Svchost.exe trojan

Solved
By mburns
Jul 29, 2012
  1. Hi all,

    I have an svchost.exe trojan that was partially cleared up; I'm going to bite the bullet and admit I went through some steps on some past threads on this forum and used combofix and some extra scanners that were recommended in the past. It hasn't done any harm to my computer but if it's relevant enough I can track down a list of the techniques I used.

    Either way, it cleared up the trojan as far as malwarebytes and avg (avg couldn't pick up on it in the first place) could detect but I'm still getting messages from malwarebytes that it's blocking svchost from access suspicious websites after all of that. I also still have an svchost.exe *32 process in task manager, so the problem isn't resolved yet.

    I'll paste the malwarebytes, GMER, and DDS logs in the next posts. Thanks in advance for any help!
  2. mburns

    mburns Newcomer, in training Topic Starter Posts: 22

    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.29.09

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    mburns :: K563 [administrator]

    Protection: Enabled

    7/29/2012 3:28:48 PM
    mbam-log-2012-07-29 (15-28-48).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 238050
    Time elapsed: 8 minute(s), 8 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  3. mburns

    mburns Newcomer, in training Topic Starter Posts: 22

    The GMER log is something like 180K characters, I have no idea how many posts that's going to take up so I'll skip to the DDS logs:

