Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Babylon, 7picuploader, scon.exe


  • This topic is locked This topic is locked
30 replies to this topic

#1 jab416171

jab416171

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 22 October 2011 - 09:19 PM

Last night, like I do every night, I locked my computer and went to bed. When I woke up, my computer wasn't responding so I powered it off and then turned it on a few minutes later. When I powered it up, I saw Babylon and something about 7picuploader show up. I did not install these programs, they appeared between yesterday and today. I noticed my CPU was running at 60-70%, and scon.exe was consistently using 25% of it.
Today, while I was using it, it locked up, so I powered it down.
Any help would be appreciated in determining where these rogue programs came from and getting my pc more stable. Thank you.

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,046 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:44 PM

Posted 22 October 2011 - 10:54 PM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#3 jab416171

jab416171
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 23 October 2011 - 12:13 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Joe at 11:07:09 on 2011-10-23
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6143.2371 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
C:\Program Files (x86)\freeSSHd\FreeSSHDService.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\PC Monitor\PCMonitorSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\ruon.neton\neton.exe
C:\Program Files (x86)\ruon.processon\processon.exe
C:\Program Files (x86)\ruon.serveron\serveron.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Users\Joe\Downloads\volumouse_beta-x64\volumouse.exe
C:\Program Files (x86)\SugarSync\SugarSyncManager.exe
C:\Users\Joe\Downloads\volumouse_beta-x64\volumouse32.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Users\Joe\Downloads\ShutdownGuard\ShutdownGuard.exe
C:\Users\Joe\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Users\Joe\Desktop\toolbox\bwmonitorexes\BWMonitor.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\MSI\Star Key Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Users\Joe\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update Tool Notifier.exe
C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe
C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Joe\AppData\Roaming\scon.exe
C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Babylon\Babylon-Pro\BabylonHelper64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Babylon\Babylon-Pro\TC\BabylonTC.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.00.048\Applets\x86\LCDMedia.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.00.048\Applets\x64\LCDPop3.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.00.048\Applets\x64\LCDCountdown.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.00.048\Applets\x64\LCDRSS.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.00.048\Applets\x64\LCDClock.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Samsung\Kies\External\DeviceModules\DeviceManager.exe
C:\Program Files (x86)\Samsung\Kies\External\DeviceModules\ConnectionManager.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Joe\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://search.babylon.com/home?AF=18853
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll
uRun: [FreeMeter] "C:\Users\Joe\Desktop\toolbox\FreeMeter_v1.6.3\FreeMeter.exe"
uRun: [TweetMyPC] C:\Users\Joe\AppData\Local\Apps\2.0\R50W7QME.4O7\B0VNA442.6DD\twee..tion_23422dbb911b53de_0003.0005_7e2ef794643900ee\TweetMyPC.exe
uRun: [$Volumouse$] "C:\Users\Joe\Downloads\volumouse_beta-x64\volumouse.exe" /nodlg
uRun: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
uRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
uRun: [ShutdownGuard] "C:\Users\Joe\Downloads\ShutdownGuard\ShutdownGuard.exe"
uRun: [MusicManager] "C:\Users\Joe\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [Google Update] "C:\Users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [BandwidthMonitor] C:\Users\Joe\Desktop\toolbox\bwmonitorexes\BWMonitor.exe
uRun: [chromium] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window
uRunOnce: [Application Restart #1] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --flag-switches-begin --enable-click-to-play --enable-compact-navigation --conflicting-modules-check --enable-nacl --experimental-location-features --enable-experimental-extension-apis --focus-existing-tab-on-open --enable-accelerated-2d-canvas --ignore-gpu-blacklist --new-tab-page-4 --preload-instant-search --enable-remoting --show-fps-counter --enable-tab-groups-context-menu --flag-switches-end --restore-last-session
mRun: [FileZilla Server Interface] "C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"
mRun: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [MSIAfterburner] "C:\Program Files (x86)\MSI Afterburner\MSIAfterburnerWrapper.exe" /s
mRun: [Windows Fix] C:\Users\Joe\AppData\Roaming\scon.exe
mRun: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart
StartupFolder: C:\Users\Joe\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Joe\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update Tool Notifier.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\MSI\Star Key Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
uPolicies-system: EnableLUA = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
IE: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{2459BBC7-0177-4452-B1EC-9E9AF497DB1F} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{505667FC-1BB3-4DBD-AF13-34012DBDCCD0} : NameServer = 68.87.85.98,68.87.69.146
TCP: Interfaces\{6400A2BA-365F-459B-BD51-0F2826936A98} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{6400A2BA-365F-459B-BD51-0F2826936A98} : DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{8BD785AE-5AC5-4A13-AAF7-109141D65687} : DhcpNameServer = 192.168.1.1 68.87.85.102 68.87.69.150
TCP: Interfaces\{FCEFAB06-3FD1-47EA-B9F4-65FE5B0A230B} : NameServer = 68.87.85.98,68.87.69.146
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll
BHO-X64: Babylon toolbar helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Babylon IE plugin: {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
BHO-X64: Babylon IE plugin - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll
mRun-x64: [FileZilla Server Interface] "C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"
mRun-x64: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
mRun-x64: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
mRun-x64: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [MSIAfterburner] "C:\Program Files (x86)\MSI Afterburner\MSIAfterburnerWrapper.exe" /s
mRun-x64: [Windows Fix] C:\Users\Joe\AppData\Roaming\scon.exe
mRun-x64: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
IE-X64: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Apache2.2;Apache2.2;C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2009-9-28 24645]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-8-15 91456]
R2 MySQL51;MySQL51;"C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld" --defaults-file="C:\Program Files\MySQL\MySQL Server 5.1\my.ini" MySQL51 --> C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-3 2255464]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-9-16 80896]
R2 PC Monitor;PC Monitor;C:\Program Files (x86)\PC Monitor\PCMonitorSrv.exe [2011-8-1 299840]
R2 ruon.neton;R-U-ON NetOn;C:\Program Files (x86)\ruon.neton\neton.exe service --> C:\Program Files (x86)\ruon.neton\neton.exe service [?]
R2 ruon.processon;R-U-ON ProcessOn;C:\Program Files (x86)\ruon.processon\processon.exe service --> C:\Program Files (x86)\ruon.processon\processon.exe service [?]
R2 ruon.serveron;R-U-ON ServerOn;C:\Program Files (x86)\ruon.serveron\serveron.exe service --> C:\Program Files (x86)\ruon.serveron\serveron.exe service [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-11-1 1153368]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\system32\DRIVERS\LGSHidFilt.Sys --> C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [?]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\Windows\system32\DRIVERS\Rtnic64.sys --> C:\Windows\system32\DRIVERS\Rtnic64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-29 136176]
S2 IDriveE Service;IDriveE Service;"C:\Users\Joe\Documents\IDrive\IDriveE Service.exe" --> C:\Users\Joe\Documents\IDrive\IDriveE Service.exe [?]
S2 LMIGuardianSvc;LMIGuardianSvc;"C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" --> C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-29 136176]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VBoxUSB;VirtualBox USB;C:\Windows\system32\Drivers\VBoxUSB.sys --> C:\Windows\system32\Drivers\VBoxUSB.sys [?]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\Joe\Desktop\toolbox\realtemp\WinRing0x64.sys [2009-8-24 14544]
S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1767816]
.
=============== Created Last 30 ================
.
2011-10-22 20:46:42 -------- d-----w- C:\Users\Joe\AppData\Local\Babylon
2011-10-22 16:44:30 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{004E0AA6-D436-4A39-8C6C-3CAF2740CA01}\offreg.dll
2011-10-22 16:44:25 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{004E0AA6-D436-4A39-8C6C-3CAF2740CA01}\mpengine.dll
2011-10-22 16:35:16 -------- d-----w- C:\Program Files\Babylon
2011-10-22 16:35:16 -------- d-----w- C:\Program Files (x86)\Babylon
2011-10-22 16:35:07 -------- d-----w- C:\Program Files (x86)\BabylonToolbar
2011-10-22 16:34:32 -------- d-----w- C:\Users\Joe\AppData\Roaming\Babylon
2011-10-22 16:34:32 -------- d-----w- C:\ProgramData\Babylon
2011-10-19 05:57:32 68174 ----a-w- C:\Users\Joe\AppData\Roaming\scon.exe
2011-10-17 02:55:22 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2011-10-11 02:34:08 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C076B498-204D-4D7C-9901-DA3443ABEF5F}\gapaengine.dll
2011-10-04 19:18:18 -------- d-----w- C:\Users\Joe\AppData\Roaming\Synthesia
2011-10-04 19:11:43 -------- d-----w- C:\Program Files (x86)\Synthesia
2011-10-01 18:32:28 -------- d-----w- C:\Users\Joe\AppData\Roaming\pymclevel
2011-09-29 02:05:10 -------- d-----w- C:\Users\Joe\AppData\Roaming\medsouz
2011-09-23 18:46:43 -------- d-----w- C:\Program Files (x86)\World of Warcraft
.
==================== Find3M ====================
.
2011-08-27 03:42:53 2829 ----a-w- C:\Windows\DiabUnin.pif
2011-08-27 03:42:53 118784 ----a-w- C:\Windows\DiabUnin.exe
2011-08-20 00:52:20 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-08-20 00:47:50 66328 ----a-w- C:\Windows\System32\drivers\LGSHidFilt.Sys
2011-08-20 00:47:50 1845528 ----a-w- C:\Windows\System32\LkmdfCoInst.dll
.
============= FINISH: 11:09:44.01 ===============

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:44 AM

Posted 25 October 2011 - 01:40 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 jab416171

jab416171
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 25 October 2011 - 07:28 PM

I ran Combofix, and then it attempted to restart my computer. My computer has been sitting at the "Starting Windows" screen for about 15 minutes now. It's done this before, and usually just turning it off and letting it sit for a few hours fixes it and lets me boot up.
On an unrelated note, usually, when I open up windows explorer either from the taskbar or Windows + E, when I click on a drive or a folder on the left panel, it opens in a new window. How do I prevent this from happening?

Thank you so much for looking into this and helping me out.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:44 AM

Posted 26 October 2011 - 08:39 AM

how did things go?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 jab416171

jab416171
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 26 October 2011 - 01:55 PM

Here's the combofix log:


