TechSpot

Homepage keeps changing

By marimo727
Oct 3, 2012
  1. Hi, my homepage on firefox keeps changing. My wireless connection sometimes doesn't work unless I restart the computer, but that's only when I'm at school, so I don't know if the issue is solely with my laptop or not (started happening more frequently recently, though). I've also noticed that my laptop has been getting slower to work, so all of this together made me worry about viruses... And thus I came here.

    I did the 5 step thing. Uhm. I hope I'm doing this right... and I have MSE on my computer.

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.03.09

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    ayi490 :: AYI490-PC [administrator]

    03-Oct-12 3:19:24 PM
    mbam-log-2012-10-03 (15-19-24).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 241708
    Time elapsed: 6 minute(s), 56 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-10-03 16:23:14
    Windows 6.1.7601 Service Pack 1
    Running: 0c8dv7pi.exe


    ---- Files - GMER 1.0.15 ----

    File C:\Users\Student\AppData\Roaming\systemfl.$dk 990 bytes
    File C:\Windows\SysWOW64\sys_drv_2.dat 5020 bytes
    File C:\Windows\SysWOW64\WinFLdrv.sys 21888 bytes executable <-- ROOTKIT !!!

    ---- Services - GMER 1.0.15 ----

    Service C:\Windows\SysWOW64\WinFLdrv.sys [AUTO] WinFLdrv <-- ROOTKIT !!!

    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35
    Run by ayi490 at 16:26:33 on 2012-10-03
    Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3956.1675 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\ibmpmsvc.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
    C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
    C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k HsfXAudioService
    C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
    C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
    C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
    C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
    C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
    C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
    C:\Windows\System32\alg.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
    C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    C:\Program Files\Lenovo\Zoom\TpScrex.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
    C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Users\Student\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
    C:\Users\Student\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Users\Student\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
    C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files (x86)\Lenovo\System Update\SUService.exe
    C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Users\Student\AppData\Local\Temp\InstallBSRVista_v5.exe
    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://cpprod.stjohns.edu/cp/home/loginf
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    mWinlogon: Userinit=userinit.exe
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    uRun: [Akamai NetSession Interface] "C:\Users\Student\AppData\Local\Akamai\netsession_win.exe"
    uRun: [AdobeBridge]
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [Google Update] "C:\Users\Student\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    mRun: [<NO NAME>]
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\Users\Student\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Student\AppData\Roaming\Dropbox\bin\Dropbox.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    mPolicies-system: LogonType = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    Trusted Zone: stjohns.edu
    Trusted Zone: tellmemorecampus.com\www.stjohns
    Trusted Zone: tellmemorecampus.com\www.stjohns
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{538BC23C-8547-47A8-9AA9-1663E3A6EAE6} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{538BC23C-8547-47A8-9AA9-1663E3A6EAE6}\35A4553547574656E647 : DhcpNameServer = 10.64.250.2
    TCP: Interfaces\{538BC23C-8547-47A8-9AA9-1663E3A6EAE6}\44561646C697026596275737 : DhcpNameServer = 192.168.3.1
    TCP: Interfaces\{8CD64A98-0BB0-4C2C-A69D-7C6D76846B74} : DhcpNameServer = 192.168.1.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    LSA: Notification Packages = scecli ACGina
    BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: SmartSelect - No File
    TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    mRun-x64: [(Default)]
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\9bh0w57m.default\
    FF - prefs.js: browser.startup.homepage - hxxp://cpprod.stjohns.edu/cp/home/loginf
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
    FF - plugin: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll
    FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
    FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: C:\Users\Student\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\9bh0w57m.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    ============= SERVICES / DRIVERS ===============
    .
    R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]
    R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
    R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
    R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
    R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-5-24 290832]
    R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2010-5-20 50536]
    R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2010-5-20 44984]
    R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-5-20 74088]
    R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]
    R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-2-1 206120]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-31 382312]
    R2 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2010-10-22 5716848]
    R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-2-1 185640]
    R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2010-5-20 63928]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-6-1 2320920]
    R3 5U877;USB Video Device;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?]
    R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-14 136176]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-6 250288]
    S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-5-20 164200]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-14 136176]
    S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-24 114144]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
    S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2010-5-20 75112]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-10-03 20:23:39 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3BCC08DC-C565-4630-8CA0-7072EAD4586F}\mpengine.dll
    2012-10-03 19:18:36 -------- d-----w- C:\Users\Student\AppData\Roaming\Malwarebytes
    2012-10-03 19:18:16 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-10-03 19:18:13 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-10-03 19:18:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-10-03 04:01:24 -------- d-----w- C:\Users\Student\AppData\Local\Bulents
    2012-10-03 04:00:17 -------- d-----w- C:\Program Files\BSR Screen Recorder 6
    2012-10-02 17:09:49 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-09-27 20:39:00 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2012-09-27 20:38:11 -------- d-----w- C:\Program Files\iPod
    2012-09-27 20:38:10 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-09-27 20:38:10 -------- d-----w- C:\Program Files\iTunes
    2012-09-27 20:38:10 -------- d-----w- C:\Program Files (x86)\iTunes
    2012-09-27 13:04:35 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1125C0EB-E981-45AF-9997-4D60F9B7D47F}\gapaengine.dll
    2012-09-17 20:37:33 44544 ----a-w- C:\Windows\SysWow64\agremove.exe
    2012-09-12 21:15:00 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-09-12 21:15:00 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-09-12 21:15:00 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    .
    ==================== Find3M ====================
    .
    2012-09-21 04:18:45 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-21 04:18:45 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-09-17 19:25:51 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
    2012-08-31 02:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
    2012-08-31 02:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
    2012-08-29 00:24:56 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2012-08-29 00:24:53 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-08-21 17:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
    2012-08-21 17:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
    2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
    .
    ============= FINISH: 16:26:56.32 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Enterprise
    Boot Device: \Device\HarddiskVolume2
    Install Date: 22-Aug-10 11:18:54 PM
    System Uptime: 03-Oct-12 4:22:16 AM (12 hours ago)
    .
    Motherboard: LENOVO | | 2522BM6
    Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz | None | 2133/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 287 GiB total, 73.954 GiB free.
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP332: 24-Sep-12 10:37:28 PM - Installed Java(TM) 6 Update 35
    RP333: 25-Sep-12 5:31:07 PM - Windows Update
    RP334: 27-Sep-12 8:37:51 AM - Windows Update
    RP335: 27-Sep-12 10:08:20 PM - Removed Google Talk Plugin
    RP336: 27-Sep-12 10:09:51 PM - Removed Facebook Video Calling 1.2.0.159
    RP337: 27-Sep-12 10:10:06 PM - Removed Facebook Messenger 2.1.4651.0
    RP338: 30-Sep-12 6:28:54 PM - Windows Update
    RP339: 03-Oct-12 12:00:26 AM - Installed Microsoft Visual C++ 2005 Redistributable
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    µTorrent
    4500_G510af_Help_Web
    4500G510af_Software_Min
    4500G510af_web
    Acrobat.com
    Adobe Acrobat X Pro - English, Français, Deutsch
    Adobe AIR
    Adobe Community Help
    Adobe Creative Suite 5 Master Collection
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Media Player
    Adobe Photoshop Elements 6.0
    Adobe Reader 9.3
    Adobe Shockwave Player 11.6
    AdventureTime_Screensaver
    AIM 7
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    Apple Application Support
    Apple Software Update
    AuralogComponentsUninstall9
    BIT.TRIP RUNNER
    BlackBerry App World Browser Plugin
    BlackBerry Desktop Software 6.1
    BlackBerry Device Software Updater
    BufferChm
    Burn.Now 4.5
    CanoScan Toolbox Ver4.9
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Combined Community Codec Pack 2010-10-10
    Computrace
    Corel Burn.Now Lenovo Edition
    DivX Setup
    Download Updater (AOL LLC)
    Dropbox
    eReg
    Google Chrome
    Google Earth Plug-in
    Google Update Helper
    IHA_MessageCenter
    Integrated Camera Driver Installer Package Ver.1.1.0.19
    Intel(R) Management Engine Components
    InterVideo WinDVD 8
    iWisoft Free Video Converter 1.2
    Java Auto Updater
    Java(TM) 6 Update 35
    JTablet
    Left 4 Dead 2
    Magicka
    Malwarebytes Anti-Malware version 1.65.0.1400
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel 2007 Get Started Tab
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint 2007 Get Started Tab
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word 2007 Get Started Tab
    Microsoft Office Word MUI (English) 2007
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft XNA Framework Redistributable 3.1
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Mozilla Firefox 15.0 (x86 en-US)
    Mozilla Firefox 15.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MV RegClean 5.9 English
    MV RegClean 6.0
    Nexon Game Manager
    NVIDIA Stereoscopic 3D Driver
    OpenAL
    Pando Media Booster
    PDF Settings CS5
    PxMergeModule
    QuickTime
    Reader Library by Sony
    Rescue and Recovery
    RICOH R5U230 Media Driver ver.2.06.02.02
    Safari
    Scan
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Skype™ 5.10
    Source Filmmaker
    Steam
    swMSM
    System Update
    Team Fortress 2
    Team Fortress 2 Beta
    ThinkPad Power Manager
    ThinkPad UltraNav Utility
    ThinkPad Wireless LAN Adapter Software
    ThinkVantage Access Connections
    Toolbox
    Torchlight
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
    VC80CRTRedist - 8.0.50727.6195
    Verizon Download Manager
    Verizon FiOS Activation
    VLC media player 2.0.1
    VTFEdit 1.2.5
    Vz In Home Agent
    WebReg
    WebTablet IE Plugin
    WebTablet Netscape Plugin
    Winamp
    Winamp Detector Plug-in
    Write-N-Cite
    Xfire (remove only)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    30-Sep-12 6:38:24 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    30-Sep-12 1:31:57 AM, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: A system shutdown is in progress.
    28-Sep-12 9:48:26 PM, Error: NetBT [4321] - The name "AYI490-PC :20" could not be registered on the interface with IP address 192.168.1.4. The computer with the IP address 10.8.168.62 did not allow the name to be claimed by this computer.
    28-Sep-12 9:48:26 PM, Error: NetBT [4321] - The name "AYI490-PC :0" could not be registered on the interface with IP address 192.168.1.4. The computer with the IP address 10.8.168.62 did not allow the name to be claimed by this computer.
    27-Sep-12 9:59:46 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer BLESSEDONE-HP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{538BC23C-8547-47A8-9AA9-1663E3A6EAE6}. The master browser is stopping or an election is being forced.
    27-Sep-12 9:10:20 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer MGOOD130-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{538BC23C-8547-47A8-9AA9-1663E3A6EAE6}. The master browser is stopping or an election is being forced.
    27-Sep-12 8:47:47 AM, Error: NetBT [4321] - The name "AYI490-PC :20" could not be registered on the interface with IP address 10.8.164.64. The computer with the IP address 192.168.1.4 did not allow the name to be claimed by this computer.
    27-Sep-12 8:47:47 AM, Error: NetBT [4321] - The name "AYI490-PC :0" could not be registered on the interface with IP address 10.8.164.64. The computer with the IP address 192.168.1.4 did not allow the name to be claimed by this computer.
    27-Sep-12 8:44:38 AM, Error: NetBT [4321] - The name "AYI490-PC :20" could not be registered on the interface with IP address 169.254.143.112. The computer with the IP address 192.168.1.4 did not allow the name to be claimed by this computer.
    27-Sep-12 8:44:38 AM, Error: NetBT [4321] - The name "AYI490-PC :0" could not be registered on the interface with IP address 169.254.143.112. The computer with the IP address 192.168.1.4 did not allow the name to be claimed by this computer.
    27-Sep-12 7:43:45 PM, Error: NetBT [4321] - The name "AYI490-PC :20" could not be registered on the interface with IP address 192.168.1.4. The computer with the IP address 10.10.161.29 did not allow the name to be claimed by this computer.
    27-Sep-12 7:43:45 PM, Error: NetBT [4321] - The name "AYI490-PC :0" could not be registered on the interface with IP address 192.168.1.4. The computer with the IP address 10.10.161.29 did not allow the name to be claimed by this computer.
    27-Sep-12 4:37:14 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.
    27-Sep-12 4:36:14 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    27-Sep-12 4:35:47 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    26-Sep-12 8:42:08 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.9, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
    03-Oct-12 4:24:23 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
    03-Oct-12 4:21:31 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
    03-Oct-12 2:55:25 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{538BC23C-8547-47A8-9AA9-1663E3A6EAE6} because another computer on the network has the same name. The server could not start.
    03-Oct-12 2:55:25 PM, Error: NetBT [4321] - The name "AYI490-PC :20" could not be registered on the interface with IP address 192.168.1.4. The computer with the IP address 10.8.164.87 did not allow the name to be claimed by this computer.
    03-Oct-12 2:55:25 PM, Error: NetBT [4321] - The name "AYI490-PC :0" could not be registered on the interface with IP address 192.168.1.4. The computer with the IP address 10.8.164.87 did not allow the name to be claimed by this computer.
    02-Oct-12 12:49:03 PM, Error: Service Control Manager [7000] - The WMPNetworkSvc service failed to start due to the following error: The system cannot find the path specified.
    02-Oct-12 12:45:02 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
    02-Oct-12 11:55:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    02-Oct-12 11:55:25 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    01-Oct-12 9:07:02 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer TWEBS903-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{538BC23C-8547-47A8-9AA9-1663E3A6EAE6}. The master browser is stopping or an election is being forced.
    01-Oct-12 10:33:39 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.7, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
    01-Oct-12 10:33:38 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 169.254.134.115, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
    .
    ==== End Of File ===========================

    I have no idea what any of this means :l so thanks for any help you can give :)
     
  2. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    =============================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ============================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  3. marimo727

    marimo727 TS Rookie Topic Starter Posts: 30

    Should I run these scans offline with MSE turned off?
     
  4. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    No.
     