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
    Run by mburns at 21:50:45 on 2012-07-29
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4029.1894 [GMT -4:00]
    .
    AV: AVG Anti-Virus Business Edition *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Business Edition *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\vcsFPService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe
    C:\Windows\system32\svchost.exe -k apphost
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\SysWOW64\lkads.exe
    C:\Windows\SysWOW64\lktsrv.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
    C:\Program Files (x86)\AVG\AVG9\avgam.exe
    C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
    c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
    C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
    C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
    C:\Windows\SysWOW64\nipalsm.exe
    C:\Windows\SysWOW64\nipalsm.exe
    C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
    C:\Windows\SysWOW64\nisvcloc.exe
    C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
    C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
    C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\SysWOW64\rpcnet.exe
    C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Core Temp\Core Temp.exe
    C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k iissvcs
    C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
    C:\Windows\SysWOW64\nipalsm.exe
    C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
    C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
    C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    C:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\MathType\MathType.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\system32\taskhost.exe
    -netsvcs
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.stevens.edu/
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [NUSB3MON] "c:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
    mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AIRMOU~1.LNK - C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 167.206.245.129 167.206.245.130
    TCP: Interfaces\{93969BDB-469E-4DA2-B5B0-7D36F7841D93} : DhcpNameServer = 155.246.1.21 155.246.1.20
    TCP: Interfaces\{FFFF8047-A2FA-4405-BFFA-58EDC6B067C7} : DhcpNameServer = 167.206.245.129 167.206.245.130
    TCP: Interfaces\{FFFF8047-A2FA-4405-BFFA-58EDC6B067C7}\3547566756E637 : DhcpNameServer = 155.246.1.21 155.246.1.20
    TCP: Interfaces\{FFFF8047-A2FA-4405-BFFA-58EDC6B067C7}\75962756C6563737 : DhcpNameServer = 8.8.8.8 8.8.4.4 4.2.2.2
    TCP: Interfaces\{FFFF8047-A2FA-4405-BFFA-58EDC6B067C7}\75962756C6563737023427F677E6560205C616A716 : DhcpNameServer = 8.8.8.8 8.8.4.4 4.2.2.2
    TCP: Interfaces\{FFFF8047-A2FA-4405-BFFA-58EDC6B067C7}\A6566666562737F6E61323 : DhcpNameServer = 167.206.245.129 167.206.245.130
    TCP: Interfaces\{FFFF8047-A2FA-4405-BFFA-58EDC6B067C7}\E4544574541425 : DhcpNameServer = 167.206.245.129 167.206.245.130 167.206.245.71
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO-X64: 0x1 - No File
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: SmartSelect - No File
    BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [NUSB3MON] "c:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun-x64: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
    mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun-x64: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Class2014\AppData\Roaming\Mozilla\Firefox\Profiles\gadqgzz4.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.stevens.edu
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npEModelPlugin.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPLV80Win32.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPLV82Win32.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nplv85win32.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nplv86win32.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nplv90win32.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nplv90win64.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Users\Class2014\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Class2014\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Class2014\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AvgRkx64;avgrkx64.sys;C:\Windows\system32\Drivers\avgrkx64.sys --> C:\Windows\system32\Drivers\avgrkx64.sys [?]
    R0 nipbcfk;National Instruments Class Upper Filter Driver;C:\Windows\system32\drivers\nipbcfk.sys --> C:\Windows\system32\drivers\nipbcfk.sys [?]
    R1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\system32\Drivers\avgldx64.sys --> C:\Windows\system32\Drivers\avgldx64.sys [?]
    R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\system32\Drivers\avgmfx64.sys --> C:\Windows\system32\Drivers\avgmfx64.sys [?]