ComboFix 11-10-25.04 - Joe 10/25/2011 17:55:34.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6143.3669 [GMT -6:00]
Running from: c:\users\Joe\Documents\My Dropbox\bleepingcomputer\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\boot.exe
c:\users\Joe\AppData\Local\Apps\2.0\R50W7QME.4O7\B0VNA442.6DD\twee..tion_23422dbb911b53de_0003.0005_7e2ef794643900ee\TweetMyPC.exe
c:\users\Joe\AppData\Local\Temp\9b93aee4-5d0f-43c6-98ae-ec0b1e7534ab\CliSecureRT.dll
c:\users\Joe\AppData\Local\TempDIR
c:\users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UpdateDrv.exe
c:\users\Joe\AppData\Roaming\ODIN
c:\users\Joe\AppData\Roaming\ODIN\ODIN.ini
c:\users\Joe\AppData\Roaming\scon.exe
c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll.bak2
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-26 to 2011-10-26 )))))))))))))))))))))))))))))))
.
.
2011-10-26 00:09 . 2011-10-26 00:09 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-10-26 00:09 . 2011-10-26 00:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-25 00:13 . 2011-10-26 13:17 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2EC45F4B-03FE-4C23-800E-6274E6753641}\offreg.dll
2011-10-25 00:13 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2EC45F4B-03FE-4C23-800E-6274E6753641}\mpengine.dll
2011-10-22 20:46 . 2011-10-23 02:47 -------- d-----w- c:\users\Joe\AppData\Local\Babylon
2011-10-22 16:35 . 2011-10-22 16:35 -------- d-----w- c:\program files\Babylon
2011-10-22 16:35 . 2011-10-22 16:35 -------- d-----w- c:\program files (x86)\Babylon
2011-10-22 16:34 . 2011-10-26 13:20 -------- d-----w- c:\programdata\Babylon
2011-10-22 16:34 . 2011-10-23 16:26 -------- d-----w- c:\users\Joe\AppData\Roaming\Babylon
2011-10-17 02:55 . 2011-10-17 02:55 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-10-11 02:34 . 2011-10-11 02:33 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C076B498-204D-4D7C-9901-DA3443ABEF5F}\gapaengine.dll
2011-10-04 19:18 . 2011-10-04 19:22 -------- d-----w- c:\users\Joe\AppData\Roaming\Synthesia
2011-10-04 19:11 . 2011-10-04 19:13 -------- d-----w- c:\program files (x86)\Synthesia
2011-10-01 18:32 . 2011-10-01 18:32 -------- d-----w- c:\users\Joe\AppData\Roaming\pymclevel
2011-09-29 02:05 . 2011-09-29 02:05 -------- d-----w- c:\users\Joe\AppData\Roaming\medsouz
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 04:16 . 2011-08-17 03:23 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-27 03:42 . 2011-08-27 03:42 2829 ----a-w- c:\windows\DiabUnin.pif
2011-08-27 03:42 . 2011-08-27 03:42 118784 ----a-w- c:\windows\DiabUnin.exe
2011-08-20 00:52 . 2011-08-20 00:52 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-08-20 00:47 . 2011-08-20 00:47 66328 ----a-w- c:\windows\system32\drivers\LGSHidFilt.Sys
2011-08-20 00:47 . 2011-08-20 00:47 1845528 ----a-w- c:\windows\system32\LkmdfCoInst.dll
2011-08-16 03:21 . 2011-09-08 00:03 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-08-06 22:49 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-03 11:50 . 2011-09-03 19:26 8355944 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-08-03 11:50 . 2011-09-03 19:26 7254632 ----a-w- c:\windows\system32\nvcuda.dll
2011-08-03 11:50 . 2011-09-03 19:26 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-03 11:50 . 2011-09-03 19:26 6613096 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-08-03 11:50 . 2011-09-03 19:26 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-08-03 11:50 . 2011-09-03 19:26 5404776 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-08-03 11:50 . 2011-09-03 19:26 2532456 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-03 11:50 . 2011-09-03 19:26 24692840 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-03 11:50 . 2011-09-03 19:26 2391656 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-08-03 11:50 . 2011-09-03 19:26 2222184 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-03 11:50 . 2011-09-03 19:26 2090088 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-08-03 11:50 . 2011-09-03 19:26 17193576 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-08-03 11:50 . 2011-09-03 19:26 16595560 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-08-03 11:50 . 2011-09-03 19:26 1519720 ----a-w- c:\windows\system32\nvdispco64.dll
2011-08-03 11:50 . 2011-09-03 19:26 15064168 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-08-03 11:50 . 2011-09-03 19:26 1453160 ----a-w- c:\windows\system32\nvgenco64.dll
2011-08-03 11:50 . 2011-09-03 19:26 12909672 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-08-03 11:50 . 2011-02-23 14:28 22470248 ----a-w- c:\windows\system32\nvoglv64.dll
2011-08-03 11:50 . 2011-01-08 02:49 836200 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-08-03 11:50 . 2011-01-08 02:49 6136936 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:50 . 2011-01-08 02:49 3021416 ----a-w- c:\windows\system32\nvsvc64.dll
2011-08-03 11:50 . 2011-01-08 02:48 980072 ----a-w- c:\windows\system32\nvvsvc.exe
2011-08-03 11:50 . 2011-01-08 02:48 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-03 11:50 . 2010-08-06 00:43 12636776 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-08-03 11:50 . 2010-06-01 21:49 2412136 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-08-03 11:50 . 2009-07-15 05:54 2758760 ----a-w- c:\windows\system32\nvapi64.dll
2011-08-03 11:50 . 2009-07-14 18:08 61544 ----a-w- c:\windows\system32\nvshext.dll
2011-07-29 00:50 . 2011-07-29 00:50 145552 ----a-w- c:\users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update Tool Notifier.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"$Volumouse$"="c:\users\Joe\Downloads\volumouse_beta-x64\volumouse.exe" [2011-03-28 86528]
"SugarSync"="c:\program files (x86)\SugarSync\SugarSyncManager.exe" [2011-09-29 16084992]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-10-16 2363392]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-04-29 934800]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-04-29 3373968]
"ShutdownGuard"="c:\users\Joe\Downloads\ShutdownGuard\ShutdownGuard.exe" [2010-12-05 46080]
"MusicManager"="c:\users\Joe\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2011-09-14 13128704]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-04-29 19856]
"BandwidthMonitor"="c:\users\Joe\Desktop\toolbox\bwmonitorexes\BWMonitor.exe" [2007-09-16 213398]
"chromium"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2011-09-30 1030200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FileZilla Server Interface"="c:\program files (x86)\FileZilla Server\FileZilla Server Interface.exe" [2009-09-06 1230336]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2011-03-26 64112]
"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-28 585728]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"MSIAfterburner"="c:\program files (x86)\MSI Afterburner\MSIAfterburnerWrapper.exe" [2010-05-27 44344]
"Babylon Client"="c:\program files (x86)\Babylon\Babylon-Pro\Babylon.exe" [2011-08-22 3346032]
.
c:\users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Joe\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
Update Tool Notifier.exe [2011-7-28 145552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\MSI\Star Key Bluetooth Software\BTTray.exe [2006-11-21 982832]
Monitor Apache Servers.lnk - c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2009-9-28 41051]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-30 136176]
R2 IDriveE Service;IDriveE Service;c:\users\Joe\Documents\IDrive\IDriveE Service.exe [x]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-30 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 NVIDIAHWAccess;NVIDIAHWAccess;c:\users\Joe\AppData\Roaming\NVIDIA\HWAccess.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Joe\Desktop\toolbox\realtemp\WinRing0x64.sys [2008-07-27 14544]
R4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1767816]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Apache2.2;Apache2.2;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2009-09-29 24645]
S2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-06-24 91456]
S2 MySQL51;MySQL51;c:\program files\MySQL\MySQL Server 5.1\bin\mysqld --defaults-file=c:\program files\MySQL\MySQL Server 5.1\my.ini MySQL51 [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 PC Monitor;PC Monitor;c:\program files (x86)\PC Monitor\PCMonitorSrv.exe [2011-10-21 299840]
S2 ruon.neton;R-U-ON NetOn;c:\program files (x86)\ruon.neton\neton.exe service [x]
S2 ruon.processon;R-U-ON ProcessOn;c:\program files (x86)\ruon.processon\processon.exe service [x]
S2 ruon.serveron;R-U-ON ServerOn;c:\program files (x86)\ruon.serveron\serveron.exe service [x]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S2 VisualSVNServer;VisualSVN Server;c:\program files (x86)\VisualSVN Server\bin\VisualSVNServer.exe [2010-02-12 23840]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-26 539248]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 19:49 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-30 05:37]
.
2011-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-30 05:37]
.
2011-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4174676936-2142736387-3720375477-1001Core.job
- c:\users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-26 05:37]
.
2011-10-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4174676936-2142736387-3720375477-1001UA.job
- c:\users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-26 05:37]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2011-09-29 21:27 405504 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2011-09-29 21:27 405504 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2011-09-29 21:27 405504 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2011-09-29 21:27 405504 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-01 8095776]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-06-15 110360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/home?AF=18853
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
TCP: Interfaces\{505667FC-1BB3-4DBD-AF13-34012DBDCCD0}: NameServer = 68.87.85.98,68.87.69.146
TCP: Interfaces\{6400A2BA-365F-459B-BD51-0F2826936A98}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{FCEFAB06-3FD1-47EA-B9F4-65FE5B0A230B}: NameServer = 68.87.85.98,68.87.69.146
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6} - c:\program files\Memopal\ShellExtension\ShellExtension.dll
ShellIconOverlayIdentifiers-{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD} - c:\program files\Memopal\ShellExtension\ShellExtension.dll
ShellIconOverlayIdentifiers-{95DDC869-FC98-4D47-BD34-2EDC9AA09C01} - c:\program files\Memopal\ShellExtension\ShellExtension.dll
ShellIconOverlayIdentifiers-{2CDD871E-60EB-40BD-9721-A1CB57042F75} - c:\program files\Memopal\ShellExtension\ShellExtension.dll
Wow6432Node-HKCU-Run-FreeMeter - c:\users\Joe\Desktop\toolbox\FreeMeter_v1.6.3\FreeMeter.exe
Wow6432Node-HKCU-Run-TweetMyPC - c:\users\Joe\AppData\Local\Apps\2.0\R50W7QME.4O7\B0VNA442.6DD\twee..tion_23422dbb911b53de_0003.0005_7e2ef794643900ee\TweetMyPC.exe
Wow6432Node-HKLM-Run-Windows Fix - c:\users\Joe\AppData\Roaming\scon.exe
SafeBoot-SolutoService
AddRemove-7PicUploader - c:\program files (x86)\7PicUploader\uninstall.exe
AddRemove-AMIP_foobar2000 - c:\program files (x86)\foobar2000\components\amip_uninstall.exe
AddRemove-Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\uninstbb.exe
AddRemove-BabylonToolbar - c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\uninstall.exe
AddRemove-dBpoweramp Windows Media Audio 10 Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-Just Cause 2_is1 - c:\users\Joe\Desktop\Just Cause 2\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL51]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL51"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4174676936-2142736387-3720375477-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:56,d0,73,a0,63,11,40,dc,55,0f,5d,f5,ad,0f,cf,03,d8,62,23,38,07,32,dd,
0e,e5,18,66,cc,6e,59,16,fb,b9,da,66,fe,94,a4,f5,67,1f,16,4b,96,ac,84,15,39,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-4174676936-2142736387-3720375477-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\FileZilla Server\FileZilla Server.exe
c:\program files (x86)\freeSSHd\FreeSSHDService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\ruon.neton\neton.exe
c:\program files (x86)\ruon.processon\processon.exe
c:\program files (x86)\ruon.serveron\serveron.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\users\Joe\Downloads\volumouse_beta-x64\volumouse32.exe
c:\program files (x86)\Motorola\MotoConnectService\MotoConnect.exe
c:\users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update Tool Notifier.exe
c:\program files (x86)\Babylon\Babylon-Pro\TC\BabylonTC.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files\Logitech Gaming Software\plugins\LCDAppletsMono-8.00.048\Applets\x86\LCDMedia.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2011-10-26 07:29:26 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-26 13:29
.
Pre-Run: 18,681,393,152 bytes free
Post-Run: 20,031,803,392 bytes free
.
- - End Of File - - 9B674A3B3F1A076CEAF8D9CCD6FA7C73

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:44 AM

Posted 26 October 2011 - 02:28 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\users\Joe\AppData\Local\Babylon
c:\program files\Babylon
c:\program files (x86)\Babylon
c:\programdata\Babylon
c:\users\Joe\AppData\Roaming\Babylon

DDS::
uStart Page = hxxp://search.babylon.com/home?AF=18853
IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 jab416171

jab416171
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 26 October 2011 - 08:09 PM