  5. marimo727

    marimo727 TS Rookie Topic Starter Posts: 30

    23:09:31.0918 6508 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    23:09:32.0258 6508 ============================================================
    23:09:32.0258 6508 Current date / time: 2012/10/03 23:09:32.0258
    23:09:32.0258 6508 SystemInfo:
    23:09:32.0258 6508
    23:09:32.0258 6508 OS Version: 6.1.7601 ServicePack: 1.0
    23:09:32.0258 6508 Product type: Workstation
    23:09:32.0258 6508 ComputerName: AYI490-PC
    23:09:32.0258 6508 UserName: ayi490
    23:09:32.0258 6508 Windows directory: C:\Windows
    23:09:32.0258 6508 System windows directory: C:\Windows
    23:09:32.0258 6508 Running under WOW64
    23:09:32.0258 6508 Processor architecture: Intel x64
    23:09:32.0258 6508 Number of processors: 4
    23:09:32.0258 6508 Page size: 0x1000
    23:09:32.0258 6508 Boot type: Normal boot
    23:09:32.0258 6508 ============================================================
    23:09:33.0368 6508 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
    23:09:33.0368 6508 ============================================================
    23:09:33.0368 6508 \Device\Harddisk0\DR0:
    23:09:33.0378 6508 MBR partitions:
    23:09:33.0378 6508 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x15BE800, BlocksNum 0x23E6F800
    23:09:33.0378 6508 ============================================================
    23:09:33.0408 6508 C: <-> \Device\Harddisk0\DR0\Partition1
    23:09:33.0408 6508 ============================================================
    23:09:33.0408 6508 Initialize success
    23:09:33.0408 6508 ============================================================
    23:09:48.0470 4192 ============================================================
    23:09:48.0470 4192 Scan started
    23:09:48.0470 4192 Mode: Manual;
    23:09:48.0470 4192 ============================================================
    23:09:48.0600 4192 ================ Scan system memory ========================
    23:09:48.0600 4192 System memory - ok
    23:09:48.0600 4192 ================ Scan services =============================
    23:09:48.0860 4192 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    23:09:48.0860 4192 1394ohci - ok
    23:09:48.0920 4192 [ 708CCD77B9363F245D9F9ACE480824CA ] 5U877 C:\Windows\system32\DRIVERS\5U877.sys
    23:09:48.0920 4192 5U877 - ok
    23:09:48.0970 4192 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    23:09:48.0980 4192 ACPI - ok
    23:09:49.0020 4192 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    23:09:49.0020 4192 AcpiPmi - ok
    23:09:49.0110 4192 [ CF2D68C16C7BE8D037DDD1BFA6E9C965 ] AcPrfMgrSvc C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
    23:09:49.0110 4192 AcPrfMgrSvc - ok
    23:09:49.0170 4192 [ B5060FE4AA0A074779C7B11AE7DB9D48 ] AcSvc C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
    23:09:49.0170 4192 AcSvc - ok
    23:09:49.0276 4192 [ E8FE4FCE23D2809BD88BCC1D0F8408CE ] AdobeActiveFileMonitor6.0 C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    23:09:49.0291 4192 AdobeActiveFileMonitor6.0 - ok
    23:09:49.0447 4192 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    23:09:49.0447 4192 AdobeFlashPlayerUpdateSvc - ok
    23:09:49.0525 4192 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    23:09:49.0525 4192 adp94xx - ok
    23:09:49.0572 4192 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    23:09:49.0572 4192 adpahci - ok
    23:09:49.0588 4192 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    23:09:49.0603 4192 adpu320 - ok
    23:09:49.0634 4192 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    23:09:49.0634 4192 AeLookupSvc - ok
    23:09:49.0697 4192 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    23:09:49.0697 4192 AFD - ok
    23:09:49.0744 4192 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    23:09:49.0744 4192 agp440 - ok
    23:09:49.0931 4192 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll
    23:09:49.0931 4192 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
    23:09:49.0931 4192 Akamai ( HiddenFile.Multi.Generic ) - warning
    23:09:49.0931 4192 Akamai - detected HiddenFile.Multi.Generic (1)
    23:09:49.0978 4192 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    23:09:49.0978 4192 ALG - ok
    23:09:50.0024 4192 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    23:09:50.0024 4192 aliide - ok
    23:09:50.0024 4192 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    23:09:50.0040 4192 amdide - ok
    23:09:50.0071 4192 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    23:09:50.0071 4192 AmdK8 - ok
    23:09:50.0102 4192 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    23:09:50.0118 4192 AmdPPM - ok
    23:09:50.0149 4192 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    23:09:50.0165 4192 amdsata - ok
    23:09:50.0196 4192 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    23:09:50.0196 4192 amdsbs - ok
    23:09:50.0227 4192 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    23:09:50.0227 4192 amdxata - ok
    23:09:50.0274 4192 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    23:09:50.0274 4192 AppID - ok
    23:09:50.0305 4192 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    23:09:50.0305 4192 AppIDSvc - ok
    23:09:50.0352 4192 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    23:09:50.0368 4192 Appinfo - ok
    23:09:50.0446 4192 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    23:09:50.0446 4192 Apple Mobile Device - ok
    23:09:50.0492 4192 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
    23:09:50.0492 4192 AppMgmt - ok
    23:09:50.0539 4192 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    23:09:50.0539 4192 arc - ok
    23:09:50.0570 4192 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    23:09:50.0570 4192 arcsas - ok
    23:09:50.0586 4192 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    23:09:50.0586 4192 AsyncMac - ok
    23:09:50.0633 4192 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    23:09:50.0633 4192 atapi - ok
    23:09:50.0695 4192 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    23:09:50.0695 4192 AudioEndpointBuilder - ok
    23:09:50.0711 4192 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    23:09:50.0711 4192 AudioSrv - ok
    23:09:50.0789 4192 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    23:09:50.0789 4192 AxInstSV - ok
    23:09:50.0836 4192 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    23:09:50.0851 4192 b06bdrv - ok
    23:09:50.0882 4192 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    23:09:50.0898 4192 b57nd60a - ok
    23:09:50.0945 4192 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    23:09:50.0945 4192 BDESVC - ok
    23:09:50.0960 4192 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    23:09:50.0960 4192 Beep - ok
    23:09:51.0023 4192 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    23:09:51.0023 4192 BFE - ok
    23:09:51.0070 4192 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    23:09:51.0085 4192 BITS - ok
    23:09:51.0116 4192 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    23:09:51.0116 4192 blbdrive - ok
    23:09:51.0226 4192 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    23:09:51.0226 4192 Bonjour Service - ok
    23:09:51.0272 4192 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    23:09:51.0272 4192 bowser - ok
    23:09:51.0304 4192 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    23:09:51.0304 4192 BrFiltLo - ok
    23:09:51.0319 4192 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    23:09:51.0319 4192 BrFiltUp - ok
    23:09:51.0366 4192 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    23:09:51.0366 4192 Browser - ok
    23:09:51.0397 4192 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    23:09:51.0397 4192 Brserid - ok
    23:09:51.0428 4192 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    23:09:51.0428 4192 BrSerWdm - ok
    23:09:51.0444 4192 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    23:09:51.0444 4192 BrUsbMdm - ok
    23:09:51.0475 4192 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    23:09:51.0475 4192 BrUsbSer - ok
    23:09:51.0491 4192 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    23:09:51.0491 4192 BTHMODEM - ok
    23:09:51.0522 4192 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    23:09:51.0522 4192 bthserv - ok
    23:09:51.0553 4192 [ 48360B88C4BF45850653BB7C86888ED4 ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys
    23:09:51.0553 4192 CAXHWAZL - ok
    23:09:51.0616 4192 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    23:09:51.0616 4192 cdfs - ok
    23:09:51.0662 4192 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    23:09:51.0662 4192 cdrom - ok
    23:09:51.0709 4192 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    23:09:51.0709 4192 CertPropSvc - ok
    23:09:51.0740 4192 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    23:09:51.0740 4192 circlass - ok
    23:09:51.0772 4192 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    23:09:51.0772 4192 CLFS - ok
    23:09:51.0850 4192 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    23:09:51.0850 4192 clr_optimization_v2.0.50727_32 - ok
    23:09:51.0896 4192 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    23:09:51.0896 4192 clr_optimization_v2.0.50727_64 - ok
    23:09:51.0943 4192 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    23:09:51.0943 4192 CmBatt - ok
    23:09:51.0990 4192 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    23:09:51.0990 4192 cmdide - ok
    23:09:52.0021 4192 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    23:09:52.0037 4192 CNG - ok
    23:09:52.0084 4192 [ D7D489ACF6DB4C64F88F1A65739770F7 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
    23:09:52.0099 4192 CnxtHdAudService - ok
    23:09:52.0130 4192 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    23:09:52.0130 4192 Compbatt - ok
    23:09:52.0177 4192 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    23:09:52.0193 4192 CompositeBus - ok
    23:09:52.0208 4192 COMSysApp - ok
    23:09:52.0302 4192 [ C08063F052308B6F5882482615387F30 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys
    23:09:52.0302 4192 cpuz135 - ok
    23:09:52.0318 4192 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    23:09:52.0318 4192 crcdisk - ok
    23:09:52.0364 4192 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    23:09:52.0364 4192 CryptSvc - ok
    23:09:52.0411 4192 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
    23:09:52.0411 4192 CSC - ok
    23:09:52.0520 4192 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
    23:09:52.0520 4192 CscService - ok
    23:09:52.0676 4192 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    23:09:52.0692 4192 DcomLaunch - ok
    23:09:52.0801 4192 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    23:09:52.0817 4192 defragsvc - ok
    23:09:52.0910 4192 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    23:09:52.0910 4192 DfsC - ok
    23:09:53.0098 4192 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    23:09:53.0098 4192 Dhcp - ok
    23:09:53.0129 4192 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    23:09:53.0129 4192 discache - ok
    23:09:53.0176 4192 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    23:09:53.0176 4192 Disk - ok
    23:09:53.0207 4192 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    23:09:53.0222 4192 Dnscache - ok
    23:09:53.0254 4192 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    23:09:53.0269 4192 dot3svc - ok
    23:09:53.0300 4192 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
    23:09:53.0300 4192 Dot4 - ok
    23:09:53.0332 4192 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
    23:09:53.0332 4192 Dot4Print - ok
    23:09:53.0347 4192 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
    23:09:53.0363 4192 dot4usb - ok
    23:09:53.0410 4192 [ 0467853BB18E2F6B0C02E5E991A6F087 ] DozeSvc C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
    23:09:53.0410 4192 DozeSvc - ok
    23:09:53.0456 4192 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    23:09:53.0456 4192 DPS - ok
    23:09:53.0488 4192 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    23:09:53.0488 4192 drmkaud - ok
    23:09:53.0550 4192 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    23:09:53.0550 4192 DXGKrnl - ok
    23:09:53.0597 4192 [ 5BDEF3FAA1BFD9C9C5D3DC972049F0FA ] DzHDD64 C:\Windows\system32\DRIVERS\DzHDD64.sys
    23:09:53.0597 4192 DzHDD64 - ok
    23:09:53.0628 4192 [ F369E83F6CDAB987CA2DD764278659A6 ] e1kexpress C:\Windows\system32\DRIVERS\e1k62x64.sys
    23:09:53.0628 4192 e1kexpress - ok
    23:09:53.0659 4192 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    23:09:53.0659 4192 EapHost - ok
    23:09:53.0753 4192 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    23:09:53.0784 4192 ebdrv - ok
    23:09:53.0815 4192 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    23:09:53.0815 4192 EFS - ok
    23:09:53.0893 4192 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    23:09:53.0909 4192 ehRecvr - ok
    23:09:53.0924 4192 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    23:09:53.0940 4192 ehSched - ok
    23:09:53.0971 4192 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    23:09:53.0971 4192 elxstor - ok
    23:09:54.0018 4192 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    23:09:54.0018 4192 ErrDev - ok
    23:09:54.0049 4192 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    23:09:54.0049 4192 EventSystem - ok
    23:09:54.0080 4192 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    23:09:54.0080 4192 exfat - ok
    23:09:54.0112 4192 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    23:09:54.0112 4192 fastfat - ok
    23:09:54.0174 4192 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    23:09:54.0174 4192 Fax - ok
    23:09:54.0205 4192 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    23:09:54.0205 4192 fdc - ok
    23:09:54.0236 4192 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    23:09:54.0236 4192 fdPHost - ok
    23:09:54.0252 4192 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    23:09:54.0252 4192 FDResPub - ok
    23:09:54.0268 4192 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    23:09:54.0268 4192 FileInfo - ok
    23:09:54.0283 4192 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    23:09:54.0283 4192 Filetrace - ok
    23:09:54.0330 4192 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    23:09:54.0346 4192 FLEXnet Licensing Service - ok
    23:09:54.0361 4192 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    23:09:54.0361 4192 flpydisk - ok
    23:09:54.0408 4192 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    23:09:54.0408 4192 FltMgr - ok
    23:09:54.0470 4192 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    23:09:54.0486 4192 FontCache - ok
    23:09:54.0548 4192 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    23:09:54.0548 4192 FontCache3.0.0.0 - ok
    23:09:54.0580 4192 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    23:09:54.0595 4192 FsDepends - ok
    23:09:54.0626 4192 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    23:09:54.0642 4192 Fs_Rec - ok
    23:09:54.0689 4192 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    23:09:54.0689 4192 fvevol - ok
    23:09:54.0736 4192 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    23:09:54.0736 4192 gagp30kx - ok
    23:09:54.0782 4192 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    23:09:54.0782 4192 GEARAspiWDM - ok
    23:09:54.0845 4192 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    23:09:54.0860 4192 gpsvc - ok
    23:09:54.0938 4192 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    23:09:54.0938 4192 gupdate - ok
    23:09:54.0970 4192 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    23:09:54.0970 4192 gupdatem - ok
    23:09:55.0016 4192 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
    23:09:55.0032 4192 hamachi - ok
    23:09:55.0063 4192 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    23:09:55.0063 4192 hcw85cir - ok
    23:09:55.0110 4192 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    23:09:55.0110 4192 HdAudAddService - ok
    23:09:55.0141 4192 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    23:09:55.0141 4192 HDAudBus - ok
    23:09:55.0172 4192 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    23:09:55.0188 4192 HECIx64 - ok
    23:09:55.0204 4192 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    23:09:55.0204 4192 HidBatt - ok
    23:09:55.0219 4192 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    23:09:55.0219 4192 HidBth - ok
    23:09:55.0297 4192 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    23:09:55.0297 4192 HidIr - ok
    23:09:55.0344 4192 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    23:09:55.0360 4192 hidserv - ok
    23:09:55.0375 4192 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    23:09:55.0375 4192 HidUsb - ok
    23:09:55.0422 4192 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    23:09:55.0422 4192 hkmsvc - ok
    23:09:55.0469 4192 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    23:09:55.0484 4192 HomeGroupListener - ok
    23:09:55.0531 4192 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    23:09:55.0531 4192 HomeGroupProvider - ok
    23:09:55.0562 4192 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    23:09:55.0578 4192 HpSAMD - ok
    23:09:55.0672 4192 [ 447256D1C026654C5CD3CC17E7B20631 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll
    23:09:55.0687 4192 HsfXAudioService - ok
    23:09:55.0750 4192 [ F6AC1087A131FBB385400667BEA64FBE ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
    23:09:55.0781 4192 HSF_DPV - ok
    23:09:55.0843 4192 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    23:09:55.0843 4192 HTTP - ok
    23:09:55.0890 4192 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    23:09:55.0890 4192 hwpolicy - ok
    23:09:55.0937 4192 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    23:09:55.0952 4192 i8042prt - ok
    23:09:56.0046 4192 [ 85977CD13FC16069CE0AF7943A811775 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
    23:09:56.0046 4192 iaStor - ok
    23:09:56.0140 4192 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    23:09:56.0155 4192 iaStorV - ok
    23:09:56.0171 4192 [ 3761FAB385F1C2F51B2FAD48CFABBE9D ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
    23:09:56.0186 4192 IBMPMDRV - ok
    23:09:56.0186 4192 [ FC22310F3862E2C7C8722EF4778D5CC3 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
    23:09:56.0202 4192 IBMPMSVC - ok
    23:09:56.0358 4192 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    23:09:56.0389 4192 idsvc - ok
    23:09:56.0545 4192 [ C135BFF15563592B8EA070EA109967F7 ] IHA_MessageCenter C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
    23:09:56.0561 4192 IHA_MessageCenter - ok
    23:09:56.0623 4192 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    23:09:56.0639 4192 iirsp - ok
    23:09:56.0748 4192 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    23:09:56.0764 4192 IKEEXT - ok
    23:09:56.0795 4192 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    23:09:56.0795 4192 intelide - ok
    23:09:56.0842 4192 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    23:09:56.0857 4192 intelppm - ok
    23:09:56.0888 4192 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    23:09:56.0904 4192 IPBusEnum - ok
    23:09:56.0951 4192 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    23:09:56.0966 4192 IpFilterDriver - ok
    23:09:57.0060 4192 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    23:09:57.0076 4192 iphlpsvc - ok
    23:09:57.0107 4192 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    23:09:57.0107 4192 IPMIDRV - ok
    23:09:57.0138 4192 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    23:09:57.0138 4192 IPNAT - ok
    23:09:57.0388 4192 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    23:09:57.0403 4192 iPod Service - ok
    23:09:57.0434 4192 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    23:09:57.0434 4192 IRENUM - ok
    23:09:57.0497 4192 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    23:09:57.0512 4192 isapnp - ok
    23:09:57.0575 4192 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    23:09:57.0590 4192 iScsiPrt - ok
    23:09:57.0684 4192 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    23:09:57.0700 4192 IviRegMgr - ok
    23:09:57.0809 4192 [ BD5BF20EC242E003A2F570B8754A56D1 ] ivusb C:\Windows\system32\DRIVERS\ivusb.sys
    23:09:57.0809 4192 ivusb - ok
    23:09:57.0840 4192 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    23:09:57.0840 4192 kbdclass - ok
    23:09:57.0902 4192 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    23:09:57.0918 4192 kbdhid - ok
    23:09:57.0934 4192 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    23:09:57.0934 4192 KeyIso - ok
    23:09:57.0996 4192 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    23:09:58.0012 4192 KSecDD - ok
    23:09:58.0058 4192 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    23:09:58.0074 4192 KSecPkg - ok
    23:09:58.0121 4192 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    23:09:58.0136 4192 ksthunk - ok
    23:09:58.0261 4192 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    23:09:58.0292 4192 KtmRm - ok
    23:09:58.0370 4192 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    23:09:58.0370 4192 LanmanServer - ok
    23:09:58.0433 4192 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    23:09:58.0448 4192 LanmanWorkstation - ok
    23:09:58.0604 4192 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    23:09:58.0620 4192 LBTServ - ok
    23:09:58.0714 4192 [ 23AAD440FE3A436087E066773954FA10 ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
    23:09:58.0729 4192 LENOVO.CAMMUTE - ok
    23:09:58.0776 4192 [ E9953EEED1653D1CB9EC5C54FF8057DB ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
    23:09:58.0776 4192 LENOVO.MICMUTE - ok
    23:09:58.0792 4192 [ 5ACFF5823634BC2C4EBF559C3B33E18E ] lenovo.smi C:\Windows\system32\DRIVERS\smiifx64.sys
    23:09:58.0792 4192 lenovo.smi - ok
    23:09:58.0823 4192 [ 3488CDBCE014AD1E703FCDDD5BCF5AEC ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
    23:09:58.0823 4192 LENOVO.TPKNRSVC - ok
    23:09:58.0885 4192 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
    23:09:58.0885 4192 LHidFilt - ok
    23:09:58.0916 4192 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    23:09:58.0932 4192 lltdio - ok
    23:09:58.0963 4192 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    23:09:58.0979 4192 lltdsvc - ok
    23:09:58.0994 4192 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    23:09:59.0010 4192 lmhosts - ok
    23:09:59.0057 4192 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
    23:09:59.0072 4192 LMouFilt - ok
    23:09:59.0182 4192 [ A7AD70A504FAC41492A95FE1D567CB52 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    23:09:59.0182 4192 LMS - ok
    23:09:59.0213 4192 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    23:09:59.0244 4192 LSI_FC - ok
    23:09:59.0291 4192 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    23:09:59.0291 4192 LSI_SAS - ok
    23:09:59.0336 4192 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    23:09:59.0346 4192 LSI_SAS2 - ok
    23:09:59.0376 4192 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    23:09:59.0406 4192 LSI_SCSI - ok
    23:09:59.0476 4192 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    23:09:59.0476 4192 luafv - ok
    23:09:59.0566 4192 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    23:09:59.0586 4192 Mcx2Svc - ok
    23:09:59.0846 4192 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    23:09:59.0856 4192 MDM - ok
    23:09:59.0986 4192 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
    23:10:00.0006 4192 mdmxsdk - ok
    23:10:00.0076 4192 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    23:10:00.0096 4192 megasas - ok
    23:10:00.0126 4192 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    23:10:00.0156 4192 MegaSR - ok
    23:10:00.0186 4192 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    23:10:00.0206 4192 MMCSS - ok
    23:10:00.0236 4192 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    23:10:00.0246 4192 Modem - ok
    23:10:00.0326 4192 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    23:10:00.0326 4192 monitor - ok
    23:10:00.0386 4192 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    23:10:00.0406 4192 mouclass - ok
    23:10:00.0466 4192 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    23:10:00.0476 4192 mouhid - ok
    23:10:00.0536 4192 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    23:10:00.0546 4192 mountmgr - ok
    23:10:00.0726 4192 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    23:10:00.0726 4192 MozillaMaintenance - ok
    23:10:00.0796 4192 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    23:10:00.0796 4192 MpFilter - ok
    23:10:00.0846 4192 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    23:10:00.0866 4192 mpio - ok
    23:10:00.0896 4192 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    23:10:00.0906 4192 mpsdrv - ok
    23:10:00.0976 4192 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    23:10:00.0996 4192 MpsSvc - ok
    23:10:01.0056 4192 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    23:10:01.0066 4192 MRxDAV - ok
    23:10:01.0116 4192 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    23:10:01.0126 4192 mrxsmb - ok
    23:10:01.0196 4192 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    23:10:01.0196 4192 mrxsmb10 - ok
    23:10:01.0216 4192 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    23:10:01.0226 4192 mrxsmb20 - ok
    23:10:01.0286 4192 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    23:10:01.0296 4192 msahci - ok
    23:10:01.0346 4192 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    23:10:01.0356 4192 msdsm - ok
     