    R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\system32\Drivers\avgtdia.sys --> C:\Windows\system32\Drivers\avgtdia.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe [2010-7-8 89600]
    R2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-7-22 308136]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-1-27 102968]
    R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-29 655944]
    R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-5-4 25824]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
    R2 ni488enumsvc;NI-488.2 Enumeration Service;C:\Windows\SysWOW64\nipalsm.exe [2008-8-21 12696]
    R2 nidevldu;NI Device Loader;C:\Windows\SysWOW64\nipalsm.exe [2008-8-21 12696]
    R2 niLXIDiscovery;National Instruments LXI Discovery Service;C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2009-3-5 131704]
    R2 nimDNSResponder;National Instruments mDNS Responder Service;C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2009-6-4 193648]
    R2 nipxirmk;NI PXI Resource Manager;\??\C:\Windows\system32\drivers\nipxirmkl.sys --> C:\Windows\system32\drivers\nipxirmkl.sys [?]
    R2 NiViPxiK;NI-VISA PXI Driver;C:\Windows\system32\drivers\NiViPxiKl.sys --> C:\Windows\system32\drivers\NiViPxiKl.sys [?]
    R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-12-8 6810728]
    R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-7-8 2320920]
    R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-18 1664304]
    R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-7-8 228408]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
    R3 nidimk;nidimk;\??\C:\Windows\system32\drivers\nidimkl.sys --> C:\Windows\system32\drivers\nidimkl.sys [?]
    R3 nimru2k;nimru2k;\??\C:\Windows\system32\drivers\nimru2kl.sys --> C:\Windows\system32\drivers\nimru2kl.sys [?]
    R3 nimstsk;nimstsk;\??\C:\Windows\system32\drivers\nimstskl.sys --> C:\Windows\system32\drivers\nimstskl.sys [?]
    R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    R3 rismcx64;RICOH Smart Card Reader;C:\Windows\system32\DRIVERS\rismcx64.sys --> C:\Windows\system32\DRIVERS\rismcx64.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2010-12-2 87336]
    S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-7-12 1431888]
    S3 lvalarmk;lvalarmk;\??\C:\Windows\system32\drivers\lvalarmk.sys --> C:\Windows\system32\drivers\lvalarmk.sys [?]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]
    S3 ni1006k;NI PXI-1006 Chassis Pilot;\??\C:\Windows\system32\drivers\ni1006k.sys --> C:\Windows\system32\drivers\ni1006k.sys [?]
    S3 ni1045k;NI PXI-1045 Chassis Pilot;\??\C:\Windows\system32\drivers\ni1045kl.sys --> C:\Windows\system32\drivers\ni1045kl.sys [?]
    S3 ni1065k;NI PXIe-1065 Chassis Pilot;\??\C:\Windows\system32\drivers\ni1065k.sys --> C:\Windows\system32\drivers\ni1065k.sys [?]
    S3 ni488lock;NI-488.2 Locking Service;\??\C:\Windows\system32\drivers\ni488lock.sys --> C:\Windows\system32\drivers\ni488lock.sys [?]
    S3 nicdrk;nicdrk;\??\C:\Windows\system32\drivers\nicdrkl.sys --> C:\Windows\system32\drivers\nicdrkl.sys [?]
    S3 nicsrk;nicsrk;\??\C:\Windows\system32\drivers\nicsrkl.sys --> C:\Windows\system32\drivers\nicsrkl.sys [?]
    S3 nidmxfk;nidmxfk;\??\C:\Windows\system32\drivers\nidmxfkl.sys --> C:\Windows\system32\drivers\nidmxfkl.sys [?]
    S3 nidsark;nidsark;\??\C:\Windows\system32\drivers\nidsarkl.sys --> C:\Windows\system32\drivers\nidsarkl.sys [?]
    S3 nidwgk;nidwgk;\??\C:\Windows\system32\drivers\nidwgkl.sys --> C:\Windows\system32\drivers\nidwgkl.sys [?]
    S3 niemrk;niemrk;\??\C:\Windows\system32\drivers\niemrkl.sys --> C:\Windows\system32\drivers\niemrkl.sys [?]
    S3 niemrkw;niemrkw;C:\Windows\system32\DRIVERS\niemrkw.sys --> C:\Windows\system32\DRIVERS\niemrkw.sys [?]
    S3 niesrk;niesrk;\??\C:\Windows\system32\drivers\niesrkl.sys --> C:\Windows\system32\drivers\niesrkl.sys [?]
    S3 nifslk;nifslk;\??\C:\Windows\system32\drivers\nifslkl.sys --> C:\Windows\system32\drivers\nifslkl.sys [?]
    S3 nigplk;nigplk;\??\C:\Windows\system32\drivers\nigplkl.sys --> C:\Windows\system32\drivers\nigplkl.sys [?]
    S3 nihsdrk;nihsdrk;\??\C:\Windows\system32\drivers\nihsdrkl.sys --> C:\Windows\system32\drivers\nihsdrkl.sys [?]
    S3 nimsdrk;nimsdrk;\??\C:\Windows\system32\drivers\nimsdrkl.sys --> C:\Windows\system32\drivers\nimsdrkl.sys [?]
    S3 nimxpk;nimxpk;\??\C:\Windows\system32\drivers\nimxpkl.sys --> C:\Windows\system32\drivers\nimxpkl.sys [?]
    S3 ninshsdk;ninshsdk;\??\C:\Windows\system32\drivers\ninshsdkl.sys --> C:\Windows\system32\drivers\ninshsdkl.sys [?]
    S3 nipalfwedl;nipalfwedl;C:\Windows\system32\drivers\nipalfwedl.sys --> C:\Windows\system32\drivers\nipalfwedl.sys [?]
    S3 nipalusbedl;nipalusbedl;C:\Windows\system32\drivers\nipalusbedl.sys --> C:\Windows\system32\drivers\nipalusbedl.sys [?]
    S3 nipsdk;nipsdk;\??\C:\Windows\system32\drivers\nipsdkl.sys --> C:\Windows\system32\drivers\nipsdkl.sys [?]