ComboFix 11-10-25.04 - Joe 10/26/2011 18:41:45.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6143.4094 [GMT -6:00]
Running from: c:\users\Joe\Documents\My Dropbox\bleepingcomputer\ComboFix.exe
Command switches used :: c:\users\Joe\Documents\My Dropbox\bleepingcomputer\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Babylon
c:\program files (x86)\Babylon\Babylon-Pro\Babylon.exe
c:\program files (x86)\Babylon\Babylon-Pro\BabyServices.dll
c:\program files (x86)\Babylon\Babylon-Pro\BContentServer.dll
c:\program files (x86)\Babylon\Babylon-Pro\BContentServerExt.dll
c:\program files (x86)\Babylon\Babylon-Pro\BException.dll
c:\program files (x86)\Babylon\Babylon-Pro\captlib.dll
c:\program files (x86)\Babylon\Babylon-Pro\Data\bab025.cbid10.dat
c:\program files (x86)\Babylon\Babylon-Pro\Data\bab094.band.dat
c:\program files (x86)\Babylon\Babylon-Pro\Data\bab225.rsttrl.dat
c:\program files (x86)\Babylon\Babylon-Pro\Data\Babylon.dat
c:\program files (x86)\Babylon\Babylon-Pro\Data\Content\bab_hlp_static.bdc
c:\program files (x86)\Babylon\Babylon-Pro\Data\CSConfig.dat
c:\program files (x86)\Babylon\Babylon-Pro\Data\Features.dat
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Afrikaans.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Albanian.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Arabic.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Armenian.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Basque.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Belarus.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Belarusian.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Bulgarian.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Catalan.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Chinese (S).ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Chinese (T).ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Croatian.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Czech.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Danish.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Dutch.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\English.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Esperanto.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Estonian.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Faeroese.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Farsi.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Filipino.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Finnish.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\French.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\German.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Greek.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Hausa.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Hebrew.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Hindi.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Hungarian.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Icelandic.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Indonesian.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Italian.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Japanese.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Korean.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Latin.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Latvian.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Lithuanian.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Macedonian.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Malay.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Mongolian.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Norwegian.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Pashto.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Polish.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Portuguese.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Romanian.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Russian.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Serbian.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Slovak.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Slovenian.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Somali.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Spanish.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Swedish.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Tamazight.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Thai.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Turkish.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Ukrainian.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Urdu.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\LDTs\Vietnamese.ldt
c:\program files (x86)\Babylon\Babylon-Pro\Data\Metaphone.dat
c:\program files (x86)\Babylon\Babylon-Pro\Data\Strings.dat
c:\program files (x86)\Babylon\Babylon-Pro\TC\BabylonTC.exe
c:\program files (x86)\Babylon\Babylon-Pro\TC\BabylonTC.exe.manifest
c:\program files (x86)\Babylon\Babylon-Pro\TC\osmax.ocx
c:\program files (x86)\Babylon\Babylon-Pro\TC\osmax.X.manifest
c:\program files (x86)\Babylon\Babylon-Pro\TC\resources\{A7EAE3F1-D99E-4845-9F57-FB791C65509B}\images\bg-ginger.png
c:\program files (x86)\Babylon\Babylon-Pro\TC\resources\{A7EAE3F1-D99E-4845-9F57-FB791C65509B}\images\bg-popup-offline.gif
c:\program files (x86)\Babylon\Babylon-Pro\TC\resources\{A7EAE3F1-D99E-4845-9F57-FB791C65509B}\index.html
c:\program files (x86)\Babylon\Babylon-Pro\TC\resources\{A7EAE3F1-D99E-4845-9F57-FB791C65509B}\style.css
c:\program files (x86)\Babylon\Babylon-Pro\TC\resources\{E9B85A27-7C0D-4b0e-AE5F-3141E7508772}\images\bg-ginger.png
c:\program files (x86)\Babylon\Babylon-Pro\TC\resources\{E9B85A27-7C0D-4b0e-AE5F-3141E7508772}\images\bg-popup-offline.gif
c:\program files (x86)\Babylon\Babylon-Pro\TC\resources\{E9B85A27-7C0D-4b0e-AE5F-3141E7508772}\index.html
c:\program files (x86)\Babylon\Babylon-Pro\TC\resources\{E9B85A27-7C0D-4b0e-AE5F-3141E7508772}\style.css
c:\program files (x86)\Babylon\Babylon-Pro\TC\resources\babylontc.ico
c:\program files (x86)\Babylon\Babylon-Pro\TC\secman.dll
c:\program files (x86)\Babylon\Babylon-Pro\TC\secman.X.manifest
c:\program files (x86)\Babylon\Babylon-Pro\Updates\Convert.dat
c:\program files (x86)\Babylon\Babylon-Pro\Updates\Rates.dat
c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonChrome.crx
c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonOfficePI.dll
c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonRPI.api
c:\program files (x86)\Babylon\Babylon-Pro\Utils\MyBabylonTB.exe
c:\program files\Babylon
c:\program files\Babylon\Babylon-Pro\BabylonHelper64.exe
c:\program files\Babylon\Babylon-Pro\captlib64.dll
c:\programdata\Babylon
c:\programdata\Babylon\BabAll.dat
c:\programdata\Babylon\Gloss\bab_hlp_static.bdc
c:\programdata\Babylon\Gloss\Babylon_English.bdc
c:\programdata\Babylon\Gloss\bdcmpers.dat
c:\programdata\Babylon\Gloss\cslock.dat
c:\programdata\Babylon\LocalUI\AskCommTemplate.htm
c:\programdata\Babylon\LocalUI\cmwnd.html
c:\programdata\Babylon\LocalUI\img-ie6\baby.css
c:\programdata\Babylon\LocalUI\img-ie6\Btn\prarg.gif
c:\programdata\Babylon\LocalUI\img-ie6\Btn\say_turnOn.gif
c:\programdata\Babylon\LocalUI\img-ie6\Btn\wordAnim.gif
c:\programdata\Babylon\LocalUI\img-ie6\controls\arowDown.gif
c:\programdata\Babylon\LocalUI\img-ie6\controls\arowRight.gif
c:\programdata\Babylon\LocalUI\img-ie6\controls\arrowL.gif
c:\programdata\Babylon\LocalUI\img-ie6\controls\arrowR.gif
c:\programdata\Babylon\LocalUI\img-ie6\controls\b9_preloader.gif
c:\programdata\Babylon\LocalUI\img-ie6\controls\btnFrm.gif
c:\programdata\Babylon\LocalUI\img-ie6\controls\btnFrmShort.gif
c:\programdata\Babylon\LocalUI\img-ie6\controls\cart_icon.gif
c:\programdata\Babylon\LocalUI\img-ie6\controls\cmntylogo.gif
c:\programdata\Babylon\LocalUI\img-ie6\controls\fb.gif
c:\programdata\Babylon\LocalUI\img-ie6\controls\file.gif
c:\programdata\Babylon\LocalUI\img-ie6\controls\menuArr.gif
c:\programdata\Babylon\LocalUI\img-ie6\controls\shopCart.gif
c:\programdata\Babylon\LocalUI\img-ie6\controls\spyglass.gif
c:\programdata\Babylon\LocalUI\img-ie6\controls\sysBtn.gif
c:\programdata\Babylon\LocalUI\img-ie6\controls\TermBoxEdegs.gif
c:\programdata\Babylon\LocalUI\img-ie6\controls\TermMiddle.gif
c:\programdata\Babylon\LocalUI\img-ie6\controls\trmBoxRigt.gif
c:\programdata\Babylon\LocalUI\img-ie6\controls\ulBtn.gif
c:\programdata\Babylon\LocalUI\img-ie6\frame.css
c:\programdata\Babylon\LocalUI\img-ie6\frame\b1.gif
c:\programdata\Babylon\LocalUI\img-ie6\frame\b2.gif
c:\programdata\Babylon\LocalUI\img-ie6\frame\b3.gif
c:\programdata\Babylon\LocalUI\img-ie6\frame\fTabTxt.gif
c:\programdata\Babylon\LocalUI\img-ie6\frame\logo.gif
c:\programdata\Babylon\LocalUI\img-ie6\frame\m1.gif
c:\programdata\Babylon\LocalUI\img-ie6\frame\m2.gif
c:\programdata\Babylon\LocalUI\img-ie6\frame\m3.gif
c:\programdata\Babylon\LocalUI\img-ie6\frame\sideTabs.gif
c:\programdata\Babylon\LocalUI\img-ie6\frame\t1.gif
c:\programdata\Babylon\LocalUI\img-ie6\frame\t2.gif
c:\programdata\Babylon\LocalUI\img-ie6\frame\t3.gif
c:\programdata\Babylon\LocalUI\img-ie6\frame\t4.gif
c:\programdata\Babylon\LocalUI\img-ie6\frame\tabRpt1.gif
c:\programdata\Babylon\LocalUI\img-ie6\frame\tabRpt2.gif
c:\programdata\Babylon\LocalUI\img-ie6\frame\tabRpt2_.gif
c:\programdata\Babylon\LocalUI\img-ie6\frame\tabsOvr.gif
c:\programdata\Babylon\LocalUI\img-ie6\frame\wTabTxt.gif
c:\programdata\Babylon\LocalUI\img-ie6\frameIE6\b1.gif
c:\programdata\Babylon\LocalUI\img-ie6\frameIE6\b2.gif
c:\programdata\Babylon\LocalUI\img-ie6\frameIE6\b3.gif
c:\programdata\Babylon\LocalUI\img-ie6\frameIE6\btmSplitr.gif
c:\programdata\Babylon\LocalUI\img-ie6\frameIE6\cmboxArr.gif
c:\programdata\Babylon\LocalUI\img-ie6\frameIE6\m1.gif
c:\programdata\Babylon\LocalUI\img-ie6\frameIE6\m2.gif
c:\programdata\Babylon\LocalUI\img-ie6\frameIE6\m3.gif
c:\programdata\Babylon\LocalUI\img-ie6\frameIE6\spelling.gif
c:\programdata\Babylon\LocalUI\img-ie6\frameIE6\t1.gif
c:\programdata\Babylon\LocalUI\img-ie6\frameIE6\t2.gif
c:\programdata\Babylon\LocalUI\img-ie6\frameIE6\t3.gif
c:\programdata\Babylon\LocalUI\img-ie6\frameIE6\t3V2.gif
c:\programdata\Babylon\LocalUI\img-ie6\frameIE6\t4.gif
c:\programdata\Babylon\LocalUI\img-ie6\Ftxt\btnGreen.gif
c:\programdata\Babylon\LocalUI\img-ie6\Ftxt\btnOrange.gif
c:\programdata\Babylon\LocalUI\img-ie6\Ftxt\btns_Bg.gif
c:\programdata\Babylon\LocalUI\img-ie6\Ftxt\cmboxArr.gif
c:\programdata\Babylon\LocalUI\img-ie6\Ftxt\cmboxFrm.gif
c:\programdata\Babylon\LocalUI\img-ie6\Ftxt\file.gif
c:\programdata\Babylon\LocalUI\img-ie6\Ftxt\flags.gif
c:\programdata\Babylon\LocalUI\img-ie6\Ftxt\langArrw.gif
c:\programdata\Babylon\LocalUI\img-ie6\Ftxt\langArrwRtl.gif
c:\programdata\Babylon\LocalUI\img-ie6\Ftxt\SpkrNrml.gif
c:\programdata\Babylon\LocalUI\img-ie6\Ftxt\spkrPause.gif
c:\programdata\Babylon\LocalUI\img-ie6\Ftxt\spkrPlay.gif
c:\programdata\Babylon\LocalUI\img-ie6\Ftxt\ulBtn.gif
c:\programdata\Babylon\LocalUI\img-ie6\main.css
c:\programdata\Babylon\LocalUI\img-ie6\rslt\bgleftcorner.gif
c:\programdata\Babylon\LocalUI\img-ie6\rslt\ConvFlags.gif
c:\programdata\Babylon\LocalUI\img-ie6\rslt\convrt.gif
c:\programdata\Babylon\LocalUI\img-ie6\rslt\convrtTab.gif
c:\programdata\Babylon\LocalUI\img-ie6\rslt\moreRslt.gif
c:\programdata\Babylon\LocalUI\img-ie6\rslt\morRslts.gif
c:\programdata\Babylon\LocalUI\img-ie6\rslt\plusIcn.gif
c:\programdata\Babylon\LocalUI\img-ie6\rslt\spelling.gif
c:\programdata\Babylon\LocalUI\img-ie6\rslt\tab.gif
c:\programdata\Babylon\LocalUI\img-ie6\rslt\tab2.gif
c:\programdata\Babylon\LocalUI\img-ie6\rslt\tcImg.gif
c:\programdata\Babylon\LocalUI\img-ie6\rslt\wgBtn.gif
c:\programdata\Babylon\LocalUI\img-ie6\text.css
c:\programdata\Babylon\LocalUI\img-ie6\word.css
c:\programdata\Babylon\LocalUI\img\baby.css
c:\programdata\Babylon\LocalUI\img\banner_\b1.png
c:\programdata\Babylon\LocalUI\img\banner_\b2.png
c:\programdata\Babylon\LocalUI\img\banner_\b3.png
c:\programdata\Babylon\LocalUI\img\banner_\m1.png
c:\programdata\Babylon\LocalUI\img\banner_\m2.png
c:\programdata\Babylon\LocalUI\img\banner_\m3.png
c:\programdata\Babylon\LocalUI\img\banner_\t1.png
c:\programdata\Babylon\LocalUI\img\banner_\t2.png
c:\programdata\Babylon\LocalUI\img\banner_\t3.png
c:\programdata\Babylon\LocalUI\img\Btn\prarg.png
c:\programdata\Babylon\LocalUI\img\Btn\say_turnOn.gif
c:\programdata\Babylon\LocalUI\img\Btn\word.png
c:\programdata\Babylon\LocalUI\img\Btn\wordAnim.png
c:\programdata\Babylon\LocalUI\img\cmnty.css
c:\programdata\Babylon\LocalUI\img\cmnty\ajaxLoad.gif
c:\programdata\Babylon\LocalUI\img\cmnty\answerMsg.png
c:\programdata\Babylon\LocalUI\img\cmnty\answerNotifi_anima.png
c:\programdata\Babylon\LocalUI\img\cmnty\answrAnim.gif
c:\programdata\Babylon\LocalUI\img\cmnty\AnswrBtn.png
c:\programdata\Babylon\LocalUI\img\cmnty\AnswrBtn_.png
c:\programdata\Babylon\LocalUI\img\cmnty\answrMsg.png
c:\programdata\Babylon\LocalUI\img\cmnty\b1.png
c:\programdata\Babylon\LocalUI\img\cmnty\b2.png
c:\programdata\Babylon\LocalUI\img\cmnty\b3.png
c:\programdata\Babylon\LocalUI\img\cmnty\bg.png
c:\programdata\Babylon\LocalUI\img\cmnty\bluCloud.png
c:\programdata\Babylon\LocalUI\img\cmnty\clseBut.png
c:\programdata\Babylon\LocalUI\img\cmnty\cmntyBtn.png
c:\programdata\Babylon\LocalUI\img\cmnty\dislikeMsg (3).png
c:\programdata\Babylon\LocalUI\img\cmnty\dislikeMsg.png
c:\programdata\Babylon\LocalUI\img\cmnty\gngrBtn.png
c:\programdata\Babylon\LocalUI\img\cmnty\grnCloud.png
c:\programdata\Babylon\LocalUI\img\cmnty\likeMsg.png
c:\programdata\Babylon\LocalUI\img\cmnty\m1.png
c:\programdata\Babylon\LocalUI\img\cmnty\m3.png
c:\programdata\Babylon\LocalUI\img\cmnty\notif.png
c:\programdata\Babylon\LocalUI\img\cmnty\notifiAnim.gif
c:\programdata\Babylon\LocalUI\img\cmnty\numberStrip.png
c:\programdata\Babylon\LocalUI\img\cmnty\numberStripWh.png
c:\programdata\Babylon\LocalUI\img\cmnty\quesAnim.gif
c:\programdata\Babylon\LocalUI\img\cmnty\quesBtn.png
c:\programdata\Babylon\LocalUI\img\cmnty\quesBtn_.png
c:\programdata\Babylon\LocalUI\img\cmnty\quesMsg.png
c:\programdata\Babylon\LocalUI\img\cmnty\questionrNotifi_anima.png
c:\programdata\Babylon\LocalUI\img\cmnty\smallBut_.png
c:\programdata\Babylon\LocalUI\img\cmnty\t1.png
c:\programdata\Babylon\LocalUI\img\cmnty\t2.png
c:\programdata\Babylon\LocalUI\img\cmnty\t3.png
c:\programdata\Babylon\LocalUI\img\controls\arowDown.gif
c:\programdata\Babylon\LocalUI\img\controls\arowDown.png
c:\programdata\Babylon\LocalUI\img\controls\arowRight.gif
c:\programdata\Babylon\LocalUI\img\controls\arrowD.png
c:\programdata\Babylon\LocalUI\img\controls\arrowdown.png
c:\programdata\Babylon\LocalUI\img\controls\arrowL.gif
c:\programdata\Babylon\LocalUI\img\controls\arrowL.png
c:\programdata\Babylon\LocalUI\img\controls\arrowR.gif
c:\programdata\Babylon\LocalUI\img\controls\arrowR.png
c:\programdata\Babylon\LocalUI\img\controls\b9_preloader.gif
c:\programdata\Babylon\LocalUI\img\controls\btnFrm.png
c:\programdata\Babylon\LocalUI\img\controls\btnFrmShort.png
c:\programdata\Babylon\LocalUI\img\controls\btnGreen.png
c:\programdata\Babylon\LocalUI\img\controls\btnGreen_.png
c:\programdata\Babylon\LocalUI\img\controls\btnGreen2.png
c:\programdata\Babylon\LocalUI\img\controls\btnGreen3.png
c:\programdata\Babylon\LocalUI\img\controls\btnGreenX.png
c:\programdata\Babylon\LocalUI\img\controls\cart_icon.png
c:\programdata\Babylon\LocalUI\img\controls\cmntylogo.png
c:\programdata\Babylon\LocalUI\img\controls\community.png
c:\programdata\Babylon\LocalUI\img\controls\fb.png
c:\programdata\Babylon\LocalUI\img\controls\flags.png
c:\programdata\Babylon\LocalUI\img\controls\flags_.png
c:\programdata\Babylon\LocalUI\img\controls\karusela_arrowL.png
c:\programdata\Babylon\LocalUI\img\controls\lang_button.png
c:\programdata\Babylon\LocalUI\img\controls\langArrw.png
c:\programdata\Babylon\LocalUI\img\controls\langArrwRtl.png
c:\programdata\Babylon\LocalUI\img\controls\language_arrowR.png
c:\programdata\Babylon\LocalUI\img\controls\menuArr.gif
c:\programdata\Babylon\LocalUI\img\controls\menuArr.png
c:\programdata\Babylon\LocalUI\img\controls\menuArr_.png
c:\programdata\Babylon\LocalUI\img\controls\newWin.png
c:\programdata\Babylon\LocalUI\img\controls\say_turnOff.png
c:\programdata\Babylon\LocalUI\img\controls\search_arrowL.png
c:\programdata\Babylon\LocalUI\img\controls\search_arrowR.png
c:\programdata\Babylon\LocalUI\img\controls\shopingCrt.png
c:\programdata\Babylon\LocalUI\img\controls\shopingCrtFnl.png
c:\programdata\Babylon\LocalUI\img\controls\spling.png
c:\programdata\Babylon\LocalUI\img\controls\spyglass.gif
c:\programdata\Babylon\LocalUI\img\controls\spyglass.png
c:\programdata\Babylon\LocalUI\img\controls\spyglass2.png
c:\programdata\Babylon\LocalUI\img\controls\sysBtn.gif
c:\programdata\Babylon\LocalUI\img\controls\sysBtn.png
c:\programdata\Babylon\LocalUI\img\controls\TermBoxEdegs.png
c:\programdata\Babylon\LocalUI\img\controls\TermMiddle.png
c:\programdata\Babylon\LocalUI\img\controls\topMenu_button.png
c:\programdata\Babylon\LocalUI\img\controls\trmBoxRigt.png
c:\programdata\Babylon\LocalUI\img\dropdown\cmboxArr.png
c:\programdata\Babylon\LocalUI\img\dropdown\cmboxFrm.png
c:\programdata\Babylon\LocalUI\img\dropdown\dorpdown.htm
c:\programdata\Babylon\LocalUI\img\frame.css
c:\programdata\Babylon\LocalUI\img\frame\b1.png
c:\programdata\Babylon\LocalUI\img\frame\b1v2.png
c:\programdata\Babylon\LocalUI\img\frame\b2.png
c:\programdata\Babylon\LocalUI\img\frame\b3.png
c:\programdata\Babylon\LocalUI\img\frame\bg.png
c:\programdata\Babylon\LocalUI\img\frame\logo.png
c:\programdata\Babylon\LocalUI\img\frame\m1.png
c:\programdata\Babylon\LocalUI\img\frame\m1v2.png
c:\programdata\Babylon\LocalUI\img\frame\m2.png
c:\programdata\Babylon\LocalUI\img\frame\m3.png