  6. marimo727

    marimo727 TS Rookie Topic Starter Posts: 30

    23:10:01.0386 4192 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    23:10:01.0396 4192 MSDTC - ok
    23:10:01.0426 4192 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    23:10:01.0426 4192 Msfs - ok
    23:10:01.0456 4192 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    23:10:01.0456 4192 mshidkmdf - ok
    23:10:01.0476 4192 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    23:10:01.0486 4192 msisadrv - ok
    23:10:01.0536 4192 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    23:10:01.0546 4192 MSiSCSI - ok
    23:10:01.0556 4192 msiserver - ok
    23:10:01.0596 4192 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    23:10:01.0596 4192 MSKSSRV - ok
    23:10:01.0756 4192 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
    23:10:01.0756 4192 MsMpSvc - ok
    23:10:01.0776 4192 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    23:10:01.0786 4192 MSPCLOCK - ok
    23:10:01.0846 4192 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    23:10:01.0856 4192 MSPQM - ok
    23:10:01.0906 4192 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    23:10:01.0916 4192 MsRPC - ok
    23:10:01.0956 4192 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    23:10:01.0976 4192 mssmbios - ok
    23:10:01.0996 4192 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    23:10:02.0016 4192 MSTEE - ok
    23:10:02.0026 4192 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    23:10:02.0036 4192 MTConfig - ok
    23:10:02.0046 4192 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    23:10:02.0056 4192 Mup - ok
    23:10:02.0126 4192 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    23:10:02.0146 4192 napagent - ok
    23:10:02.0216 4192 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    23:10:02.0226 4192 NativeWifiP - ok
    23:10:02.0316 4192 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
    23:10:02.0326 4192 NDIS - ok
    23:10:02.0346 4192 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    23:10:02.0346 4192 NdisCap - ok
    23:10:02.0396 4192 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    23:10:02.0406 4192 NdisTapi - ok
    23:10:02.0446 4192 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    23:10:02.0456 4192 Ndisuio - ok
    23:10:02.0496 4192 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    23:10:02.0496 4192 NdisWan - ok
    23:10:02.0566 4192 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    23:10:02.0576 4192 NDProxy - ok
    23:10:02.0656 4192 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
    23:10:02.0666 4192 Net Driver HPZ12 - ok
    23:10:02.0706 4192 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    23:10:02.0716 4192 NetBIOS - ok
    23:10:02.0776 4192 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    23:10:02.0786 4192 NetBT - ok
    23:10:02.0816 4192 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    23:10:02.0826 4192 Netlogon - ok
    23:10:02.0886 4192 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    23:10:02.0896 4192 Netman - ok
    23:10:02.0906 4192 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    23:10:02.0916 4192 netprofm - ok
    23:10:02.0946 4192 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    23:10:02.0966 4192 NetTcpPortSharing - ok
    23:10:03.0026 4192 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    23:10:03.0036 4192 nfrd960 - ok
    23:10:03.0106 4192 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    23:10:03.0116 4192 NisDrv - ok
    23:10:03.0176 4192 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
    23:10:03.0186 4192 NisSrv - ok
    23:10:03.0286 4192 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    23:10:03.0306 4192 NlaSvc - ok
    23:10:03.0356 4192 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    23:10:03.0366 4192 Npfs - ok
    23:10:03.0396 4192 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    23:10:03.0416 4192 nsi - ok
    23:10:03.0446 4192 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    23:10:03.0456 4192 nsiproxy - ok
    23:10:03.0636 4192 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    23:10:03.0656 4192 Ntfs - ok
    23:10:03.0676 4192 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    23:10:03.0676 4192 Null - ok
    23:10:03.0746 4192 [ 8D4AAC74B571FC356560E5B308955E93 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
    23:10:03.0756 4192 NVHDA - ok
    23:10:05.0519 4192 [ A48BFF12CEBF631DC329FB4223201BFA ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    23:10:05.0876 4192 nvlddmkm - ok
    23:10:05.0926 4192 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    23:10:05.0926 4192 nvraid - ok
    23:10:05.0926 4192 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    23:10:05.0936 4192 nvstor - ok
    23:10:05.0996 4192 [ C4E884D605E12A1F815C89C830873BF7 ] nvsvc C:\Windows\system32\nvvsvc.exe
    23:10:06.0006 4192 nvsvc - ok
    23:10:06.0066 4192 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    23:10:06.0066 4192 nv_agp - ok
    23:10:06.0146 4192 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    23:10:06.0156 4192 odserv - ok
    23:10:06.0176 4192 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    23:10:06.0176 4192 ohci1394 - ok
    23:10:06.0226 4192 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    23:10:06.0236 4192 ose - ok
    23:10:06.0256 4192 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    23:10:06.0276 4192 p2pimsvc - ok
    23:10:06.0286 4192 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    23:10:06.0306 4192 p2psvc - ok
    23:10:06.0336 4192 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    23:10:06.0336 4192 Parport - ok
    23:10:06.0376 4192 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    23:10:06.0376 4192 partmgr - ok
    23:10:06.0376 4192 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    23:10:06.0386 4192 PcaSvc - ok
    23:10:06.0416 4192 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    23:10:06.0426 4192 pci - ok
    23:10:06.0436 4192 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    23:10:06.0436 4192 pciide - ok
    23:10:06.0466 4192 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    23:10:06.0466 4192 pcmcia - ok
    23:10:06.0486 4192 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    23:10:06.0486 4192 pcw - ok
    23:10:06.0516 4192 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    23:10:06.0526 4192 PEAUTH - ok
    23:10:06.0576 4192 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    23:10:06.0596 4192 PeerDistSvc - ok
    23:10:06.0676 4192 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    23:10:06.0686 4192 PerfHost - ok
    23:10:06.0756 4192 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    23:10:06.0776 4192 pla - ok
    23:10:06.0836 4192 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    23:10:06.0846 4192 PlugPlay - ok
    23:10:06.0916 4192 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
    23:10:06.0916 4192 Pml Driver HPZ12 - ok
    23:10:06.0936 4192 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    23:10:06.0946 4192 PNRPAutoReg - ok
    23:10:06.0966 4192 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    23:10:06.0966 4192 PNRPsvc - ok
    23:10:07.0016 4192 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    23:10:07.0026 4192 PolicyAgent - ok
    23:10:07.0046 4192 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    23:10:07.0066 4192 Power - ok
    23:10:07.0106 4192 [ EC9FC20699B7A5EB050EF1E3C3A5F024 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
    23:10:07.0116 4192 Power Manager DBC Service - ok
    23:10:07.0156 4192 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    23:10:07.0156 4192 PptpMiniport - ok
    23:10:07.0186 4192 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    23:10:07.0196 4192 Processor - ok
    23:10:07.0236 4192 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
    23:10:07.0246 4192 ProfSvc - ok
    23:10:07.0276 4192 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    23:10:07.0286 4192 ProtectedStorage - ok
    23:10:07.0316 4192 [ 515A7C5A0886FCC60901916785EFD549 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
    23:10:07.0316 4192 psadd - ok
    23:10:07.0356 4192 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    23:10:07.0366 4192 Psched - ok
    23:10:07.0456 4192 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
    23:10:07.0456 4192 PxHlpa64 - ok
    23:10:07.0516 4192 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    23:10:07.0536 4192 ql2300 - ok
    23:10:07.0576 4192 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    23:10:07.0576 4192 ql40xx - ok
    23:10:07.0626 4192 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    23:10:07.0646 4192 QWAVE - ok
    23:10:07.0696 4192 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    23:10:07.0696 4192 QWAVEdrv - ok
    23:10:07.0736 4192 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    23:10:07.0736 4192 RasAcd - ok
    23:10:07.0766 4192 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    23:10:07.0766 4192 RasAgileVpn - ok
    23:10:07.0796 4192 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    23:10:07.0806 4192 RasAuto - ok
    23:10:07.0856 4192 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    23:10:07.0856 4192 Rasl2tp - ok
    23:10:07.0906 4192 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    23:10:07.0916 4192 RasMan - ok
    23:10:07.0946 4192 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    23:10:07.0956 4192 RasPppoe - ok
    23:10:07.0956 4192 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    23:10:07.0966 4192 RasSstp - ok
    23:10:08.0006 4192 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    23:10:08.0016 4192 rdbss - ok
    23:10:08.0026 4192 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    23:10:08.0026 4192 rdpbus - ok
    23:10:08.0046 4192 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    23:10:08.0046 4192 RDPCDD - ok
    23:10:08.0096 4192 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    23:10:08.0096 4192 RDPDR - ok
    23:10:08.0116 4192 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    23:10:08.0116 4192 RDPENCDD - ok
    23:10:08.0126 4192 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    23:10:08.0136 4192 RDPREFMP - ok
    23:10:08.0196 4192 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
    23:10:08.0196 4192 RdpVideoMiniport - ok
    23:10:08.0236 4192 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    23:10:08.0236 4192 RDPWD - ok
    23:10:08.0306 4192 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    23:10:08.0316 4192 rdyboost - ok
    23:10:08.0366 4192 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    23:10:08.0366 4192 RemoteAccess - ok
    23:10:08.0416 4192 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    23:10:08.0426 4192 RemoteRegistry - ok
    23:10:08.0456 4192 [ 3DCA561AAF776AA2E356FB5B142AA5F8 ] rimspci C:\Windows\system32\DRIVERS\rimspe64.sys
    23:10:08.0466 4192 rimspci - ok
    23:10:08.0506 4192 [ 71B48DDAF5E9C2B40E64DE5C405F5AAC ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
    23:10:08.0506 4192 RimUsb - ok
    23:10:08.0566 4192 [ C903D49655B4AAE46673F0AAA6BE0F58 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
    23:10:08.0566 4192 RimVSerPort - ok
    23:10:08.0586 4192 [ BE42F817597D3049960A54CE280C2493 ] rixdpcie C:\Windows\system32\DRIVERS\rixdpe64.sys
    23:10:08.0586 4192 rixdpcie - ok
    23:10:08.0616 4192 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
    23:10:08.0616 4192 ROOTMODEM - ok
    23:10:08.0626 4192 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    23:10:08.0636 4192 RpcEptMapper - ok
    23:10:08.0656 4192 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    23:10:08.0666 4192 RpcLocator - ok
    23:10:08.0716 4192 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    23:10:08.0726 4192 RpcSs - ok
    23:10:08.0758 4192 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    23:10:08.0758 4192 rspndr - ok
    23:10:08.0804 4192 [ C18587AC67F22087575BF12043A88218 ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
    23:10:08.0820 4192 rtl8192se - ok
    23:10:08.0851 4192 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
    23:10:08.0867 4192 s3cap - ok
    23:10:08.0882 4192 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    23:10:08.0882 4192 SamSs - ok
    23:10:08.0898 4192 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    23:10:08.0898 4192 sbp2port - ok
    23:10:08.0929 4192 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    23:10:08.0945 4192 SCardSvr - ok
    23:10:08.0976 4192 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    23:10:08.0992 4192 scfilter - ok
    23:10:09.0038 4192 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    23:10:09.0054 4192 Schedule - ok
    23:10:09.0101 4192 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    23:10:09.0101 4192 SCPolicySvc - ok
    23:10:09.0163 4192 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
    23:10:09.0163 4192 sdbus - ok
    23:10:09.0194 4192 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    23:10:09.0210 4192 SDRSVC - ok
    23:10:09.0257 4192 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    23:10:09.0257 4192 secdrv - ok
    23:10:09.0304 4192 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    23:10:09.0314 4192 seclogon - ok
    23:10:09.0354 4192 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    23:10:09.0364 4192 SENS - ok
    23:10:09.0374 4192 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    23:10:09.0394 4192 SensrSvc - ok
    23:10:09.0444 4192 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    23:10:09.0444 4192 Serenum - ok
    23:10:09.0504 4192 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    23:10:09.0504 4192 Serial - ok
    23:10:09.0564 4192 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    23:10:09.0564 4192 sermouse - ok
    23:10:09.0614 4192 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    23:10:09.0634 4192 SessionEnv - ok
    23:10:09.0654 4192 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
    23:10:09.0664 4192 sffdisk - ok
    23:10:09.0664 4192 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    23:10:09.0664 4192 sffp_mmc - ok
    23:10:09.0674 4192 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
    23:10:09.0674 4192 sffp_sd - ok
    23:10:09.0744 4192 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    23:10:09.0744 4192 sfloppy - ok
    23:10:09.0774 4192 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    23:10:09.0784 4192 SharedAccess - ok
    23:10:09.0824 4192 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    23:10:09.0834 4192 ShellHWDetection - ok
    23:10:09.0904 4192 [ C45942985943FC4AB8A7EA7A92F29C00 ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys
    23:10:09.0904 4192 Shockprf - ok
    23:10:09.0934 4192 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    23:10:09.0934 4192 SiSRaid2 - ok
    23:10:09.0964 4192 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    23:10:09.0964 4192 SiSRaid4 - ok
    23:10:10.0044 4192 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    23:10:10.0054 4192 SkypeUpdate - ok
    23:10:10.0074 4192 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    23:10:10.0074 4192 Smb - ok
    23:10:10.0114 4192 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    23:10:10.0144 4192 SNMPTRAP - ok
    23:10:10.0224 4192 [ 3BB48F7E33C2B76184DDF233000C09CD ] Sony SCSI Helper Service C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
    23:10:10.0244 4192 Sony SCSI Helper Service - ok
    23:10:10.0284 4192 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    23:10:10.0314 4192 spldr - ok
    23:10:10.0434 4192 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
    23:10:10.0454 4192 Spooler - ok
    23:10:10.0774 4192 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    23:10:10.0844 4192 sppsvc - ok
    23:10:10.0894 4192 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    23:10:10.0904 4192 sppuinotify - ok
    23:10:10.0934 4192 sprtsvc_verizondm - ok
    23:10:11.0004 4192 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    23:10:11.0014 4192 srv - ok
    23:10:11.0064 4192 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    23:10:11.0074 4192 srv2 - ok
    23:10:11.0134 4192 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    23:10:11.0154 4192 SrvHsfHDA - ok