    S3 nipxigpk;NI PXI Generic Chassis Pilot;\??\C:\Windows\system32\drivers\nipxigpk.sys --> C:\Windows\system32\drivers\nipxigpk.sys [?]
    S3 niRFSA2k;niRFSA2k;\??\C:\Windows\system32\drivers\niRFSA2kl.sys --> C:\Windows\system32\drivers\niRFSA2kl.sys [?]
    S3 niRFSGk;niRFSGk;\??\C:\Windows\system32\drivers\niRFSGkl.sys --> C:\Windows\system32\drivers\niRFSGkl.sys [?]
    S3 NiRioRpc;National Instruments RIO Server;C:\Windows\SysWOW64\NiRioRpc.exe [2009-6-22 28744]
    S3 niscdk;niscdk;\??\C:\Windows\system32\drivers\niscdkl.sys --> C:\Windows\system32\drivers\niscdkl.sys [?]
    S3 nisdigk;nisdigk;\??\C:\Windows\system32\drivers\nisdigkl.sys --> C:\Windows\system32\drivers\nisdigkl.sys [?]
    S3 nisftk;nisftk;\??\C:\Windows\system32\drivers\nisftkl.sys --> C:\Windows\system32\drivers\nisftkl.sys [?]
    S3 nisldk;nisldk;\??\C:\Windows\system32\drivers\nisldkl.sys --> C:\Windows\system32\drivers\nisldkl.sys [?]
    S3 nispdk;nispdk;\??\C:\Windows\system32\drivers\nispdkl.sys --> C:\Windows\system32\drivers\nispdkl.sys [?]
    S3 nisrcdk;nisrcdk;\??\C:\Windows\system32\drivers\nisrcdkl.sys --> C:\Windows\system32\drivers\nisrcdkl.sys [?]
    S3 nissrk;nissrk;\??\C:\Windows\system32\drivers\nissrkl.sys --> C:\Windows\system32\drivers\nissrkl.sys [?]
    S3 nistc2k;nistc2k;\??\C:\Windows\system32\drivers\nistc2kl.sys --> C:\Windows\system32\drivers\nistc2kl.sys [?]
    S3 nistcrk;nistcrk;\??\C:\Windows\system32\drivers\nistcrkl.sys --> C:\Windows\system32\drivers\nistcrkl.sys [?]
    S3 niswdk;niswdk;\??\C:\Windows\system32\drivers\niswdkl.sys --> C:\Windows\system32\drivers\niswdkl.sys [?]
    S3 nitiork;nitiork;\??\C:\Windows\system32\drivers\nitiorkl.sys --> C:\Windows\system32\drivers\nitiorkl.sys [?]
    S3 nitnr2k;nitnr2k;\??\C:\Windows\system32\drivers\nitnr2kl.sys --> C:\Windows\system32\drivers\nitnr2kl.sys [?]
    S3 niufurk;niufurk;\??\C:\Windows\system32\drivers\niufurkl.sys --> C:\Windows\system32\drivers\niufurkl.sys [?]
    S3 NiViFWK;NI-VISA FireWire Driver;C:\Windows\system32\drivers\NiViFWKl.sys --> C:\Windows\system32\drivers\NiViFWKl.sys [?]
    S3 NiViPciK;NI-VISA PCI Driver;C:\Windows\system32\drivers\NiViPciKl.sys --> C:\Windows\system32\drivers\NiViPciKl.sys [?]
    S3 niwfrk;niwfrk;\??\C:\Windows\system32\drivers\niwfrkl.sys --> C:\Windows\system32\drivers\niwfrkl.sys [?]
    S3 nixsrk;nixsrk;\??\C:\Windows\system32\drivers\nixsrkl.sys --> C:\Windows\system32\drivers\nixsrkl.sys [?]
    S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?]
    S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?]
    S3 Remote Solver for Flow Simulation 2010;Remote Solver for Flow Simulation 2010;C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2010-10-6 94472]
    S3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-5-25 43032]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
    S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
    .
    =============== Created Last 30 ================
    .
    2012-07-29 23:58:00 20480 ----a-w- C:\Windows\svchost.exe
    2012-07-29 19:26:37 -------- d-sh--w- C:\$RECYCLE.BIN
    2012-07-29 17:33:18 -------- d-----w- C:\Program Files (x86)\ESET
    2012-07-29 17:03:37 98816 ----a-w- C:\Windows\sed.exe
    2012-07-29 17:03:37 518144 ----a-w- C:\Windows\SWREG.exe
    2012-07-29 17:03:37 256000 ----a-w- C:\Windows\PEV.exe
    2012-07-29 17:03:37 208896 ----a-w- C:\Windows\MBR.exe
    2012-07-29 16:00:46 -------- d-----w- C:\Users\Class2014\AppData\Roaming\Malwarebytes
    2012-07-29 16:00:16 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-07-29 16:00:15 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-07-29 16:00:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-14 19:50:10 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
    2012-07-14 19:33:44 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-07-12 04:22:37 3147264 ----a-w- C:\Windows\System32\win32k.sys
    2012-07-11 11:12:58 -------- d-----w- C:\8ca979b7f09b658e9dc76c61d1
    2012-07-11 11:10:07 2003968 ----a-w- C:\Windows\System32\msxml6.dll
    2012-07-11 11:10:07 1880064 ----a-w- C:\Windows\System32\msxml3.dll
    2012-07-11 11:10:07 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-07-11 11:10:06 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-07-07 19:10:27 -------- d-----w- C:\Program Files (x86)\EAGLE-6.2.0
    2012-07-07 19:10:17 -------- d-----w- C:\Users\Class2014\AppData\Roaming\CadSoft
    .
    ==================== Find3M ====================
    .
    2012-07-30 01:46:00 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
    2012-07-29 16:13:20 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll
    2012-07-29 00:02:23 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
    2012-07-28 23:47:52 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
    2012-07-14 19:33:44 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    .
    ============= FINISH: 21:52:22.03 ===============
  4. mburns

