 2012-09-13 12:41 - 00000000 ____D C:\Users\vernal\AppData\Local\Research In Motion
2012-09-13 04:34 - 2012-09-13 04:36 - 00000000 ____D C:\Users\vernal\AppData\Roaming\Research In Motion
2012-09-13 04:34 - 2012-09-13 04:34 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
2012-09-12 20:38 - 2012-09-12 20:39 - 02943058 ____A C:\Users\vernal\Downloads\Mystical Warrior.exe
2012-09-12 19:14 - 2012-09-12 19:14 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2012-09-12 19:14 - 2012-09-12 19:14 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2012-09-12 19:13 - 2012-09-19 14:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-09-12 19:13 - 2012-09-12 19:13 - 00000000 ____D C:\Users\vernal\AppData\Roaming\BabylonToolbar
2012-09-12 19:13 - 2012-09-12 19:13 - 00000000 ____D C:\Users\All Users\Browser Manager
2012-09-12 19:12 - 2012-09-12 19:12 - 00000000 ____D C:\Users\vernal\AppData\Roaming\Babylon
2012-09-12 19:12 - 2012-09-12 19:12 - 00000000 ____D C:\Users\vernal\AppData\Local\GetBooks
2012-09-12 19:12 - 2012-09-12 19:12 - 00000000 ____D C:\Users\All Users\Babylon
2012-09-12 19:06 - 2012-09-12 19:07 - 02943058 ____A C:\Users\vernal\Downloads\Dragon Warrior.exe
2012-09-12 16:57 - 2012-09-12 16:57 - 00010946 ____A C:\Users\vernal\Downloads\[isoHunt] Angelica Weaver - Catch Me When You Can Collector’s Edition.rar.torrent
2012-09-12 16:45 - 2012-09-12 16:45 - 00002231 ____A C:\Users\vernal\Desktop\Sallys Studio.lnk
2012-09-11 17:45 - 2012-09-11 17:45 - 00004096 ____A C:\Windows\d3dx.dat
2012-09-11 17:45 - 2012-09-11 17:45 - 00000000 ____D C:\Users\vernal\AppData\Roaming\GamesCafe
2012-09-11 14:47 - 2012-09-11 14:47 - 00000000 ____D C:\Users\vernal\AppData\Roaming\MumboJumbo
2012-09-11 14:27 - 2012-09-11 14:37 - 00000000 ____D C:\Users\All Users\SnowGlobe
2012-09-11 14:26 - 2012-09-11 14:26 - 00000000 ____D C:\Program Files (x86)\Games
2012-09-10 20:45 - 2012-09-10 21:01 - 110649428 ____A (Games ) C:\Users\vernal\Downloads\Sally's Studio Collector's Edition Wendy.exe
2012-09-10 20:44 - 2012-09-10 20:44 - 00017298 ____A C:\Users\vernal\Downloads\[isoHunt] Sally's Studio Collector's Edition - New Dash game - Bigfish.exe.torrent
2012-09-10 16:03 - 2012-09-10 16:03 - 00013278 ____A C:\Users\vernal\Downloads\133386291FA95C7449C10E7E6C564A39BA8847E7.torrent
2012-09-10 16:01 - 2012-09-10 16:01 - 00000907 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-09-09 14:29 - 2012-09-09 14:29 - 00000000 ____D C:\Users\vernal\AppData\Roaming\URSE Games
2012-09-09 13:28 - 2012-09-09 13:28 - 01007680 ____A (WildTangent) C:\Users\vernal\Downloads\Setup-wildgames!94dc75bd92d3423399090b0e967bcfb5.exe
2012-09-09 13:24 - 2012-09-10 15:50 - 00002441 ____N C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
2012-09-09 13:23 - 2012-09-09 13:23 - 01007680 ____A (WildTangent) C:\Users\vernal\Downloads\Setup-snarkbustersbundle-wildgames!985f5d2152a84c91b81c8dd337e7b107.exe
2012-09-08 20:03 - 2012-09-08 20:03 - 00001002 ____A C:\Users\vernal\Desktop\Governor of Poker 2 Premium Edition.lnk
2012-09-08 20:03 - 2012-09-08 20:03 - 00000000 ____D C:\Program Files\Governor of Poker 2 PE
2012-09-08 07:07 - 2012-09-08 07:07 - 04446208 ____A C:\Users\vernal\Downloads\bc87e4b5.avi
2012-09-03 19:10 - 2012-09-30 16:16 - 00006968 ____A C:\Windows\PFRO.log
2012-09-03 05:46 - 2012-09-03 05:46 - 00000000 ____D C:\Users\vernal\AppData\Roaming\Boolat Games
2012-09-02 19:27 - 2012-09-02 19:27 - 00000000 ____D C:\Users\All Users\SugarGames
2012-09-02 18:43 - 2012-09-02 18:43 - 00233120 ____A (Big Fish Games) C:\Users\vernal\Downloads\wedding-salon_s1_l1_gF6151T1L1_d1851396217.exe
2012-09-02 13:37 - 2012-09-02 13:37 - 06955968 ____A (Microsoft Corporation) C:\Users\vernal\Downloads\Silverlight (1).exe
2012-09-01 16:21 - 2012-09-01 16:21 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2012-09-01 16:21 - 2011-07-20 10:58 - 00044032 ____A (Research in Motion Ltd) C:\Windows\System32\Drivers\RimSerial_AMD64.sys
2012-09-01 16:20 - 2012-09-01 16:20 - 00002191 ____A C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
2012-09-01 16:20 - 2012-09-01 16:20 - 00001153 ____A C:\Users\vernal\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-09-01 16:20 - 2012-09-01 16:20 - 00000000 ____D C:\Users\All Users\Research In Motion
2012-09-01 16:19 - 2012-09-01 16:19 - 00000000 ____D C:\Program Files (x86)\Research In Motion


==================== 3 Months Modified Files ==================

2012-09-30 19:04 - 2012-09-30 19:03 - 01456149 ____A (Farbar) C:\Users\vernal\Downloads\FRST64.exe
2012-09-30 19:04 - 2010-11-03 05:51 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-30 19:04 - 2010-11-03 05:51 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-30 19:04 - 2009-07-13 21:13 - 00796510 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-30 18:51 - 2012-09-19 14:30 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-30 18:50 - 2010-09-15 07:03 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2774012587-4088809240-1836390705-1000UA.job
2012-09-30 17:50 - 2012-09-30 16:24 - 00000000 ____A C:\Users\vernal\Desktop\gmer.log
2012-09-30 17:49 - 2012-09-30 17:48 - 00302592 ____A C:\Users\vernal\Desktop\1wn4qflt.exe
2012-09-30 17:12 - 2010-04-27 00:29 - 01226262 ____A C:\Windows\WindowsUpdate.log
2012-09-30 17:10 - 2012-09-30 17:09 - 00607260 ____R (Swearware) C:\Users\vernal\Desktop\dds.com
2012-09-30 16:48 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-30 16:48 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-30 16:41 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-30 16:40 - 2012-09-15 12:31 - 00003202 ____A C:\Windows\setupact.log
2012-09-30 16:21 - 2012-09-30 16:21 - 00302592 ____A C:\Users\vernal\Downloads\xj98blnt.exe
2012-09-30 16:16 - 2012-09-03 19:10 - 00006968 ____A C:\Windows\PFRO.log
2012-09-30 16:02 - 2012-09-30 16:02 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-30 15:52 - 2012-09-30 15:49 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\vernal\Downloads\mbam-setup-1.65.0.1400.exe
2012-09-29 18:34 - 2012-09-29 18:34 - 00324259 ____A C:\Users\vernal\Desktop\Salem Falls.epub
2012-09-29 18:30 - 2012-09-29 18:30 - 00519522 ____A C:\Users\vernal\Desktop\The Litigators .epub
2012-09-29 18:29 - 2012-09-29 18:28 - 01689682 ____A C:\Users\vernal\Downloads\Salem Falls.exe
2012-09-29 18:27 - 2012-09-29 18:24 - 01689682 ____A C:\Users\vernal\Downloads\The Litigators.exe
2012-09-29 10:50 - 2010-09-15 07:03 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2774012587-4088809240-1836390705-1000Core.job
2012-09-27 17:52 - 2010-09-15 07:06 - 00002493 ____A C:\Users\vernal\Desktop\Google Chrome.lnk
2012-09-27 16:38 - 2012-09-27 14:16 - 00013766 ____A C:\Users\vernal\Downloads\SHANEFBLIST.xlsx
2012-09-26 21:48 - 2012-09-26 21:48 - 00001912 ____A C:\Users\vernal\Desktop\Bejeweled Blitz.lnk
2012-09-26 21:02 - 2012-09-26 20:32 - 57709350 ____A C:\Users\vernal\Downloads\Bejeweled Blitz Setup.exe
2012-09-26 20:51 - 2012-09-26 20:51 - 00001004 ____A C:\Users\vernal\Desktop\Bejeweled 3.lnk
2012-09-26 20:31 - 2012-09-26 20:31 - 00018045 ____A C:\Users\vernal\Downloads\[kat.ph]pc.bejeweled.blitz.full.game.torrent
2012-09-26 20:29 - 2012-09-26 20:29 - 00017155 ____A C:\Users\vernal\Downloads\[kat.ph]bejeweled.3.full.game.blaze69.torrent
2012-09-26 20:27 - 2012-09-26 20:27 - 00016729 ____A C:\Users\vernal\Downloads\[isoHunt] 6841A2F13B9C03301CE02F8F7D46CCB305977C02.torrent
2012-09-26 19:34 - 2012-09-26 19:34 - 00001945 ____A C:\Users\Public\Desktop\Play Making Mr. Right.lnk
2012-09-26 19:34 - 2012-09-26 19:34 - 00001262 ____A C:\Users\Public\Desktop\More Great Games.lnk
2012-09-26 14:11 - 2012-09-26 14:11 - 00002106 ____A C:\Users\Public\Desktop\Samsung New PC Studio.lnk
2012-09-26 13:58 - 2012-09-26 13:53 - 173838160 ____A C:\Users\vernal\Downloads\New_PC_Studio_1.5.1.10064_2.exe
2012-09-26 13:54 - 2012-09-26 13:53 - 12167176 ____A (SAMSUNG Electronics Co., Ltd.) C:\Users\vernal\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
2012-09-25 14:57 - 2012-07-18 18:19 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForvernal.job
2012-09-21 14:24 - 2012-09-21 14:24 - 00172494 ____A C:\Users\vernal\Downloads\draught.zip
2012-09-21 14:24 - 2012-09-21 14:24 - 00118222 ____A C:\Users\vernal\Downloads\draughtmax.zip
2012-09-20 16:51 - 2012-09-19 14:30 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-09-20 16:51 - 2012-09-19 14:30 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-20 14:00 - 2012-09-20 13:59 - 00000315 ____A C:\user.js
2012-09-20 13:58 - 2012-09-20 13:58 - 02943058 ____A C:\Users\vernal\Downloads\Fifty shades darker.exe
2012-09-19 14:32 - 2012-09-19 14:32 - 05146031 ____A (Adobe Systems, Inc.) C:\Users\vernal\Downloads\setup.exe
2012-09-19 14:27 - 2012-09-19 14:27 - 00001094 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-09-19 14:27 - 2012-09-19 14:26 - 17790056 ____A (Mozilla) C:\Users\vernal\Downloads\Firefox Setup 15.0.1.exe
2012-09-19 14:23 - 2012-09-19 14:23 - 02943058 ____A C:\Users\vernal\Downloads\Fifty Shades Of Grey.exe
2012-09-19 14:13 - 2012-09-19 14:13 - 00001309 ____A C:\Users\vernal\Downloads\[isoHunt] 261A429367D05361F91B7DBCC0CF51D22EE25BC7.torrent
2012-09-19 14:12 - 2012-09-19 14:12 - 00001707 ____A C:\Users\vernal\Downloads\[kat.ph]spellbound.falls.by.janet.chapman.pdf.e.book.torrent
2012-09-19 14:07 - 2012-09-19 14:07 - 02943058 ____A C:\Users\vernal\Downloads\The Postcard Killers.exe
2012-09-19 14:04 - 2012-09-19 14:04 - 02943058 ____A C:\Users\vernal\Downloads\The Marriage Bargain.exe
2012-09-17 21:25 - 2012-07-14 12:38 - 00002385 ____N C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2012-09-17 21:25 - 2010-12-29 18:36 - 00001121 ____A C:\WildTangent Games App - hp.lnk
2012-09-17 17:20 - 2010-10-25 11:31 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-09-16 20:30 - 2012-09-16 20:30 - 00000923 ____A C:\Users\Public\Desktop\Game Manager.lnk
2012-09-16 20:30 - 2012-09-16 20:30 - 00000231 ____A C:\Users\Public\Desktop\More Great Games.url
2012-09-16 20:16 - 2012-09-16 20:16 - 00233120 ____A (Big Fish Games) C:\Users\vernal\Downloads\boutique-boulevard_s1_l1_gF7367T1L1_d1864163769.exe
2012-09-16 20:16 - 2012-09-16 20:15 - 00233120 ____A (Big Fish Games) C:\Users\vernal\Downloads\boutique-boulevard_s1_l1_gF7367T1L1_d1864163592.exe
2012-09-16 11:04 - 2012-09-16 11:04 - 00001974 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-09-15 20:54 - 2012-09-15 20:54 - 01347066 ____A C:\Users\vernal\Downloads\02.wmv
2012-09-15 15:18 - 2012-09-15 15:18 - 00114808 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2012-09-15 12:32 - 2012-09-15 12:32 - 00114808 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT
2012-09-15 12:31 - 2012-09-15 12:31 - 00000000 ____A C:\Windows\setuperr.log
2012-09-15 12:31 - 2009-07-13 20:45 - 00432968 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-15 08:12 - 2012-09-15 08:02 - 00000090 ____A C:\Windows\QBChanUtil_Trigger.ini
2012-09-13 12:44 - 2012-09-13 04:43 - 00013785 ____A C:\ads_err.adt
2012-09-13 12:44 - 2012-09-13 04:34 - 00000077 ____A C:\Users\vernal\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-09-13 12:44 - 2012-09-13 04:34 - 00000077 ____A C:\Users\vernal\AppData\Roaming\Rim.Desktop.Exception.log
2012-09-13 04:43 - 2012-09-13 04:43 - 00004559 ____A C:\ads_err.adm
2012-09-13 04:43 - 2012-09-13 04:43 - 00003072 ____A C:\ads_err.adi
2012-09-13 04:34 - 2012-09-13 04:34 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
2012-09-12 20:39 - 2012-09-12 20:38 - 02943058 ____A C:\Users\vernal\Downloads\Mystical Warrior.exe
2012-09-12 19:07 - 2012-09-12 19:06 - 02943058 ____A C:\Users\vernal\Downloads\Dragon Warrior.exe
2012-09-12 16:57 - 2012-09-12 16:57 - 00010946 ____A C:\Users\vernal\Downloads\[isoHunt] Angelica Weaver - Catch Me When You Can Collector’s Edition.rar.torrent
2012-09-12 16:45 - 2012-09-12 16:45 - 00002231 ____A C:\Users\vernal\Desktop\Sallys Studio.lnk
2012-09-11 17:45 - 2012-09-11 17:45 - 00004096 ____A C:\Windows\d3dx.dat
2012-09-10 21:01 - 2012-09-10 20:45 - 110649428 ____A (Games ) C:\Users\vernal\Downloads\Sally's Studio Collector's Edition Wendy.exe
2012-09-10 20:44 - 2012-09-10 20:44 - 00017298 ____A C:\Users\vernal\Downloads\[isoHunt] Sally's Studio Collector's Edition - New Dash game - Bigfish.exe.torrent
2012-09-10 16:03 - 2012-09-10 16:03 - 00013278 ____A C:\Users\vernal\Downloads\133386291FA95C7449C10E7E6C564A39BA8847E7.torrent
2012-09-10 16:01 - 2012-09-10 16:01 - 00000907 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-09-10 15:50 - 2012-09-09 13:24 - 00002441 ____N C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
2012-09-10 15:50 - 2011-03-24 14:37 - 00001151 ____A C:\WildTangent Games App - wildgames.lnk
2012-09-09 13:28 - 2012-09-09 13:28 - 01007680 ____A (WildTangent) C:\Users\vernal\Downloads\Setup-wildgames!94dc75bd92d3423399090b0e967bcfb5.exe
2012-09-09 13:23 - 2012-09-09 13:23 - 01007680 ____A (WildTangent) C:\Users\vernal\Downloads\Setup-snarkbustersbundle-wildgames!985f5d2152a84c91b81c8dd337e7b107.exe
2012-09-08 20:03 - 2012-09-08 20:03 - 00001002 ____A C:\Users\vernal\Desktop\Governor of Poker 2 Premium Edition.lnk
2012-09-08 07:07 - 2012-09-08 07:07 - 04446208 ____A C:\Users\vernal\Downloads\bc87e4b5.avi
2012-09-07 14:04 - 2012-09-30 16:02 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-02 18:48 - 2009-07-13 21:08 - 00032628 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-02 18:43 - 2012-09-02 18:43 - 00233120 ____A (Big Fish Games) C:\Users\vernal\Downloads\wedding-salon_s1_l1_gF6151T1L1_d1851396217.exe
2012-09-02 13:37 - 2012-09-02 13:37 - 06955968 ____A (Microsoft Corporation) C:\Users\vernal\Downloads\Silverlight (1).exe
2012-09-01 16:21 - 2012-09-01 16:21 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2012-09-01 16:20 - 2012-09-01 16:20 - 00002191 ____A C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
2012-09-01 16:20 - 2012-09-01 16:20 - 00001153 ____A C:\Users\vernal\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-08-05 19:45 - 2012-04-06 10:26 - 00002459 ____A C:\Users\vernal\Desktop\Google Chrome (2).lnk
2012-07-11 15:24 - 2012-07-11 15:24 - 04106865 ____A C:\Users\vernal\Downloads\Attachments_2012_07_11.zip
2012-07-09 14:06 - 2012-07-09 14:06 - 00946352 ____A (Skype Technologies S.A.) C:\Users\vernal\Downloads\SkypeSetup (2).exe