    23:10:11.0194 4192 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    23:10:11.0224 4192 SrvHsfV92 - ok
    23:10:11.0364 4192 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    23:10:11.0364 4192 SrvHsfWinac - ok
    23:10:11.0394 4192 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    23:10:11.0404 4192 srvnet - ok
    23:10:11.0464 4192 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    23:10:11.0484 4192 SSDPSRV - ok
    23:10:11.0514 4192 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    23:10:11.0534 4192 SstpSvc - ok
    23:10:11.0594 4192 Steam Client Service - ok
    23:10:11.0814 4192 [ 5166A8690D912B0B9F29FBB028EA9FE7 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    23:10:11.0824 4192 Stereo Service - ok
    23:10:11.0884 4192 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    23:10:11.0894 4192 stexstor - ok
    23:10:11.0964 4192 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    23:10:11.0974 4192 stisvc - ok
    23:10:12.0014 4192 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
    23:10:12.0024 4192 storflt - ok
    23:10:12.0044 4192 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
    23:10:12.0054 4192 StorSvc - ok
    23:10:12.0084 4192 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
    23:10:12.0094 4192 storvsc - ok
    23:10:12.0204 4192 [ CBBD685F75AFF6BE0171026FB7FE7A66 ] SUService C:\Program Files (x86)\Lenovo\System Update\SUService.exe
    23:10:12.0214 4192 SUService - ok
    23:10:12.0244 4192 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    23:10:12.0254 4192 swenum - ok
    23:10:12.0354 4192 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    23:10:12.0474 4192 SwitchBoard - ok
    23:10:12.0524 4192 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    23:10:12.0534 4192 swprv - ok
    23:10:12.0554 4192 Synth3dVsc - ok
    23:10:12.0574 4192 [ 868DFB220A18312A12CEF01BA9AC069B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
    23:10:12.0584 4192 SynTP - ok
    23:10:12.0654 4192 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    23:10:12.0684 4192 SysMain - ok
    23:10:12.0724 4192 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    23:10:12.0734 4192 TabletInputService - ok
    23:10:12.0944 4192 [ 191394B308BD7FEDB4EBB4F7F04C1339 ] TabletServiceWacom C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
    23:10:13.0004 4192 TabletServiceWacom - ok
    23:10:13.0064 4192 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    23:10:13.0084 4192 TapiSrv - ok
    23:10:13.0104 4192 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    23:10:13.0114 4192 TBS - ok
    23:10:13.0185 4192 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    23:10:13.0205 4192 Tcpip - ok
    23:10:13.0245 4192 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    23:10:13.0265 4192 TCPIP6 - ok
    23:10:13.0305 4192 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    23:10:13.0305 4192 tcpipreg - ok
    23:10:13.0335 4192 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    23:10:13.0345 4192 TDPIPE - ok
    23:10:13.0385 4192 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    23:10:13.0385 4192 TDTCP - ok
    23:10:13.0455 4192 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    23:10:13.0475 4192 tdx - ok
    23:10:13.0575 4192 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    23:10:13.0575 4192 TermDD - ok
    23:10:13.0785 4192 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    23:10:13.0825 4192 TermService - ok
    23:10:13.0865 4192 tgsrvc_verizondm - ok
    23:10:13.0955 4192 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    23:10:13.0995 4192 Themes - ok
    23:10:14.0286 4192 [ 8EB3B845A55AFE8367C99C1B499340DF ] ThinkVantage Registry Monitor Service C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    23:10:14.0316 4192 ThinkVantage Registry Monitor Service - ok
    23:10:14.0366 4192 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    23:10:14.0376 4192 THREADORDER - ok
    23:10:14.0386 4192 [ 6DB3FAE611554DC373E266ED50111B1C ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM64.sys
    23:10:14.0406 4192 TPDIGIMN - ok
    23:10:14.0436 4192 [ 47D2009FDC682833EE03B6DCBA23FDD2 ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG64.exe
    23:10:14.0466 4192 TPHDEXLGSVC - ok
    23:10:14.0706 4192 [ 88E1F5E9C121167D9E226CBE7FE5FB82 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    23:10:14.0726 4192 TPHKSVC - ok
    23:10:14.0836 4192 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
    23:10:14.0856 4192 TPM - ok
    23:10:14.0896 4192 [ 2C067E01D6BBCCC88B233B868E210907 ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys
    23:10:14.0916 4192 TPPWRIF - ok
    23:10:14.0956 4192 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    23:10:14.0966 4192 TrkWks - ok
    23:10:15.0056 4192 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    23:10:15.0076 4192 TrustedInstaller - ok
    23:10:15.0136 4192 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    23:10:15.0146 4192 tssecsrv - ok
    23:10:15.0236 4192 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    23:10:15.0246 4192 TsUsbFlt - ok
    23:10:15.0256 4192 tsusbhub - ok
    23:10:15.0326 4192 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    23:10:15.0346 4192 tunnel - ok
    23:10:15.0586 4192 [ 4E7F50B0735A9CC58997CC2C92E41290 ] TVT Backup Service C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
    23:10:15.0606 4192 TVT Backup Service - ok
    23:10:15.0676 4192 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    23:10:15.0706 4192 uagp35 - ok
    23:10:15.0766 4192 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    23:10:15.0786 4192 udfs - ok
    23:10:15.0856 4192 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    23:10:15.0866 4192 UI0Detect - ok
    23:10:15.0936 4192 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    23:10:15.0966 4192 uliagpkx - ok
    23:10:16.0016 4192 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    23:10:16.0036 4192 umbus - ok
    23:10:16.0076 4192 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    23:10:16.0086 4192 UmPass - ok
    23:10:16.0126 4192 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
    23:10:16.0136 4192 UmRdpService - ok
    23:10:16.0316 4192 [ 40C7C20D2D1798EEB68EEFD606C20689 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    23:10:16.0336 4192 UNS - ok
    23:10:16.0406 4192 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    23:10:16.0426 4192 upnphost - ok
    23:10:16.0466 4192 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    23:10:16.0476 4192 USBAAPL64 - ok
    23:10:16.0516 4192 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    23:10:16.0516 4192 usbccgp - ok
    23:10:16.0586 4192 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    23:10:16.0596 4192 usbcir - ok
    23:10:16.0656 4192 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
    23:10:16.0666 4192 usbehci - ok
    23:10:16.0736 4192 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    23:10:16.0746 4192 usbhub - ok
    23:10:16.0786 4192 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    23:10:16.0796 4192 usbohci - ok
    23:10:16.0876 4192 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    23:10:16.0906 4192 usbprint - ok
    23:10:16.0956 4192 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    23:10:16.0956 4192 usbscan - ok
    23:10:17.0026 4192 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    23:10:17.0036 4192 USBSTOR - ok
    23:10:17.0076 4192 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    23:10:17.0076 4192 usbuhci - ok
    23:10:17.0136 4192 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
    23:10:17.0136 4192 usbvideo - ok
    23:10:17.0217 4192 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    23:10:17.0287 4192 UxSms - ok
    23:10:17.0327 4192 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    23:10:17.0337 4192 VaultSvc - ok
    23:10:17.0397 4192 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    23:10:17.0407 4192 vdrvroot - ok
    23:10:17.0517 4192 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    23:10:17.0537 4192 vds - ok
    23:10:17.0597 4192 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    23:10:17.0607 4192 vga - ok
    23:10:17.0617 4192 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    23:10:17.0627 4192 VgaSave - ok
    23:10:17.0627 4192 VGPU - ok
    23:10:17.0737 4192 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    23:10:17.0757 4192 vhdmp - ok
    23:10:17.0797 4192 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    23:10:17.0797 4192 viaide - ok
    23:10:17.0877 4192 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
    23:10:17.0877 4192 vmbus - ok
    23:10:17.0927 4192 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
    23:10:17.0937 4192 VMBusHID - ok
    23:10:17.0947 4192 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    23:10:17.0947 4192 volmgr - ok
    23:10:18.0027 4192 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    23:10:18.0047 4192 volmgrx - ok
    23:10:18.0077 4192 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    23:10:18.0077 4192 volsnap - ok
    23:10:18.0157 4192 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    23:10:18.0157 4192 vsmraid - ok
    23:10:18.0248 4192 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    23:10:18.0268 4192 VSS - ok
    23:10:18.0328 4192 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    23:10:18.0328 4192 vwifibus - ok
    23:10:18.0368 4192 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    23:10:18.0368 4192 vwififlt - ok
    23:10:18.0408 4192 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
    23:10:18.0408 4192 vwifimp - ok
    23:10:18.0438 4192 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    23:10:18.0458 4192 W32Time - ok
    23:10:18.0508 4192 [ FE75777289278A4941FE6139E82B3BD9 ] wacmoumonitor C:\Windows\system32\DRIVERS\wacmoumonitor.sys
    23:10:18.0518 4192 wacmoumonitor - ok
    23:10:18.0558 4192 [ E04D43C7D1641E95D35CAE6086C7E350 ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
    23:10:18.0568 4192 wacommousefilter - ok
    23:10:18.0598 4192 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    23:10:18.0608 4192 WacomPen - ok
    23:10:18.0658 4192 [ EC1CEB237E365330C1FCFC4876AA0AC0 ] wacomvhid C:\Windows\system32\DRIVERS\wacomvhid.sys
    23:10:18.0658 4192 wacomvhid - ok
    23:10:18.0718 4192 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    23:10:18.0718 4192 WANARP - ok
    23:10:18.0718 4192 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    23:10:18.0728 4192 Wanarpv6 - ok
    23:10:18.0848 4192 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    23:10:18.0858 4192 WatAdminSvc - ok
    23:10:18.0918 4192 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    23:10:18.0958 4192 wbengine - ok
    23:10:19.0008 4192 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    23:10:19.0018 4192 WbioSrvc - ok
    23:10:19.0068 4192 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    23:10:19.0078 4192 wcncsvc - ok
    23:10:19.0108 4192 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    23:10:19.0118 4192 WcsPlugInService - ok
    23:10:19.0148 4192 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    23:10:19.0148 4192 Wd - ok
    23:10:19.0188 4192 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    23:10:19.0198 4192 Wdf01000 - ok
    23:10:19.0218 4192 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    23:10:19.0228 4192 WdiServiceHost - ok
    23:10:19.0238 4192 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    23:10:19.0248 4192 WdiSystemHost - ok
    23:10:19.0288 4192 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    23:10:19.0298 4192 WebClient - ok
    23:10:19.0338 4192 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    23:10:19.0358 4192 Wecsvc - ok
    23:10:19.0388 4192 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    23:10:19.0398 4192 wercplsupport - ok
    23:10:19.0448 4192 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    23:10:19.0458 4192 WerSvc - ok
    23:10:19.0518 4192 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    23:10:19.0518 4192 WfpLwf - ok
    23:10:19.0548 4192 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    23:10:19.0558 4192 WIMMount - ok
    23:10:19.0608 4192 [ 1EDBBF412A382550AF6EB35F5E46928E ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
    23:10:19.0618 4192 winachsf - ok
    23:10:19.0628 4192 WinDefend - ok
    23:10:19.0788 4192 [ 0AE97898030BC89D64BE429A88C33A7F ] WinFLdrv C:\Windows\syswow64\WinFLdrv.sys
    23:10:19.0798 4192 Suspicious file (Hidden): C:\Windows\syswow64\WinFLdrv.sys. md5: 0AE97898030BC89D64BE429A88C33A7F
    23:10:19.0798 4192 WinFLdrv ( HiddenFile.Multi.Generic ) - warning
    23:10:19.0798 4192 WinFLdrv - detected HiddenFile.Multi.Generic (1)
    23:10:19.0808 4192 WinHttpAutoProxySvc - ok
    23:10:19.0898 4192 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    23:10:19.0918 4192 Winmgmt - ok
    23:10:20.0058 4192 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    23:10:20.0088 4192 WinRM - ok
    23:10:20.0178 4192 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    23:10:20.0189 4192 WinUsb - ok
    23:10:20.0349 4192 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    23:10:20.0369 4192 Wlansvc - ok
    23:10:20.0449 4192 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    23:10:20.0449 4192 WmiAcpi - ok
    23:10:20.0479 4192 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    23:10:20.0479 4192 wmiApSrv - ok
    23:10:20.0539 4192 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    23:10:20.0549 4192 WPCSvc - ok
    23:10:20.0599 4192 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    23:10:20.0609 4192 WPDBusEnum - ok
    23:10:20.0639 4192 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    23:10:20.0639 4192 ws2ifsl - ok
    23:10:20.0679 4192 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    23:10:20.0689 4192 wscsvc - ok
    23:10:20.0689 4192 WSearch - ok
    23:10:20.0779 4192 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    23:10:20.0809 4192 wuauserv - ok
    23:10:20.0859 4192 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    23:10:20.0859 4192 WudfPf - ok
    23:10:20.0889 4192 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    23:10:20.0899 4192 WUDFRd - ok
    23:10:20.0949 4192 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    23:10:20.0959 4192 wudfsvc - ok
    23:10:20.0999 4192 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    23:10:21.0009 4192 WwanSvc - ok
    23:10:21.0029 4192 [ E8F3FA126A06F8E7088F63757112A186 ] XAudio C:\Windows\system32\DRIVERS\XAudio64.sys
    23:10:21.0039 4192 XAudio - ok
    23:10:21.0039 4192 ================ Scan global ===============================
    23:10:21.0099 4192 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    23:10:21.0139 4192 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    23:10:21.0159 4192 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    23:10:21.0209 4192 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    23:10:21.0249 4192 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    23:10:21.0269 4192 [Global] - ok
    23:10:21.0269 4192 ================ Scan MBR ==================================
    23:10:21.0299 4192 [ 325EFB654DCC313115A50E86F0027E18 ] \Device\Harddisk0\DR0
    23:10:21.0619 4192 \Device\Harddisk0\DR0 - ok
    23:10:21.0619 4192 ================ Scan VBR ==================================
    23:10:21.0619 4192 [ 6D2F2E49F52CCEE03FB915C160F9ADBB ] \Device\Harddisk0\DR0\Partition1
    23:10:21.0619 4192 \Device\Harddisk0\DR0\Partition1 - ok
    23:10:21.0619 4192 ============================================================
    23:10:21.0619 4192 Scan finished
    23:10:21.0619 4192 ============================================================
    23:10:21.0639 7072 Detected object count: 2
    23:10:21.0639 7072 Actual detected object count: 2
    23:11:35.0685 7072 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
    23:11:35.0685 7072 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
    23:11:35.0685 7072 WinFLdrv ( HiddenFile.Multi.Generic ) - skipped by user
    23:11:35.0685 7072 WinFLdrv ( HiddenFile.Multi.Generic ) - User select action: Skip
     
  7. marimo727

    marimo727 TS Rookie Topic Starter Posts: 30

    RogueKiller V8.1.1 [10/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : ayi490 [Admin rights]
    Mode : Scan -- Date : 10/03/2012 23:17:17