    mburns Newcomer, in training Topic Starter Posts: 22

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/7/2010 2:41:53 PM
    System Uptime: 7/29/2012 12:11:56 PM (9 hours ago)
    .
    Motherboard: Hewlett-Packard | | 1521
    Processor: Intel(R) Core(TM) i7 CPU Q 820 @ 1.73GHz | CPU 1 | 1196/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 458 GiB total, 225.879 GiB free.
    D: is FIXED (FAT32) - 7 GiB total, 6.312 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is FIXED (NTFS) - 901 GiB total, 519.689 GiB free.
    H: is CDROM ()
    I: is FIXED (NTFS) - 496 GiB total, 426.68 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP220: 7/15/2012 10:43:38 PM - ComboFix created restore point
    RP221: 7/24/2012 11:38:34 PM - Scheduled Checkpoint
    RP222: 7/29/2012 1:03:50 PM - ComboFix created restore point
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Adobe Acrobat 9 Pro
    Adobe Acrobat 9.4.2 - CPSID_83708
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.1)
    Adobe Shockwave Player 11.6
    Apple Application Support
    Apple Software Update
    Audacity 1.3.13 (Unicode)
    AVG 9.0
    BufferChm
    Computrace
    CoreTempMC
    Coupon Printer for Windows
    Crystal Reports for Visual Studio
    D2600
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DeviceDiscovery
    DivX Setup
    DJ_SF_05_D2600_Software_Min
    Dotfuscator Software Services - Community Edition
    EAGLE 6.2.0
    Elica 5.3
    Empire Earth II
    Free FLV Converter V 6.92.0
    Free Video Converter V 2.92
    Futuremark SystemInfo
    GCalc 3
    Google Chrome
    Google Talk Plugin
    GPBaseService2
    HI-TECH C PRO for the PIC10/12/16 MCU Family V9.65PL1
    HI-TECH C51-lite V9.60PL0
    HI-TECH PICC lite V9.60PL0
    HI-TIDE V3.15PL2
    Hotfix for Microsoft Visual Studio 2010 Premium - ENU (KB2455033)
    HP Photo Creations
    HP Quick Launch Buttons
    HP QuickWeb
    HP Update
    HP Webcam
    HP Webcam Driver
    HPPhotoGadget
    HPProductAssistant
    HPSSupply
    IDT Audio
    Intel(R) Management Engine Components
    IVI Shared Components
    Java 3D 1.3.1 (OpenGL) Runtime
    Java Auto Updater
    Java(TM) 6 Update 29
    Java(TM) 7 Update 4
    Java(TM) SE Development Kit 6 Update 20
    JavaFX 2.1.0
    LAME v3.99.3 (for Windows)
    League of Legends
    LightScribe System Software
    Malwarebytes Anti-Malware version 1.62.0.1300
    MarketResearch
    MathType 6
    Memeo AutoSync
    Memeo Instant Backup
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft ASP.NET MVC 2
    Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    Microsoft Expression Design 3
    Microsoft Expression Encoder 3
    Microsoft Expression Web 3
    Microsoft Expression Web 3 SP1
    Microsoft Office 2003 Web Components
    Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Project MUI (English) 2010
    Microsoft Office Project Professional 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Visio 2010
    Microsoft Office Visio MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Project 2010 Service Pack 1 (SP1)
    Microsoft Project Professional 2010