ZeroAccess:
C:\Windows\Installer\{b94f65d8-8653-2d1d-9ea2-98ac1eefdecd}
C:\Windows\Installer\{b94f65d8-8653-2d1d-9ea2-98ac1eefdecd}\@
C:\Windows\Installer\{b94f65d8-8653-2d1d-9ea2-98ac1eefdecd}\L
C:\Windows\Installer\{b94f65d8-8653-2d1d-9ea2-98ac1eefdecd}\U
C:\Windows\Installer\{b94f65d8-8653-2d1d-9ea2-98ac1eefdecd}\L\00000004.@
C:\Windows\Installer\{b94f65d8-8653-2d1d-9ea2-98ac1eefdecd}\L\201d3dde
C:\Windows\Installer\{b94f65d8-8653-2d1d-9ea2-98ac1eefdecd}\U\00000004.@
C:\Windows\Installer\{b94f65d8-8653-2d1d-9ea2-98ac1eefdecd}\U\00000008.@
C:\Windows\Installer\{b94f65d8-8653-2d1d-9ea2-98ac1eefdecd}\U\000000cb.@
C:\Windows\Installer\{b94f65d8-8653-2d1d-9ea2-98ac1eefdecd}\U\80000000.@
C:\Windows\Installer\{b94f65d8-8653-2d1d-9ea2-98ac1eefdecd}\U\80000032.@
C:\Windows\Installer\{b94f65d8-8653-2d1d-9ea2-98ac1eefdecd}\U\80000064.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-15 21:44:27
Restore point made on: 2012-09-19 17:11:17
Restore point made on: 2012-09-26 14:01:50

==================== Memory info ===========================

Percentage of memory in use: 32%
Total physical RAM: 1978.93 MB
Available physical RAM: 1327.32 MB
Total Pagefile: 1978.93 MB
Available Pagefile: 1321.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:218.34 GB) (Free:83.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:14.25 GB) (Free:2.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
6 Drive I: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 961 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 218 GB 200 MB
Partition 3 Primary 14 GB 218 GB
Partition 4 Primary 103 MB 232 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 218 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 14 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 960 MB 764 KB

==================================================================================

Disk: 2
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I FAT Removable 960 MB Healthy

=========================================================

Last Boot: 2012-09-29 13:57

==================== End Of Log =============================
 
Farbar Recovery Scan Tool (x64) Version: 30-09-2012 01
Ran by SYSTEM at 2012-09-30 22:13:18
Running from I:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC
====== End Of Search ======
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next....

Restart normally.

===================================

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

====================================

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

==================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 

Attachments

  • fixlist.txt
    501 bytes · Views: 6
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-09-2012 01
Ran by SYSTEM at 2012-09-30 22:36:19 Run:1
Running from I:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
HKEY_USERS\vernal\Software\Microsoft\Windows\CurrentVersion\Run\\WideSearch Value deleted successfully.
C:\Windows\Installer\{b94f65d8-8653-2d1d-9ea2-98ac1eefdecd} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====
 