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 13 ¤¤¤
    [TASK][SUSP PATH] {7A707390-71A0-402E-8E81-E826DE19EA03} : C:\Windows\system32\pcalua.exe -a C:\Users\Student\Desktop\JTabletSetupv0.9.5.exe -d "C:\Program Files (x86)\Mozilla Firefox" -> FOUND
    [TASK][SUSP PATH] {80B38E40-7A83-40E7-ABE1-A7EB28544A78} : C:\Windows\system32\pcalua.exe -a C:\Users\Student\Desktop\lide25vst6411011aen\SetupSG.exe -d C:\Users\Student\Desktop\lide25vst6411011aen -> FOUND
    [TASK][SUSP PATH] {937EBC88-6282-498C-960A-57A7FEDA79C3} : C:\Windows\system32\pcalua.exe -a "C:\Users\Student\Desktop\Easy Paint Tool SAI.exe" -d C:\Users\Student\Desktop -> FOUND
    [TASK][SUSP PATH] {B1DA31C0-A3DF-49EC-86DB-907E9F73F878} : C:\Windows\system32\pcalua.exe -a C:\Users\Student\Desktop\MCPR.exe -d C:\Users\Student\Desktop -> FOUND
    [TASK][SUSP PATH] {E007DDDD-4BF7-466A-AD68-F8F3DD25442A} : C:\Windows\system32\pcalua.exe -a C:\Users\Student\Desktop\Shockwave_Installer_Slim.exe -d "C:\Program Files (x86)\Mozilla Firefox" -> FOUND
    [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND
    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 3dns-2.adobe.com #192.150.22.22
    127.0.0.1 3dns-3.adobe.com #192.150.14.21
    127.0.0.1 3dns-4.adobe.com #192.150.18.247
    127.0.0.1 3dns-5.adobe.com #192.150.22.46
    127.0.0.1 adobe-dns.adobe.com #192.150.11.30
    127.0.0.1 adobe-dns-2.adobe.com #192.150.11.247
    127.0.0.1 adobe-dns-3.adobe.com #192.150.22.30
    127.0.0.1 adobe.activate.com #69.175.22.26
    127.0.0.1 activate.adobe.com #192.150.22.40
    127.0.0.1 activate.wip3.adobe.com #192.150.22.40
    127.0.0.1 activate.wip4.adobe.com #192.150.22.40
    127.0.0.1 activate-sea.adobe.com #192.150.22.40
    127.0.0.1 activate-sjc0.adobe.com #192.150.14.69
    127.0.0.1 ereg.adobe.com #192.150.18.103
    127.0.0.1 ereg.wip3.adobe.com #192.150.18.63
    127.0.0.1 ereg.wip4.adobe.com #192.150.18.103
    127.0.0.1 practivate.adobe.com #192.150.18.54
    127.0.0.1 www.wip3.adobe.com #192.150.8.60
    127.0.0.1 www.wip4.adobe.com #192.150.18.200
    127.0.0.1 www.adobeereg.com #75.125.24.83
    [...]


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: HITACHI HTS725032A9A364 +++++
    --- User ---
    [MBR] 45d33f846187e74f95d8a09a6a1255a3
    [BSP] b0140874fbdbae3556ea9cb68578aeed : Lenovo tatooed MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 11132 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 22800384 | Size: 294111 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt


    RogueKiller V8.1.1 [10/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : ayi490 [Admin rights]
    Mode : Remove -- Date : 10/03/2012 23:18:11

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 11 ¤¤¤
    [TASK][SUSP PATH] {7A707390-71A0-402E-8E81-E826DE19EA03} : C:\Windows\system32\pcalua.exe -a C:\Users\Student\Desktop\JTabletSetupv0.9.5.exe -d "C:\Program Files (x86)\Mozilla Firefox" -> DELETED
    [TASK][SUSP PATH] {80B38E40-7A83-40E7-ABE1-A7EB28544A78} : C:\Windows\system32\pcalua.exe -a C:\Users\Student\Desktop\lide25vst6411011aen\SetupSG.exe -d C:\Users\Student\Desktop\lide25vst6411011aen -> DELETED
    [TASK][SUSP PATH] {937EBC88-6282-498C-960A-57A7FEDA79C3} : C:\Windows\system32\pcalua.exe -a "C:\Users\Student\Desktop\Easy Paint Tool SAI.exe" -d C:\Users\Student\Desktop -> DELETED
    [TASK][SUSP PATH] {B1DA31C0-A3DF-49EC-86DB-907E9F73F878} : C:\Windows\system32\pcalua.exe -a C:\Users\Student\Desktop\MCPR.exe -d C:\Users\Student\Desktop -> DELETED
    [TASK][SUSP PATH] {E007DDDD-4BF7-466A-AD68-F8F3DD25442A} : C:\Windows\system32\pcalua.exe -a C:\Users\Student\Desktop\Shockwave_Installer_Slim.exe -d "C:\Program Files (x86)\Mozilla Firefox" -> DELETED
    [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 3dns-2.adobe.com #192.150.22.22
    127.0.0.1 3dns-3.adobe.com #192.150.14.21
    127.0.0.1 3dns-4.adobe.com #192.150.18.247
    127.0.0.1 3dns-5.adobe.com #192.150.22.46
    127.0.0.1 adobe-dns.adobe.com #192.150.11.30
    127.0.0.1 adobe-dns-2.adobe.com #192.150.11.247
    127.0.0.1 adobe-dns-3.adobe.com #192.150.22.30
    127.0.0.1 adobe.activate.com #69.175.22.26
    127.0.0.1 activate.adobe.com #192.150.22.40
    127.0.0.1 activate.wip3.adobe.com #192.150.22.40
    127.0.0.1 activate.wip4.adobe.com #192.150.22.40
    127.0.0.1 activate-sea.adobe.com #192.150.22.40
    127.0.0.1 activate-sjc0.adobe.com #192.150.14.69
    127.0.0.1 ereg.adobe.com #192.150.18.103
    127.0.0.1 ereg.wip3.adobe.com #192.150.18.63
    127.0.0.1 ereg.wip4.adobe.com #192.150.18.103
    127.0.0.1 practivate.adobe.com #192.150.18.54
    127.0.0.1 www.wip3.adobe.com #192.150.8.60
    127.0.0.1 www.wip4.adobe.com #192.150.18.200
    127.0.0.1 www.adobeereg.com #75.125.24.83
    [...]


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: HITACHI HTS725032A9A364 +++++
    --- User ---
    [MBR] 45d33f846187e74f95d8a09a6a1255a3
    [BSP] b0140874fbdbae3556ea9cb68578aeed : Lenovo tatooed MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 11132 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 22800384 | Size: 294111 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
     
  8. marimo727

    marimo727 TS Rookie Topic Starter Posts: 30

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-03 23:19:57
    -----------------------------
    23:19:57.618 OS Version: Windows x64 6.1.7601 Service Pack 1
    23:19:57.618 Number of processors: 4 586 0x2502
    23:19:57.618 ComputerName: AYI490-PC UserName: ayi490
    23:19:59.007 Initialize success
    23:25:25.095 AVAST engine defs: 12100302
    23:26:31.255 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    23:26:31.255 Disk 0 Vendor: HITACHI_ PC3Z Size: 305245MB BusType: 3
    23:26:31.270 Disk 0 MBR read successfully
    23:26:31.270 Disk 0 MBR scan
    23:26:31.286 Disk 0 unknown MBR code
    23:26:31.302 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 11132 MB offset 2048
    23:26:31.317 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 294111 MB offset 22800384
    23:26:31.364 Disk 0 scanning C:\Windows\system32\drivers
    23:26:46.714 Service scanning
    23:27:32.391 Modules scanning
    23:27:32.391 Disk 0 trace - called modules:
    23:27:32.407 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
    23:27:32.423 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80069bd060]
    23:27:32.438 3 CLASSPNP.SYS[fffff880011c543f] -> nt!IofCallDriver -> [0xfffffa8004959800]
    23:27:32.454 5 ACPI.sys[fffff88000f507a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800495f050]
    23:27:33.686 AVAST engine scan C:\Windows
    23:27:36.697 AVAST engine scan C:\Windows\system32
    23:32:10.030 AVAST engine scan C:\Windows\system32\drivers
    23:32:34.569 AVAST engine scan C:\Users\Student
    23:39:00.935 Disk 0 MBR has been saved successfully to "C:\Users\Student\Desktop\MBR.dat"
    23:39:00.950 The log file has been saved successfully to "C:\Users\Student\Desktop\aswMBR.txt"


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-03 23:19:57
    -----------------------------
    23:19:57.618 OS Version: Windows x64 6.1.7601 Service Pack 1
    23:19:57.618 Number of processors: 4 586 0x2502
    23:19:57.618 ComputerName: AYI490-PC UserName: ayi490
    23:19:59.007 Initialize success
    23:25:25.095 AVAST engine defs: 12100302
    23:26:31.255 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    23:26:31.255 Disk 0 Vendor: HITACHI_ PC3Z Size: 305245MB BusType: 3
    23:26:31.270 Disk 0 MBR read successfully
    23:26:31.270 Disk 0 MBR scan
    23:26:31.286 Disk 0 unknown MBR code
    23:26:31.302 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 11132 MB offset 2048
    23:26:31.317 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 294111 MB offset 22800384
    23:26:31.364 Disk 0 scanning C:\Windows\system32\drivers
    23:26:46.714 Service scanning
    23:27:32.391 Modules scanning
    23:27:32.391 Disk 0 trace - called modules:
    23:27:32.407 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
    23:27:32.423 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80069bd060]
    23:27:32.438 3 CLASSPNP.SYS[fffff880011c543f] -> nt!IofCallDriver -> [0xfffffa8004959800]
    23:27:32.454 5 ACPI.sys[fffff88000f507a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800495f050]
    23:27:33.686 AVAST engine scan C:\Windows
    23:27:36.697 AVAST engine scan C:\Windows\system32
    23:32:10.030 AVAST engine scan C:\Windows\system32\drivers
    23:32:34.569 AVAST engine scan C:\Users\Student
    23:39:00.935 Disk 0 MBR has been saved successfully to "C:\Users\Student\Desktop\MBR.dat"
    23:39:00.950 The log file has been saved successfully to "C:\Users\Student\Desktop\aswMBR.txt"
    23:53:54.840 AVAST engine scan C:\ProgramData
    00:00:31.059 Scan finished successfully
    00:01:36.315 Disk 0 MBR has been saved successfully to "C:\Users\Student\Desktop\MBR.dat"
    00:01:36.362 The log file has been saved successfully to "C:\Users\Student\Desktop\aswMBR.txt"


    ^( I accidentally saved the log once during the scan...)
     
  9. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ====================================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If restarting doesn't help use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  10. marimo727

    marimo727 TS Rookie Topic Starter Posts: 30

    ComboFix 12-10-03.03 - ayi490 04-Oct-12 1:00.1.4 - x64
    Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3956.1430 [GMT -4:00]
    Running from: c:\users\Student\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\programdata\3002.abs
    c:\programdata\3002.xml
    c:\users\Public\sdelevURL.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-04 to 2012-10-04 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-04 05:11 . 2012-10-04 05:11 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-10-04 05:11 . 2012-10-04 05:11 -------- d-----w- c:\users\Administrator.AYI490-PC\AppData\Local\temp
    2012-10-03 20:29 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FC0F79EE-9C8E-4EC7-B4EB-DD92187D17D8}\mpengine.dll
    2012-10-03 19:18 . 2012-10-03 19:18 -------- d-----w- c:\users\Student\AppData\Roaming\Malwarebytes
    2012-10-03 19:18 . 2012-10-03 19:18 -------- d-----w- c:\programdata\Malwarebytes
    2012-10-03 19:18 . 2012-10-03 19:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-10-03 19:18 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-03 04:01 . 2012-10-03 04:01 -------- d-----w- c:\users\Default\AppData\Local\Bulents
    2012-10-03 04:01 . 2012-10-03 04:01 -------- d-----w- c:\users\Administrator.AYI490-PC\AppData\Local\Bulents
    2012-10-03 04:01 . 2012-10-03 04:01 -------- d-----w- c:\users\Student\AppData\Local\Bulents
    2012-10-03 04:00 . 2012-10-03 04:01 -------- d-----w- c:\program files\BSR Screen Recorder 6
    2012-10-02 17:09 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-09-27 20:39 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-09-27 20:38 . 2012-09-27 20:38 -------- d-----w- c:\program files\iPod
    2012-09-27 20:38 . 2012-09-27 20:38 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-09-27 20:38 . 2012-09-27 20:38 -------- d-----w- c:\program files\iTunes
    2012-09-27 20:38 . 2012-09-27 20:38 -------- d-----w- c:\program files (x86)\iTunes
    2012-09-27 13:04 . 2012-09-27 13:04 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1125C0EB-E981-45AF-9997-4D60F9B7D47F}\gapaengine.dll
    2012-09-17 20:37 . 2012-09-17 20:37 44544 ----a-w- c:\windows\SysWow64\agremove.exe
    2012-09-12 21:15 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-09-12 21:15 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-09-12 21:15 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-09-09 06:41 . 2012-09-09 06:44 -------- d-----w- c:\programdata\TrackMania
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-21 04:18 . 2012-04-06 13:50 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-09-21 04:18 . 2011-05-29 21:40 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-17 19:25 . 2010-05-20 19:35 17920 ----a-w- c:\windows\system32\rpcnetp.exe
    2012-09-12 21:51 . 2010-05-20 18:01 64462936 ----a-w- c:\windows\system32\MRT.exe
    2012-08-31 02:03 . 2012-08-31 02:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2012-08-31 02:03 . 2011-04-27 13:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
    2012-08-29 00:24 . 2012-06-21 04:31 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2012-08-29 00:24 . 2011-04-01 01:19 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-08-21 17:01 . 2010-05-21 15:19 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
    2012-08-21 17:01 . 2010-05-21 15:19 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
    2012-07-18 18:15 . 2012-08-15 00:16 3148800 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Student\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Student\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Student\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Akamai NetSession Interface"="c:\users\Student\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-04 1353080]
    "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
    .
    c:\users\Student\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Student\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "LogonType"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk *
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-14 136176]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
    R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-03-03 164200]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-14 136176]
    R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-09 114144]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
    R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2010-03-03 75112]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-09-28 55808]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-11-02 13312]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-20 1255736]
    S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2010-03-03 30320]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
    S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2009-10-09 23592]
    S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2008-05-12 15400]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
    S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-12-12 290832]
    S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-03-10 50536]
    S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-11-17 44984]
    S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-03-10 74088]
    S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-10-26 61952]
    S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-02-01 206120]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-31 382312]
    S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2010-11-15 5716848]
    S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-02-01 185640]
    S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-01-18 63928]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
    S2 WinFLdrv;WinFLdrv;SysWOW64\WinFLdrv.sys [x]
    S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2009-12-14 163072]
    S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-06-30 292864]
    S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-12-10 294064]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
    S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-03-31 1098784]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-04 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 04:18]
    .
    2012-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-14 07:01]
    .
    2012-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-14 07:01]
    .
    2012-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3330628032-2925737617-41503417-1002Core.job
    - c:\users\Student\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18 05:51]
    .
    2012-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3330628032-2925737617-41503417-1002UA.job
    - c:\users\Student\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18 05:51]
    .
    2012-09-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
    .
    2012-10-04 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Student\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Student\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Student\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Student\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-17 307768]
    "LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-03-10 62312]
    "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://cpprod.stjohns.edu/cp/home/loginf
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    Trusted Zone: stjohns.edu
    Trusted Zone: tellmemorecampus.com\www.stjohns
    Trusted Zone: tellmemorecampus.com\www.stjohns
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\9bh0w57m.default\
    FF - prefs.js: browser.startup.homepage - hxxp://cpprod.stjohns.edu/cp/home/loginf
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    SafeBoot-rpcnet
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-AuralogComponentsUninstall9.exe - c:\windows\system32\\Auralog\tmm\Uninstall\AuralogComponentsUninstall9.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Network Associates]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe
    c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
    c:\program files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
    c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
    c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    c:\program files (x86)\Lenovo\System Update\SUService.exe
    c:\program files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    .
    **************************************************************************
    .
    Completion time: 2012-10-04 01:19:19 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-10-04 05:19
    .
    Pre-Run: 79,471,960,064 bytes free
    Post-Run: 78,917,423,104 bytes free
    .
    - - End Of File - - 4F62B7E05C8D8E9A9165DDD6B3D0FB66

    firefox said it wasn't the default browser when I opened it after restarting.
     