    Microsoft Silverlight 3 SDK
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    Microsoft SQL Server 2008 R2 Data-Tier Application Project
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Database Publishing Wizard 1.4
    Microsoft SQL Server System CLR Types
    Microsoft Sync Framework SDK v1.0 SP1
    Microsoft Visio 2010 Service Pack 1 (SP1)
    Microsoft Visio Premium 2010
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
    Microsoft Visual F# 2.0 Runtime
    Microsoft Visual Studio 2005 Tools for Applications - ENU
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Visual Studio 2010 Premium - ENU
    Microsoft Visual Studio 2010 SharePoint Developer Tools
    Microsoft Visual Studio Macro Tools
    MiniTool Partition Wizard Home Edition 7.0
    Mirror's Edge™
    Mobile Broadband Generic Drivers
    Mobile Mouse Server
    Mozilla Firefox 14.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    National Instruments Software
    NEC Electronics USB 3.0 Host Controller Driver
    Nero 10 Movie ThemePack Basic
    Nero Burning ROM 10
    Nero BurningROM 10 Help (CHM)
    Nero BurnRights 10
    Nero BurnRights 10 Help (CHM)
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero CoverDesigner 10
    Nero CoverDesigner 10 Help (CHM)
    Nero DiscSpeed 10
    Nero DiscSpeed 10 Help (CHM)
    Nero Express 10 Help (CHM)
    Nero InfoTool 10
    Nero InfoTool 10 Help (CHM)
    Nero MediaHub 10 Help (CHM)
    Nero Multimedia Suite 10 VL Basic
    Nero StartSmart 10 Help (CHM)
    Nero Update
    NetBeans IDE 6.9
    NI-488.2 2.7.1
    NI-488.2 Provider for MAX version 2.7.1
    NI-653x Installer 1.9.0
    NI-APAL Error Files 1.5.0f0
    NI-DAQ C and VB6 API
    NI-DAQ Document Set
    NI-DAQ INF Files
    NI-DAQmx - LabVIEW shared documentation
    NI-DAQmx 8.9.5
    NI-DAQmx Documentation
    NI-DAQmx MAX Support 1.12.5
    NI-DAQmx OPC Support
    NI-DAQmx support for LabVIEW
    NI-DAQmx Switch Core 1.15.0
    NI-DCPower 1.3.1
    NI-DIM 1.9.0f0
    NI-DIM 1.9.0f0 for Phar Lap ETS
    NI-DIO Driver 160f1
    NI-DMM 3.0
    NI-FGEN 2.6.3
    NI-FGEN Driver 163f1
    NI-FieldPoint 6.0.5
    NI-FieldPoint for LabVIEW Real-Time 6.0.5
    NI-HSD Driver 1.10.2f1
    NI-HSDIO 1.6.1
    NI-IMAQ Camera Files
    NI-Intel8255x for LabVIEW Real-Time
    NI-MDBG 1.9.0f0
    NI-MDBG 1.9.0f0 for Phar Lap ETS
    NI-MRU 2.10.1f0
    NI-MXDF 1.10.0f0
    NI-MXDF 1.10.0f0 for Phar Lap ETS
    NI-MXEF 2.2.5
    NI-MXLC Core (32-bit)
    NI-MXLC LabVIEW 2009 Support
    NI-ORB 1.9.3f0
    NI-ORB 1.9.3f0 for Phar Lap ETS
    NI-PAL 2.4.0f0 for Phar Lap ETS
    NI-PAL 2.4.1f0
    NI-PAL 2.4.1f0 for Phar Lap ETS
    NI-RFSA 2.1.2
    NI-RFSG 1.5.1
    NI-RIO 3.2.0
    NI-RIO 3.2.0 driver for Real-Time Embedded Targets
    NI-RIO I/O Control for LabVIEW 2009
    NI-RIO I/O Control for LabVIEW 8.5
    NI-RIO I/O Control for LabVIEW 8.6
    NI-RIO Scan Interface for Real-Time Embedded Targets
    NI-RPC 4.1.0f0 for Phar Lap ETS
    NI-RPC 4.1.1f0
    NI-RPC 4.1.1f0 for Phar Lap ETS
    NI-SCOPE 3.5.2
    NI-Serial 3.3.4 for LabVIEW Real-Time
    NI-Serial 3.4
    NI-Serial 3.4 Help