22:41:26.0835 1640 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
22:41:27.0187 1640 ============================================================
22:41:27.0187 1640 Current date / time: 2012/09/30 22:41:27.0187
22:41:27.0187 1640 SystemInfo:
22:41:27.0187 1640
22:41:27.0187 1640 OS Version: 6.1.7600 ServicePack: 0.0
22:41:27.0187 1640 Product type: Workstation
22:41:27.0187 1640 ComputerName: VERNAL-PC
22:41:27.0187 1640 UserName: vernal
22:41:27.0187 1640 Windows directory: C:\Windows
22:41:27.0187 1640 System windows directory: C:\Windows
22:41:27.0187 1640 Running under WOW64
22:41:27.0187 1640 Processor architecture: Intel x64
22:41:27.0187 1640 Number of processors: 1
22:41:27.0187 1640 Page size: 0x1000
22:41:27.0187 1640 Boot type: Normal boot
22:41:27.0187 1640 ============================================================
22:41:28.0048 1640 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:41:28.0061 1640 Drive \Device\Harddisk1\DR1 - Size: 0x3C100000 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:41:28.0063 1640 ============================================================
22:41:28.0063 1640 \Device\Harddisk0\DR0:
22:41:28.0063 1640 MBR partitions:
22:41:28.0063 1640 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
22:41:28.0063 1640 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B4AE800
22:41:28.0063 1640 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1B512800, BlocksNum 0x1C7F000
22:41:28.0063 1640 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x1D191800, BlocksNum 0x33970
22:41:28.0063 1640 \Device\Harddisk1\DR1:
22:41:28.0064 1640 MBR partitions:
22:41:28.0064 1640 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x5F8, BlocksNum 0x1E0208
22:41:28.0064 1640 ============================================================
22:41:28.0096 1640 C: <-> \Device\Harddisk0\DR0\Partition2
22:41:28.0252 1640 D: <-> \Device\Harddisk0\DR0\Partition3
22:41:28.0304 1640 E: <-> \Device\Harddisk0\DR0\Partition4
22:41:28.0304 1640 ============================================================
22:41:28.0304 1640 Initialize success
22:41:28.0304 1640 ============================================================
22:41:47.0175 2524 ============================================================
22:41:47.0175 2524 Scan started
22:41:47.0175 2524 Mode: Manual;
22:41:47.0175 2524 ============================================================
22:41:48.0610 2524 ================ Scan system memory ========================
22:41:48.0610 2524 System memory - ok
22:41:48.0613 2524 ================ Scan services =============================
22:41:49.0323 2524 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
22:41:49.0354 2524 1394ohci - ok
22:41:49.0409 2524 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
22:41:49.0431 2524 ACPI - ok
22:41:49.0486 2524 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
22:41:49.0503 2524 AcpiPmi - ok
22:41:50.0030 2524 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:41:50.0038 2524 AdobeFlashPlayerUpdateSvc - ok
22:41:50.0154 2524 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:41:50.0197 2524 adp94xx - ok
22:41:50.0255 2524 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:41:50.0293 2524 adpahci - ok
22:41:50.0370 2524 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:41:50.0391 2524 adpu320 - ok
22:41:50.0444 2524 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:41:50.0462 2524 AeLookupSvc - ok
22:41:50.0682 2524 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
22:41:50.0702 2524 AERTFilters - ok
22:41:50.0803 2524 [ 6EF20DDF3172E97D69F596FB90602F29 ] AFD C:\Windows\system32\drivers\afd.sys
22:41:50.0871 2524 AFD - ok
22:41:50.0938 2524 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
22:41:50.0960 2524 agp440 - ok
22:41:51.0044 2524 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:41:51.0057 2524 ALG - ok
22:41:51.0199 2524 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
22:41:51.0238 2524 aliide - ok
22:41:51.0361 2524 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
22:41:51.0379 2524 amdide - ok
22:41:51.0424 2524 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:41:51.0442 2524 AmdK8 - ok
22:41:51.0476 2524 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:41:51.0503 2524 AmdPPM - ok
22:41:51.0631 2524 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:41:51.0680 2524 amdsata - ok
22:41:51.0735 2524 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:41:51.0757 2524 amdsbs - ok
22:41:51.0780 2524 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:41:51.0798 2524 amdxata - ok
22:41:51.0860 2524 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
22:41:51.0909 2524 AppID - ok
22:41:51.0977 2524 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:41:51.0986 2524 AppIDSvc - ok
22:41:52.0035 2524 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
22:41:52.0038 2524 Appinfo - ok
22:41:52.0184 2524 [ 5AA788D5A2C6737BB9C45933985BC1B8 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:41:52.0188 2524 Apple Mobile Device - ok
22:41:52.0238 2524 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:41:52.0257 2524 arc - ok
22:41:52.0288 2524 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:41:52.0292 2524 arcsas - ok
22:41:52.0328 2524 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:41:52.0346 2524 AsyncMac - ok
22:41:52.0380 2524 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
22:41:52.0398 2524 atapi - ok
22:41:52.0467 2524 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:41:52.0476 2524 AudioEndpointBuilder - ok
22:41:52.0496 2524 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:41:52.0500 2524 AudioSrv - ok
22:41:52.0579 2524 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:41:52.0582 2524 AxInstSV - ok
22:41:52.0614 2524 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:41:52.0622 2524 b06bdrv - ok
22:41:52.0666 2524 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:41:52.0686 2524 b57nd60a - ok
22:41:52.0734 2524 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:41:52.0737 2524 BDESVC - ok
22:41:52.0761 2524 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:41:52.0762 2524 Beep - ok
22:41:52.0813 2524 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:41:52.0832 2524 blbdrive - ok
22:41:53.0070 2524 [ 673CF4F6BB1FBE09331B526802FBB892 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
22:41:53.0075 2524 Bonjour Service - ok
22:41:53.0124 2524 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:41:53.0158 2524 bowser - ok
22:41:53.0242 2524 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:41:53.0244 2524 BrFiltLo - ok
22:41:53.0277 2524 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:41:53.0289 2524 BrFiltUp - ok
22:41:53.0326 2524 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
22:41:53.0330 2524 Browser - ok
22:41:53.0368 2524 [ E5E9B1625A767CEB6F319C12D33EAB78 ] BrSerIb C:\Windows\system32\DRIVERS\BrSerIb.sys
22:41:53.0408 2524 BrSerIb - ok
22:41:53.0491 2524 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:41:53.0516 2524 Brserid - ok
22:41:53.0541 2524 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:41:53.0559 2524 BrSerWdm - ok
22:41:53.0623 2524 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:41:53.0651 2524 BrUsbMdm - ok
22:41:53.0698 2524 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:41:53.0715 2524 BrUsbSer - ok
22:41:53.0764 2524 [ D9F6B30AD93CBD165EC71FADF51DF25E ] BrUsbSIb C:\Windows\system32\DRIVERS\BrUsbSIb.sys
22:41:53.0766 2524 BrUsbSIb - ok
22:41:53.0796 2524 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:41:53.0813 2524 BTHMODEM - ok
22:41:53.0874 2524 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:41:53.0876 2524 bthserv - ok
22:41:53.0977 2524 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:41:53.0995 2524 cdfs - ok
22:41:54.0083 2524 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:41:54.0104 2524 cdrom - ok
22:41:54.0142 2524 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
22:41:54.0144 2524 CertPropSvc - ok
22:41:54.0171 2524 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:41:54.0189 2524 circlass - ok
22:41:54.0229 2524 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:41:54.0266 2524 CLFS - ok
22:41:54.0409 2524 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:41:54.0415 2524 clr_optimization_v2.0.50727_32 - ok
22:41:54.0469 2524 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:41:54.0472 2524 clr_optimization_v2.0.50727_64 - ok
22:41:54.0583 2524 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:41:54.0587 2524 clr_optimization_v4.0.30319_32 - ok
22:41:54.0652 2524 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:41:54.0656 2524 clr_optimization_v4.0.30319_64 - ok
22:41:54.0735 2524 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:41:54.0749 2524 CmBatt - ok
22:41:54.0782 2524 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
22:41:54.0811 2524 cmdide - ok
22:41:54.0847 2524 [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG C:\Windows\system32\Drivers\cng.sys
22:41:54.0869 2524 CNG - ok
22:41:54.0960 2524 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:41:54.0976 2524 Compbatt - ok
22:41:55.0012 2524 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
22:41:55.0014 2524 CompositeBus - ok
22:41:55.0033 2524 COMSysApp - ok
22:41:55.0058 2524 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:41:55.0067 2524 crcdisk - ok
22:41:55.0122 2524 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:41:55.0126 2524 CryptSvc - ok
22:41:55.0231 2524 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:41:55.0238 2524 DcomLaunch - ok
22:41:55.0336 2524 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:41:55.0349 2524 defragsvc - ok
22:41:55.0391 2524 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:41:55.0395 2524 DfsC - ok
22:41:55.0436 2524 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
22:41:55.0459 2524 Dhcp - ok
22:41:55.0511 2524 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:41:55.0549 2524 discache - ok
22:41:55.0612 2524 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:41:55.0630 2524 Disk - ok
22:41:55.0657 2524 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:41:55.0663 2524 Dnscache - ok
22:41:55.0702 2524 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
22:41:55.0707 2524 dot3svc - ok
22:41:55.0734 2524 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
22:41:55.0737 2524 DPS - ok
22:41:55.0792 2524 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:41:55.0818 2524 drmkaud - ok
22:41:55.0867 2524 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:41:55.0875 2524 DXGKrnl - ok
22:41:56.0012 2524 [ A2D551A61EC9E8A4BC5DF17BC1FEFEAD ] eamon C:\Windows\system32\DRIVERS\eamon.sys
22:41:56.0031 2524 eamon - ok
22:41:56.0087 2524 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:41:56.0090 2524 EapHost - ok
22:41:56.0195 2524 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:41:56.0244 2524 ebdrv - ok
22:41:56.0281 2524 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
22:41:56.0298 2524 EFS - ok
22:41:56.0379 2524 [ F3448EE861344636DA8ED1B3F5E8E1A8 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
22:41:56.0398 2524 ehdrv - ok
22:41:56.0656 2524 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:41:56.0666 2524 ehRecvr - ok
22:41:56.0704 2524 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:41:56.0718 2524 ehSched - ok
22:41:56.0826 2524 [ D881E29C2973427406A1B506F636C971 ] EhttpSrv C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
22:41:56.0833 2524 EhttpSrv - ok
22:41:57.0075 2524 [ FDDAD27E9A20D0DAC04FACBF67AFBFC1 ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
22:41:57.0081 2524 ekrn - ok
22:41:57.0234 2524 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:41:57.0243 2524 elxstor - ok
22:41:57.0299 2524 [ 9B7E8CF67DE13F71AE8951D0874AF447 ] epfwwfpr C:\Windows\system32\DRIVERS\epfwwfpr.sys
22:41:57.0317 2524 epfwwfpr - ok
22:41:57.0347 2524 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
22:41:57.0370 2524 ErrDev - ok
22:41:57.0429 2524 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:41:57.0435 2524 EventSystem - ok
22:41:57.0461 2524 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:41:57.0496 2524 exfat - ok
22:41:57.0523 2524 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:41:57.0563 2524 fastfat - ok
22:41:57.0678 2524 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
22:41:57.0693 2524 Fax - ok
22:41:57.0733 2524 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:41:57.0765 2524 fdc - ok
22:41:57.0803 2524 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:41:57.0806 2524 fdPHost - ok
22:41:57.0816 2524 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:41:57.0819 2524 FDResPub - ok
22:41:57.0847 2524 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:41:57.0869 2524 FileInfo - ok
22:41:57.0907 2524 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:41:57.0944 2524 Filetrace - ok
22:41:57.0987 2524 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:41:57.0998 2524 flpydisk - ok
22:41:58.0032 2524 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:41:58.0052 2524 FltMgr - ok
22:41:58.0118 2524 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
22:41:58.0130 2524 FontCache - ok
22:41:58.0208 2524 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:41:58.0223 2524 FontCache3.0.0.0 - ok
22:41:58.0249 2524 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:41:58.0268 2524 FsDepends - ok
22:41:58.0310 2524 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
22:41:58.0329 2524 fssfltr - ok
22:41:58.0478 2524 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
22:41:58.0497 2524 fsssvc - ok
22:41:58.0541 2524 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:41:58.0557 2524 Fs_Rec - ok
22:41:58.0609 2524 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:41:58.0658 2524 fvevol - ok
22:41:58.0689 2524 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:41:58.0736 2524 gagp30kx - ok
22:41:58.0923 2524 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
22:41:58.0948 2524 GamesAppService - ok
22:41:59.0185 2524 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:41:59.0187 2524 GEARAspiWDM - ok
22:41:59.0259 2524 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
22:41:59.0269 2524 gpsvc - ok
22:41:59.0403 2524 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:41:59.0405 2524 gupdate - ok
22:41:59.0501 2524 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:41:59.0502 2524 gupdatem - ok
22:41:59.0579 2524 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:41:59.0582 2524 hcw85cir - ok
22:41:59.0627 2524 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:41:59.0634 2524 HdAudAddService - ok
22:41:59.0665 2524 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:41:59.0676 2524 HDAudBus - ok
22:41:59.0708 2524 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:41:59.0740 2524 HidBatt - ok
22:41:59.0766 2524 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:41:59.0795 2524 HidBth - ok
22:41:59.0826 2524 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:41:59.0864 2524 HidIr - ok
22:41:59.0923 2524 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
22:41:59.0935 2524 hidserv - ok
22:42:00.0001 2524 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:42:00.0019 2524 HidUsb - ok
22:42:00.0045 2524 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:42:00.0049 2524 hkmsvc - ok
22:42:00.0072 2524 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:42:00.0079 2524 HomeGroupListener - ok
22:42:00.0114 2524 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:42:00.0119 2524 HomeGroupProvider - ok
22:42:00.0215 2524 [ 58C91CCA61A948DC6E789C93C05A1D6F ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
22:42:00.0216 2524 HP Health Check Service - ok
22:42:00.0257 2524 [ 43A7573A319761ACF57A3825D8402D41 ] HP8107Fltr C:\Windows\system32\DRIVERS\HP8107.sys
22:42:00.0276 2524 HP8107Fltr - ok
22:42:00.0357 2524 [ EF3EA06057132138B4E5895A61601DBE ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
22:42:00.0361 2524 hpqwmiex - ok
22:42:00.0465 2524 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
22:42:00.0501 2524 HpSAMD - ok
22:42:00.0573 2524 [ B6492D01712A22FF3FEA25A999DBD321 ] HPWMISVC C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
22:42:00.0594 2524 HPWMISVC - ok
22:42:00.0639 2524 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:42:00.0666 2524 HTTP - ok
22:42:00.0685 2524 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:42:00.0704 2524 hwpolicy - ok
22:42:00.0735 2524 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:42:00.0753 2524 i8042prt - ok
22:42:00.0796 2524 [ BE7D72FCF442C26975942007E0831241 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
22:42:00.0800 2524 iaStor - ok
22:42:00.0855 2524 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:42:00.0877 2524 iaStorV - ok
22:42:00.0976 2524 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:42:00.0988 2524 idsvc - ok
22:42:01.0849 2524 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
22:42:02.0165 2524 igfx - ok
22:42:02.0196 2524 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:42:02.0201 2524 iirsp - ok
22:42:02.0268 2524 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
22:42:02.0280 2524 IKEEXT - ok
22:42:02.0495 2524 [ A3BCBD0F710580A07D1B929D787D36CE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:42:02.0540 2524 IntcAzAudAddService - ok
22:42:02.0591 2524 [ CFC68CA36A63637E8CA69669EE3693DA ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
22:42:02.0610 2524 IntcHdmiAddService - ok
22:42:02.0640 2524 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
22:42:02.0642 2524 intelide - ok
22:42:02.0686 2524 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:42:02.0707 2524 intelppm - ok
22:42:02.0762 2524 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:42:02.0795 2524 IPBusEnum - ok
22:42:02.0825 2524 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:42:02.0833 2524 IpFilterDriver - ok
22:42:02.0892 2524 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:42:02.0901 2524 IPMIDRV - ok
22:42:03.0016 2524 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:42:03.0037 2524 IPNAT - ok
22:42:03.0119 2524 [ 3D62FE4FEFE9C67DAFEC52B534DFA1FB ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:42:03.0132 2524 iPod Service - ok
22:42:03.0173 2524 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:42:03.0175 2524 IRENUM - ok
22:42:03.0204 2524 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
22:42:03.0223 2524 isapnp - ok
22:42:03.0319 2524 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:42:03.0356 2524 iScsiPrt - ok
22:42:03.0397 2524 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:42:03.0399 2524 kbdclass - ok
22:42:03.0426 2524 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:42:03.0429 2524 kbdhid - ok
22:42:03.0457 2524 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
22:42:03.0459 2524 KeyIso - ok
22:42:03.0505 2524 [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:42:03.0508 2524 KSecDD - ok
22:42:03.0536 2524 [ A8C63880EF6F4D3FEC7B616B9C060215 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:42:03.0541 2524 KSecPkg - ok
22:42:03.0565 2524 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:42:03.0581 2524 ksthunk - ok
22:42:03.0641 2524 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:42:03.0649 2524 KtmRm - ok
22:42:03.0689 2524 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:42:03.0695 2524 LanmanServer - ok
22:42:03.0745 2524 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:42:03.0750 2524 LanmanWorkstation - ok
22:42:03.0797 2524 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:42:03.0816 2524 lltdio - ok
22:42:03.0851 2524 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:42:03.0858 2524 lltdsvc - ok
22:42:03.0918 2524 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:42:03.0921 2524 lmhosts - ok
22:42:04.0019 2524 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:42:04.0037 2524 LSI_FC - ok
22:42:04.0074 2524 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:42:04.0092 2524 LSI_SAS - ok
22:42:04.0122 2524 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:42:04.0142 2524 LSI_SAS2 - ok
22:42:04.0169 2524 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:42:04.0188 2524 LSI_SCSI - ok
22:42:04.0219 2524 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:42:04.0222 2524 luafv - ok
22:42:04.0262 2524 lxcz_device - ok
22:42:04.0310 2524 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
22:42:04.0328 2524 mcdbus - ok
22:42:04.0385 2524 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:42:04.0389 2524 Mcx2Svc - ok
22:42:04.0421 2524 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:42:04.0455 2524 megasas - ok
22:42:04.0499 2524 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:42:04.0526 2524 MegaSR - ok
22:42:04.0618 2524 [ 7C4C76B39D5525C4A465E0BE32528E19 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:42:04.0630 2524 Microsoft Office Groove Audit Service - ok
22:42:04.0669 2524 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:42:04.0673 2524 MMCSS - ok
22:42:04.0697 2524 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:42:04.0700 2524 Modem - ok
22:42:04.0723 2524 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:42:04.0741 2524 monitor - ok
22:42:04.0788 2524 [ DB83DC223B9133DA3E41AFCBDECC46B5 ] motmodem C:\Windows\system32\DRIVERS\motmodem.sys
22:42:04.0822 2524 motmodem - ok
22:42:04.0951 2524 [ 9B2923C59D49672D1205C391A1296525 ] MotoConnect Service C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
22:42:04.0952 2524 MotoConnect Service - ok
22:42:05.0053 2524 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:42:05.0055 2524 mouclass - ok
22:42:05.0124 2524 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:42:05.0127 2524 mouhid - ok
22:42:05.0153 2524 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:42:05.0175 2524 mountmgr - ok
22:42:05.0307 2524 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:42:05.0312 2524 MozillaMaintenance - ok
22:42:05.0349 2524 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
22:42:05.0354 2524 mpio - ok
22:42:05.0396 2524 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:42:05.0415 2524 mpsdrv - ok
22:42:05.0437 2524 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:42:05.0440 2524 MRxDAV - ok
22:42:05.0480 2524 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:42:05.0498 2524 mrxsmb - ok
22:42:05.0561 2524 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:42:05.0567 2524 mrxsmb10 - ok
22:42:05.0599 2524 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:42:05.0617 2524 mrxsmb20 - ok
22:42:05.0650 2524 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
22:42:05.0667 2524 msahci - ok
22:42:05.0706 2524 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
22:42:05.0725 2524 msdsm - ok
 