  11. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Combofix did it. You can reset Firefox as default.

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  12. marimo727

    marimo727 TS Rookie Topic Starter Posts: 30

    OTL logfile created on: 04-Oct-12 3:24:37 PM - Run 1
    OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Student\Desktop
    64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

    3.86 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 68.97% Memory free
    7.72 Gb Paging File | 6.16 Gb Available in Paging File | 79.74% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 287.22 Gb Total Space | 73.54 Gb Free Space | 25.61% Space Free | Partition Type: NTFS

    Computer Name: AYI490-PC | User Name: ayi490 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012-10-04 15:23:29 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Student\Desktop\OTL.exe
    PRC - [2012-08-10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Student\AppData\Local\Akamai\netsession_win.exe
    PRC - [2012-05-31 12:27:14 | 000,382,312 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012-05-24 14:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Student\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2011-02-01 05:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
    PRC - [2011-02-01 05:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
    PRC - [2010-03-10 14:36:04 | 000,050,536 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
    PRC - [2010-03-10 14:35:44 | 000,074,088 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
    PRC - [2010-03-10 14:35:40 | 000,062,312 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
    PRC - [2010-03-01 11:29:12 | 000,259,432 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
    PRC - [2010-03-01 11:29:10 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
    PRC - [2010-03-01 11:17:52 | 000,344,064 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
    PRC - [2010-01-18 15:41:50 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
    PRC - [2009-12-21 18:49:44 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    PRC - [2009-12-09 16:49:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2009-12-09 14:37:14 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2009-11-24 13:51:18 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    PRC - [2009-11-17 18:06:02 | 000,044,984 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
    PRC - [2009-11-11 17:33:10 | 000,078,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
    PRC - [2009-10-19 17:18:36 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
    PRC - [2009-10-01 16:14:30 | 000,144,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
    PRC - [2009-09-25 16:11:08 | 001,028,096 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    PRC - [2009-03-05 16:28:26 | 000,059,760 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
    PRC - [2007-09-11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    PRC - [2007-01-04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011-06-24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011-06-24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012-09-12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012-09-12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011-09-27 15:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV:64bit: - [2010-11-15 11:08:10 | 005,716,848 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
    SRV:64bit: - [2010-03-10 14:36:04 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
    SRV:64bit: - [2010-03-10 14:35:44 | 000,074,088 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
    SRV:64bit: - [2010-01-18 15:41:50 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
    SRV:64bit: - [2009-11-18 14:04:24 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
    SRV:64bit: - [2009-11-17 18:06:02 | 000,044,984 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
    SRV:64bit: - [2009-10-09 12:12:52 | 000,047,656 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
    SRV:64bit: - [2009-07-13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009-07-13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2012-10-02 23:54:53 | 000,531,792 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012-09-21 00:18:46 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012-09-09 19:41:07 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012-09-06 16:19:55 | 004,537,664 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll -- (Akamai)
    SRV - [2012-07-03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012-05-31 12:27:14 | 000,382,312 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2011-12-12 06:03:40 | 000,290,832 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
    SRV - [2011-02-01 05:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm)
    SRV - [2011-02-01 05:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm)
    SRV - [2010-10-22 20:03:08 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010-04-02 22:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
    SRV - [2010-03-03 03:20:00 | 000,164,200 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
    SRV - [2010-03-03 03:20:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
    SRV - [2010-03-01 11:29:12 | 000,259,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
    SRV - [2010-03-01 11:29:10 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
    SRV - [2010-02-19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009-12-09 16:49:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2009-12-09 14:37:14 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2009-10-19 17:18:36 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
    SRV - [2009-09-25 16:11:08 | 001,028,096 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
    SRV - [2009-06-10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009-04-29 11:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
    SRV - [2007-09-11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
    SRV - [2007-01-04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012-08-30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012-08-21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012-03-01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012-02-15 06:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012-01-17 08:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2011-09-21 10:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
    DRV:64bit: - [2011-09-02 02:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV:64bit: - [2011-09-02 02:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV:64bit: - [2011-03-11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011-03-11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011-02-16 18:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
    DRV:64bit: - [2010-11-20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010-11-20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010-11-20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010-11-20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010-11-02 16:07:54 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
    DRV:64bit: - [2010-08-26 12:01:22 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
    DRV:64bit: - [2010-08-26 12:01:18 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
    DRV:64bit: - [2010-07-29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
    DRV:64bit: - [2010-07-12 14:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2010-05-21 12:48:23 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
    DRV:64bit: - [2010-04-23 00:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010-03-30 21:56:02 | 001,098,784 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
    DRV:64bit: - [2010-03-03 03:20:00 | 000,030,320 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
    DRV:64bit: - [2010-03-03 03:20:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
    DRV:64bit: - [2010-01-20 07:14:06 | 000,682,040 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
    DRV:64bit: - [2010-01-15 12:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009-12-14 17:09:08 | 000,163,072 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
    DRV:64bit: - [2009-12-10 09:37:56 | 000,294,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
    DRV:64bit: - [2009-11-18 14:04:04 | 000,032,880 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
    DRV:64bit: - [2009-10-26 14:52:00 | 000,061,952 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
    DRV:64bit: - [2009-10-09 12:11:38 | 000,136,744 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
    DRV:64bit: - [2009-10-09 12:10:00 | 000,023,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
    DRV:64bit: - [2009-09-28 16:46:00 | 000,055,808 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
    DRV:64bit: - [2009-09-17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009-07-13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009-07-13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009-07-13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009-07-13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
    DRV:64bit: - [2009-07-13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2009-06-30 13:05:16 | 001,486,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
    DRV:64bit: - [2009-06-30 13:01:16 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
    DRV:64bit: - [2009-06-30 12:59:54 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
    DRV:64bit: - [2009-06-10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009-06-10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009-06-10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009-06-10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009-06-10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009-06-10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009-06-10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009-04-29 11:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
    DRV:64bit: - [2009-03-18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
    DRV:64bit: - [2009-01-09 17:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
    DRV:64bit: - [2008-05-12 18:04:24 | 000,015,400 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
    DRV:64bit: - [2006-06-18 22:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
    DRV - [2009-07-13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



    IE - HKU\S-1-5-21-3330628032-2925737617-41503417-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cpprod.stjohns.edu/cp/home/loginf
    IE - HKU\S-1-5-21-3330628032-2925737617-41503417-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-3330628032-2925737617-41503417-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 29 4A C9 68 3F F8 CA 01 [binary data]
    IE - HKU\S-1-5-21-3330628032-2925737617-41503417-1002\..\SearchScopes,DefaultScope = {CC93B958-2BFA-4897-B0AA-1F2D4B1D917F}
    IE - HKU\S-1-5-21-3330628032-2925737617-41503417-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-3330628032-2925737617-41503417-1002\..\SearchScopes\{CC93B958-2BFA-4897-B0AA-1F2D4B1D917F}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKU\S-1-5-21-3330628032-2925737617-41503417-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3330628032-2925737617-41503417-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/"
    FF - prefs.js..extensions.enabledAddons: ALone-live@ya.ru:1.3.8
    FF - prefs.js..extensions.enabledAddons: DeviceDetection@logitech.com:1.23.0.5
    FF - prefs.js..extensions.enabledAddons: faviconizetab@espion.just-size.jp:1.0.6
    FF - prefs.js..extensions.enabledAddons: isreaditlater@ideashower.com:3.0.0
    FF - prefs.js..extensions.enabledAddons: personas@christopher.beard:1.6.2
    FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
    FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
    FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
    FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15
    FF - prefs.js..extensions.enabledAddons: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.9.1
    FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
    FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926
    FF - prefs.js..extensions.enabledItems: faviconizetab@espion.just-size.jp:1.0.1
    FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.5
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
    FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.1.1
    FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3
    FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
    FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Student\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Student\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
     
  13. marimo727

    marimo727 TS Rookie Topic Starter Posts: 30

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011-11-28 02:42:07 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-11-28 04:17:39 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-12-16 02:47:22 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-09-09 19:41:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-09-09 19:40:34 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-09-09 19:41:08 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-09-09 19:40:34 | 000,000,000 | ---D | M]

    [2010-05-21 14:51:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Student\AppData\Roaming\mozilla\Extensions
    [2012-10-02 22:48:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Student\AppData\Roaming\mozilla\Firefox\Profiles\9bh0w57m.default\extensions
    [2012-10-02 22:48:29 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Student\AppData\Roaming\mozilla\Firefox\Profiles\9bh0w57m.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2012-08-03 21:38:36 | 000,000,000 | ---D | M] (Roomy Bookmarks Toolbar) -- C:\Users\Student\AppData\Roaming\mozilla\Firefox\Profiles\9bh0w57m.default\extensions\ALone-live@ya.ru
    [2011-08-09 02:33:30 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Student\AppData\Roaming\mozilla\Firefox\Profiles\9bh0w57m.default\extensions\DeviceDetection@logitech.com
    [2012-07-11 22:24:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Student\AppData\Roaming\mozilla\Firefox\Profiles\9bh0w57m.default\ReadItLater\RIL_assets\slot1.images.wikia.nocookie.net\__am\56196\sass\color-body3D25230c98c626color-page3D2523ebf2f526co\extensions
    [2012-07-11 22:24:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Student\AppData\Roaming\mozilla\Firefox\Profiles\9bh0w57m.default\ReadItLater\RIL_assets\slot1.images.wikia.nocookie.net\__am\56196\sass\color-body3D25230c98c626color-page3D2523ebf2f526co\extensions\wikia
    [2011-08-31 20:55:45 | 000,010,259 | ---- | M] () (No name found) -- C:\Users\Student\AppData\Roaming\mozilla\firefox\profiles\9bh0w57m.default\extensions\faviconizetab@espion.just-size.jp.xpi
    [2012-07-11 22:16:11 | 000,223,394 | ---- | M] () (No name found) -- C:\Users\Student\AppData\Roaming\mozilla\firefox\profiles\9bh0w57m.default\extensions\isreaditlater@ideashower.com.xpi
    [2012-09-01 18:03:25 | 000,185,363 | ---- | M] () (No name found) -- C:\Users\Student\AppData\Roaming\mozilla\firefox\profiles\9bh0w57m.default\extensions\jid0-HYNmqxA9zQGfJADREri4n2AHKSI@jetpack.xpi
    [2011-03-30 17:27:27 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Student\AppData\Roaming\mozilla\firefox\profiles\9bh0w57m.default\extensions\personas@christopher.beard.xpi
    [2012-09-18 18:08:46 | 000,506,361 | ---- | M] () (No name found) -- C:\Users\Student\AppData\Roaming\mozilla\firefox\profiles\9bh0w57m.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
    [2012-07-24 22:22:03 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Student\AppData\Roaming\mozilla\firefox\profiles\9bh0w57m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2012-03-19 08:12:09 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Student\AppData\Roaming\mozilla\firefox\profiles\9bh0w57m.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
    [2012-09-14 18:16:03 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Student\AppData\Roaming\mozilla\firefox\profiles\9bh0w57m.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
    [2012-04-09 16:51:07 | 000,006,108 | ---- | M] () (No name found) -- C:\Users\Student\AppData\Roaming\mozilla\firefox\profiles\9bh0w57m.default\ReadItLater\RIL_assets\a.deviantart.net\avatars\x\p\xpiggyyy3.png
    [2012-09-24 22:39:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012-09-09 19:40:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2012-09-24 22:39:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2011-12-16 02:47:22 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
    [2012-09-09 19:41:08 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012-01-02 15:09:46 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
    [2011-12-09 13:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
    [2012-08-29 20:44:42 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012-08-29 20:44:42 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://cpprod.stjohns.edu/cp/home/loginf
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://cpprod.stjohns.edu/cp/home/loginf
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Student\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Student\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Student\AppData\Local\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Student\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
    CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
    CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
    CHR - plugin: Reader Library (Enabled) = C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll
    CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Student\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll
    CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Student\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: AdBlock = C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\
    CHR - Extension: All Mangas Reader = C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhjloagockgobfpopemejpgjjechcpfd\1.4.0_0\
    CHR - Extension: Pocket (formerly Read It Later) = C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj\1.1.3_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
    CHR - Extension: Gmail = C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012-10-04 01:13:59 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
    O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
    O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-3330628032-2925737617-41503417-1002..\Run: [Akamai NetSession Interface] C:\Users\Student\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
    O4 - HKU\S-1-5-21-3330628032-2925737617-41503417-1002..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-3330628032-2925737617-41503417-1002..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
    O4 - Startup: C:\Users\Student\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Student\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonType = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3330628032-2925737617-41503417-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3330628032-2925737617-41503417-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15:64bit: - ..Trusted Domains: stjohns.edu ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: tellmemorecampus.com ([www.stjohns] http in Trusted sites)
    O15 - HKU\S-1-5-21-3330628032-2925737617-41503417-1002\..Trusted Domains: stjohns.edu ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-3330628032-2925737617-41503417-1002\..Trusted Domains: tellmemorecampus.com ([www.stjohns] http in Trusted sites)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Unable to open value key)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 149.68.17.12 149.68.23.13
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{538BC23C-8547-47A8-9AA9-1663E3A6EAE6}: DhcpNameServer = 149.68.17.12 149.68.23.13
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CD64A98-0BB0-4C2C-A69D-7C6D76846B74}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk /r \??\C:)
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012-10-04 15:23:27 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Users\Student\Desktop\OTL.exe
    [2012-10-04 01:19:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012-10-04 01:14:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012-10-04 00:58:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012-10-04 00:58:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012-10-04 00:58:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012-10-04 00:58:09 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012-10-04 00:52:38 | 004,761,955 | R--- | C] (Swearware) -- C:\Users\Student\Desktop\ComboFix.exe
    [2012-10-03 22:37:09 | 000,000,000 | ---D | C] -- C:\Users\Student\Desktop\clearing
    [2012-10-03 15:18:36 | 000,000,000 | ---D | C] -- C:\Users\Student\AppData\Roaming\Malwarebytes
    [2012-10-03 15:18:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012-10-03 15:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012-10-03 15:18:13 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012-10-03 15:18:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012-10-03 00:01:24 | 000,000,000 | ---D | C] -- C:\Users\Student\AppData\Local\Bulents
    [2012-10-03 00:00:19 | 000,000,000 | ---D | C] -- C:\Users\Student\Documents\BSR Projects
    [2012-10-03 00:00:17 | 000,000,000 | ---D | C] -- C:\Program Files\BSR Screen Recorder 6
    [2012-09-27 16:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    [2012-09-27 16:39:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012-09-27 16:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012-09-27 16:38:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012-09-27 16:38:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2012-09-27 16:38:10 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    [2012-09-27 14:29:02 | 000,000,000 | ---D | C] -- C:\Users\Student\Desktop\external
    [2012-09-26 17:18:04 | 000,000,000 | ---D | C] -- C:\Users\Student\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
    [2012-09-20 22:07:29 | 000,000,000 | ---D | C] -- C:\Users\Student\Desktop\FALL12 MOVE TO GREEN
    [2012-09-17 16:37:33 | 000,044,544 | ---- | C] (Absolute Software Corp.) -- C:\Windows\SysWow64\agremove.exe
    [2012-09-09 19:40:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2012-09-09 02:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TrackMania
    [2012-09-09 02:41:40 | 000,000,000 | ---D | C] -- C:\Users\Student\Documents\TrackMania

    ========== Files - Modified Within 30 Days ==========

    [2012-10-04 15:23:29 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Student\Desktop\OTL.exe
    [2012-10-04 15:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012-10-04 14:57:08 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
    [2012-10-04 14:50:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3330628032-2925737617-41503417-1002UA.job
    [2012-10-04 14:36:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012-10-04 14:01:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012-10-04 08:18:56 | 000,016,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012-10-04 08:18:56 | 000,016,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012-10-04 08:11:54 | 000,000,434 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
    [2012-10-04 08:10:45 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012-10-04 08:10:05 | 3110,866,944 | -HS- | M] () -- C:\hiberfil.sys
    [2012-10-04 01:13:59 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012-10-04 00:52:51 | 004,761,955 | R--- | M] (Swearware) -- C:\Users\Student\Desktop\ComboFix.exe
    [2012-10-03 04:50:01 | 000,000,862 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3330628032-2925737617-41503417-1002Core.job
    [2012-09-29 00:14:28 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012-09-29 00:14:28 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012-09-29 00:14:28 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012-09-27 08:39:56 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012-09-17 16:37:49 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\agremove.exe
    [2012-09-17 15:25:51 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
    [2012-09-10 08:49:53 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
    [2012-09-09 20:26:18 | 000,002,044 | ---- | M] () -- C:\Users\Student\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012-09-07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