c:\programdata\Babylon\LocalUI\img\frame\pTabTxt.png
c:\programdata\Babylon\LocalUI\img\frame\t1.png
c:\programdata\Babylon\LocalUI\img\frame\t1v2.png
c:\programdata\Babylon\LocalUI\img\frame\t2.png
c:\programdata\Babylon\LocalUI\img\frame\t3.png
c:\programdata\Babylon\LocalUI\img\frame\t3v2.png
c:\programdata\Babylon\LocalUI\img\frame\t4.png
c:\programdata\Babylon\LocalUI\img\frame\tabRpt1.png
c:\programdata\Babylon\LocalUI\img\frame\tabRpt1_hover.png
c:\programdata\Babylon\LocalUI\img\frame\tabRpt2.png
c:\programdata\Babylon\LocalUI\img\frame\tabRpt2_hover.png
c:\programdata\Babylon\LocalUI\img\frame\tabs.png
c:\programdata\Babylon\LocalUI\img\frame\Tabs\tb1.png
c:\programdata\Babylon\LocalUI\img\frame\tabsOvr.png
c:\programdata\Babylon\LocalUI\img\frame\wTabTxt.png
c:\programdata\Babylon\LocalUI\img\frame2\b1.png
c:\programdata\Babylon\LocalUI\img\frame2\b2.png
c:\programdata\Babylon\LocalUI\img\frame2\b3.png
c:\programdata\Babylon\LocalUI\img\frame2\logo.png
c:\programdata\Babylon\LocalUI\img\frame2\m1.png
c:\programdata\Babylon\LocalUI\img\frame2\m2.png
c:\programdata\Babylon\LocalUI\img\frame2\m3.png
c:\programdata\Babylon\LocalUI\img\frame2\t1.png
c:\programdata\Babylon\LocalUI\img\frame2\t2.png
c:\programdata\Babylon\LocalUI\img\frame2\t3.png
c:\programdata\Babylon\LocalUI\img\frame2\t4.png
c:\programdata\Babylon\LocalUI\img\Ftxt\btnBgLft.png
c:\programdata\Babylon\LocalUI\img\Ftxt\btnGreen.png
c:\programdata\Babylon\LocalUI\img\Ftxt\btnGreen_.png
c:\programdata\Babylon\LocalUI\img\Ftxt\btnOrange.png
c:\programdata\Babylon\LocalUI\img\Ftxt\btns_Bg.png
c:\programdata\Babylon\LocalUI\img\Ftxt\btnUpld.png
c:\programdata\Babylon\LocalUI\img\Ftxt\cmboxArr.png
c:\programdata\Babylon\LocalUI\img\Ftxt\cmboxFrm.png
c:\programdata\Babylon\LocalUI\img\Ftxt\file.png
c:\programdata\Babylon\LocalUI\img\Ftxt\flags.png
c:\programdata\Babylon\LocalUI\img\Ftxt\LngBdy.png
c:\programdata\Babylon\LocalUI\img\Ftxt\pause.png
c:\programdata\Babylon\LocalUI\img\Ftxt\SpkrNrml.png
c:\programdata\Babylon\LocalUI\img\Ftxt\spkrPause.png
c:\programdata\Babylon\LocalUI\img\Ftxt\spkrPlay.png
c:\programdata\Babylon\LocalUI\img\Ftxt\spkrResum.png
c:\programdata\Babylon\LocalUI\img\Ftxt\spkrStop.png
c:\programdata\Babylon\LocalUI\img\Ftxt\switchLng.png
c:\programdata\Babylon\LocalUI\img\Ftxt\switchLngRtl.png
c:\programdata\Babylon\LocalUI\img\Ftxt\ulBtn.png
c:\programdata\Babylon\LocalUI\img\Ftxt\ulBtn_.png
c:\programdata\Babylon\LocalUI\img\Ftxt\usa.png
c:\programdata\Babylon\LocalUI\img\main.css
c:\programdata\Babylon\LocalUI\img\rslt\bgleftcorner.gif
c:\programdata\Babylon\LocalUI\img\rslt\btmSplitr.png
c:\programdata\Babylon\LocalUI\img\rslt\btnFrmSml.png
c:\programdata\Babylon\LocalUI\img\rslt\ConvFlags.gif
c:\programdata\Babylon\LocalUI\img\rslt\convrt.gif
c:\programdata\Babylon\LocalUI\img\rslt\convrt.png
c:\programdata\Babylon\LocalUI\img\rslt\moreRsltCntr.png
c:\programdata\Babylon\LocalUI\img\rslt\moreRsltFinal.png
c:\programdata\Babylon\LocalUI\img\rslt\morRslts.gif
c:\programdata\Babylon\LocalUI\img\rslt\plusIcn.png
c:\programdata\Babylon\LocalUI\img\rslt\spelling.gif
c:\programdata\Babylon\LocalUI\img\rslt\spelling.png
c:\programdata\Babylon\LocalUI\img\rslt\tab.png
c:\programdata\Babylon\LocalUI\img\rslt\tcImg.png
c:\programdata\Babylon\LocalUI\img\text.css
c:\programdata\Babylon\LocalUI\img\word.css
c:\programdata\Babylon\LocalUI\js\baby.js
c:\programdata\Babylon\LocalUI\js\cmnty-test.js
c:\programdata\Babylon\LocalUI\js\cmnty.js
c:\programdata\Babylon\LocalUI\js\extrnl.js
c:\programdata\Babylon\LocalUI\js\extrnl.js.bak
c:\programdata\Babylon\LocalUI\js\frame.js
c:\programdata\Babylon\LocalUI\js\fTxt.js
c:\programdata\Babylon\LocalUI\js\tabs.js
c:\programdata\Babylon\LocalUI\js\word.js
c:\programdata\Babylon\LocalUI\pxl.gif
c:\programdata\Babylon\LocalUI\Sayit.htm
c:\programdata\Babylon\LocalUI\textrange.htm
c:\programdata\Babylon\LocalUI\uiver
c:\programdata\Babylon\LocalUI\wnd-ie6.html
c:\programdata\Babylon\LocalUI\wnd.html
c:\programdata\Babylon\sqlite3.dll
c:\users\Joe\AppData\Local\Babylon
c:\users\Joe\AppData\Local\Babylon\BabAll.bak
c:\users\Joe\AppData\Local\Babylon\Babylon_English.BGL
c:\users\Joe\AppData\Local\Babylon\Babylon_English_sub.BGL
c:\users\Joe\AppData\Local\Temp\9b93aee4-5d0f-43c6-98ae-ec0b1e7534ab\CliSecureRT.dll
c:\users\Joe\AppData\Roaming\Babylon
c:\users\Joe\AppData\Roaming\Babylon\BabylonTC.conf
c:\users\Joe\AppData\Roaming\Babylon\BabylonTC.log
c:\users\Joe\AppData\Roaming\Babylon\Content\icons\BTMJWKZGYE_glossary_icon.ico
c:\users\Joe\AppData\Roaming\Babylon\FLStat.dat
c:\users\Joe\AppData\Roaming\Babylon\log_file.txt
c:\users\Joe\AppData\Roaming\Babylon\MyList.dat
c:\users\Joe\AppData\Roaming\Babylon\ocr_cache
c:\users\Joe\AppData\Roaming\Babylon\ocr_data
c:\users\Joe\AppData\Roaming\Babylon\updates\convert.dat
c:\users\Joe\AppData\Roaming\Babylon\updates\rates.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-09-27 to 2011-10-27 )))))))))))))))))))))))))))))))
.
.
2011-10-27 00:55 . 2011-10-27 00:55 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-10-27 00:55 . 2011-10-27 00:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-27 00:29 . 2011-10-27 00:57 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2EC45F4B-03FE-4C23-800E-6274E6753641}\offreg.dll
2011-10-25 00:13 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2EC45F4B-03FE-4C23-800E-6274E6753641}\mpengine.dll
2011-10-22 16:35 . 2011-10-22 16:35 -------- d-----w- c:\program files (x86)\BabylonToolbar
2011-10-17 02:55 . 2011-10-17 02:55 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-10-11 02:34 . 2011-10-11 02:33 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C076B498-204D-4D7C-9901-DA3443ABEF5F}\gapaengine.dll
2011-10-04 19:18 . 2011-10-04 19:22 -------- d-----w- c:\users\Joe\AppData\Roaming\Synthesia
2011-10-04 19:11 . 2011-10-04 19:13 -------- d-----w- c:\program files (x86)\Synthesia
2011-10-01 18:32 . 2011-10-01 18:32 -------- d-----w- c:\users\Joe\AppData\Roaming\pymclevel
2011-09-29 02:05 . 2011-09-29 02:05 -------- d-----w- c:\users\Joe\AppData\Roaming\medsouz
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 04:16 . 2011-08-17 03:23 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-27 03:42 . 2011-08-27 03:42 2829 ----a-w- c:\windows\DiabUnin.pif
2011-08-27 03:42 . 2011-08-27 03:42 118784 ----a-w- c:\windows\DiabUnin.exe
2011-08-20 00:52 . 2011-08-20 00:52 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-08-20 00:47 . 2011-08-20 00:47 66328 ----a-w- c:\windows\system32\drivers\LGSHidFilt.Sys
2011-08-20 00:47 . 2011-08-20 00:47 1845528 ----a-w- c:\windows\system32\LkmdfCoInst.dll
2011-08-16 03:21 . 2011-09-08 00:03 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-08-06 22:49 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-03 11:50 . 2011-09-03 19:26 8355944 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-08-03 11:50 . 2011-09-03 19:26 7254632 ----a-w- c:\windows\system32\nvcuda.dll
2011-08-03 11:50 . 2011-09-03 19:26 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-03 11:50 . 2011-09-03 19:26 6613096 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-08-03 11:50 . 2011-09-03 19:26 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-08-03 11:50 . 2011-09-03 19:26 5404776 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-08-03 11:50 . 2011-09-03 19:26 2532456 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-03 11:50 . 2011-09-03 19:26 24692840 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-03 11:50 . 2011-09-03 19:26 2391656 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-08-03 11:50 . 2011-09-03 19:26 2222184 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-03 11:50 . 2011-09-03 19:26 2090088 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-08-03 11:50 . 2011-09-03 19:26 17193576 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-08-03 11:50 . 2011-09-03 19:26 16595560 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-08-03 11:50 . 2011-09-03 19:26 1519720 ----a-w- c:\windows\system32\nvdispco64.dll
2011-08-03 11:50 . 2011-09-03 19:26 15064168 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-08-03 11:50 . 2011-09-03 19:26 1453160 ----a-w- c:\windows\system32\nvgenco64.dll
2011-08-03 11:50 . 2011-09-03 19:26 12909672 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-08-03 11:50 . 2011-02-23 14:28 22470248 ----a-w- c:\windows\system32\nvoglv64.dll
2011-08-03 11:50 . 2011-01-08 02:49 836200 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-08-03 11:50 . 2011-01-08 02:49 6136936 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:50 . 2011-01-08 02:49 3021416 ----a-w- c:\windows\system32\nvsvc64.dll
2011-08-03 11:50 . 2011-01-08 02:48 980072 ----a-w- c:\windows\system32\nvvsvc.exe
2011-08-03 11:50 . 2011-01-08 02:48 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-03 11:50 . 2010-08-06 00:43 12636776 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-08-03 11:50 . 2010-06-01 21:49 2412136 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-08-03 11:50 . 2009-07-15 05:54 2758760 ----a-w- c:\windows\system32\nvapi64.dll
2011-08-03 11:50 . 2009-07-14 18:08 61544 ----a-w- c:\windows\system32\nvshext.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-26_13.18.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-10-26 13:17 . 2011-10-26 13:17 53248 c:\windows\Temp\wodCmdTerm.exe
+ 2011-10-27 00:57 . 2011-10-27 00:57 53248 c:\windows\Temp\wodCmdTerm.exe
+ 2009-07-14 04:54 . 2011-10-27 00:57 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-10-26 13:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-10-26 13:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-10-27 00:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-10-27 00:57 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-26 13:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-30 00:19 . 2011-10-27 01:00 81124 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-10-27 01:00 34308 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-09-12 03:07 . 2011-10-27 01:00 22480 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4174676936-2142736387-3720375477-1001_UserData.bin
- 2009-09-12 03:07 . 2011-10-26 13:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-12 03:07 . 2011-10-27 01:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-09-12 03:07 . 2011-10-26 13:19 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-12 03:07 . 2011-10-27 01:00 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-12 03:07 . 2011-10-27 01:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-09-12 03:07 . 2011-10-26 13:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-12 03:07 . 2011-10-27 01:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-09-12 03:07 . 2011-10-26 13:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-12 03:07 . 2011-10-27 01:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-09-12 03:07 . 2011-10-26 13:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-26 13:17 . 2011-10-26 13:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-27 00:57 . 2011-10-27 00:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-26 13:17 . 2011-10-26 13:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-27 00:57 . 2011-10-27 00:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2011-10-27 00:55 444708 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-10-26 00:10 444708 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-06-05 20:27 . 2011-10-27 00:55 2383468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4174676936-2142736387-3720375477-1001-12288.dat
- 2010-06-05 20:27 . 2011-10-26 00:10 2383468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4174676936-2142736387-3720375477-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"$Volumouse$"="c:\users\Joe\Downloads\volumouse_beta-x64\volumouse.exe" [2011-03-28 86528]
"SugarSync"="c:\program files (x86)\SugarSync\SugarSyncManager.exe" [2011-09-29 16084992]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-10-16 2363392]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-04-29 934800]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-04-29 3373968]
"ShutdownGuard"="c:\users\Joe\Downloads\ShutdownGuard\ShutdownGuard.exe" [2010-12-05 46080]
"MusicManager"="c:\users\Joe\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2011-09-14 13128704]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-04-29 19856]
"BandwidthMonitor"="c:\users\Joe\Desktop\toolbox\bwmonitorexes\BWMonitor.exe" [2007-09-16 213398]
"chromium"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2011-10-21 1036344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FileZilla Server Interface"="c:\program files (x86)\FileZilla Server\FileZilla Server Interface.exe" [2009-09-06 1230336]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2011-03-26 64112]
"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-28 585728]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"MSIAfterburner"="c:\program files (x86)\MSI Afterburner\MSIAfterburnerWrapper.exe" [2010-05-27 44344]
.
c:\users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Joe\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
Update Tool Notifier.exe [2011-7-28 145552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\MSI\Star Key Bluetooth Software\BTTray.exe [2006-11-21 982832]
Monitor Apache Servers.lnk - c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2009-9-28 41051]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-30 136176]
R2 IDriveE Service;IDriveE Service;c:\users\Joe\Documents\IDrive\IDriveE Service.exe [x]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-30 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 NVIDIAHWAccess;NVIDIAHWAccess;c:\users\Joe\AppData\Roaming\NVIDIA\HWAccess.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Joe\Desktop\toolbox\realtemp\WinRing0x64.sys [2008-07-27 14544]
R4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1767816]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Apache2.2;Apache2.2;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2009-09-29 24645]
S2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-06-24 91456]
S2 MySQL51;MySQL51;c:\program files\MySQL\MySQL Server 5.1\bin\mysqld --defaults-file=c:\program files\MySQL\MySQL Server 5.1\my.ini MySQL51 [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 PC Monitor;PC Monitor;c:\program files (x86)\PC Monitor\PCMonitorSrv.exe [2011-10-21 299840]
S2 ruon.neton;R-U-ON NetOn;c:\program files (x86)\ruon.neton\neton.exe service [x]
S2 ruon.processon;R-U-ON ProcessOn;c:\program files (x86)\ruon.processon\processon.exe service [x]
S2 ruon.serveron;R-U-ON ServerOn;c:\program files (x86)\ruon.serveron\serveron.exe service [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S2 VisualSVNServer;VisualSVN Server;c:\program files (x86)\VisualSVN Server\bin\VisualSVNServer.exe [2010-02-12 23840]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-26 539248]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 19:49 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-30 05:37]
.
2011-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-30 05:37]
.
2011-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4174676936-2142736387-3720375477-1001Core.job
- c:\users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-26 05:37]
.
2011-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4174676936-2142736387-3720375477-1001UA.job
- c:\users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-26 05:37]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2011-09-29 21:27 405504 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2011-09-29 21:27 405504 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2011-09-29 21:27 405504 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2011-09-29 21:27 405504 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-01 8095776]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-06-15 110360]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
TCP: Interfaces\{505667FC-1BB3-4DBD-AF13-34012DBDCCD0}: NameServer = 68.87.85.98,68.87.69.146
TCP: Interfaces\{6400A2BA-365F-459B-BD51-0F2826936A98}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{FCEFAB06-3FD1-47EA-B9F4-65FE5B0A230B}: NameServer = 68.87.85.98,68.87.69.146
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-Babylon Client - c:\program files (x86)\Babylon\Babylon-Pro\Babylon.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL51]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL51"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4174676936-2142736387-3720375477-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:56,d0,73,a0,63,11,40,dc,55,0f,5d,f5,ad,0f,cf,03,d8,62,23,38,07,32,dd,
0e,e5,18,66,cc,6e,59,16,fb,b9,da,66,fe,94,a4,f5,67,1f,16,4b,96,ac,84,15,39,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-4174676936-2142736387-3720375477-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\FileZilla Server\FileZilla Server.exe
c:\program files (x86)\freeSSHd\FreeSSHDService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\ruon.neton\neton.exe
c:\program files (x86)\ruon.processon\processon.exe
c:\program files (x86)\ruon.serveron\serveron.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\users\Joe\Downloads\volumouse_beta-x64\volumouse32.exe
c:\users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update Tool Notifier.exe
c:\program files\Logitech Gaming Software\plugins\LCDAppletsMono-8.00.048\Applets\x86\LCDMedia.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2011-10-26 19:08:06 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-27 01:08
ComboFix2.txt 2011-10-26 13:29
.
Pre-Run: 19,571,367,936 bytes free
Post-Run: 19,823,824,896 bytes free
.
- - End Of File - - FC5481C4CB99E37FCDFD89B8CCAFF73D