22:42:05.0765 2524 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:42:05.0775 2524 MSDTC - ok
22:42:05.0822 2524 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:42:05.0831 2524 Msfs - ok
22:42:05.0948 2524 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:42:05.0950 2524 mshidkmdf - ok
22:42:05.0999 2524 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
22:42:06.0015 2524 msisadrv - ok
22:42:06.0075 2524 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:42:06.0080 2524 MSiSCSI - ok
22:42:06.0090 2524 msiserver - ok
22:42:06.0129 2524 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:42:06.0131 2524 MSKSSRV - ok
22:42:06.0174 2524 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:42:06.0176 2524 MSPCLOCK - ok
22:42:06.0199 2524 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:42:06.0216 2524 MSPQM - ok
22:42:06.0285 2524 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:42:06.0291 2524 MsRPC - ok
22:42:06.0344 2524 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:42:06.0344 2524 mssmbios - ok
22:42:06.0630 2524 MSSQL$SQLEXPRESS - ok
22:42:06.0727 2524 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
22:42:06.0740 2524 MSSQLServerADHelper - ok
22:42:06.0782 2524 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:42:06.0806 2524 MSTEE - ok
22:42:07.0311 2524 [ 0F4DD44765A7D23E0CD9965EE900558F ] msvsmon90 C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
22:42:07.0481 2524 msvsmon90 - ok
22:42:07.0526 2524 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:42:07.0541 2524 MTConfig - ok
22:42:07.0569 2524 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:42:07.0587 2524 Mup - ok
22:42:07.0666 2524 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
22:42:07.0675 2524 napagent - ok
22:42:07.0807 2524 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:42:07.0848 2524 NativeWifiP - ok
22:42:08.0045 2524 [ F46070DDADA5C396B1F2EBF1C46DBB08 ] NBService C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
22:42:08.0057 2524 NBService - ok
22:42:08.0124 2524 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
22:42:08.0154 2524 NDIS - ok
22:42:08.0201 2524 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:42:08.0220 2524 NdisCap - ok
22:42:08.0315 2524 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:42:08.0331 2524 NdisTapi - ok
22:42:08.0431 2524 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:42:08.0449 2524 Ndisuio - ok
22:42:08.0507 2524 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:42:08.0525 2524 NdisWan - ok
22:42:08.0550 2524 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:42:08.0569 2524 NDProxy - ok
22:42:08.0595 2524 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:42:08.0613 2524 NetBIOS - ok
22:42:08.0664 2524 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:42:08.0685 2524 NetBT - ok
22:42:08.0712 2524 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
22:42:08.0713 2524 Netlogon - ok
22:42:08.0836 2524 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:42:08.0846 2524 Netman - ok
22:42:09.0035 2524 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:42:09.0042 2524 netprofm - ok
22:42:09.0075 2524 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:42:09.0089 2524 NetTcpPortSharing - ok
22:42:09.0388 2524 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
22:42:09.0532 2524 netw5v64 - ok
22:42:09.0598 2524 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:42:09.0653 2524 nfrd960 - ok
22:42:09.0708 2524 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:42:09.0715 2524 NlaSvc - ok
22:42:09.0907 2524 [ 433049770B810D7C83C5C94CDB3E09D2 ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
22:42:09.0917 2524 NMIndexingService - ok
22:42:10.0005 2524 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:42:10.0035 2524 Npfs - ok
22:42:10.0091 2524 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:42:10.0114 2524 nsi - ok
22:42:10.0137 2524 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:42:10.0170 2524 nsiproxy - ok
22:42:10.0235 2524 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:42:10.0286 2524 Ntfs - ok
22:42:10.0306 2524 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:42:10.0325 2524 Null - ok
22:42:10.0375 2524 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:42:10.0416 2524 nvraid - ok
22:42:10.0505 2524 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:42:10.0558 2524 nvstor - ok
22:42:10.0621 2524 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
22:42:10.0640 2524 nv_agp - ok
22:42:10.0782 2524 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:42:10.0791 2524 odserv - ok
22:42:10.0809 2524 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
22:42:10.0831 2524 ohci1394 - ok
22:42:11.0051 2524 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:42:11.0077 2524 ose - ok
22:42:11.0151 2524 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:42:11.0157 2524 p2pimsvc - ok
22:42:11.0196 2524 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:42:11.0205 2524 p2psvc - ok
22:42:11.0228 2524 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:42:11.0246 2524 Parport - ok
22:42:11.0266 2524 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:42:11.0293 2524 partmgr - ok
22:42:11.0325 2524 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:42:11.0331 2524 PcaSvc - ok
22:42:11.0365 2524 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
22:42:11.0384 2524 pci - ok
22:42:11.0410 2524 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
22:42:11.0431 2524 pciide - ok
22:42:11.0487 2524 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:42:11.0509 2524 pcmcia - ok
22:42:11.0562 2524 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:42:11.0578 2524 pcw - ok
22:42:11.0634 2524 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:42:11.0658 2524 PEAUTH - ok
22:42:11.0796 2524 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:42:11.0800 2524 PerfHost - ok
22:42:11.0875 2524 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
22:42:11.0901 2524 pla - ok
22:42:12.0136 2524 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:42:12.0146 2524 PlugPlay - ok
22:42:12.0157 2524 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:42:12.0160 2524 PNRPAutoReg - ok
22:42:12.0196 2524 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:42:12.0201 2524 PNRPsvc - ok
22:42:12.0319 2524 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:42:12.0328 2524 PolicyAgent - ok
22:42:12.0383 2524 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:42:12.0388 2524 Power - ok
22:42:12.0464 2524 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:42:12.0483 2524 PptpMiniport - ok
22:42:12.0507 2524 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:42:12.0525 2524 Processor - ok
22:42:12.0560 2524 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
22:42:12.0566 2524 ProfSvc - ok
22:42:12.0590 2524 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
22:42:12.0591 2524 ProtectedStorage - ok
22:42:12.0628 2524 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:42:12.0646 2524 Psched - ok
22:42:12.0709 2524 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:42:12.0729 2524 ql2300 - ok
22:42:12.0750 2524 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:42:12.0753 2524 ql40xx - ok
22:42:12.0786 2524 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:42:12.0793 2524 QWAVE - ok
22:42:12.0848 2524 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:42:12.0886 2524 QWAVEdrv - ok
22:42:12.0942 2524 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:42:12.0963 2524 RasAcd - ok
22:42:13.0024 2524 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:42:13.0026 2524 RasAgileVpn - ok
22:42:13.0051 2524 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:42:13.0057 2524 RasAuto - ok
22:42:13.0081 2524 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:42:13.0101 2524 Rasl2tp - ok
22:42:13.0160 2524 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
22:42:13.0167 2524 RasMan - ok
22:42:13.0190 2524 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:42:13.0193 2524 RasPppoe - ok
22:42:13.0218 2524 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:42:13.0237 2524 RasSstp - ok
22:42:13.0329 2524 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:42:13.0337 2524 rdbss - ok
22:42:13.0360 2524 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:42:13.0393 2524 rdpbus - ok
22:42:13.0427 2524 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:42:13.0430 2524 RDPCDD - ok
22:42:13.0469 2524 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:42:13.0473 2524 RDPENCDD - ok
22:42:13.0516 2524 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:42:13.0518 2524 RDPREFMP - ok
22:42:13.0548 2524 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:42:13.0569 2524 RDPWD - ok
22:42:13.0610 2524 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:42:13.0632 2524 rdyboost - ok
22:42:13.0672 2524 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:42:13.0676 2524 RemoteAccess - ok
22:42:13.0709 2524 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:42:13.0716 2524 RemoteRegistry - ok
22:42:13.0838 2524 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
22:42:13.0842 2524 RichVideo - ok
22:42:13.0980 2524 [ AD42432D22940B4215177BE113E4919C ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
22:42:14.0007 2524 RimUsb - ok
22:42:14.0073 2524 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
22:42:14.0075 2524 RimVSerPort - ok
22:42:14.0117 2524 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
22:42:14.0119 2524 ROOTMODEM - ok
22:42:14.0159 2524 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:42:14.0178 2524 RpcEptMapper - ok
22:42:14.0209 2524 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:42:14.0211 2524 RpcLocator - ok
22:42:14.0239 2524 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
22:42:14.0246 2524 RpcSs - ok
22:42:14.0270 2524 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:42:14.0290 2524 rspndr - ok
22:42:14.0341 2524 [ 483DF0B58CA532E5240E59DC41F30AA2 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
22:42:14.0401 2524 RSUSBSTOR - ok
22:42:14.0445 2524 [ 777FC2C418465404E3D8A290DC247D24 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
22:42:14.0467 2524 RTL8167 - ok
22:42:14.0548 2524 [ 03E0627C26943916A7276AC5306206C7 ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
22:42:14.0558 2524 rtl8192se - ok
22:42:14.0578 2524 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
22:42:14.0580 2524 SamSs - ok
22:42:14.0604 2524 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
22:42:14.0635 2524 sbp2port - ok
22:42:14.0724 2524 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:42:14.0745 2524 SCardSvr - ok
22:42:14.0808 2524 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:42:14.0826 2524 scfilter - ok
22:42:14.0979 2524 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
22:42:14.0994 2524 Schedule - ok
22:42:15.0084 2524 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:42:15.0085 2524 SCPolicySvc - ok
22:42:15.0151 2524 [ 54E47AD086782D3AE9417C155CDCEB9B ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
22:42:15.0154 2524 sdbus - ok
22:42:15.0196 2524 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:42:15.0217 2524 SDRSVC - ok
22:42:15.0264 2524 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:42:15.0282 2524 secdrv - ok
22:42:15.0301 2524 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
22:42:15.0305 2524 seclogon - ok
22:42:15.0324 2524 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
22:42:15.0327 2524 SENS - ok
22:42:15.0351 2524 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:42:15.0356 2524 SensrSvc - ok
22:42:15.0372 2524 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:42:15.0392 2524 Serenum - ok
22:42:15.0429 2524 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:42:15.0506 2524 Serial - ok
22:42:15.0564 2524 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:42:15.0581 2524 sermouse - ok
22:42:15.0621 2524 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
22:42:15.0637 2524 SessionEnv - ok
22:42:15.0688 2524 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
22:42:15.0727 2524 sffdisk - ok
22:42:15.0748 2524 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:42:15.0767 2524 sffp_mmc - ok
22:42:15.0789 2524 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
22:42:15.0805 2524 sffp_sd - ok
22:42:15.0852 2524 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:42:15.0869 2524 sfloppy - ok
22:42:15.0990 2524 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:42:15.0997 2524 ShellHWDetection - ok
22:42:16.0029 2524 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:42:16.0070 2524 SiSRaid2 - ok
22:42:16.0116 2524 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:42:16.0134 2524 SiSRaid4 - ok
22:42:16.0402 2524 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:42:16.0419 2524 SkypeUpdate - ok
22:42:16.0473 2524 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:42:16.0477 2524 Smb - ok
22:42:16.0534 2524 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:42:16.0537 2524 SNMPTRAP - ok
22:42:16.0556 2524 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:42:16.0574 2524 spldr - ok
22:42:16.0685 2524 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
22:42:16.0694 2524 Spooler - ok
22:42:16.0867 2524 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
22:42:16.0913 2524 sppsvc - ok
22:42:16.0972 2524 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:42:16.0993 2524 sppuinotify - ok
22:42:17.0129 2524 [ 7D67C07C63796775CC5492BCFEAFF125 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
22:42:17.0135 2524 SQLBrowser - ok
22:42:17.0293 2524 [ F98DDFBFE0EE66D4C4B00693512B9527 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
22:42:17.0313 2524 SQLWriter - ok
22:42:17.0370 2524 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:42:17.0378 2524 srv - ok
22:42:17.0401 2524 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:42:17.0425 2524 srv2 - ok
22:42:17.0467 2524 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
22:42:17.0474 2524 SrvHsfHDA - ok
22:42:17.0741 2524 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
22:42:17.0773 2524 SrvHsfV92 - ok
22:42:17.0804 2524 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
22:42:17.0838 2524 SrvHsfWinac - ok
22:42:17.0971 2524 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:42:17.0995 2524 srvnet - ok
22:42:18.0187 2524 [ F4F1E1FF6986FE8914525AF751EA3EAC ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
22:42:18.0193 2524 sscdbus - ok
22:42:18.0280 2524 [ 5447690D2CFE1BDE1BE3A5A5A3E2F796 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
22:42:18.0282 2524 sscdmdfl - ok
22:42:18.0320 2524 [ BFDA292053AEB76A0C1D63B2279D5138 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
22:42:18.0328 2524 sscdmdm - ok
22:42:18.0378 2524 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:42:18.0399 2524 SSDPSRV - ok
22:42:18.0430 2524 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:42:18.0435 2524 SstpSvc - ok
22:42:18.0475 2524 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:42:18.0487 2524 stexstor - ok
22:42:18.0536 2524 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
22:42:18.0546 2524 stisvc - ok
22:42:18.0581 2524 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:42:18.0598 2524 swenum - ok
22:42:18.0669 2524 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:42:18.0690 2524 swprv - ok
22:42:18.0748 2524 [ 91853F78B68F9F036670291F5EDD4EAE ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
22:42:18.0781 2524 SynTP - ok
22:42:18.0901 2524 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
22:42:18.0922 2524 SysMain - ok
22:42:18.0996 2524 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:42:19.0000 2524 TabletInputService - ok
22:42:19.0031 2524 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
22:42:19.0038 2524 TapiSrv - ok
22:42:19.0061 2524 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:42:19.0064 2524 TBS - ok
22:42:19.0151 2524 [ B9D87C7707F058AC652A398CD28DE14B ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:42:19.0175 2524 Tcpip - ok
22:42:19.0210 2524 [ B9D87C7707F058AC652A398CD28DE14B ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:42:19.0221 2524 TCPIP6 - ok
22:42:19.0259 2524 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:42:19.0274 2524 tcpipreg - ok
22:42:19.0315 2524 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:42:19.0351 2524 TDPIPE - ok
22:42:19.0371 2524 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:42:19.0380 2524 TDTCP - ok
22:42:19.0412 2524 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:42:19.0476 2524 tdx - ok
22:42:19.0504 2524 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:42:19.0506 2524 TermDD - ok
22:42:19.0559 2524 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
22:42:19.0570 2524 TermService - ok
22:42:19.0634 2524 [ 48D9D00C2E0E72C3D4F52772C80355F6 ] TFsExDisk C:\Windows\System32\Drivers\TFsExDisk.sys
22:42:19.0651 2524 TFsExDisk - ok
22:42:19.0667 2524 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:42:19.0673 2524 Themes - ok
22:42:19.0701 2524 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:42:19.0704 2524 THREADORDER - ok
22:42:19.0721 2524 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:42:19.0725 2524 TrkWks - ok
22:42:19.0771 2524 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:42:19.0775 2524 TrustedInstaller - ok
22:42:19.0802 2524 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:42:19.0805 2524 tssecsrv - ok
22:42:19.0838 2524 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:42:19.0861 2524 tunnel - ok
22:42:19.0950 2524 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:42:19.0983 2524 uagp35 - ok
22:42:20.0013 2524 [ C06E6F4679CEB8F430B90A51D76D8D3C ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:42:20.0019 2524 udfs - ok
22:42:20.0058 2524 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:42:20.0062 2524 UI0Detect - ok
22:42:20.0116 2524 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
22:42:20.0150 2524 uliagpkx - ok
22:42:20.0188 2524 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:42:20.0220 2524 umbus - ok
22:42:20.0268 2524 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:42:20.0286 2524 UmPass - ok
22:42:20.0340 2524 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:42:20.0346 2524 upnphost - ok
22:42:20.0387 2524 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:42:20.0407 2524 usbaudio - ok
22:42:20.0440 2524 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:42:20.0467 2524 usbccgp - ok
22:42:20.0506 2524 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
22:42:20.0510 2524 usbcir - ok
22:42:20.0546 2524 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:42:20.0564 2524 usbehci - ok
22:42:20.0647 2524 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:42:20.0668 2524 usbhub - ok
22:42:20.0688 2524 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:42:20.0707 2524 usbohci - ok
22:42:20.0741 2524 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:42:20.0760 2524 usbprint - ok
22:42:20.0821 2524 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:42:20.0825 2524 usbscan - ok
22:42:20.0907 2524 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:42:20.0925 2524 USBSTOR - ok
22:42:21.0022 2524 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:42:21.0024 2524 usbuhci - ok
22:42:21.0054 2524 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:42:21.0059 2524 UxSms - ok
22:42:21.0077 2524 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
22:42:21.0078 2524 VaultSvc - ok
22:42:21.0129 2524 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
22:42:21.0162 2524 vdrvroot - ok
22:42:21.0192 2524 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
22:42:21.0202 2524 vds - ok
22:42:21.0228 2524 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:42:21.0231 2524 vga - ok
22:42:21.0247 2524 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:42:21.0266 2524 VgaSave - ok
22:42:21.0328 2524 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
22:42:21.0373 2524 vhdmp - ok
22:42:21.0405 2524 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
22:42:21.0432 2524 viaide - ok
22:42:21.0474 2524 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
22:42:21.0519 2524 volmgr - ok
22:42:21.0545 2524 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:42:21.0552 2524 volmgrx - ok
22:42:21.0609 2524 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
22:42:21.0675 2524 volsnap - ok
22:42:21.0709 2524 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:42:21.0730 2524 vsmraid - ok
22:42:21.0850 2524 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
22:42:21.0871 2524 VSS - ok
22:42:21.0936 2524 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:42:21.0953 2524 vwifibus - ok
22:42:22.0052 2524 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:42:22.0056 2524 vwififlt - ok
22:42:22.0107 2524 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
22:42:22.0125 2524 vwifimp - ok
22:42:22.0156 2524 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:42:22.0164 2524 W32Time - ok
22:42:22.0217 2524 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:42:22.0220 2524 WacomPen - ok
22:42:22.0281 2524 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:42:22.0300 2524 WANARP - ok
22:42:22.0309 2524 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:42:22.0311 2524 Wanarpv6 - ok
22:42:22.0375 2524 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:42:22.0391 2524 WatAdminSvc - ok
22:42:22.0448 2524 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
22:42:22.0467 2524 wbengine - ok
22:42:22.0502 2524 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:42:22.0509 2524 WbioSrvc - ok
22:42:22.0548 2524 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:42:22.0556 2524 wcncsvc - ok
22:42:22.0578 2524 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:42:22.0582 2524 WcsPlugInService - ok
22:42:22.0615 2524 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:42:22.0619 2524 Wd - ok
22:42:22.0679 2524 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:42:22.0690 2524 Wdf01000 - ok
22:42:22.0716 2524 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:42:22.0720 2524 WdiServiceHost - ok
22:42:22.0729 2524 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:42:22.0734 2524 WdiSystemHost - ok
22:42:22.0780 2524 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
22:42:22.0786 2524 WebClient - ok
22:42:22.0854 2524 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:42:22.0884 2524 Wecsvc - ok
22:42:22.0945 2524 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:42:22.0949 2524 wercplsupport - ok
22:42:23.0053 2524 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:42:23.0056 2524 WerSvc - ok
22:42:23.0107 2524 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:42:23.0124 2524 WfpLwf - ok
22:42:23.0165 2524 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:42:23.0195 2524 WIMMount - ok
22:42:23.0209 2524 WinHttpAutoProxySvc - ok
22:42:23.0264 2524 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:42:23.0269 2524 Winmgmt - ok
22:42:23.0338 2524 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
22:42:23.0363 2524 WinRM - ok
22:42:23.0428 2524 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:42:23.0443 2524 WinUsb - ok
22:42:23.0677 2524 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:42:23.0689 2524 Wlansvc - ok
22:42:23.0781 2524 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:42:23.0784 2524 wlcrasvc - ok
22:42:24.0055 2524 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:42:24.0082 2524 wlidsvc - ok
22:42:24.0170 2524 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:42:24.0170 2524 WmiAcpi - ok
22:42:24.0233 2524 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:42:24.0238 2524 wmiApSrv - ok
22:42:24.0271 2524 WMPNetworkSvc - ok
22:42:24.0372 2524 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:42:24.0384 2524 WPCSvc - ok
22:42:24.0414 2524 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:42:24.0433 2524 WPDBusEnum - ok
22:42:24.0467 2524 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:42:24.0486 2524 ws2ifsl - ok
22:42:24.0495 2524 WSearch - ok
22:42:24.0534 2524 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:42:24.0569 2524 WudfPf - ok
22:42:24.0608 2524 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:42:24.0629 2524 WUDFRd - ok
22:42:24.0668 2524 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:42:24.0672 2524 wudfsvc - ok
22:42:24.0696 2524 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:42:24.0706 2524 WwanSvc - ok
22:42:24.0761 2524 [ 38F55D07B1D3391065C40EC065F984E2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
22:42:24.0781 2524 xusb21 - ok
22:42:25.0021 2524 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
22:42:25.0030 2524 YahooAUService - ok
22:42:25.0124 2524 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
22:42:25.0132 2524 yukonw7 - ok
22:42:25.0152 2524 ================ Scan global ===============================
22:42:25.0222 2524 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:42:25.0299 2524 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
22:42:25.0319 2524 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
22:42:25.0364 2524 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:42:25.0416 2524 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:42:25.0423 2524 [Global] - ok
22:42:25.0427 2524 ================ Scan MBR ==================================
22:42:25.0451 2524 [ 02597A523B281B6030A51866C4982DB4 ] \Device\Harddisk0\DR0
22:42:25.0752 2524 \Device\Harddisk0\DR0 - ok
22:42:25.0762 2524 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR1
22:42:25.0769 2524 \Device\Harddisk1\DR1 - ok
22:42:25.0773 2524 ================ Scan VBR ==================================
22:42:25.0778 2524 [ BBEE25C025F5FCDBEF6CEEEB15C51961 ] \Device\Harddisk0\DR0\Partition1
22:42:25.0794 2524 \Device\Harddisk0\DR0\Partition1 - ok
22:42:25.0830 2524 [ 282A07DF6F1AB95599F70CE5CF04B044 ] \Device\Harddisk0\DR0\Partition2
22:42:25.0864 2524 \Device\Harddisk0\DR0\Partition2 - ok
22:42:25.0906 2524 [ D8CA433110EA11811090FAA80A8EA5B7 ] \Device\Harddisk0\DR0\Partition3
22:42:25.0908 2524 \Device\Harddisk0\DR0\Partition3 - ok
22:42:25.0972 2524 [ 924BD74F898844018C1D22E5D4DB807A ] \Device\Harddisk0\DR0\Partition4
22:42:25.0974 2524 \Device\Harddisk0\DR0\Partition4 - ok
22:42:25.0984 2524 [ C9695854D4B40443AF7FBE1D97D76BD2 ] \Device\Harddisk1\DR1\Partition1
22:42:25.0985 2524 \Device\Harddisk1\DR1\Partition1 - ok
22:42:25.0989 2524 ============================================================
22:42:25.0989 2524 Scan finished
22:42:25.0989 2524 ============================================================
22:42:26.0005 2140 Detected object count: 0
22:42:26.0005 2140 Actual detected object count: 0
22:42:32.0860 0708 Deinitialize success
 