    ========== Files Created - No Company Name ==========

    [2012-10-04 00:58:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012-10-04 00:58:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012-10-04 00:58:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012-10-04 00:58:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012-10-04 00:58:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012-08-21 18:36:06 | 000,003,690 | ---- | C] () -- C:\Users\Student\.jmf-resource
    [2012-08-10 23:51:46 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
    [2012-06-10 02:26:04 | 000,000,132 | ---- | C] () -- C:\Users\Student\AppData\Roaming\Adobe BMP Format CS5 Prefs
    [2012-05-31 12:27:26 | 000,418,152 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2012-04-03 12:50:01 | 000,001,456 | ---- | C] () -- C:\Users\Student\AppData\Local\Adobe Save for Web 12.0 Prefs
    [2012-03-28 12:06:07 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011-05-07 22:20:31 | 000,197,728 | ---- | C] () -- C:\Windows\WinVd32.sys
    [2011-05-07 22:20:30 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\WinFLsrv.exe
    [2011-01-16 20:49:49 | 000,141,113 | ---- | C] () -- C:\Windows\hpwins27.dat
    [2011-01-16 20:49:49 | 000,000,385 | ---- | C] () -- C:\Windows\hpwmdl27.dat
    [2011-01-09 21:37:14 | 000,003,584 | ---- | C] () -- C:\Users\Student\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010-11-01 23:22:46 | 000,758,018 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2010-11-01 23:22:46 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2010-10-22 19:59:25 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2010-08-27 17:58:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010-05-21 15:06:16 | 000,002,162 | RHS- | C] () -- C:\ProgramData\ntuser.pol

    ========== ZeroAccess Check ==========

    [2009-07-14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2010-05-25 14:16:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator.AYI490-PC\AppData\Roaming\Ulead Systems
    [2010-05-27 10:08:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator.AYI490-PC\AppData\Roaming\Update
    [2010-05-25 14:16:00 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Ulead Systems
    [2010-05-27 10:08:06 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Update
    [2010-05-25 14:16:00 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Ulead Systems
    [2010-05-27 10:08:06 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Update
    [2010-08-27 18:04:41 | 000,000,000 | ---D | M] -- C:\Users\Student\AppData\Roaming\acccore
    [2011-08-02 22:39:05 | 000,000,000 | ---D | M] -- C:\Users\Student\AppData\Roaming\Blackberry Desktop
    [2012-04-27 13:21:12 | 000,000,000 | ---D | M] -- C:\Users\Student\AppData\Roaming\Canon
    [2012-04-27 13:28:36 | 000,000,000 | ---D | M] -- C:\Users\Student\AppData\Roaming\Canon_Inc_IC
    [2012-01-02 15:09:46 | 000,000,000 | ---D | M] -- C:\Users\Student\AppData\Roaming\Catalina Marketing Corp
    [2011-09-13 23:07:32 | 000,000,000 | ---D | M] -- C:\Users\Student\AppData\Roaming\Downloaded Installations
    [2012-10-04 15:01:15 | 000,000,000 | ---D | M] -- C:\Users\Student\AppData\Roaming\Dropbox
    [2010-09-03 23:36:40 | 000,000,000 | ---D | M] -- C:\Users\Student\AppData\Roaming\Leadertech
    [2010-08-28 00:11:04 | 000,000,000 | ---D | M] -- C:\Users\Student\AppData\Roaming\ooVoo Details
    [2012-05-07 13:01:33 | 000,000,000 | ---D | M] -- C:\Users\Student\AppData\Roaming\PCDr
    [2010-11-09 19:42:39 | 000,000,000 | ---D | M] -- C:\Users\Student\AppData\Roaming\Research In Motion
    [2011-08-25 22:02:35 | 000,000,000 | ---D | M] -- C:\Users\Student\AppData\Roaming\StepMania 5
    [2011-05-28 21:19:10 | 000,000,000 | ---D | M] -- C:\Users\Student\AppData\Roaming\SYSTEMAX Software Development
    [2011-06-14 12:46:09 | 000,000,000 | ---D | M] -- C:\Users\Student\AppData\Roaming\TechWizard
    [2010-05-25 14:16:00 | 000,000,000 | ---D | M] -- C:\Users\Student\AppData\Roaming\Ulead Systems
    [2012-05-04 18:14:10 | 000,000,000 | ---D | M] -- C:\Users\Student\AppData\Roaming\Update
    [2012-08-10 23:32:14 | 000,000,000 | ---D | M] -- C:\Users\Student\AppData\Roaming\uTorrent
    [2012-08-29 11:05:18 | 000,000,000 | ---D | M] -- C:\Users\Student\AppData\Roaming\Xerox

    ========== Purity Check ==========



    < End of report >
     
  14. marimo727

    marimo727 TS Rookie Topic Starter Posts: 30

    OTL Extras logfile created on: 04-Oct-12 3:24:37 PM - Run 1
    OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Student\Desktop
    64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

    3.86 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 68.97% Memory free
    7.72 Gb Paging File | 6.16 Gb Available in Paging File | 79.74% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 287.22 Gb Total Space | 73.54 Gb Free Space | 25.61% Space Free | Partition Type: NTFS

    Computer Name: AYI490-PC | User Name: ayi490 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    [HKEY_USERS\S-1-5-21-3330628032-2925737617-41503417-1002\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Unable to open value key
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Unable to open value key
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Unable to open value key
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Unable to open value key
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Unable to open value key
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Unable to open value key
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{06F6D280-EEFD-433B-9CF3-C513BB970BE7}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{0FE703C7-2F8E-4F99-8C88-77C9653C0127}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{10ABAE3A-7FB6-4BC3-9111-E5545B2F7712}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{129D10E3-B19D-4875-A801-B853B37C21BE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{1B1D2E96-D840-4DA5-A11F-5F672C6A46E9}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{1F0DEB74-0EA5-4B51-9D07-CD00AF8B3DBF}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
    "{1FB62E23-2111-4D2B-B0B3-5988FE4342CC}" = lport=50006 | protocol=17 | dir=in | name=iha_messagecenter |
    "{1FF9C6DC-AE43-4C3A-BE50-843A7BB4ADB1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{20FBC689-E1C9-4CB8-8881-B8309DE957F8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{235CD83B-2FBE-485A-AE23-678EA4E8C6BC}" = lport=56548 | protocol=17 | dir=in | name=pando media booster |
    "{27BA0555-04C2-48DA-B98B-ECB5A221D5F9}" = lport=50001 | protocol=17 | dir=in | name=iha_messagecenter |
    "{288C3D60-4B02-409D-8F53-16744C3CDF02}" = lport=50016 | protocol=17 | dir=in | name=iha_messagecenter |
    "{2C2D035E-C308-4B8D-A0B5-81DADE66C005}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{30B621A1-02F0-411B-A9A7-4F97B4579F02}" = rport=445 | protocol=6 | dir=out | app=system |
    "{3663CFFF-B61B-49EB-91A5-5F0CBADA01CD}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
    "{37E89BA3-06BE-4C14-836F-0DF8BB775D8F}" = lport=56548 | protocol=17 | dir=in | name=pando media booster |
    "{3852B017-AA8A-4EC1-9F6A-5B7DD4BB11C7}" = lport=50120 | protocol=17 | dir=in | name=iha_messagecenter |
    "{3BD7CCE9-7C67-4CFD-9D40-BF6E928EC550}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{45ED6580-A0E2-4109-B430-F0CF5E6C0F5A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{5A80F6DA-E1F6-42AA-B4F5-315D6D85BADC}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{5ADEC110-AC9F-45BE-81E9-BCD71D9040C3}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{5CD4DD06-9809-4836-97B2-7D17B39F65F9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{5F0A2EFB-0B36-44FE-AC7C-3EA60E5206EE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{60863641-B172-4899-B590-66AE476BDD73}" = rport=139 | protocol=6 | dir=out | app=system |
    "{61517C41-73DC-40BB-A908-ABB31F23D829}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{73D8DD87-BDEE-46EF-8124-42E7F521AD92}" = lport=50006 | protocol=17 | dir=in | name=iha_messagecenter |
    "{756E68EE-BF00-4FE9-838B-8F810268E23C}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
    "{79F88984-BD85-48E0-B5BB-C1FA0A0A28B6}" = lport=50008 | protocol=17 | dir=in | name=iha_messagecenter |
    "{7D086D84-2FDF-471C-A604-103FAA0585BC}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
    "{7E8014E0-4DF7-42DD-AAE0-C9D1F64AC803}" = lport=137 | protocol=17 | dir=in | app=system |
    "{7F105708-3D3B-4147-9437-A67B3349F007}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{8F048E65-382F-46B6-B183-DB6F418B5E6D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{8F04A2DD-C8D1-4621-90DB-063714E8341F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{95AA72FF-E558-46DB-AC6F-19273C272EF0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{969BD47F-3557-4AE0-A081-DB3E6C8869CC}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{A186F9FB-8A8C-437E-A232-FCB0E73E245D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{A23EE68F-A9B0-477B-A9CC-A5D0927EFD58}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{A35B127F-2933-45CB-B535-0C0554FCE245}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{A4CE3C11-E414-447C-BF0F-5F5E83A09086}" = lport=50120 | protocol=17 | dir=in | name=iha_messagecenter |
    "{A74E5E24-8E7C-4EC3-8E35-FCDA0C57D14E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AAC30094-1898-41A9-A75A-F8B54850FC8F}" = lport=50002 | protocol=17 | dir=in | name=iha_messagecenter |
    "{AC2654E8-8550-4643-9EF2-B891D922C61C}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
    "{B1B20CD9-59D7-48BE-B09A-76C5C94D96F1}" = lport=445 | protocol=6 | dir=in | app=system |
    "{B26538F0-A1A7-4641-AEB7-31868FD97C37}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{B573F819-EF70-4096-813F-607D8EEB1E5D}" = lport=138 | protocol=17 | dir=in | app=system |
    "{BC794436-3302-4131-B0A7-0672EAE6DD2B}" = lport=56548 | protocol=6 | dir=in | name=pando media booster |
    "{BF3C3B13-A5E1-4C4E-A11F-3EF3B8B77C4D}" = lport=56548 | protocol=6 | dir=in | name=pando media booster |
    "{C24A6A05-DDDC-44D1-B4E8-B96B92105F86}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{C4594B46-6F32-4E3E-A942-C96D19A89D78}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{CF1201C2-9028-4610-AC99-51010AFEBE10}" = rport=137 | protocol=17 | dir=out | app=system |
    "{CF5B1143-E3E6-4FB8-BFF0-CB5BB6982BE9}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
    "{D40A2B7C-3861-434D-B6D5-2472B68DDC66}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{DD95C5BB-E3F6-44FC-B700-ABF1654D6B5E}" = lport=50004 | protocol=17 | dir=in | name=iha_messagecenter |
    "{DDBB92B3-D220-42A7-8112-C338EF4E13E9}" = rport=138 | protocol=17 | dir=out | app=system |
    "{DF937E32-3997-4CE7-A977-652E5E34FE23}" = lport=50001 | protocol=17 | dir=in | name=iha_messagecenter |
    "{E53D5D51-16D5-493F-BF63-251107DA2E2D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{E9A392DC-6934-4EB0-A33A-39419B67512E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{EA8F476D-4528-4F2C-BD96-D5214701F481}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{F6408782-D808-45C9-8CB7-B824F7EBDBFB}" = lport=50002 | protocol=17 | dir=in | name=iha_messagecenter |
    "{F662D543-491D-48C4-BDDB-210D219303AC}" = rport=2869 | protocol=6 | dir=out | app=system |
    "{F94DE338-1BC6-46CA-925B-4506B3FE2311}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0166D48D-8879-4B27-AFCF-21F4B0147E3A}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{03A360E9-35AD-440D-9DD4-763D2B7D63E4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\sfm.exe |
    "{0BB76C9B-D7F1-4F53-B5BB-A81325E74EAC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{0E9A443E-9F52-4C66-9E6D-3DB4B606EDC6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{110A7782-70DA-4E85-A9CC-7321E7E87531}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{1116012F-9F98-41BF-AA35-FEB4CDA3EE43}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{111A14B3-BEE8-49F9-B3F3-9C00A89D405F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
    "{11920327-E4F8-4F24-95AC-E95A44E6406C}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{1C4214ED-E1A8-44A1-98EF-53C99E083BCF}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
    "{200EE95C-3F20-4FD1-A0AE-18CF48593E88}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\bin\qsdklauncher.exe |
    "{24DC33F9-A2C5-4F28-B806-FEE49C7523D0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{28168E01-E76E-44ED-BE32-2792DB648E21}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{2C168CDB-563C-4370-82E7-D857035F643C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{2FB4C703-F4A8-458C-86DC-0CFEF32C5A2C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{30EE4A4C-F56C-497E-8719-DAC7024EC4DF}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{31D6985B-6F77-4E97-8A42-6E5BC1FB9285}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforever.exe |
    "{3266F504-2660-434A-9D25-65390B6A9100}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
    "{3594A4DE-DEAD-46BD-93DD-02B5F21AF95F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforever.exe |
    "{3D78B1ED-27FB-4800-B8DC-785E6EB02C9D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
    "{400B17DE-DBFF-4095-BF46-7A376029298E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
    "{405A3571-10A6-48F2-B07C-A492593A585B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{43C07DB2-E374-4F23-9FB0-8D3992EF404E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{47BAD92E-5D6B-4837-B533-86B84F6D7865}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
    "{47CC9AC9-7E2F-48E9-936C-5DAD771D05F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
    "{4B953D56-7453-47F0-96ED-F7DC8E638D7B}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{4CF9F539-6144-4A45-988F-F467728AB2C8}" = protocol=6 | dir=in | app=c:\users\student\appdata\roaming\dropbox\bin\dropbox.exe |
    "{4FD3BB3B-BA88-4B9A-A34B-6A333D387C96}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{531AE0A7-C4D6-49D4-B119-0E89E4485623}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{5995EC75-DE2F-4B0D-A63C-D33204228FCE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{5C3D8538-7BFB-434E-8A9A-346C03D1ACB7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
    "{60E2146C-EABA-4599-A27E-DE27699DC8F8}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{63A52BD0-84DA-4724-BC42-5B6DE48E07FC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{671D346C-B591-4655-8907-A0D3E1FFB924}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{6CF945E2-DF83-488C-A9AC-F84095DF00E2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{6E010F04-DA18-451C-A9CC-E9AB04092834}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{75ECCC89-CE0D-4A23-8D0F-1AFDF4C0DEBC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
    "{78A7A29B-4000-463F-929C-092DC2CE8BCD}" = protocol=17 | dir=in | app=c:\users\student\appdata\roaming\dropbox\bin\dropbox.exe |
    "{7CF48A68-38A8-41E9-B0A3-F3575E74B087}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\sfm.exe |
    "{7F910FD4-6F76-420E-AF31-AA6A52587975}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{81620BFE-0E4B-4E78-854F-102D0DAE7568}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "{853CD477-584B-490E-A0B8-32A2F064DDCE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
    "{8C5CD581-1466-48B2-A3FB-FE5A89D87DD3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
    "{8E42DD0C-E9E6-4AE4-9AB5-482C02BBA261}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{91E6A0D3-95D3-4633-A211-E64E626C7203}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{94B444E3-EA3C-4305-A060-DE5DDEED8B2B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{95089DEA-F90B-4A8D-83FA-860A0D957046}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{95BB96CC-D1DC-44FE-91E5-E5475BFE2833}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
    "{99B9F803-A0B2-4E9F-A619-A290D04021F4}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "{9A64A22E-8E0B-4497-B26B-6B3D1406C59F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{9FB851C5-2634-4E01-B6FD-6F8BE22B73B6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\bin\qsdklauncher.exe |
    "{A261330D-E08B-4D3E-97D7-07E4D6A5DAC4}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{A4B44CAB-C164-4336-8383-0FAF158B389D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
    "{A8024612-F0CB-4340-96FF-908C42D3E346}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{B17F8220-9A86-436F-8504-5FE45D21C21B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{B69EBCA8-AF8E-4116-8505-B963015B8BB1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
    "{B7C5CB1E-6BD6-4DB9-8EB7-68369CB3DD83}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{C8E08F0A-0162-4310-AA62-131AE94418F5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\bin\qsdklauncher.exe |
    "{C932C042-475F-462D-92A3-1321469B5EB4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\sfm.exe |
    "{D2663289-ABB6-43B7-AA67-08CC97C3D8A6}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
    "{D2966250-0113-40F6-9DFF-DFFEA7EE6FB5}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{D4A44869-39BA-4568-AA76-56835F531CDA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{DEB2FB24-B728-499F-85F8-E1349D42EACF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bit.trip runner\runner.exe |
    "{E212AAA1-BEEA-4116-9AFB-04DB08ABA021}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
    "{E222E503-0806-432D-9323-6A39B25B156D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bit.trip runner\runner.exe |
    "{E4A3CF73-6E72-4516-818F-FC1D191F62FF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E7FCC753-C54F-4027-8475-5C7D96FFCD02}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\bin\qsdklauncher.exe |
    "{E9F0BEBF-D7A1-4949-8F3E-E715B57211C5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{E9F2109B-EC4F-403B-A78C-A132D40636AB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{EF362DDC-0A61-412D-8BF0-CA09ADE4562F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
    "{F0224EBF-6880-458E-B25E-0C34A2F7C90D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
    "{F503D4F8-073E-4C6E-9C28-BD06B25A36E3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\sfm.exe |
    "{F58F2E27-0FCF-4DAF-A4DE-32DD4F0B6845}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{F7E6A84F-405F-4588-B70F-2A30A00EFE7B}" = protocol=6 | dir=out | app=system |
    "{FAB55D33-E74C-40C1-A437-E0FEEBB4BAB6}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "TCP Query User{10CE433B-E960-42B2-8D0C-3AEE7CF17965}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
    "TCP Query User{3FE14A0A-E3BF-4AC3-90BE-B05AA4C9F979}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
    "TCP Query User{4E295460-B67B-480C-A73C-FA0DDF99F5C9}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "TCP Query User{62D1B7F4-A980-4031-9463-0C8CADD8D3C1}C:\program files (x86)\steam\steamapps\kitcat1200\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\kitcat1200\team fortress 2\hl2.exe |
    "TCP Query User{64DD7AA3-4DD8-4766-9449-82E7DFAC8937}C:\users\student\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\student\appdata\roaming\dropbox\bin\dropbox.exe |
    "TCP Query User{69694A89-9451-44A7-B92A-3C0427346699}C:\users\student\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\student\appdata\local\akamai\netsession_win.exe |
    "TCP Query User{8E8E05DF-9C4F-4E94-A939-B03ED1819E12}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
    "TCP Query User{D7FDC0FD-6ABD-4746-8AA2-5D1BD088A591}C:\users\student\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\student\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{28813FC5-F810-4648-B207-964D8DA63A72}C:\users\student\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\student\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{42F55E2F-D37E-4368-B5ED-FDA7067FA43E}C:\users\student\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\student\appdata\roaming\dropbox\bin\dropbox.exe |
    "UDP Query User{463F0859-6864-4D9F-AB0D-B8273F0560AD}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "UDP Query User{6486498D-D846-4CC6-A711-1FC51E29473C}C:\users\student\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\student\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{89D19C9D-D3FF-4719-A434-870724AFC1BA}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
    "UDP Query User{92A535C0-EA85-4718-9EF9-7C752AAAD98A}C:\program files (x86)\steam\steamapps\kitcat1200\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\kitcat1200\team fortress 2\hl2.exe |
    "UDP Query User{BE88254A-6ADF-46CB-9491-92A791A1ED1D}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
    "UDP Query User{C2E759A9-507C-4506-8B11-789A5AC5A3A2}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{1EB2596D-80B0-4D55-AC31-6FCFE757081E}" = HP Officejet 4500 G510a-f
    "{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
    "{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
    "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 296.88
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.88
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.88
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.12.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "CNXT_AUDIO_HDA" = Conexant 20585 SmartAudio HD
    "CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
    "CPUID HWMonitor_is1" = CPUID HWMonitor 1.19
    "LENOVO.SMIIF" = Lenovo System Interface Driver
    "Microsoft Security Client" = Microsoft Security Essentials
    "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
    "OnScreenDisplay" = On Screen Display
    "PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
    "Power Management Driver" = ThinkPad Power Management Driver
    "PROSet" = Intel(R) Network Connections Drivers
    "SP6" = Logitech SetPoint 6.32
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
    "Wacom Tablet Driver" = Wacom Tablet