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:44 AM

Posted 26 October 2011 - 08:23 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..
Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts


TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

If you have problems running Hijackthis.

sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 jab416171

jab416171
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 27 October 2011 - 09:05 PM

Yes, I am aware that I have uTorrent installed. Are there any other P2P applications installed that I should be aware of?

I'm still having problems with booting up and my computer randomly freezing during the day. I go to school during the day and leave it on, and the past few days, it was unresponsive when I came home, so I was forced to hard reboot, which takes about 4-5 tries before it actually boots up and doesn't just stall while booting up.



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8027

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

10/26/2011 21:43:06
mbam-log-2011-10-26 (21-43-06).txt

Scan type: Quick scan
Objects scanned: 203467
Time elapsed: 3 minute(s), 18 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
c:\Users\Joe\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\update tool notifier.exe (Trojan.Agent) -> 3836 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Joe\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\update tool notifier.exe (Trojan.Agent) -> Quarantined and deleted successfully.





Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:04:00, on 10/27/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\SugarSync\SugarSyncManager.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Users\Joe\Downloads\volumouse_beta-x64\volumouse32.exe
C:\Users\Joe\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Users\Joe\Desktop\toolbox\bwmonitorexes\BWMonitor.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe
C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Users\Joe\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.00.048\Applets\x86\LCDMedia.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Joe\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Trend Micro\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [MSIAfterburner] "C:\Program Files (x86)\MSI Afterburner\MSIAfterburnerWrapper.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [$Volumouse$] "C:\Users\Joe\Downloads\volumouse_beta-x64\volumouse.exe" /nodlg
O4 - HKCU\..\Run: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [ShutdownGuard] "C:\Users\Joe\Downloads\ShutdownGuard\ShutdownGuard.exe"
O4 - HKCU\..\Run: [MusicManager] "C:\Users\Joe\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [BandwidthMonitor] C:\Users\Joe\Desktop\toolbox\bwmonitorexes\BWMonitor.exe
O4 - HKCU\..\Run: [chromium] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window
O4 - HKUS\S-1-5-21-4174676936-2142736387-3720375477-1013\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-4174676936-2142736387-3720375477-1013\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Dropbox.lnk = C:\Users\Joe\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware player\vsocklib.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{505667FC-1BB3-4DBD-AF13-34012DBDCCD0}: NameServer = 68.87.85.98,68.87.69.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{6400A2BA-365F-459B-BD51-0F2826936A98}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{FCEFAB06-3FD1-47EA-B9F4-65FE5B0A230B}: NameServer = 68.87.85.98,68.87.69.146
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FreeSSHDService - Unknown owner - C:\Program Files (x86)\freeSSHd\FreeSSHDService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IDriveE Service - Unknown owner - C:\Users\Joe\Documents\IDrive\IDriveE Service.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LMIGuardianSvc - Unknown owner - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (file missing)
O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL51 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PC Monitor - MMSOFT Design Ltd. - C:\Program Files (x86)\PC Monitor\PCMonitorSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: R-U-ON NetOn (ruon.neton) - Unknown owner - C:\Program Files (x86)\ruon.neton\neton.exe
O23 - Service: R-U-ON ProcessOn (ruon.processon) - Unknown owner - C:\Program Files (x86)\ruon.processon\processon.exe
O23 - Service: R-U-ON ServerOn (ruon.serveron) - Unknown owner - C:\Program Files (x86)\ruon.serveron\serveron.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VisualSVN Server (VisualSVNServer) - Apache Software Foundation - C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 18090 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:44 AM

Posted 27 October 2011 - 09:18 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 jab416171

jab416171
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 27 October 2011 - 10:17 PM