RogueKiller V8.1.0 [09/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : vernal [Admin rights]
Mode : Scan -- Date : 09/30/2012 22:44:19
¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] GetBooks.exe -- C:\Users\vernal\AppData\Local\GetBooks\GetBooks.exe -> KILLED [TermProc]
¤¤¤ Registry Entries : 10 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : cdloader ("C:\Users\vernal\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : GetBooks ("C:\Users\vernal\AppData\Local\GetBooks\GetBooks.exe" 6c6146100970226125bcf29f895ef6ba) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2774012587-4088809240-1836390705-1000[...]\Run : cdloader ("C:\Users\vernal\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2774012587-4088809240-1836390705-1000[...]\Run : GetBooks ("C:\Users\vernal\AppData\Local\GetBooks\GetBooks.exe" 6c6146100970226125bcf29f895ef6ba) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HM250HI +++++
--- User ---
[MBR] c9bc3bbbf903ce0aeb11b131a99fdb46
[BSP] 0a65c0212f07a850c80e0bd52403cd63 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 223581 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 458303488 | Size: 14590 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 488183808 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: Generic Flash Disk USB Device +++++
--- User ---
[MBR] 76e31d85ef2b8baf65344d59a1cc437e
[BSP] 4b8b702b557e3455c4e0f1b634afd5c4 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 1528 | Size: 960 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1].txt >>
RKreport[1].txt
 
RogueKiller V8.1.0 [09/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : vernal [Admin rights]
Mode : Remove -- Date : 09/30/2012 22:44:46
¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] GetBooks.exe -- C:\Users\vernal\AppData\Local\GetBooks\GetBooks.exe -> KILLED [TermProc]
¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : cdloader ("C:\Users\vernal\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : GetBooks ("C:\Users\vernal\AppData\Local\GetBooks\GetBooks.exe" 6c6146100970226125bcf29f895ef6ba) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HM250HI +++++
--- User ---
[MBR] c9bc3bbbf903ce0aeb11b131a99fdb46
[BSP] 0a65c0212f07a850c80e0bd52403cd63 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 223581 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 458303488 | Size: 14590 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 488183808 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: Generic Flash Disk USB Device +++++
--- User ---
[MBR] 76e31d85ef2b8baf65344d59a1cc437e
[BSP] 4b8b702b557e3455c4e0f1b634afd5c4 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 1528 | Size: 960 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
 
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-30 22:45:35
-----------------------------
22:45:35.092 OS Version: Windows x64 6.1.7600
22:45:35.092 Number of processors: 1 586 0x170A
22:45:35.093 ComputerName: VERNAL-PC UserName: vernal
22:45:35.853 Initialize success
22:53:18.181 AVAST engine defs: 12093001
22:57:10.295 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:57:10.297 Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 238475MB BusType: 3
22:57:10.315 Disk 0 MBR read successfully
22:57:10.318 Disk 0 MBR scan
22:57:10.325 Disk 0 unknown MBR code
22:57:10.336 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
22:57:10.350 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 223581 MB offset 409600
22:57:10.382 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14590 MB offset 458303488
22:57:10.403 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
22:57:10.454 Disk 0 scanning C:\Windows\system32\drivers
22:57:36.150 Service scanning
22:58:11.519 Modules scanning
22:58:11.527 Disk 0 trace - called modules:
22:58:11.894 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
22:58:11.899 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800324b060]
22:58:11.905 3 CLASSPNP.SYS[fffff880013a943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80025ef050]
22:58:13.129 AVAST engine scan C:\Windows
22:58:17.284 AVAST engine scan C:\Windows\system32
23:04:05.108 AVAST engine scan C:\Windows\system32\drivers
23:04:24.150 AVAST engine scan C:\Users\vernal
23:06:47.979 File: C:\Users\vernal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J2BZCVY8\DownloadFast_0.6.2[1].exe **INFECTED** Win32:Delf-SUV [Trj]
23:09:00.128 File: C:\Users\vernal\AppData\Local\Temp\DownloadFast_0.6.2.exe **INFECTED** Win32:Delf-SUV [Trj]
23:16:06.044 AVAST engine scan C:\ProgramData
23:19:07.099 Scan finished successfully
23:19:30.750 Disk 0 MBR has been saved successfully to "C:\Users\vernal\Desktop\MBR.dat"
23:19:30.757 The log file has been saved successfully to "C:\Users\vernal\Desktop\aswMBR.txt"
 
Good :)

Create new restore point before proceeding with the next step....
How to:
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

====================================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If restarting doesn't help use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
My antivirus has stopped detecting the virus however I will not do anything unless you say so until you deem my pc clean
 