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.06.02.02
    "{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
    "{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
    "{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
    "{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
    "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
    "{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
    "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{35D103FC-FB66-4D1A-B1F9-E1D3CF43B2A7}" = Computrace
    "{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}" = 4500G510af_Software_Min
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{5AE5DB70-5CE6-4876-A83E-8246CC36FC28}" = Microsoft Office PowerPoint 2007 Get Started Tab
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{68B52EFD-86CC-486E-A8D0-A3A1554CB5BC}" = Microsoft Office Word 2007 Get Started Tab
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}" = Vz In Home Agent
    "{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8DE03F6E-FCD2-4497-A8FF-F6C4430618B6}" = BlackBerry App World Browser Plugin
    "{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D3D2C60-A55F-4fed-B2B9-17394396DF01}" = ThinkPad Wireless LAN Adapter Software
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB706D91-2242-4E1D-B4D0-1ED35387F5A7}" = Microsoft Office Excel 2007 Get Started Tab
    "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
    "{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
    "{B70E5793-F912-4C62-AFE2-C4F0B078FD31}" = Reader Library by Sony
    "{BEDF5135-3DDC-4488-BA2C-D94AB4BB8DA2}" = IHA_MessageCenter
    "{C175D5B0-ED04-42C9-B23F-D8BD406173E7}" = 4500_G510af_Help_Web
    "{C3CD17B4-08B0-492D-8A4C-81716D33E520}" = Integrated Camera Driver Installer Package Ver.1.1.0.19
    "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
    "{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D547A594-AA85-4B92-80EB-47B371B98C68}" = Verizon Download Manager
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
    "{EC2F135B-48ED-4682-A90B-54846218C1F3}" = 4500G510af_web
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
    "{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "AdventureTime_Screensaver" = AdventureTime_Screensaver
    "AIM_7" = AIM 7
    "Akamai" = Akamai NetSession Interface Service
    "AuralogComponentsUninstall9.exe" = AuralogComponentsUninstall9
    "BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2010-10-10
    "DivX Setup" = DivX Setup
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
    "InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
    "iWisoft Free Video Converter_is1" = iWisoft Free Video Converter 1.2
    "JTablet" = JTablet
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MV RegClean 5.9 English_is1" = MV RegClean 5.9 English
    "MV RegClean 6.0_is1" = MV RegClean 6.0
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "OpenAL" = OpenAL
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "Steam App 1840" = Source Filmmaker
    "Steam App 41500" = Torchlight
    "Steam App 42910" = Magicka
    "Steam App 440" = Team Fortress 2
    "Steam App 520" = Team Fortress 2 Beta
    "Steam App 550" = Left 4 Dead 2
    "Steam App 63710" = BIT.TRIP RUNNER
    "uTorrent" = µTorrent
    "Verizon FiOS Activation_is1" = Verizon FiOS Activation
    "VLC media player" = VLC media player 2.0.1
    "VTFEdit_is1" = VTFEdit 1.2.5
    "Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
    "Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
    "Winamp" = Winamp
    "Write-N-Cite" = Write-N-Cite
    "Xfire" = Xfire (remove only)

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3330628032-2925737617-41503417-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Akamai" = Akamai NetSession Interface
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome
    "Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
    "Winamp Detect" = Winamp Detector Plug-in

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 31-Jul-12 9:55:25 AM | Computer Name = ayi490-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 30071923

    Error - 31-Jul-12 9:55:25 AM | Computer Name = ayi490-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 30071923

    Error - 31-Jul-12 9:55:32 AM | Computer Name = ayi490-PC | Source = Microsoft-Windows-EapHost | ID = 2002
    Description = Skipping: Eap method DLL path validation failed. Error: typeId=17,
    authorId=9, vendorId=0, vendorType=0

    Error - 31-Jul-12 9:55:32 AM | Computer Name = ayi490-PC | Source = Microsoft-Windows-EapHost | ID = 2002
    Description = Skipping: Eap method DLL path validation failed. Error: typeId=25,
    authorId=9, vendorId=0, vendorType=0

    Error - 31-Jul-12 9:55:32 AM | Computer Name = ayi490-PC | Source = Microsoft-Windows-EapHost | ID = 2002
    Description = Skipping: Eap method DLL path validation failed. Error: typeId=43,
    authorId=9, vendorId=0, vendorType=0

    Error - 31-Jul-12 8:05:47 PM | Computer Name = ayi490-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 31-Jul-12 8:05:47 PM | Computer Name = ayi490-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 36260685

    Error - 31-Jul-12 8:05:47 PM | Computer Name = ayi490-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 36260685

    Error - 31-Jul-12 8:05:54 PM | Computer Name = ayi490-PC | Source = Microsoft-Windows-EapHost | ID = 2002
    Description = Skipping: Eap method DLL path validation failed. Error: typeId=17,
    authorId=9, vendorId=0, vendorType=0

    Error - 31-Jul-12 8:05:54 PM | Computer Name = ayi490-PC | Source = Microsoft-Windows-EapHost | ID = 2002
    Description = Skipping: Eap method DLL path validation failed. Error: typeId=25,
    authorId=9, vendorId=0, vendorType=0

    Error - 31-Jul-12 8:05:54 PM | Computer Name = ayi490-PC | Source = Microsoft-Windows-EapHost | ID = 2002
    Description = Skipping: Eap method DLL path validation failed. Error: typeId=43,
    authorId=9, vendorId=0, vendorType=0

    [ OSession Events ]
    Error - 05-Mar-12 5:30:05 PM | Computer Name = ayi490-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 191
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 20-Jul-12 11:48:01 AM | Computer Name = ayi490-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1678
    seconds with 120 seconds of active time. This session ended with a crash.

    Error - 01-Aug-12 9:49:22 PM | Computer Name = ayi490-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1703
    seconds with 600 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 04-Oct-12 12:47:35 PM | Computer Name = ayi490-PC | Source = ipnathlp | ID = 31004
    Description =

    Error - 04-Oct-12 12:47:44 PM | Computer Name = ayi490-PC | Source = ipnathlp | ID = 31004
    Description =

    Error - 04-Oct-12 12:47:46 PM | Computer Name = ayi490-PC | Source = ipnathlp | ID = 31004
    Description =

    Error - 04-Oct-12 2:01:06 PM | Computer Name = ayi490-PC | Source = ipnathlp | ID = 31004
    Description =

    Error - 04-Oct-12 2:03:11 PM | Computer Name = ayi490-PC | Source = ipnathlp | ID = 31004
    Description =

    Error - 04-Oct-12 2:03:23 PM | Computer Name = ayi490-PC | Source = ipnathlp | ID = 31004
    Description =

    Error - 04-Oct-12 2:03:36 PM | Computer Name = ayi490-PC | Source = ipnathlp | ID = 31004
    Description =

    Error - 04-Oct-12 3:30:30 PM | Computer Name = ayi490-PC | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume \Device\HarddiskVolume2.

    Error - 04-Oct-12 3:30:30 PM | Computer Name = ayi490-PC | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume \Device\HarddiskVolume2.

    Error - 04-Oct-12 3:30:30 PM | Computer Name = ayi490-PC | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume \Device\HarddiskVolume2.


    < End of report >
     
  15. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      IE - HKU\S-1-5-21-3330628032-2925737617-41503417-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
      O4 - HKLM..\Run: [] File not found
      O15:64bit: - ..Trusted Domains: stjohns.edu ([]* in Trusted sites)
      O15 - HKLM\..Trusted Domains: tellmemorecampus.com ([www.stjohns] http in Trusted sites)
      O15 - HKU\S-1-5-21-3330628032-2925737617-41503417-1002\..Trusted Domains: stjohns.edu ([]* in Trusted sites)
      O15 - HKU\S-1-5-21-3330628032-2925737617-41503417-1002\..Trusted Domains: tellmemorecampus.com ([www.stjohns] http in Trusted sites)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Unable to open value key)
      [2009-07-14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
      
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  16. marimo727

    marimo727 TS Rookie Topic Starter Posts: 30

    All processes killed
    ========== OTL ==========
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKU\S-1-5-21-3330628032-2925737617-41503417-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tellmemorecampus.com\www.stjohns\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-3330628032-2925737617-41503417-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\stjohns.edu\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-3330628032-2925737617-41503417-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tellmemorecampus.com\www.stjohns\ deleted successfully.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\Windows\assembly\Desktop.ini moved successfully.
    File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
    File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.
    File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
    File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
    File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.
    Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.
    Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes

    User: Administrator.AYI490-PC
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: ayi490
    ->Temp folder emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Student
    ->Temp folder emptied: 204997 bytes
    ->Temporary Internet Files folder emptied: 32569579 bytes
    ->Java cache emptied: 8460 bytes
    ->FireFox cache emptied: 546459334 bytes
    ->Google Chrome cache emptied: 276933999 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 39408 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 6462 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 66784 bytes
    RecycleBin emptied: 1788 bytes

    Total Files Cleaned = 817.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: Administrator.AYI490-PC
    ->Java cache emptied: 0 bytes

    User: All Users

    User: ayi490

    User: Default
    ->Java cache emptied: 0 bytes

    User: Default User
    ->Java cache emptied: 0 bytes

    User: Public

    User: Student
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: Administrator.AYI490-PC
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: ayi490

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Student
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.70.2 log created on 10042012_160546

    Files\Folders moved on Reboot...
    C:\Users\Student\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

    My homepage changed again. Continue last scans?
     
  17. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Go ahead....
     
  18. marimo727

    marimo727 TS Rookie Topic Starter Posts: 30

    Results of screen317's Security Check version 0.99.51
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.0.1400
    Java(TM) 6 Update 35
    Java version out of Date!
    Adobe Flash Player 11.4.402.265
    Adobe Reader 9 Adobe Reader out of Date!
    Mozilla Firefox (15.0)
    Google Chrome 21.0.1180.83
    Google Chrome 21.0.1180.89
    Google Chrome 22.0.1229.79
    Google Chrome Plugins...
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:
    ````````````````````End of Log``````````````````````

    Farbar Service Scanner Version: 19-09-2012
    Ran by ayi490 (administrator) on 04-10-2012 at 16:32:05
    Running from "C:\Users\Student\Desktop"
    Microsoft Windows 7 Enterprise Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error: Google IP is offline
    Attempt to access Google.com returned error: Google.com is offline
    Attempt to access Yahoo IP returned error: Yahoo IP is offline
    Attempt to access Yahoo.com returned error: Yahoo.com is offline


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  19. marimo727

    marimo727 TS Rookie Topic Starter Posts: 30

    # AdwCleaner v2.003 - Logfile created 10/04/2012 at 16:33:54
    # Updated 23/09/2012 by Xplode
    # Operating system : Windows 7 Enterprise Service Pack 1 (64 bits)
    # User : ayi490 - AYI490-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Student\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
    Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
    Folder Deleted : C:\Users\Student\AppData\LocalLow\boost_interprocess

    ***** [Registry] *****

    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

    -\\ Mozilla Firefox v15.0 (en-US)

    Profile name : default
    File : C:\Users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\9bh0w57m.default\prefs.js

    C:\Users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\9bh0w57m.default\user.js ... Deleted !

    [OK] File is clean.

    Profile name : default
    File : C:\Users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\9bh0w57m.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v22.0.1229.79

    File : C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    File : C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [3616 octets] - [04/10/2012 16:33:54]

    ########## EOF - C:\AdwCleaner[S1].txt - [3676 octets] ##########
     
  20. marimo727

    marimo727 TS Rookie Topic Starter Posts: 30

    No threats were found on Eset
     
  21. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    ==============================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ==============================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    13. Please, let me know, how your computer is doing.
     
  22. marimo727

    marimo727 TS Rookie Topic Starter Posts: 30

    I think so far so good :) thanks for all your help
     
  23. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    You're very welcome [​IMG]

    Make sure you complete all final steps.
     
  24. marimo727

    marimo727 TS Rookie Topic Starter Posts: 30

    So, lol turns out my homepage keeps changing after connecting to my school's wifi. I have no idea what that means. haha
     
  25. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    I suggest you talk to your school IT people.
    Maybe they are infected with some bug.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...