21:16:21.0891 7940 TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21
21:16:22.0548 7940 ============================================================
21:16:22.0548 7940 Current date / time: 2011/10/27 21:16:22.0548
21:16:22.0548 7940 SystemInfo:
21:16:22.0548 7940
21:16:22.0549 7940 OS Version: 6.1.7601 ServicePack: 1.0
21:16:22.0549 7940 Product type: Workstation
21:16:22.0549 7940 ComputerName: JOE-PC
21:16:22.0549 7940 UserName: Joe
21:16:22.0549 7940 Windows directory: C:\Windows
21:16:22.0549 7940 System windows directory: C:\Windows
21:16:22.0549 7940 Running under WOW64
21:16:22.0549 7940 Processor architecture: Intel x64
21:16:22.0549 7940 Number of processors: 4
21:16:22.0549 7940 Page size: 0x1000
21:16:22.0549 7940 Boot type: Normal boot
21:16:22.0549 7940 ============================================================
21:16:23.0867 7940 Initialize success
21:16:29.0338 6864 ============================================================
21:16:29.0338 6864 Scan started
21:16:29.0338 6864 Mode: Manual;
21:16:29.0338 6864 ============================================================
21:16:30.0881 6864 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:16:30.0884 6864 1394ohci - ok
21:16:30.0951 6864 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:16:30.0955 6864 ACPI - ok
21:16:31.0008 6864 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:16:31.0009 6864 AcpiPmi - ok
21:16:31.0055 6864 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:16:31.0072 6864 adp94xx - ok
21:16:31.0109 6864 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:16:31.0113 6864 adpahci - ok
21:16:31.0139 6864 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:16:31.0141 6864 adpu320 - ok
21:16:31.0219 6864 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
21:16:31.0224 6864 AFD - ok
21:16:31.0298 6864 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:16:31.0300 6864 agp440 - ok
21:16:31.0338 6864 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:16:31.0340 6864 aliide - ok
21:16:31.0359 6864 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:16:31.0361 6864 amdide - ok
21:16:31.0395 6864 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:16:31.0397 6864 AmdK8 - ok
21:16:31.0405 6864 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:16:31.0407 6864 AmdPPM - ok
21:16:31.0468 6864 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:16:31.0470 6864 amdsata - ok
21:16:31.0501 6864 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:16:31.0504 6864 amdsbs - ok
21:16:31.0523 6864 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:16:31.0524 6864 amdxata - ok
21:16:31.0603 6864 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
21:16:31.0604 6864 androidusb - ok
21:16:31.0726 6864 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:16:31.0727 6864 AppID - ok
21:16:31.0792 6864 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:16:31.0794 6864 arc - ok
21:16:31.0812 6864 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:16:31.0814 6864 arcsas - ok
21:16:31.0912 6864 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:16:31.0913 6864 AsyncMac - ok
21:16:31.0963 6864 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:16:31.0963 6864 atapi - ok
21:16:32.0043 6864 AX88772 (594931a6353318ee9d77a9ceafddee21) C:\Windows\system32\DRIVERS\ax88772.sys
21:16:32.0045 6864 AX88772 - ok
21:16:32.0132 6864 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:16:32.0137 6864 b06bdrv - ok
21:16:32.0192 6864 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:16:32.0195 6864 b57nd60a - ok
21:16:32.0258 6864 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:16:32.0259 6864 Beep - ok
21:16:32.0296 6864 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:16:32.0297 6864 blbdrive - ok
21:16:32.0348 6864 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:16:32.0350 6864 bowser - ok
21:16:32.0385 6864 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:16:32.0387 6864 BrFiltLo - ok
21:16:32.0397 6864 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:16:32.0398 6864 BrFiltUp - ok
21:16:32.0415 6864 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:16:32.0419 6864 Brserid - ok
21:16:32.0428 6864 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:16:32.0430 6864 BrSerWdm - ok
21:16:32.0439 6864 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:16:32.0440 6864 BrUsbMdm - ok
21:16:32.0450 6864 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:16:32.0451 6864 BrUsbSer - ok
21:16:32.0518 6864 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
21:16:32.0519 6864 BthEnum - ok
21:16:32.0567 6864 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:16:32.0568 6864 BTHMODEM - ok
21:16:32.0641 6864 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:16:32.0643 6864 BthPan - ok
21:16:32.0765 6864 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
21:16:32.0771 6864 BTHPORT - ok
21:16:32.0827 6864 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
21:16:32.0829 6864 BTHUSB - ok
21:16:32.0883 6864 btwaudio (c865b044e9563366a95883c09edc0463) C:\Windows\system32\drivers\btwaudio.sys
21:16:32.0886 6864 btwaudio - ok
21:16:32.0909 6864 btwavdt (ffcc977400d6db43d3420455d0e131c3) C:\Windows\system32\DRIVERS\btwavdt.sys
21:16:32.0911 6864 btwavdt - ok
21:16:32.0927 6864 btwrchid (709e54f3caeaaa0f7bd1d3322bd90809) C:\Windows\system32\DRIVERS\btwrchid.sys
21:16:32.0928 6864 btwrchid - ok
21:16:32.0976 6864 catchme - ok
21:16:33.0059 6864 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:16:33.0061 6864 cdfs - ok
21:16:33.0143 6864 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:16:33.0145 6864 cdrom - ok
21:16:33.0217 6864 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:16:33.0219 6864 circlass - ok
21:16:33.0253 6864 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:16:33.0258 6864 CLFS - ok
21:16:33.0343 6864 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:16:33.0345 6864 CmBatt - ok
21:16:33.0395 6864 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:16:33.0396 6864 cmdide - ok
21:16:33.0453 6864 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
21:16:33.0459 6864 CNG - ok
21:16:33.0484 6864 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:16:33.0485 6864 Compbatt - ok
21:16:33.0547 6864 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:16:33.0548 6864 CompositeBus - ok
21:16:33.0589 6864 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:16:33.0590 6864 crcdisk - ok
21:16:33.0754 6864 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
21:16:33.0804 6864 CSC - ok
21:16:33.0958 6864 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:16:33.0961 6864 DfsC - ok
21:16:34.0012 6864 dg_ssudbus (a64cc0b5d93f25bf5d052a1febe71e68) C:\Windows\system32\DRIVERS\ssudbus.sys
21:16:34.0015 6864 dg_ssudbus - ok
21:16:34.0044 6864 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:16:34.0045 6864 discache - ok
21:16:34.0082 6864 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:16:34.0084 6864 Disk - ok
21:16:34.0130 6864 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:16:34.0131 6864 drmkaud - ok
21:16:34.0204 6864 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:16:34.0221 6864 DXGKrnl - ok
21:16:34.0363 6864 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:16:34.0447 6864 ebdrv - ok
21:16:34.0538 6864 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:16:34.0547 6864 elxstor - ok
21:16:34.0606 6864 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:16:34.0607 6864 ErrDev - ok
21:16:34.0689 6864 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:16:34.0692 6864 exfat - ok
21:16:34.0725 6864 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:16:34.0730 6864 fastfat - ok
21:16:34.0761 6864 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:16:34.0763 6864 fdc - ok
21:16:34.0795 6864 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:16:34.0797 6864 FileInfo - ok
21:16:34.0821 6864 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:16:34.0823 6864 Filetrace - ok
21:16:34.0930 6864 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:16:34.0931 6864 flpydisk - ok
21:16:35.0011 6864 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:16:35.0015 6864 FltMgr - ok
21:16:35.0079 6864 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:16:35.0080 6864 FsDepends - ok
21:16:35.0098 6864 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:16:35.0099 6864 Fs_Rec - ok
21:16:35.0181 6864 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:16:35.0185 6864 fvevol - ok
21:16:35.0238 6864 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:16:35.0240 6864 gagp30kx - ok
21:16:35.0416 6864 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
21:16:35.0417 6864 hamachi - ok
21:16:35.0576 6864 hcmon (d5fa01185a7d5a65724fd87b34e53f5b) C:\Windows\system32\drivers\hcmon.sys
21:16:35.0577 6864 hcmon - ok
21:16:35.0601 6864 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:16:35.0603 6864 hcw85cir - ok
21:16:35.0681 6864 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:16:35.0686 6864 HdAudAddService - ok
21:16:35.0742 6864 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:16:35.0744 6864 HDAudBus - ok
21:16:35.0772 6864 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:16:35.0773 6864 HidBatt - ok
21:16:35.0790 6864 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:16:35.0792 6864 HidBth - ok
21:16:35.0809 6864 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:16:35.0811 6864 HidIr - ok
21:16:35.0877 6864 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:16:35.0879 6864 HidUsb - ok
21:16:35.0967 6864 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:16:35.0969 6864 HpSAMD - ok
21:16:36.0031 6864 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
21:16:36.0032 6864 HTCAND64 - ok
21:16:36.0097 6864 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
21:16:36.0099 6864 htcnprot - ok
21:16:36.0185 6864 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:16:36.0203 6864 HTTP - ok
21:16:36.0253 6864 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:16:36.0254 6864 hwpolicy - ok
21:16:36.0325 6864 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:16:36.0328 6864 i8042prt - ok
21:16:36.0401 6864 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:16:36.0407 6864 iaStorV - ok
21:16:36.0559 6864 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:16:36.0561 6864 iirsp - ok
21:16:36.0691 6864 IntcAzAudAddService (a9638fa0fb0c5b86229c3fd809ce8cff) C:\Windows\system32\drivers\RTKVHD64.sys
21:16:36.0750 6864 IntcAzAudAddService - ok
21:16:36.0823 6864 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:16:36.0824 6864 intelide - ok
21:16:36.0858 6864 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:16:36.0859 6864 intelppm - ok
21:16:36.0910 6864 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:16:36.0912 6864 IpFilterDriver - ok
21:16:36.0961 6864 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:16:36.0963 6864 IPMIDRV - ok
21:16:36.0993 6864 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:16:36.0996 6864 IPNAT - ok
21:16:37.0043 6864 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:16:37.0046 6864 IRENUM - ok
21:16:37.0110 6864 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:16:37.0111 6864 isapnp - ok
21:16:37.0136 6864 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:16:37.0141 6864 iScsiPrt - ok
21:16:37.0194 6864 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:16:37.0196 6864 kbdclass - ok
21:16:37.0266 6864 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:16:37.0267 6864 kbdhid - ok
21:16:37.0326 6864 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
21:16:37.0329 6864 KSecDD - ok
21:16:37.0342 6864 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
21:16:37.0346 6864 KSecPkg - ok
21:16:37.0376 6864 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:16:37.0377 6864 ksthunk - ok
21:16:37.0495 6864 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
21:16:37.0496 6864 LGBusEnum - ok
21:16:37.0541 6864 LGSHidFilt (6eb4aff7873275925a6eb2efeb5be933) C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
21:16:37.0543 6864 LGSHidFilt - ok
21:16:37.0568 6864 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
21:16:37.0569 6864 LGVirHid - ok
21:16:37.0617 6864 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:16:37.0619 6864 lltdio - ok
21:16:37.0737 6864 LMIInfo - ok
21:16:37.0846 6864 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
21:16:37.0847 6864 lmimirr - ok
21:16:37.0887 6864 LMIRfsClientNP - ok
21:16:37.0924 6864 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
21:16:37.0926 6864 LMIRfsDriver - ok
21:16:37.0989 6864 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:16:37.0992 6864 LSI_FC - ok
21:16:38.0007 6864 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:16:38.0010 6864 LSI_SAS - ok
21:16:38.0056 6864 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:16:38.0058 6864 LSI_SAS2 - ok
21:16:38.0175 6864 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:16:38.0215 6864 LSI_SCSI - ok
21:16:38.0249 6864 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:16:38.0250 6864 luafv - ok
21:16:38.0278 6864 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:16:38.0280 6864 megasas - ok
21:16:38.0310 6864 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:16:38.0313 6864 MegaSR - ok
21:16:38.0346 6864 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:16:38.0348 6864 Modem - ok
21:16:38.0375 6864 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:16:38.0376 6864 monitor - ok
21:16:38.0458 6864 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:16:38.0460 6864 mouclass - ok
21:16:38.0521 6864 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:16:38.0523 6864 mouhid - ok
21:16:38.0595 6864 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:16:38.0596 6864 mountmgr - ok
21:16:38.0675 6864 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
21:16:38.0679 6864 MpFilter - ok
21:16:38.0748 6864 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:16:38.0751 6864 mpio - ok
21:16:38.0794 6864 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
21:16:38.0796 6864 MpNWMon - ok
21:16:38.0833 6864 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:16:38.0834 6864 mpsdrv - ok
21:16:38.0899 6864 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:16:38.0902 6864 MRxDAV - ok
21:16:38.0990 6864 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:16:38.0992 6864 mrxsmb - ok
21:16:39.0049 6864 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:16:39.0053 6864 mrxsmb10 - ok
21:16:39.0064 6864 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:16:39.0066 6864 mrxsmb20 - ok
21:16:39.0121 6864 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:16:39.0123 6864 msahci - ok
21:16:39.0179 6864 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:16:39.0182 6864 msdsm - ok
21:16:39.0228 6864 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:16:39.0230 6864 Msfs - ok
21:16:39.0250 6864 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:16:39.0251 6864 mshidkmdf - ok
21:16:39.0306 6864 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:16:39.0308 6864 msisadrv - ok
21:16:39.0374 6864 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:16:39.0375 6864 MSKSSRV - ok
21:16:39.0415 6864 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:16:39.0416 6864 MSPCLOCK - ok
21:16:39.0438 6864 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:16:39.0439 6864 MSPQM - ok
21:16:39.0525 6864 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:16:39.0529 6864 MsRPC - ok
21:16:39.0586 6864 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:16:39.0587 6864 mssmbios - ok
21:16:39.0626 6864 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:16:39.0627 6864 MSTEE - ok
21:16:39.0646 6864 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:16:39.0648 6864 MTConfig - ok
21:16:39.0708 6864 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:16:39.0711 6864 Mup - ok
21:16:39.0809 6864 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:16:39.0813 6864 NativeWifiP - ok
21:16:39.0950 6864 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:16:39.0984 6864 NDIS - ok
21:16:40.0042 6864 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:16:40.0043 6864 NdisCap - ok
21:16:40.0066 6864 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:16:40.0067 6864 NdisTapi - ok
21:16:40.0119 6864 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:16:40.0121 6864 Ndisuio - ok
21:16:40.0159 6864 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:16:40.0162 6864 NdisWan - ok
21:16:40.0199 6864 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:16:40.0200 6864 NDProxy - ok
21:16:40.0250 6864 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:16:40.0252 6864 NetBIOS - ok
21:16:40.0307 6864 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:16:40.0311 6864 NetBT - ok
21:16:40.0437 6864 netr7364 (621559a521682a888d83db34c6ec0bf8) C:\Windows\system32\DRIVERS\netr7364.sys
21:16:40.0454 6864 netr7364 - ok
21:16:40.0536 6864 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:16:40.0538 6864 nfrd960 - ok
21:16:40.0592 6864 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:16:40.0594 6864 NisDrv - ok
21:16:40.0694 6864 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:16:40.0695 6864 Npfs - ok
21:16:40.0734 6864 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:16:40.0735 6864 nsiproxy - ok
21:16:40.0835 6864 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:16:40.0896 6864 Ntfs - ok
21:16:40.0916 6864 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:16:40.0917 6864 Null - ok
21:16:40.0975 6864 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
21:16:40.0980 6864 NVENETFD - ok
21:16:41.0090 6864 NVIDIAHWAccess - ok
21:16:41.0427 6864 nvlddmkm (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:16:41.0648 6864 nvlddmkm - ok
21:16:41.0739 6864 NVNET (c42c32bf90a78d72d4b7c144ff907fb6) C:\Windows\system32\DRIVERS\nvmf6264.sys
21:16:41.0744 6864 NVNET - ok
21:16:41.0796 6864 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:16:41.0798 6864 nvraid - ok
21:16:41.0849 6864 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:16:41.0853 6864 nvstor - ok
21:16:41.0913 6864 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys
21:16:41.0914 6864 nvstor64 - ok
21:16:42.0016 6864 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:16:42.0019 6864 nv_agp - ok
21:16:42.0095 6864 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:16:42.0097 6864 ohci1394 - ok
21:16:42.0233 6864 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:16:42.0235 6864 Parport - ok
21:16:42.0288 6864 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:16:42.0290 6864 partmgr - ok
21:16:42.0366 6864 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:16:42.0369 6864 pci - ok
21:16:42.0386 6864 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:16:42.0387 6864 pciide - ok
21:16:42.0419 6864 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:16:42.0424 6864 pcmcia - ok
21:16:42.0443 6864 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:16:42.0445 6864 pcw - ok
21:16:42.0479 6864 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:16:42.0486 6864 PEAUTH - ok
21:16:42.0594 6864 pgfilter - ok
21:16:42.0734 6864 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:16:42.0736 6864 PptpMiniport - ok
21:16:42.0784 6864 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:16:42.0786 6864 Processor - ok
21:16:42.0867 6864 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:16:42.0869 6864 Psched - ok
21:16:42.0932 6864 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:16:42.0967 6864 ql2300 - ok
21:16:43.0011 6864 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:16:43.0014 6864 ql40xx - ok
21:16:43.0049 6864 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:16:43.0051 6864 QWAVEdrv - ok
21:16:43.0085 6864 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:16:43.0086 6864 RasAcd - ok
21:16:43.0129 6864 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:16:43.0131 6864 RasAgileVpn - ok
21:16:43.0195 6864 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:16:43.0197 6864 Rasl2tp - ok
21:16:43.0250 6864 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:16:43.0252 6864 RasPppoe - ok
21:16:43.0294 6864 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:16:43.0295 6864 RasSstp - ok
21:16:43.0350 6864 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:16:43.0354 6864 rdbss - ok
21:16:43.0396 6864 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:16:43.0397 6864 rdpbus - ok
21:16:43.0419 6864 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:16:43.0421 6864 RDPCDD - ok
21:16:43.0478 6864 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
21:16:43.0481 6864 RDPDR - ok
21:16:43.0541 6864 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:16:43.0542 6864 RDPENCDD - ok
21:16:43.0567 6864 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:16:43.0568 6864 RDPREFMP - ok
21:16:43.0625 6864 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:16:43.0628 6864 RDPWD - ok
21:16:43.0722 6864 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:16:43.0726 6864 rdyboost - ok
21:16:43.0820 6864 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
21:16:43.0824 6864 RFCOMM - ok
21:16:43.0884 6864 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
21:16:43.0886 6864 RimUsb - ok
21:16:44.0024 6864 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:16:44.0073 6864 rspndr - ok
21:16:44.0134 6864 RTL8023x64 (68dd0457d18fccef7384ae84022f0c86) C:\Windows\system32\DRIVERS\Rtnic64.sys
21:16:44.0136 6864 RTL8023x64 - ok
21:16:44.0277 6864 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
21:16:44.0279 6864 s3cap - ok
21:16:44.0333 6864 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:16:44.0335 6864 sbp2port - ok
21:16:44.0416 6864 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:16:44.0417 6864 scfilter - ok
21:16:44.0461 6864 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:16:44.0463 6864 secdrv - ok
21:16:44.0488 6864 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:16:44.0490 6864 Serenum - ok
21:16:44.0527 6864 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:16:44.0529 6864 Serial - ok
21:16:44.0581 6864 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:16:44.0583 6864 sermouse - ok
21:16:44.0643 6864 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:16:44.0645 6864 sffdisk - ok
21:16:44.0656 6864 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:16:44.0658 6864 sffp_mmc - ok
21:16:44.0667 6864 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:16:44.0668 6864 sffp_sd - ok
21:16:44.0697 6864 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:16:44.0698 6864 sfloppy - ok
21:16:44.0732 6864 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:16:44.0734 6864 SiSRaid2 - ok
21:16:44.0757 6864 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:16:44.0759 6864 SiSRaid4 - ok
21:16:44.0793 6864 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:16:44.0795 6864 Smb - ok
21:16:44.0835 6864 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:16:44.0836 6864 spldr - ok
21:16:44.0949 6864 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
21:16:44.0968 6864 sptd - ok
21:16:45.0047 6864 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:16:45.0052 6864 srv - ok
21:16:45.0106 6864 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:16:45.0111 6864 srv2 - ok
21:16:45.0133 6864 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:16:45.0136 6864 srvnet - ok
21:16:45.0207 6864 ssadbus (d52282225d5bd73a9cbf420699d1a0fe) C:\Windows\system32\DRIVERS\ssadbus.sys
21:16:45.0210 6864 ssadbus - ok
21:16:45.0256 6864 ssadmdfl (f7936ac6e8437e10e1ae488ce21f3086) C:\Windows\system32\DRIVERS\ssadmdfl.sys
21:16:45.0258 6864 ssadmdfl - ok
21:16:45.0287 6864 ssadmdm (1fe033372a58c67b3ecca903fc637b36) C:\Windows\system32\DRIVERS\ssadmdm.sys
21:16:45.0290 6864 ssadmdm - ok
21:16:45.0345 6864 sscdbus (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys
21:16:45.0348 6864 sscdbus - ok
21:16:45.0411 6864 sscdmdfl (4cb09e77593dbd8d7af33b37375ca715) C:\Windows\system32\DRIVERS\sscdmdfl.sys
21:16:45.0413 6864 sscdmdfl - ok
21:16:45.0445 6864 sscdmdm (c7b4cf53497a6e5363f3439427663882) C:\Windows\system32\DRIVERS\sscdmdm.sys
21:16:45.0449 6864 sscdmdm - ok
21:16:45.0570 6864 ssudmdm (a3db02b3fe0884e9167e457d167c8a73) C:\Windows\system32\DRIVERS\ssudmdm.sys
21:16:45.0573 6864 ssudmdm - ok
21:16:45.0618 6864 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:16:45.0620 6864 stexstor - ok
21:16:45.0713 6864 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
21:16:45.0715 6864 storflt - ok
21:16:45.0738 6864 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
21:16:45.0739 6864 storvsc - ok
21:16:45.0791 6864 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:16:45.0792 6864 swenum - ok
21:16:45.0893 6864 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
21:16:45.0961 6864 Tcpip - ok
21:16:46.0060 6864 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
21:16:46.0070 6864 TCPIP6 - ok
21:16:46.0128 6864 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:16:46.0129 6864 tcpipreg - ok
21:16:46.0167 6864 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:16:46.0168 6864 TDPIPE - ok
21:16:46.0190 6864 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:16:46.0192 6864 TDTCP - ok
21:16:46.0272 6864 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:16:46.0275 6864 tdx - ok
21:16:46.0349 6864 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:16:46.0351 6864 TermDD - ok
21:16:46.0445 6864 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:16:46.0446 6864 tssecsrv - ok
21:16:46.0517 6864 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:16:46.0519 6864 TsUsbFlt - ok
21:16:46.0597 6864 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:16:46.0600 6864 tunnel - ok
21:16:46.0650 6864 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:16:46.0652 6864 uagp35 - ok
21:16:46.0723 6864 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:16:46.0727 6864 udfs - ok
21:16:46.0834 6864 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:16:46.0835 6864 uliagpkx - ok
21:16:46.0868 6864 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:16:46.0869 6864 umbus - ok
21:16:46.0900 6864 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:16:46.0901 6864 UmPass - ok
21:16:46.0973 6864 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
21:16:46.0975 6864 usbaudio - ok
21:16:47.0026 6864 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:16:47.0028 6864 usbccgp - ok
21:16:47.0066 6864 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:16:47.0068 6864 usbcir - ok
21:16:47.0124 6864 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:16:47.0126 6864 usbehci - ok
21:16:47.0202 6864 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:16:47.0206 6864 usbhub - ok
21:16:47.0267 6864 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
21:16:47.0268 6864 usbohci - ok
21:16:47.0302 6864 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:16:47.0303 6864 usbprint - ok
21:16:47.0404 6864 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:16:47.0407 6864 USBSTOR - ok
21:16:47.0528 6864 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
21:16:47.0544 6864 usbuhci - ok
21:16:47.0690 6864 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
21:16:47.0692 6864 usb_rndisx - ok
21:16:47.0803 6864 VBoxDrv (781f08d3bd8fc0d052bbf5b0ac25da40) C:\Windows\system32\DRIVERS\VBoxDrv.sys
21:16:47.0806 6864 VBoxDrv - ok
21:16:47.0880 6864 VBoxNetAdp (48b196c4f368d0c1aec103ed6425d959) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
21:16:47.0883 6864 VBoxNetAdp - ok
21:16:47.0933 6864 VBoxNetFlt (d9713bc7825e499532805f7dd80797ec) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
21:16:47.0936 6864 VBoxNetFlt - ok
21:16:47.0985 6864 VBoxUSB (c328afba2bbaf5ab3dcd2170910648e7) C:\Windows\system32\Drivers\VBoxUSB.sys
21:16:47.0987 6864 VBoxUSB - ok
21:16:48.0064 6864 VBoxUSBMon (44385ae4255f7bd14cee41b7cd627dfc) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
21:16:48.0066 6864 VBoxUSBMon - ok
21:16:48.0126 6864 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:16:48.0128 6864 vdrvroot - ok
21:16:48.0182 6864 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:16:48.0183 6864 vga - ok
21:16:48.0201 6864 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:16:48.0202 6864 VgaSave - ok
21:16:48.0257 6864 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:16:48.0260 6864 vhdmp - ok
21:16:48.0308 6864 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:16:48.0310 6864 viaide - ok
21:16:48.0393 6864 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
21:16:48.0397 6864 vmbus - ok
21:16:48.0418 6864 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
21:16:48.0419 6864 VMBusHID - ok
21:16:48.0453 6864 vmci (4c8a14dbd410b510a88f77cb645f2c2a) C:\Windows\system32\drivers\vmci.sys
21:16:48.0454 6864 vmci - ok
21:16:48.0514 6864 vmkbd (ffc30caeeb2fc5fee8568cff74edeaed) C:\Windows\system32\drivers\VMkbd.sys
21:16:48.0516 6864 vmkbd - ok
21:16:48.0593 6864 VMnetAdapter (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys
21:16:48.0594 6864 VMnetAdapter - ok
21:16:48.0657 6864 VMnetBridge (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys
21:16:48.0658 6864 VMnetBridge - ok
21:16:48.0707 6864 VMnetuserif (d0b809f6a9fb437c2b880c3ca8c10780) C:\Windows\system32\drivers\vmnetuserif.sys
21:16:48.0708 6864 VMnetuserif - ok
21:16:48.0826 6864 vmx86 (541a6d6536710fd0602ec3aa24a81756) C:\Windows\system32\drivers\vmx86.sys
21:16:48.0828 6864 vmx86 - ok
21:16:48.0903 6864 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:16:48.0904 6864 volmgr - ok
21:16:48.0979 6864 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:16:48.0984 6864 volmgrx - ok
21:16:49.0012 6864 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:16:49.0016 6864 volsnap - ok
21:16:49.0067 6864 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
21:16:49.0071 6864 vpcbus - ok
21:16:49.0181 6864 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
21:16:49.0183 6864 vpcnfltr - ok
21:16:49.0221 6864 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
21:16:49.0223 6864 vpcusb - ok
21:16:49.0309 6864 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
21:16:49.0313 6864 vpcvmm - ok
21:16:49.0350 6864 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:16:49.0353 6864 vsmraid - ok
21:16:49.0492 6864 vstor2-ws60 (e61c910e2ddf4797c1b1f9239636e894) C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys
21:16:49.0494 6864 vstor2-ws60 - ok
21:16:49.0563 6864 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:16:49.0564 6864 vwifibus - ok
21:16:49.0596 6864 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:16:49.0597 6864 vwififlt - ok
21:16:49.0614 6864 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:16:49.0616 6864 WacomPen - ok
21:16:49.0705 6864 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:16:49.0707 6864 WANARP - ok
21:16:49.0712 6864 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:16:49.0713 6864 Wanarpv6 - ok
21:16:49.0786 6864 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:16:49.0788 6864 Wd - ok
21:16:49.0826 6864 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:16:49.0843 6864 Wdf01000 - ok
21:16:49.0887 6864 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:16:49.0888 6864 WfpLwf - ok
21:16:49.0907 6864 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:16:49.0908 6864 WIMMount - ok
21:16:50.0015 6864 WinRing0_1_2_0 (0c0195c48b6b8582fa6f6373032118da) C:\Users\Joe\Desktop\toolbox\realtemp\WinRing0x64.sys
21:16:50.0015 6864 WinRing0_1_2_0 - ok
21:16:50.0136 6864 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
21:16:50.0137 6864 WinUSB - ok
21:16:50.0189 6864 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:16:50.0190 6864 WmiAcpi - ok
21:16:50.0233 6864 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:16:50.0234 6864 ws2ifsl - ok
21:16:50.0289 6864 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:16:50.0291 6864 WudfPf - ok
21:16:50.0336 6864 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:16:50.0339 6864 WUDFRd - ok
21:16:50.0444 6864 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:16:50.0594 6864 \Device\Harddisk0\DR0 - ok
21:16:50.0598 6864 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
21:16:50.0727 6864 \Device\Harddisk1\DR1 - ok
21:16:50.0730 6864 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
21:16:50.0734 6864 \Device\Harddisk2\DR2 - ok
21:16:50.0744 6864 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk3\DR3
21:16:50.0754 6864 \Device\Harddisk3\DR3 - ok
21:16:50.0757 6864 Boot (0x1200) (6dc604fce1c026c0e53b8c2b72e3dbf8) \Device\Harddisk0\DR0\Partition0
21:16:50.0758 6864 \Device\Harddisk0\DR0\Partition0 - ok
21:16:50.0761 6864 Boot (0x1200) (35020ca643a2c32f62a14c736631f353) \Device\Harddisk1\DR1\Partition0
21:16:50.0762 6864 \Device\Harddisk1\DR1\Partition0 - ok
21:16:50.0766 6864 Boot (0x1200) (3b2892be94383a11567c4fe54ec05e74) \Device\Harddisk2\DR2\Partition0
21:16:50.0767 6864 \Device\Harddisk2\DR2\Partition0 - ok
21:16:50.0779 6864 Boot (0x1200) (e5af21f6bd33ae112af9e128bbd807ea) \Device\Harddisk3\DR3\Partition0
21:16:50.0780 6864 \Device\Harddisk3\DR3\Partition0 - ok
21:16:50.0791 6864 Boot (0x1200) (b2c210f18599155fd14423aaf6cc6002) \Device\Harddisk3\DR3\Partition1
21:16:50.0792 6864 \Device\Harddisk3\DR3\Partition1 - ok
21:16:50.0792 6864 ============================================================
21:16:50.0792 6864 Scan finished
21:16:50.0792 6864 ============================================================
21:16:50.0803 1680 Detected object count: 0
21:16:50.0803 1680 Actual detected object count: 0