ComboFix 12-09-30.01 - vernal 09/30/2012 23:36:17.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1979.873 [GMT -5:00]
Running from: c:\users\vernal\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\vernal\AppData\Local\WideSearch
c:\users\vernal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\windows\SysWow64\html
c:\windows\SysWow64\html\calendar.html
c:\windows\SysWow64\html\calendarbottom.html
c:\windows\SysWow64\html\calendartop.html
c:\windows\SysWow64\html\crystalexportdialog.htm
c:\windows\SysWow64\html\crystalprinthost.html
c:\windows\SysWow64\images
c:\windows\SysWow64\images\toolbar\calendar.gif
c:\windows\SysWow64\images\toolbar\crlogo.gif
c:\windows\SysWow64\images\toolbar\export.gif
c:\windows\SysWow64\images\toolbar\export_over.gif
c:\windows\SysWow64\images\toolbar\exportd.gif
c:\windows\SysWow64\images\toolbar\First.gif
c:\windows\SysWow64\images\toolbar\first_over.gif
c:\windows\SysWow64\images\toolbar\Firstd.gif
c:\windows\SysWow64\images\toolbar\gotopage.gif
c:\windows\SysWow64\images\toolbar\gotopage_over.gif
c:\windows\SysWow64\images\toolbar\gotopaged.gif
c:\windows\SysWow64\images\toolbar\grouptree.gif
c:\windows\SysWow64\images\toolbar\grouptree_over.gif
c:\windows\SysWow64\images\toolbar\grouptreed.gif
c:\windows\SysWow64\images\toolbar\grouptreepressed.gif
c:\windows\SysWow64\images\toolbar\Last.gif
c:\windows\SysWow64\images\toolbar\last_over.gif
c:\windows\SysWow64\images\toolbar\Lastd.gif
c:\windows\SysWow64\images\toolbar\Next.gif
c:\windows\SysWow64\images\toolbar\next_over.gif
c:\windows\SysWow64\images\toolbar\Nextd.gif
c:\windows\SysWow64\images\toolbar\Prev.gif
c:\windows\SysWow64\images\toolbar\prev_over.gif
c:\windows\SysWow64\images\toolbar\Prevd.gif
c:\windows\SysWow64\images\toolbar\print.gif
c:\windows\SysWow64\images\toolbar\print_over.gif
c:\windows\SysWow64\images\toolbar\printd.gif
c:\windows\SysWow64\images\toolbar\Refresh.gif
c:\windows\SysWow64\images\toolbar\refresh_over.gif
c:\windows\SysWow64\images\toolbar\refreshd.gif
c:\windows\SysWow64\images\toolbar\Search.gif
c:\windows\SysWow64\images\toolbar\search_over.gif
c:\windows\SysWow64\images\toolbar\searchd.gif
c:\windows\SysWow64\images\toolbar\up.gif
c:\windows\SysWow64\images\toolbar\up_over.gif
c:\windows\SysWow64\images\toolbar\upd.gif
c:\windows\SysWow64\images\tree\begindots.gif
c:\windows\SysWow64\images\tree\beginminus.gif
c:\windows\SysWow64\images\tree\beginplus.gif
c:\windows\SysWow64\images\tree\blank.gif
c:\windows\SysWow64\images\tree\blankdots.gif
c:\windows\SysWow64\images\tree\dots.gif
c:\windows\SysWow64\images\tree\lastdots.gif
c:\windows\SysWow64\images\tree\lastminus.gif
c:\windows\SysWow64\images\tree\lastplus.gif
c:\windows\SysWow64\images\tree\Magnify.gif
c:\windows\SysWow64\images\tree\minus.gif
c:\windows\SysWow64\images\tree\minusbox.gif
c:\windows\SysWow64\images\tree\plus.gif
c:\windows\SysWow64\images\tree\plusbox.gif
c:\windows\SysWow64\images\tree\singleminus.gif
c:\windows\SysWow64\images\tree\singleplus.gif
.
.
((((((((((((((((((((((((( Files Created from 2012-09-01 to 2012-10-01 )))))))))))))))))))))))))))))))
.
.
2012-10-01 06:11 . 2012-10-01 06:11--------d-----w-C:\FRST
2012-10-01 04:52 . 2012-10-01 04:52--------d-----w-c:\users\Default\AppData\Local\temp
2012-10-01 00:02 . 2012-10-01 00:02--------d-----w-c:\users\vernal\AppData\Roaming\Malwarebytes
2012-10-01 00:02 . 2012-10-01 00:02--------d-----w-c:\programdata\Malwarebytes
2012-10-01 00:02 . 2012-10-01 00:02--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-01 00:02 . 2012-09-07 22:0425928----a-w-c:\windows\system32\drivers\mbam.sys
2012-09-30 02:42 . 2012-09-30 02:42--------d-sh--w-c:\windows\SysWow64\%APPDATA%
2012-09-27 20:35 . 2012-09-27 20:35--------d-----w-c:\users\vernal\AppData\Local\PopCap Games
2012-09-27 05:48 . 2012-09-27 05:48--------d-----w-c:\program files (x86)\Bejeweled Blitz
2012-09-27 04:54 . 2012-09-27 04:54--------d-----w-c:\users\vernal\AppData\Local\GameHouse
2012-09-27 04:54 . 2012-09-27 04:54--------d-----w-c:\programdata\Trymedia
2012-09-27 04:50 . 2012-09-27 04:51--------d-----w-c:\program files (x86)\Bejeweled 3
2012-09-27 03:43 . 2012-09-27 03:43--------d-----w-c:\users\vernal\AppData\Roaming\Gamers Digital
2012-09-27 03:43 . 2012-09-27 03:43--------d-----w-c:\programdata\Gamers Digital
2012-09-27 03:34 . 2012-09-27 03:34--------d-----w-c:\program files (x86)\Making Mr. Right
2012-09-26 22:09 . 2010-04-27 02:2519016----a-w-c:\windows\system32\drivers\sscdmdfl.sys
2012-09-26 22:09 . 2010-04-27 02:25172104----a-w-c:\windows\system32\drivers\sscdmdm.sys
2012-09-26 22:09 . 2010-04-27 02:2515944----a-w-c:\windows\system32\drivers\sscdwhnt.sys
2012-09-26 22:09 . 2010-04-27 02:2515944----a-w-c:\windows\system32\drivers\sscdwh.sys
2012-09-26 22:09 . 2010-04-27 02:2515432----a-w-c:\windows\system32\drivers\sscdcmnt.sys
2012-09-26 22:09 . 2010-04-27 02:2515432----a-w-c:\windows\system32\drivers\sscdcm.sys
2012-09-26 22:09 . 2010-04-27 02:25136264----a-w-c:\windows\system32\drivers\sscdbus.sys
2012-09-26 22:06 . 2010-07-05 00:1125960----a-w-c:\windows\SysWow64\FsExService64.Exe
2012-09-26 22:06 . 2010-06-14 14:3216448----a-w-c:\windows\SysWow64\drivers\TFsExDisk.Sys
2012-09-26 22:06 . 2010-06-14 14:3216448----a-w-c:\windows\system32\drivers\TFsExDisk.sys
2012-09-26 22:06 . 2010-07-05 00:1125960----a-w-c:\windows\system32\FsExService64.exe
2012-09-26 22:05 . 2012-09-26 22:05--------d-----w-c:\users\vernal\AppData\Roaming\Samsung
2012-09-26 22:04 . 2012-09-26 22:04--------d-----w-c:\program files (x86)\MarkAny
2012-09-26 22:03 . 2012-09-26 22:08--------d-----w-c:\program files (x86)\Samsung
2012-09-26 21:55 . 2012-09-26 21:55--------d-----w-c:\program files\SAMSUNG
2012-09-26 21:55 . 2012-09-26 21:55--------d-----w-c:\programdata\Samsung
2012-09-26 08:31 . 2012-08-30 07:279308616----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7335E3A-7B40-4A1D-A5BB-11324A4C34A5}\mpengine.dll
2012-09-20 21:59 . 2012-09-20 22:00315----a-w-C:\user.js
2012-09-20 21:59 . 2012-09-20 21:59--------d-----w-c:\program files (x86)\BabylonToolbar
2012-09-19 22:30 . 2012-09-21 00:5173136----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-19 22:30 . 2012-09-21 00:51696240----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-19 22:30 . 2012-09-19 22:30--------d-----w-c:\windows\system32\Macromed
2012-09-19 22:27 . 2012-09-19 22:27--------d-----w-c:\users\vernal\AppData\Local\Mozilla
2012-09-13 03:12 . 2012-09-13 03:12--------d-----w-c:\users\vernal\AppData\Local\GetBooks
2012-09-13 03:12 . 2012-09-13 03:12--------d-----w-c:\users\vernal\AppData\Roaming\Babylon
2012-09-13 03:12 . 2012-09-13 03:12--------d-----w-c:\programdata\Babylon
2012-09-12 01:45 . 2012-09-12 01:45--------d-----w-c:\users\vernal\AppData\Roaming\GamesCafe
2012-09-11 22:47 . 2012-09-11 22:47--------d-----w-c:\users\vernal\AppData\Roaming\MumboJumbo
2012-09-11 22:27 . 2012-09-11 22:37--------d-----w-c:\programdata\SnowGlobe
2012-09-11 22:26 . 2012-09-11 22:26--------d-----w-c:\program files (x86)\Games
2012-09-09 22:29 . 2012-09-09 22:29--------d-----w-c:\users\vernal\AppData\Roaming\URSE Games
2012-09-09 04:03 . 2012-09-09 04:03--------d-----w-c:\program files\Governor of Poker 2 PE
2012-09-03 13:46 . 2012-09-03 13:46--------d-----w-c:\users\vernal\AppData\Roaming\Boolat Games
2012-09-03 03:27 . 2012-09-03 03:27--------d-----w-c:\programdata\SugarGames
2012-09-02 00:21 . 2011-07-20 18:5844032----a-w-c:\windows\system32\drivers\RimSerial_AMD64.sys
2012-09-02 00:20 . 2012-09-02 00:20--------d-----w-c:\programdata\Research In Motion
2012-09-02 00:20 . 2012-09-02 00:20--------d-----w-c:\program files (x86)\Common Files\Research In Motion
2012-09-02 00:20 . 2012-09-02 00:20--------d-----w-c:\program files (x86)\Common Files\XCPCSync.OEM
2012-09-02 00:19 . 2012-09-02 00:19--------d-----w-c:\program files (x86)\Research In Motion
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1294208----a-w-c:\users\vernal\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1294208----a-w-c:\users\vernal\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1294208----a-w-c:\users\vernal\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1294208----a-w-c:\users\vernal\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-05 95576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
.
c:\users\vernal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\vernal\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 281088]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-06-10 15360]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14 136176]
R3 HP8107Fltr;HP-HP8107;c:\windows\system32\DRIVERS\HP8107.sys [2010-02-05 13824]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-17 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-11 136584]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-09-11 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-09-11 123200]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-06-24 91456]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-05 144896]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-28 295424]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-01-20 1088544]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-19 00:52]
.
2012-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-03 13:46]
.
2012-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-03 13:46]
.
2012-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2774012587-4088809240-1836390705-1000Core.job
- c:\users\vernal\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-15 15:03]
.
2012-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2774012587-4088809240-1836390705-1000UA.job
- c:\users\vernal\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-15 15:03]
.
2012-09-25 c:\windows\Tasks\HPCeeScheduleForvernal.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1297792----a-w-c:\users\vernal\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1297792----a-w-c:\users\vernal\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1297792----a-w-c:\users\vernal\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1297792----a-w-c:\users\vernal\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-01-29 6160928]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-01-13 995840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2716216]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 65.183.0.76 65.183.0.86
FF - ProfilePath - c:\users\vernal\AppData\Roaming\Mozilla\Firefox\Profiles\rlvnub9f.default\
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=98f5492800000000000070f1a1d13d64&q=
FF - user.js: extensions.BabylonToolbar.id - 98f5492800000000000070f1a1d13d64
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15603
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1216:59
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=116107&tt=270912_ctrl2_3912_1
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-NPSStartup - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{B60DCA15-56A3-4D2D-8747-22CF7D7B588B} - c:\program files (x86)\InstallShield Installation Information\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2774012587-4088809240-1836390705-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*,%P*ˆ%]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2774012587-4088809240-1836390705-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*,%P*ˆ%\OpenWithList]
@Class="Shell"
"a"="WINWORD.EXE"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2774012587-4088809240-1836390705-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*,%P*ˆ%\OpenWithProgids]
"-P¦_auto_file"=hex(0):
.
[HKEY_USERS\S-1-5-21-2774012587-4088809240-1836390705-1000_Classes\.*,%P*ˆ%]
@Allowed: (Read) (RestrictedCode)
@="-P¦_auto_file"
.
[HKEY_USERS\S-1-5-21-2774012587-4088809240-1836390705-1000_Classes\,%P*ˆ%_*a*u*t*o*_*f*I*l*e*\shell\edit]
@="&Edit"
.
[HKEY_USERS\S-1-5-21-2774012587-4088809240-1836390705-1000_Classes\,%P*ˆ%_*a*u*t*o*_*f*I*l*e*\shell\edit\command]
@="\"c:\\Program Files (x86)\\Microsoft Office\\Office12\\WINWORD.EXE\" /n /dde"
.
[HKEY_USERS\S-1-5-21-2774012587-4088809240-1836390705-1000_Classes\,%P*ˆ%_*a*u*t*o*_*f*I*l*e*\shell\edit\ddeexec]
@="[REM _DDE_Direct][FileOpen(\"%1\")]"
.
[HKEY_USERS\S-1-5-21-2774012587-4088809240-1836390705-1000_Classes\,%P*ˆ%_*a*u*t*o*_*f*I*l*e*\shell\edit\ddeexec\Application]
@="WinWord"
.
[HKEY_USERS\S-1-5-21-2774012587-4088809240-1836390705-1000_Classes\,%P*ˆ%_*a*u*t*o*_*f*I*l*e*\shell\edit\ddeexec\Topic]
@="System"
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Motorola\MotoConnectService\MotoConnect.exe
.
**************************************************************************
.
Completion time: 2012-10-01 00:26:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-01 05:26
.
Pre-Run: 88,478,781,440 bytes free
Post-Run: 89,132,806,144 bytes free
.
- - End Of File - - 2DBF7711876D2971441140D898DD64D5
 
Looks good.

Any current issues?

===============================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL logfile created on: 10/2/2012 12:07:11 AM - Run 1
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\vernal\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.67 Gb Available Physical Memory | 34.43% Memory free
4.83 Gb Paging File | 3.23 Gb Available in Paging File | 66.89% Paging File free
Paging file location(s): c:\pagefile.sys 2967 2968 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.34 Gb Total Space | 76.32 Gb Free Space | 34.95% Space Free | Partition Type: NTFS
Drive D: | 14.25 Gb Total Space | 2.35 Gb Free Space | 16.51% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 92.52 Mb Free Space | 93.28% Space Free | Partition Type: FAT32
Drive G: | 2.11 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive I: | 584.29 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: VERNAL-PC | User Name: vernal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/02 00:05:02 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\vernal\Desktop\OTL.exe
PRC - [2012/05/24 13:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\vernal\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/07/04 19:13:56 | 000,095,576 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/06/24 14:34:50 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2009/09/11 07:24:32 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/25 04:42:58 | 000,460,312 | ---- | M] () -- C:\Users\vernal\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppgooglenaclpluginchrome.dll
MOD - [2012/09/25 04:42:57 | 012,278,808 | ---- | M] () -- C:\Users\vernal\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
MOD - [2012/09/25 04:42:55 | 004,005,912 | ---- | M] () -- C:\Users\vernal\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
MOD - [2012/09/25 04:41:39 | 000,578,072 | ---- | M] () -- C:\Users\vernal\AppData\Local\Google\Chrome\Application\22.0.1229.79\libglesv2.dll
MOD - [2012/09/25 04:41:38 | 000,123,416 | ---- | M] () -- C:\Users\vernal\AppData\Local\Google\Chrome\Application\22.0.1229.79\libegl.dll
MOD - [2012/09/25 04:41:27 | 000,156,712 | ---- | M] () -- C:\Users\vernal\AppData\Local\Google\Chrome\Application\22.0.1229.79\avutil-51.dll
MOD - [2012/09/25 04:41:26 | 000,275,496 | ---- | M] () -- C:\Users\vernal\AppData\Local\Google\Chrome\Application\22.0.1229.79\avformat-54.dll
MOD - [2012/09/25 04:41:24 | 002,168,360 | ---- | M] () -- C:\Users\vernal\AppData\Local\Google\Chrome\Application\22.0.1229.79\avcodec-54.dll


========== Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/01/18 17:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/09/11 07:33:20 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/09/11 07:24:32 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/11/07 09:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV:64bit: - [2007/04/19 15:43:56 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxczcoms.exe -- (lxcz_device)
SRV - [2012/09/20 19:52:00 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/05 20:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/04/19 15:43:42 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxczcoms.exe -- (lxcz_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/25 17:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/07/20 13:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/18 15:09:42 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/04/26 21:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/04/26 21:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/04/26 21:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/03/05 14:57:18 | 000,144,896 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2010/02/05 19:49:04 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/04 22:20:28 | 000,013,824 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HP8107.sys -- (HP8107Fltr)
DRV:64bit: - [2010/01/19 20:55:34 | 001,088,544 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/11/27 20:45:00 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/10/13 13:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/22 20:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/09/11 07:27:16 | 000,123,200 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009/09/11 07:23:52 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/09/11 07:17:20 | 000,144,824 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 18:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSIb.sys -- (BrUsbSIb)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009/09/22 20:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A9AE75D-6D91-42B6-9654-FE3C6A556323}
IE:64bit: - HKLM\..\SearchScopes\{02CF5538-6F85-4C6F-94EA-8169B1D8D21D}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
IE:64bit: - HKLM\..\SearchScopes\{6A9AE75D-6D91-42B6-9654-FE3C6A556323}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A9AE75D-6D91-42B6-9654-FE3C6A556323}
IE - HKLM\..\SearchScopes\{02CF5538-6F85-4C6F-94EA-8169B1D8D21D}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
IE - HKLM\..\SearchScopes\{6A9AE75D-6D91-42B6-9654-FE3C6A556323}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2774012587-4088809240-1836390705-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\S-1-5-21-2774012587-4088809240-1836390705-1000\..\SearchScopes,DefaultScope = {6A9AE75D-6D91-42B6-9654-FE3C6A556323}
IE - HKU\S-1-5-21-2774012587-4088809240-1836390705-1000\..\SearchScopes\{02CF5538-6F85-4C6F-94EA-8169B1D8D21D}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
IE - HKU\S-1-5-21-2774012587-4088809240-1836390705-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searc...ss_cr&mntrId=98f5492800000000000070f1a1d13d64
IE - HKU\S-1-5-21-2774012587-4088809240-1836390705-1000\..\SearchScopes\{6A9AE75D-6D91-42B6-9654-FE3C6A556323}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-2774012587-4088809240-1836390705-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
IE - HKU\S-1-5-21-2774012587-4088809240-1836390705-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2774012587-4088809240-1836390705-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========



FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\9\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\vernal\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\vernal\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/15 02:03:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/15 02:04:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/19 17:27:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/03/15 02:03:54 | 000,000,000 | ---D | M]

[2012/09/19 17:27:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vernal\AppData\Roaming\Mozilla\Extensions
[2012/09/20 16:59:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vernal\AppData\Roaming\Mozilla\Firefox\Profiles\rlvnub9f.default\Extensions
[2012/09/20 16:59:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vernal\AppData\Roaming\Mozilla\Firefox\Profiles\rlvnub9f.default\Extensions\ffxtlbr@babylon.com
[2012/09/20 16:59:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vernal\AppData\Roaming\Mozilla\Firefox\Profiles\rlvnub9f.default\Extensions\staged
[2012/09/19 17:27:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/05 20:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/05 20:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/05 20:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\vernal\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\vernal\AppData\Local\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\vernal\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\vernal\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Babylon ToolBar (Enabled) = C:\Users\vernal\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\BabylonChromeToolBar.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files (x86)\TVUPlayer\npTVUAx.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
 
O1 HOSTS File: ([2012/10/01 00:06:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKU\S-1-5-21-2774012587-4088809240-1836390705-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKU\S-1-5-21-2774012587-4088809240-1836390705-1000..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - Startup: C:\Users\vernal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\vernal\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2774012587-4088809240-1836390705-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2774012587-4088809240-1836390705-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Unable to open value key)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Unable to open value key)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.183.0.76 65.183.0.86
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2361B0EB-5D07-4ACB-90AA-58BBFFEE8F8D}: DhcpNameServer = 65.183.0.76 65.183.0.86
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E823465-2CA7-4292-B74D-1F5B85E8AD55}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/01 11:23:41 | 000,000,148 | R--- | M] () - G:\AUTORUN.inf -- [ UDF ]
O32 - AutoRun File - [2007/07/03 21:32:31 | 000,000,000 | R--D | M] - G:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2007/07/03 21:32:31 | 000,634,880 | R--- | M] (Electronic Arts Inc.) - G:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2007/07/03 21:23:42 | 000,585,728 | R--- | M] (Electronic Arts Inc.) - G:\AutoRunGUI.dll -- [ UDF ]
O32 - AutoRun File - [2004/04/08 03:53:26 | 000,000,046 | R--- | M] () - I:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/02 00:04:47 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\vernal\Desktop\OTL.exe
[2012/10/01 21:04:04 | 000,000,000 | ---D | C] -- C:\Users\vernal\Desktop\New folder
[2012/10/01 01:11:33 | 000,000,000 | ---D | C] -- C:\FRST
[2012/10/01 00:06:44 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/09/30 23:52:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/30 23:34:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/30 23:34:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/30 23:34:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/30 23:32:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/30 23:31:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/30 23:25:12 | 004,759,143 | R--- | C] (Swearware) -- C:\Users\vernal\Desktop\ComboFix.exe
[2012/09/30 22:43:52 | 000,000,000 | ---D | C] -- C:\Users\vernal\Desktop\RK_Quarantine
[2012/09/30 22:41:23 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\vernal\Desktop\TDSSKiller.exe
[2012/09/30 22:41:12 | 000,000,000 | ---D | C] -- C:\Users\vernal\Desktop\tdsskiller
[2012/09/30 22:30:09 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\vernal\Desktop\aswMBR.exe
[2012/09/30 22:03:45 | 001,456,149 | ---- | C] (Farbar) -- C:\Users\vernal\Desktop\FRST64.exe
[2012/09/30 20:09:55 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\vernal\Desktop\dds.com
[2012/09/30 19:02:28 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Roaming\Malwarebytes
[2012/09/30 19:02:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/30 19:02:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/30 19:02:11 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/30 19:02:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/30 18:49:17 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\vernal\Desktop\mbam-setup-1.65.0.1400.exe
[2012/09/29 21:42:35 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/09/27 15:35:39 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Local\PopCap Games
[2012/09/27 00:48:24 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bejeweled Blitz
[2012/09/27 00:48:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bejeweled Blitz
[2012/09/26 23:54:23 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Local\GameHouse
[2012/09/26 23:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2012/09/26 23:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bejeweled 3
[2012/09/26 22:43:00 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Roaming\Gamers Digital
[2012/09/26 22:43:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Gamers Digital
[2012/09/26 22:34:32 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Making Mr. Right
[2012/09/26 22:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Making Mr. Right
[2012/09/26 22:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Making Mr. Right
[2012/09/26 17:16:25 | 000,000,000 | ---D | C] -- C:\Users\vernal\Documents\NPS
[2012/09/26 17:16:14 | 000,000,000 | ---D | C] -- C:\Users\vernal\Documents\My Art
[2012/09/26 17:11:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung New PC Studio
[2012/09/26 17:09:18 | 000,172,104 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdm.sys
[2012/09/26 17:09:18 | 000,136,264 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdbus.sys
[2012/09/26 17:09:18 | 000,019,016 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdfl.sys
[2012/09/26 17:09:18 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwhnt.sys
[2012/09/26 17:09:18 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwh.sys
[2012/09/26 17:09:18 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcmnt.sys
[2012/09/26 17:09:18 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcm.sys
[2012/09/26 17:06:43 | 000,025,960 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\FsExService64.Exe
[2012/09/26 17:06:43 | 000,016,448 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\drivers\TFsExDisk.Sys
[2012/09/26 17:06:42 | 000,016,448 | ---- | C] (Teruten Inc) -- C:\Windows\SysNative\drivers\TFsExDisk.sys
[2012/09/26 17:06:41 | 000,025,960 | ---- | C] (Teruten Inc) -- C:\Windows\SysNative\FsExService64.exe
[2012/09/26 17:05:49 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Roaming\Samsung
[2012/09/26 17:05:49 | 000,000,000 | ---D | C] -- C:\Users\vernal\Documents\My NPS Files
[2012/09/26 17:05:26 | 000,000,000 | ---D | C] -- C:\Users\vernal\Documents\Samsung
[2012/09/26 17:04:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2012/09/26 17:03:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2012/09/26 16:55:57 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2012/09/26 16:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012/09/20 16:59:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
[2012/09/19 17:33:12 | 000,000,000 | ---D | C] -- C:\Users\vernal\Documents\My Digital Editions
[2012/09/19 17:32:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012/09/19 17:30:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/09/19 17:27:35 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Roaming\Mozilla
[2012/09/19 17:27:35 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Local\Mozilla
[2012/09/19 17:27:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/09/19 17:27:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/09/17 00:37:08 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Roaming\Elephant Games
[2012/09/17 00:37:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Elephant Games
[2012/09/16 23:35:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Fugazo
[2012/09/16 23:23:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\bfgclient
[2012/09/16 23:16:28 | 000,000,000 | ---D | C] -- C:\BigFishGamesCache
[2012/09/13 07:37:51 | 000,000,000 | ---D | C] -- C:\Users\vernal\Desktop\blackberry
[2012/09/13 07:36:27 | 000,000,000 | ---D | C] -- C:\Users\vernal\Documents\BlackBerry
[2012/09/13 07:34:33 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Local\Research In Motion
[2012/09/13 07:34:26 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Roaming\Research In Motion
[2012/09/12 22:14:13 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
[2012/09/12 22:14:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2012/09/12 22:14:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2012/09/12 22:13:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012/09/12 22:13:55 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Roaming\BabylonToolbar
[2012/09/12 22:13:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/09/12 22:12:59 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Local\GetBooks
[2012/09/12 22:12:38 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Roaming\Babylon
[2012/09/12 22:12:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/09/11 20:45:32 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Roaming\GamesCafe
[2012/09/11 17:47:33 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Roaming\MumboJumbo
[2012/09/11 17:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SnowGlobe
[2012/09/11 17:26:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Games
[2012/09/09 17:29:10 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Roaming\URSE Games
[2012/09/08 23:03:55 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Governor of Poker 2 PE 1.0
[2012/09/08 23:03:44 | 000,000,000 | ---D | C] -- C:\Program Files\Governor of Poker 2 PE
[2012/09/03 08:46:01 | 000,000,000 | ---D | C] -- C:\Users\vernal\AppData\Roaming\Boolat Games
[2012/09/02 22:27:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SugarGames
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\vernal\Documents\*.tmp files -> C:\Users\vernal\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/02 00:10:34 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/02 00:10:34 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/02 00:05:02 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\vernal\Desktop\OTL.exe
[2012/10/02 00:04:08 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/02 00:03:11 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/02 00:02:49 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForvernal.job
[2012/10/02 00:02:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/02 00:02:34 | 1556,291,584 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/01 21:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/01 21:50:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2774012587-4088809240-1836390705-1000UA.job
[2012/10/01 02:14:39 | 000,796,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/01 02:14:39 | 000,674,232 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/01 02:14:39 | 000,125,450 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/01 00:06:37 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/30 23:26:17 | 004,759,143 | R--- | M] (Swearware) -- C:\Users\vernal\Desktop\ComboFix.exe
[2012/09/30 23:19:30 | 000,000,512 | ---- | M] () -- C:\Users\vernal\Desktop\MBR.dat
[2012/09/30 22:32:11 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\vernal\Desktop\aswMBR.exe
[2012/09/30 22:29:46 | 001,412,096 | ---- | M] () -- C:\Users\vernal\Desktop\RogueKiller.exe
[2012/09/30 22:29:45 | 002,193,278 | ---- | M] () -- C:\Users\vernal\Desktop\tdsskiller.zip
[2012/09/30 22:04:08 | 001,456,149 | ---- | M] (Farbar) -- C:\Users\vernal\Desktop\FRST64.exe
[2012/09/30 20:49:03 | 000,302,592 | ---- | M] () -- C:\Users\vernal\Desktop\1wn4qflt.exe
[2012/09/30 20:10:12 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\vernal\Desktop\dds.com
[2012/09/30 19:21:26 | 000,302,592 | ---- | M] () -- C:\Users\vernal\Desktop\xj98blnt.exe
[2012/09/30 19:02:13 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/30 18:52:01 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\vernal\Desktop\mbam-setup-1.65.0.1400.exe
[2012/09/29 21:34:31 | 000,324,259 | ---- | M] () -- C:\Users\vernal\Desktop\Salem Falls.epub
[2012/09/29 21:30:33 | 000,519,522 | ---- | M] () -- C:\Users\vernal\Desktop\The Litigators .epub
[2012/09/29 13:50:14 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2774012587-4088809240-1836390705-1000Core.job
[2012/09/27 20:52:54 | 000,002,493 | ---- | M] () -- C:\Users\vernal\Desktop\Google Chrome.lnk
[2012/09/27 00:48:24 | 000,001,912 | ---- | M] () -- C:\Users\vernal\Desktop\Bejeweled Blitz.lnk
[2012/09/26 23:51:35 | 000,001,004 | ---- | M] () -- C:\Users\vernal\Desktop\Bejeweled 3.lnk
[2012/09/26 17:11:36 | 000,002,130 | ---- | M] () -- C:\Users\vernal\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung New PC Studio.lnk
[2012/09/26 17:11:36 | 000,002,106 | ---- | M] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
[2012/09/26 17:09:14 | 000,254,511 | ---- | M] () -- C:\Users\vernal\Desktop\The Postcard Killers.pdf
[2012/09/25 22:22:23 | 000,370,367 | ---- | M] () -- C:\Users\vernal\Desktop\001.jpg
[2012/09/20 17:00:04 | 000,000,315 | ---- | M] () -- C:\user.js
[2012/09/19 17:32:59 | 000,002,166 | ---- | M] () -- C:\Users\vernal\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2012/09/19 17:27:30 | 000,001,094 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/09/18 00:25:41 | 000,001,121 | ---- | M] () -- C:\WildTangent Games App - hp.lnk
[2012/09/18 00:25:31 | 000,002,385 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
[2012/09/17 19:25:14 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\vernal\Desktop\TDSSKiller.exe
[2012/09/16 14:04:42 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/09/15 15:31:09 | 000,432,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/09/15 11:12:56 | 000,000,090 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
[2012/09/13 15:44:29 | 000,013,785 | ---- | M] () -- C:\ads_err.adt
[2012/09/13 15:29:56 | 000,001,051 | ---- | M] () -- C:\Users\vernal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/09/13 07:43:30 | 000,004,559 | ---- | M] () -- C:\ads_err.adm
[2012/09/13 07:43:30 | 000,003,072 | ---- | M] () -- C:\ads_err.adi
[2012/09/13 07:34:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
[2012/09/13 07:24:33 | 001,695,134 | ---- | M] () -- C:\Users\vernal\Desktop\Vashawn Mitchell - Nobody Greater.mp3
[2012/09/11 20:45:32 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat
[2012/09/10 19:01:59 | 000,000,931 | ---- | M] () -- C:\Users\vernal\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/09/10 19:01:59 | 000,000,907 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/09/10 18:50:33 | 000,001,151 | ---- | M] () -- C:\WildTangent Games App - wildgames.lnk
[2012/09/10 18:50:32 | 000,002,441 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
[2012/09/08 23:03:55 | 000,001,002 | ---- | M] () -- C:\Users\vernal\Desktop\Governor of Poker 2 Premium Edition.lnk
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\vernal\Documents\*.tmp files -> C:\Users\vernal\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/30 23:34:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/30 23:34:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/30 23:34:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/30 23:34:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/30 23:34:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/30 23:19:30 | 000,000,512 | ---- | C] () -- C:\Users\vernal\Desktop\MBR.dat
[2012/09/30 22:29:27 | 001,412,096 | ---- | C] () -- C:\Users\vernal\Desktop\RogueKiller.exe
[2012/09/30 22:28:46 | 002,193,278 | ---- | C] () -- C:\Users\vernal\Desktop\tdsskiller.zip
[2012/09/30 20:48:54 | 000,302,592 | ---- | C] () -- C:\Users\vernal\Desktop\1wn4qflt.exe
[2012/09/30 19:21:15 | 000,302,592 | ---- | C] () -- C:\Users\vernal\Desktop\xj98blnt.exe
[2012/09/30 19:02:13 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/29 21:34:22 | 000,324,259 | ---- | C] () -- C:\Users\vernal\Desktop\Salem Falls.epub
[2012/09/29 21:30:19 | 000,519,522 | ---- | C] () -- C:\Users\vernal\Desktop\The Litigators .epub
[2012/09/27 00:48:24 | 000,001,912 | ---- | C] () -- C:\Users\vernal\Desktop\Bejeweled Blitz.lnk
[2012/09/26 23:51:35 | 000,001,004 | ---- | C] () -- C:\Users\vernal\Desktop\Bejeweled 3.lnk
[2012/09/26 17:11:36 | 000,002,130 | ---- | C] () -- C:\Users\vernal\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung New PC Studio.lnk
[2012/09/26 17:11:36 | 000,002,106 | ---- | C] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
[2012/09/26 17:08:54 | 000,254,511 | ---- | C] () -- C:\Users\vernal\Desktop\The Postcard Killers.pdf
[2012/09/25 22:19:10 | 000,370,367 | ---- | C] () -- C:\Users\vernal\Desktop\001.jpg
[2012/09/20 16:59:47 | 000,000,315 | ---- | C] () -- C:\user.js
[2012/09/19 17:32:59 | 000,002,166 | ---- | C] () -- C:\Users\vernal\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2012/09/19 17:32:59 | 000,002,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions.lnk
[2012/09/19 17:30:10 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/19 17:27:30 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/09/19 17:27:30 | 000,001,094 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/09/16 23:23:18 | 000,001,891 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
[2012/09/16 23:23:18 | 000,001,248 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk
[2012/09/16 14:04:42 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/09/15 11:02:57 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2012/09/13 15:25:36 | 000,001,051 | ---- | C] () -- C:\Users\vernal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/09/13 07:43:10 | 000,013,785 | ---- | C] () -- C:\ads_err.adt
[2012/09/13 07:43:10 | 000,004,559 | ---- | C] () -- C:\ads_err.adm
[2012/09/13 07:43:10 | 000,003,072 | ---- | C] () -- C:\ads_err.adi
[2012/09/13 07:37:32 | 031,803,356 | ---- | C] () -- C:\Users\vernal\Desktop\XS_Eng.m4v
[2012/09/13 07:37:29 | 036,879,332 | ---- | C] () -- C:\Users\vernal\Desktop\Sales_Marketing_Highlights_Eng.m4v
[2012/09/13 07:37:27 | 018,869,378 | ---- | C] () -- C:\Users\vernal\Desktop\Double_X_IBO_Eng.m4v
[2012/09/13 07:37:26 | 012,399,909 | ---- | C] () -- C:\Users\vernal\Desktop\Double_X_Benefits_Eng.m4v
[2012/09/13 07:34:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
[2012/09/13 07:20:00 | 001,695,134 | ---- | C] () -- C:\Users\vernal\Desktop\Vashawn Mitchell - Nobody Greater.mp3
[2012/09/11 20:45:32 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012/09/10 19:01:59 | 000,000,931 | ---- | C] () -- C:\Users\vernal\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/09/10 19:01:59 | 000,000,907 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/09/09 16:24:48 | 000,002,441 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
[2012/09/08 23:03:55 | 000,001,002 | ---- | C] () -- C:\Users\vernal\Desktop\Governor of Poker 2 Premium Edition.lnk
[2012/03/06 19:41:10 | 000,000,200 | -H-- | C] () -- C:\ProgramData\~xwwY3sIKhIEjyVr
[2012/03/06 19:41:09 | 000,000,288 | -H-- | C] () -- C:\ProgramData\~xwwY3sIKhIEjyV
[2012/03/06 19:41:00 | 000,000,448 | -H-- | C] () -- C:\ProgramData\xwwY3sIKhIEjyV
[2012/02/17 00:13:00 | 000,000,000 | -H-- | C] () -- C:\Users\vernal\AppData\Local\{601DB9A1-E2ED-4E2B-9358-B785D763AA2F}
[2011/10/12 22:41:52 | 000,000,000 | -H-- | C] () -- C:\Users\vernal\AppData\Local\{6380B6E2-2E8D-45CC-8AB3-BB5EDEAB930A}
[2011/10/12 22:41:52 | 000,000,000 | -H-- | C] () -- C:\Users\vernal\AppData\Local\{090E4CA0-2F1C-414B-85B6-B4610CB2C7CA}
[2011/09/06 21:33:48 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/09/06 21:33:48 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7345N.DAT
[2011/06/28 20:25:48 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2011/05/30 14:30:49 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/05/30 14:14:20 | 000,000,108 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2011/05/29 19:49:06 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/05/28 16:57:28 | 000,901,406 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/11/05 06:50:10 | 000,000,269 | ---- | C] () -- C:\Windows\Lexstat.ini
[2010/11/05 06:39:38 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpmui.dll
[2010/11/05 06:39:38 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxczutil.dll
[2010/11/05 06:39:38 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczinpa.dll
[2010/11/05 06:39:38 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcziesc.dll
[2010/11/05 06:39:38 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXCZinst.dll
[2010/11/05 06:39:37 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczserv.dll
[2010/11/05 06:39:37 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczusb1.dll
[2010/11/05 06:39:37 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczhbn3.dll
[2010/11/05 06:39:37 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomc.dll
[2010/11/05 06:39:37 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczlmpm.dll
[2010/11/05 06:39:37 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcoms.exe
[2010/11/05 06:39:37 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomm.dll
[2010/11/05 06:39:37 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczih.exe
[2010/11/05 06:39:37 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcfg.exe
[2010/11/05 06:39:37 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczppls.exe
[2010/11/05 06:39:37 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczprox.dll
[2010/11/05 06:39:37 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpplc.dll