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:44 AM

Posted 28 October 2011 - 03:06 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 jab416171

jab416171
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 28 October 2011 - 08:21 AM

OTL logfile created on: 10/28/2011 7:13:00 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Joe\Documents\My Dropbox\bleepingcomputer
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 29.13% Memory free
12.00 Gb Paging File | 6.17 Gb Available in Paging File | 51.40% Paging File free
Paging file location(s): c:\pagefile.sys 6144 6144 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 17.98 Gb Free Space | 7.72% Space Free | Partition Type: NTFS
Drive D: | 637.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 186.31 Gb Total Space | 186.02 Gb Free Space | 99.85% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 270.39 Gb Free Space | 29.03% Space Free | Partition Type: NTFS
Drive L: | 931.51 Gb Total Space | 665.99 Gb Free Space | 71.50% Space Free | Partition Type: NTFS

Computer Name: JOE-PC | User Name: Joe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Joe\My Documents\My Dropbox\bleepingcomputer\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
PRC - C:\Users\Joe\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
PRC - C:\Users\Joe\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.00.048\Applets\x86\LCDMedia.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Users\Joe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Users\Joe\Downloads\volumouse_beta-x64\volumouse32.exe ()
PRC - C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
PRC - C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe ()
PRC - C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe (Motorola)
PRC - C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe (Apache Software Foundation)
PRC - C:\Program Files (x86)\ruon.processon\processon.exe ()
PRC - C:\Program Files (x86)\ruon.neton\neton.exe ()
PRC - C:\Program Files (x86)\ruon.serveron\serveron.exe ()
PRC - C:\Program Files (x86)\freeSSHd\FreeSSHDService.exe ()
PRC - C:\Program Files (x86)\FileZilla Server\FileZilla server.exe (FileZilla Project)
PRC - C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe (FileZilla Project)
PRC - C:\Users\Joe\Desktop\toolbox\bwmonitorexes\BWMonitor.exe (BWMONITOR.COM)


========== Modules (No Company Name) ==========

MOD - C:\Users\Joe\AppData\Local\Temp\9b93aee4-5d0f-43c6-98ae-ec0b1e7534ab\CliSecureRT.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\15.0.874.102\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\15.0.874.102\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\15.0.874.102\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\15.0.874.102\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\15.0.874.102\avutil-51.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\15.0.874.102\avformat-53.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\15.0.874.102\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\15.0.874.102\gcswf32.dll ()
MOD - C:\Users\Joe\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll ()
MOD - C:\Users\Joe\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll ()
MOD - C:\Users\Joe\AppData\Local\Programs\Google\MusicManager\libid3tag.dll ()
MOD - C:\Users\Joe\AppData\Local\Programs\Google\MusicManager\libaacdec.dll ()
MOD - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjccknnhdnkbanjilpjddjhmkghmachn\1.0.28_0\plugin\convenience.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\307dea1fa71faaa1c2dc0175487d9639\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\9c75c9bbe13787e1c8e6aad0f4a8e1aa\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cadbfd56dbffb78f67b92027bd56862e\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d23889e1eceadc97a6f227dbb392cb60\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\55b41158ada67f5b5a132e120e7de269\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2721a63758cab451543e8a58dc4ffeeb\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6c4a0cae96fe506534d1ed4b8e905d04\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\64d84a18bdebd88f137f11ec220748ff\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ffc825af968e2afbdd0d894b475331f3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\93e7df09dacd5fef442cc22d28efec83\mscorlib.ni.dll ()
MOD - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.3_0\plugin\screen_capture.dll ()
MOD - C:\Program Files (x86)\SugarSync\QtGui4.dll ()
MOD - C:\Program Files (x86)\SugarSync\QtCore4.dll ()
MOD - C:\Program Files (x86)\SugarSync\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\SugarSync\QtXml4.dll ()
MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Users\Joe\Downloads\volumouse_beta-x64\volumouse32.exe ()
MOD - C:\Program Files (x86)\VMware\VMware Player\libxml2.dll ()
MOD - C:\Program Files (x86)\VMware\VMware Player\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll ()
MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files (x86)\Notepad++\plugins\ComparePlugin.dll ()
MOD - C:\Program Files (x86)\Notepad++\plugins\XMLTools.dll ()
MOD - C:\Program Files (x86)\Notepad++\libxml2.dll ()
MOD - C:\Program Files (x86)\Notepad++\libxslt.dll ()
MOD - C:\Program Files (x86)\Notepad++\zlib1.dll ()
MOD - C:\Program Files (x86)\Notepad++\QtGui4.dll ()
MOD - C:\Program Files (x86)\Notepad++\QtCore4.dll ()
MOD - C:\Program Files (x86)\Notepad++\QtScript4.dll ()
MOD - C:\Program Files (x86)\Notepad++\plugins\ScrollPastEOFUni.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Notepad++\plugins\NppNetNote.dll ()
MOD - C:\Program Files (x86)\Notepad++\plugins\NppExport.dll ()
MOD - C:\Program Files (x86)\Notepad++\plugins\Config\tidy\libTidy.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (PC Monitor) -- C:\Program Files (x86)\PC Monitor\PCMonitorSrv.exe (MMSOFT Design Ltd.)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe (VMware, Inc.)
SRV - (MotoConnect Service) -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ruon.processon) -- C:\Program Files (x86)\ruon.processon\processon.exe ()
SRV - (ruon.neton) -- C:\Program Files (x86)\ruon.neton\neton.exe ()
SRV - (ruon.serveron) -- C:\Program Files (x86)\ruon.serveron\serveron.exe ()
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (FreeSSHDService) -- C:\Program Files (x86)\freeSSHd\FreeSSHDService.exe ()
SRV - (FileZilla Server) -- C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe (FileZilla Project)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Ventrilo) -- C:\Program Files (x86)\VentSrv\ventrilo_svc.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (LGSHidFilt) -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys (Logitech Inc.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (AX88772) -- C:\Windows\SysNative\drivers\ax88772.sys (ASIX Electronics Corp.)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (RTL8023x64) -- C:\Windows\SysNative\drivers\Rtnic64.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys (VMware, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (WinRing0_1_2_0) -- C:\Users\Joe\Desktop\toolbox\realtemp\WinRing0x64.sys (OpenLibSys.org)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 50 2C E9 01 41 CC 01 [binary data]
IE - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Joe\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Joe\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Joe\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Joe\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)