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/07/27 09:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/07/27 09:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/09/12 22:12:38 | 000,000,000 | ---D | M] -- C:\Users\vernal\AppData\Roaming\Babylon
[2012/09/12 22:13:56 | 000,000,000 | ---D | M] -- C:\Users\vernal\AppData\Roaming\BabylonToolbar
[2012/09/03 08:46:01 | 000,000,000 | ---D | M] -- C:\Users\vernal\AppData\Roaming\Boolat Games
[2010/11/18 21:29:22 | 000,000,000 | -H-D | M] -- C:\Users\vernal\AppData\Roaming\Brawsome
[2012/10/02 00:03:27 | 000,000,000 | ---D | M] -- C:\Users\vernal\AppData\Roaming\Dropbox
[2012/09/17 00:37:08 | 000,000,000 | ---D | M] -- C:\Users\vernal\AppData\Roaming\Elephant Games
[2012/03/15 02:04:26 | 000,000,000 | ---D | M] -- C:\Users\vernal\AppData\Roaming\funkitron
[2010/11/05 22:38:23 | 000,000,000 | -H-D | M] -- C:\Users\vernal\AppData\Roaming\Gamelab
[2012/09/26 22:43:00 | 000,000,000 | ---D | M] -- C:\Users\vernal\AppData\Roaming\Gamers Digital
[2012/09/11 20:45:32 | 000,000,000 | ---D | M] -- C:\Users\vernal\AppData\Roaming\GamesCafe
[2011/04/03 16:50:27 | 000,000,000 | -H-D | M] -- C:\Users\vernal\AppData\Roaming\Helios
[2012/03/15 02:04:26 | 000,000,000 | ---D | M] -- C:\Users\vernal\AppData\Roaming\Hoyle FaceCreator
[2012/09/30 13:01:20 | 000,000,000 | ---D | M] -- C:\Users\vernal\AppData\Roaming\Hoyle Puzzle and Board Games
[2011/01/30 16:20:51 | 000,000,000 | -H-D | M] -- C:\Users\vernal\AppData\Roaming\InImages
[2012/03/15 02:04:26 | 000,000,000 | ---D | M] -- C:\Users\vernal\AppData\Roaming\Jane s Hotel 3
[2010/12/07 08:59:15 | 000,000,000 | -H-D | M] -- C:\Users\vernal\AppData\Roaming\Leadertech
[2010/12/15 19:20:44 | 000,000,000 | -H-D | M] -- C:\Users\vernal\AppData\Roaming\MasterThief
[2012/03/18 21:20:32 | 000,000,000 | ---D | M] -- C:\Users\vernal\AppData\Roaming\mjusbsp
[2012/09/11 17:47:33 | 000,000,000 | ---D | M] -- C:\Users\vernal\AppData\Roaming\MumboJumbo
[2012/09/19 22:11:37 | 000,000,000 | -H-D | M] -- C:\Users\vernal\AppData\Roaming\playfirst
[2012/02/22 08:57:14 | 000,000,000 | -H-D | M] -- C:\Users\vernal\AppData\Roaming\Product_RM
[2011/09/08 19:29:16 | 000,000,000 | -H-D | M] -- C:\Users\vernal\AppData\Roaming\Registry Mechanic
[2012/09/13 07:36:13 | 000,000,000 | ---D | M] -- C:\Users\vernal\AppData\Roaming\Research In Motion
[2012/09/26 17:05:49 | 000,000,000 | ---D | M] -- C:\Users\vernal\AppData\Roaming\Samsung
[2010/11/20 00:37:18 | 000,000,000 | -H-D | M] -- C:\Users\vernal\AppData\Roaming\SBTT
[2010/12/03 21:35:16 | 000,000,000 | -H-D | M] -- C:\Users\vernal\AppData\Roaming\Sky Bros
[2010/12/27 11:46:54 | 000,000,000 | -H-D | M] -- C:\Users\vernal\AppData\Roaming\Tific
[2012/03/15 01:41:33 | 000,000,000 | ---D | M] -- C:\Users\vernal\AppData\Roaming\TuneUp Software
[2012/09/09 17:29:10 | 000,000,000 | ---D | M] -- C:\Users\vernal\AppData\Roaming\URSE Games
[2012/09/27 00:50:36 | 000,000,000 | ---D | M] -- C:\Users\vernal\AppData\Roaming\uTorrent
[2012/08/22 20:09:15 | 000,000,000 | -H-D | M] -- C:\Users\vernal\AppData\Roaming\ViquaSoft
[2012/09/09 16:24:14 | 000,000,000 | ---D | M] -- C:\Users\vernal\AppData\Roaming\WildTangent
[2011/02/19 07:57:19 | 000,000,000 | -H-D | M] -- C:\Users\vernal\AppData\Roaming\Windows Live Writer
[2011/06/23 11:45:18 | 000,000,000 | -H-D | M] -- C:\Users\vernal\AppData\Roaming\YoudaGames

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:E31EDFDE
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:D621CFB8
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:5ACE199E
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:6301CE40
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:1E288DA3
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:FD786DCA
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:2EB79F01
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:56C66609
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:D0757AAB
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:014BC3B4
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:93B0BB6F
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:4C16B46B
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:C0913157
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:25BB767E
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >
 
You must log in or register to reply here.

Similar threads

ReemX44
A really advanced problem that even r/techsupport helpers can’t help with
Replies
2
Views
828
neeyik
neeyik
R
Solved Norton blocked attack by: System Infected: Miner.Bitcoinminer Activity #
2
Replies
32
Views
3K
Broni
Broni
M
Virus warning popup
Replies
1
Views
571
Mark Fuller
M

Latest posts

Back