[2011/03/20 15:27:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/27 18:04:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/20 18:27:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/10 20:26:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/09/14 10:16:57 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.102\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.102\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.102\pdf.dll
CHR - plugin: Screen Capture Plugin (Enabled) = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.3_0\plugin/screen_capture.dll
CHR - plugin: Chrome Toolbox Plugin (Enabled) = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjccknnhdnkbanjilpjddjhmkghmachn\1.0.28_0\plugin/convenience.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\npatgpc.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Joe\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Joe\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Translate = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.3.1_0\
CHR - Extension: Entanglement = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: Mouse Stroke = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeaoofnhgocdbnbeljkmbjdmhbcokfdb\1.9.5.2\
CHR - Extension: ChromeAccess = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeoigbhkilbllfomkmmilbfochhlgdmh\1.6_0\
CHR - Extension: Angry Birds = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Auto-Colorizer for Google Plus\u2122 and Facebook\u2122 = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\amhpngpcnpkpfhchniggoncicagacnkc\3.1.0.0_0\
CHR - Extension: Auto-Colorizer for Google Plus\u2122 and Facebook\u2122 = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\amhpngpcnpkpfhchniggoncicagacnkc\3.1.0.0_0\.bak
CHR - Extension: PriceBlink = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh\2.1_0\
CHR - Extension: Google Docs = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\4.7_0\
CHR - Extension: Last.fm free music player = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbncpldmanoknoahidbgmkgobgmhnafh\2.9.66_0\
CHR - Extension: Bookmark Sentry = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdglbbcbmgnimogcmcdenggkpdmihlga\1.6.6_0\
CHR - Extension: Better Music Beta for Google Music = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdollfdihekkbcgmbpjddfdaeigacmia\1.4.2_0\
CHR - Extension: Brushed = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg\1.0_0\
CHR - Extension: WOT = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.3_0\
CHR - Extension: YouTube = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Facebook = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1_0\
CHR - Extension: Chrome Poster = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdjfedloinmbppobahmonnjigpmlajcd\1.4_0\
CHR - Extension: Adblock Plus for Google Chrome\u2122 (Beta) = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.1.4_0\
CHR - Extension: Screen Capture (by Google) = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.3_0\
CHR - Extension: G+ Count in Title = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcdelcombiokflhgdlmdcfbdfogaplij\1.2_0\
CHR - Extension: Uncircle+ = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhcfgcecigkknnimiljlbcjmnbeeodhl\1.3_0\
CHR - Extension: Autocomplete = on = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecpgkdflcnofdbbkiggklcfmgbnbabhh\1.0_0\
CHR - Extension: Offline Google Mail = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.13_0\
CHR - Extension: Google Calendar = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.1.3_0\
CHR - Extension: Frame two pages = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\eldgpcphflnopbjadiaonofideekgdgm\1.6.1_0\
CHR - Extension: Facebook Chat Destroyer. = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoladjmillfoplehpcekeihfeooinfgj\1.1_0\
CHR - Extension: Chrome Toolbox (by Google) = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjccknnhdnkbanjilpjddjhmkghmachn\1.0.28_0\
CHR - Extension: KB SSL Enforcer = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\1.0.20_0\
CHR - Extension: Chrome Remote Desktop BETA = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\1.2.20109.8300_0\
CHR - Extension: Trillian = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggmpcjeojalofoofdhnblpcalbhlkdjg\2.0.0.614_0\
CHR - Extension: Colored nick names in IRCcloud = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghpiipmfmhcfhfgjfkcnaojefjijahbh\1.0_0\
CHR - Extension: Mibbit webchat = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbadbkkklnhamjjeagmknajgmbgcmnpi\1.12_0\
CHR - Extension: TweetDeck = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\0.9.8.2_0\
CHR - Extension: Voice Search = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhfkcobomkalfdlmkongnhnhahkmnaad\1.0.10_0\
CHR - Extension: goo.gl URL Shortener = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk\0.7.2_0\
CHR - Extension: Web Clipboard (by Google) = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\idonmcopbgceobhkdbikbdellmdogkih\2.0_0\
CHR - Extension: No StumbleUpon = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbnnmgaglnnbbdfallgekkklidmlagje\0.1_0\
CHR - Extension: Publish sync for google+ & facebook (Green Edition) = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcglanoaanmpjcajbkpeajcaimokahpd\1.1.76_0\
CHR - Extension: Google Voice (by Google) = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.2.3.5_0\
CHR - Extension: YouTube Downloader = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjdlfmijhlcaknlgfkdhgegihkbmhmo\1.5.9_0\
CHR - Extension: Simplenote = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjoocpipbbafoimjgbkmfnjcjejdbjo\2_0\
CHR - Extension: Evernote Web = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\
CHR - Extension: Sketchpad = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkllajgbhondgjjnhmmgbjndmogapinp\1.0.0.1_0\
CHR - Extension: Google Maps = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.1_0\
CHR - Extension: Yellow highlighter pen for web = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnmengjdnfjbochkdkcjbbpildacancp\1.4_0\
CHR - Extension: Lazarus: Form Recovery = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno\3.0.5_0\
CHR - Extension: Poppit = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: eBuddy Web Messenger = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkojhhiphdgeliplnclnbmdiofhgnimi\2.0.9_0\
CHR - Extension: Ghostery = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\2.4.0_0\
CHR - Extension: Google Books = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\0.0.0.5_0\
CHR - Extension: Tab to the next = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpahcojfojbnloiafagggcdimaklphij\1.7\
CHR - Extension: Cloud9 = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbdmccoknlfggadpfkmcpnamfnbkmkcp\0.2.3_0\
CHR - Extension: Google Talk = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\1.2011.808.4_0\
CHR - Extension: Jolicloud = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfakdllpdfjjbfommlcnfkedmbigkfdo\1.0.5_0\
CHR - Extension: Color Pick = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohcpnigalekghcmgcdcenkpelffpdolg\0.0.1.27_0\
CHR - Extension: There's a web app for that = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmcjnlhiaobipnkdonkcpomgkpgfdch\1.0_0\
CHR - Extension: SlideRocket = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\omeengfjefdmhnkojnfmncpfdbhnecea\1.0.4_0\
CHR - Extension: Gmail = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2011/10/26 18:58:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll File not found
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3:64bit: - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [FileZilla Server Interface] C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe (FileZilla Project)
O4 - HKLM..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [MSIAfterburner] C:\Program Files (x86)\MSI Afterburner\MSIAfterburnerWrapper.exe ()
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001..\Run: [$Volumouse$] C:\Users\Joe\Downloads\volumouse_beta-x64\volumouse.exe (NirSoft)
O4 - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001..\Run: [BandwidthMonitor] C:\Users\Joe\Desktop\toolbox\bwmonitorexes\BWMonitor.exe (BWMONITOR.COM)
O4 - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001..\Run: [chromium] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001..\Run: [MusicManager] C:\Users\Joe\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001..\Run: [ShutdownGuard] C:\Users\Joe\Downloads\ShutdownGuard\ShutdownGuard.exe (Stefan Sundin)
O4 - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001..\Run: [SugarSync] C:\Program Files (x86)\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
O4 - HKU\S-1-5-21-4174676936-2142736387-3720375477-1013..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4174676936-2142736387-3720375477-1013..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Joe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-4174676936-2142736387-3720375477-1013\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2459BBC7-0177-4452-B1EC-9E9AF497DB1F}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{505667FC-1BB3-4DBD-AF13-34012DBDCCD0}: NameServer = 68.87.85.98,68.87.69.146
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6400A2BA-365F-459B-BD51-0F2826936A98}: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6400A2BA-365F-459B-BD51-0F2826936A98}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8BD785AE-5AC5-4A13-AAF7-109141D65687}: DhcpNameServer = 192.168.1.1 68.87.85.102 68.87.69.150
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCEFAB06-3FD1-47EA-B9F4-65FE5B0A230B}: NameServer = 68.87.85.98,68.87.69.146
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1998/03/03 02:05:07 | 004,429,073 | R--- | M] (Blizzard Entertainment) - D:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [1999/10/19 10:45:49 | 000,000,043 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/27 20:02:07 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/10/26 21:17:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/10/26 21:16:56 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/10/26 21:16:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/10/26 21:16:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/10/26 18:58:58 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/10/26 18:39:12 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/10/25 17:53:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/25 17:53:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/25 17:53:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/25 17:53:08 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/25 17:53:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/23 11:07:05 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Joe\Desktop\dds.scr
[2011/10/22 10:35:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
[2011/10/22 10:35:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
[2011/10/16 20:55:22 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/10/04 13:18:18 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Synthesia
[2011/10/04 13:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synthesia
[2011/10/04 13:13:56 | 000,000,000 | ---D | C] -- C:\Users\Joe\Documents\Synthesia Music
[2011/10/04 13:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Synthesia
[2011/10/01 12:32:28 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\pymclevel
[2011/09/28 20:05:10 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\medsouz

========== Files - Modified Within 30 Days ==========

[2011/10/28 07:13:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/28 06:36:14 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4174676936-2142736387-3720375477-1001UA.job
[2011/10/27 20:03:45 | 000,015,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/27 20:03:45 | 000,015,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/27 20:02:07 | 000,002,989 | ---- | M] () -- C:\Users\Joe\Desktop\HiJackThis.lnk
[2011/10/27 19:50:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/27 19:50:23 | 535,719,935 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/27 08:35:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4174676936-2142736387-3720375477-1001Core.job
[2011/10/26 18:58:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/10/23 11:06:52 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Joe\Desktop\dds.scr
[2011/10/23 10:25:41 | 000,000,188 | ---- | M] () -- C:\Users\Joe\defogger_reenable
[2011/10/23 10:25:04 | 000,050,477 | ---- | M] () -- C:\Users\Joe\Desktop\Defogger.exe
[2011/10/22 10:35:26 | 000,001,175 | ---- | M] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk
[2011/10/22 10:35:26 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Babylon.lnk
[2011/10/22 10:33:41 | 000,000,000 | ---- | M] () -- C:\Users\Joe\AppData\Roaming\ELDI7
[2011/10/22 10:33:07 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/20 18:14:01 | 000,007,596 | ---- | M] () -- C:\Users\Joe\AppData\Local\Resmon.ResmonCfg
[2011/10/18 20:11:05 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2011/10/17 18:20:43 | 000,786,890 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/17 18:20:43 | 000,666,720 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/17 18:20:43 | 000,124,064 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/10 21:30:23 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/10/03 05:06:16 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/10/03 05:06:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/10/03 05:06:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/10/03 05:06:03 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/10/01 12:32:40 | 000,002,001 | ---- | M] () -- C:\Users\Joe\Documents\mcedit.ini

========== Files Created - No Company Name ==========

[2011/10/27 20:02:07 | 000,002,989 | ---- | C] () -- C:\Users\Joe\Desktop\HiJackThis.lnk
[2011/10/25 17:53:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/25 17:53:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/25 17:53:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/25 17:53:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/25 17:53:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/23 10:25:41 | 000,000,188 | ---- | C] () -- C:\Users\Joe\defogger_reenable
[2011/10/23 10:25:17 | 000,050,477 | ---- | C] () -- C:\Users\Joe\Desktop\Defogger.exe
[2011/10/22 10:35:26 | 000,001,175 | ---- | C] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk
[2011/10/22 10:34:38 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Babylon.lnk
[2011/10/22 10:33:41 | 000,000,000 | ---- | C] () -- C:\Users\Joe\AppData\Roaming\ELDI7
[2011/08/26 21:42:53 | 000,007,044 | ---- | C] () -- C:\Windows\DiabUnin.dat
[2011/06/10 17:32:40 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/05/03 22:37:40 | 000,000,000 | ---- | C] () -- C:\Windows\TMonitor.INI
[2011/04/30 19:01:31 | 000,026,032 | ---- | C] () -- C:\Windows\SysWow64\IDriveEXceedCryReg.exe
[2011/04/30 19:01:30 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2011/04/27 14:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/04/27 14:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/04/27 14:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/04/27 14:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/04/27 14:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/04/08 05:28:58 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/03/22 09:59:07 | 000,401,408 | ---- | C] () -- C:\Users\Joe\AppData\Local\TweetMyPC.mdb
[2011/03/10 10:18:37 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2010/10/03 16:47:19 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010/08/04 09:57:30 | 000,802,802 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/01 19:19:56 | 000,003,190 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
[2010/05/17 10:45:12 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/05/14 19:41:00 | 000,000,071 | ---- | C] () -- C:\Windows\NARBACULARDROP.INI
[2010/04/02 01:46:27 | 000,128,720 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/04/01 21:35:48 | 000,000,000 | ---- | C] () -- C:\Windows\TMonitor64.INI
[2010/04/01 21:33:25 | 000,327,168 | ---- | C] () -- C:\Windows\SysWow64\cutil32.dll
[2010/03/23 11:47:09 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/02/07 21:21:37 | 000,415,408 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2010/02/05 10:04:06 | 000,014,848 | ---- | C] () -- C:\Users\Joe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/15 17:52:58 | 000,000,600 | ---- | C] () -- C:\Users\Joe\AppData\Local\PUTTY.RND
[2009/11/16 19:56:05 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/11/11 05:37:18 | 002,542,458 | ---- | C] () -- C:\Windows\SysWow64\abgx360.exe
[2009/11/02 19:26:21 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2009/11/02 19:26:21 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2009/11/02 19:26:21 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2009/10/17 19:41:27 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/10/17 19:41:26 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2009/10/17 19:41:26 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009/09/11 20:51:13 | 000,007,596 | ---- | C] () -- C:\Users\Joe\AppData\Local\Resmon.ResmonCfg
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/11/29 09:13:12 | 000,015,040 | ---- | C] () -- C:\Windows\SysWow64\uddriver.sys
[2008/11/29 09:12:40 | 000,330,560 | ---- | C] () -- C:\Windows\SysWow64\udbdef.exe
[2002/09/18 00:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe

========== Files - Unicode (All) ==========
[2009/11/21 14:50:04 | 000,000,000 | ---D | M](C:\Users\Joe\AppData\Roaming\???????sAppData) -- C:\Users\Joe\AppData\Roaming\敎潲䍄敔灭慬整sAppData
[2009/11/21 14:50:04 | 000,000,000 | ---D | M](C:\Users\Joe\AppData\Roaming\???????sAppData) -- C:\Users\Joe\AppData\Roaming\敎潲䍄敔灭慬整sAppData
(C:\Users\Joe\AppData\Roaming\???????sAppData) -- C:\Users\Joe\AppData\Roaming\敎潲䍄敔灭慬整sAppData

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users