    NI-Serial 3.4 MAX Provider
    NI-STE10/100A 2.1.0f2 for Phar Lap ETS
    NI-STE10/100A for Phar Lap ETS
    NI-SWITCH 3.8.5
    NI-TClk 1.7.1
    NI-TNF 1.4.4f0 for Phar Lap ETS
    NI-TNR Driver
    NI-VISA 4.4 for LabVIEW Real-Time
    NI-VISA 4.5.1
    NI-VISA 4.5.1 for LabVIEW Real-Time
    NI-VISA 4.5.1 MAX Provider
    NI-VISA Runtime 4.5.1
    NI-VISA Server 4.5.1
    NI-WatchDog 4.0 for LabVIEW Real-Time
    NI-WatchDog Host 4.0
    NI-WatchDog LabVIEW 9.0 Support
    NI 2009 Control Design Assistant
    NI AFW Channel Configuration Tool
    NI AFW Custom UI
    NI Assistant Framework
    NI Assistant Framework LabVIEW 2009 Support
    NI Assistant Framework LabVIEW Code Generator 2009
    NI Calibration Provider for MAX 4.6.0
    NI Certificates Deployment Support
    NI Circuit Design Suite 10.1.1 Core
    NI Circuit Design Suite 10.1.1 Edu Licenses
    NI Circuit Design Suite 10.1.1 Education
    NI CodeSignAPI
    NI Common Digital 1.9.0
    NI DAQ Assistant 1.10.5
    NI DataSocket 4.7.0
    NI DHV DCMP Installer 1.1.3f1
    NI DHV GPL 108f4
    NI Distributed System Manager 2009
    NI DN 2.0 installer
    NI DN 2.0 Language Pack installer
    NI Dynamic Signal Acquisition Installer 1.13.1
    NI Enhanced DSC Deployment Support 8.5
    NI EULA Depot
    NI Example Finder 9.0
    NI FieldPoint MAX Provider
    NI FlexRIO support for Real-Time Embedded Targets
    NI FSL Installer 1.8.0
    NI Help Assistant
    NI Hierarchical Waveform Storage 1.4.7
    NI IMAQ Vision for Measurement Studio Upgrade Manager
    NI Instrument I/O Assistant
    NI Instrument IO Assistant for LabVIEW 9.0 32
    NI IVI Class Driver LabVIEW 2009 Support
    NI IVI Class Drivers
    NI IVI Class Simulation Drivers
    NI IVI Compliance Package 4.0
    NI IVI Engine
    NI IVI Online Help
    NI IVI Provider for MAX
    NI LabVIEW 2009
    NI LabVIEW 2009 Applibs
    NI LabVIEW 2009 CINtools
    NI LabVIEW 2009 Control Design and Simulation Module
    NI LabVIEW 2009 Control Design Shared VIs
    NI LabVIEW 2009 Deployment Framework
    NI LabVIEW 2009 Desktop Execution Trace Toolkit
    NI LabVIEW 2009 Desktop Execution Trace Toolkit LV 2009 Supp
    NI LabVIEW 2009 Digital Filter Design Toolkit
    NI LabVIEW 2009 Digital Filter Design Toolkit License
    NI LabVIEW 2009 Digital Filter Design Toolkit RT Support
    NI LabVIEW 2009 Examples
    NI LabVIEW 2009 FPGA Realtime Support
    NI LabVIEW 2009 gMath
    NI LabVIEW 2009 Help
    NI LabVIEW 2009 Help File
    NI LabVIEW 2009 Instr.lib
    NI LabVIEW 2009 License
    NI LabVIEW 2009 Manuals
    NI LabVIEW 2009 MathScript RT Module
    NI LabVIEW 2009 MathScript RT Module License
    NI LabVIEW 2009 MeasAppChm File
    NI LabVIEW 2009 Menus
    NI LabVIEW 2009 Project
    NI LabVIEW 2009 Resource
    NI LabVIEW 2009 Simulation
    NI LabVIEW 2009 System Identification Assistant
    NI LabVIEW 2009 System Identification Toolkit
    NI LabVIEW 2009 System Identification Toolkit License
    NI LabVIEW 2009 System Identification Toolkit VIs
    NI LabVIEW 2009 Templates
    NI LabVIEW 2009 User.lib
    NI LabVIEW 2009 VI.lib
    NI LabVIEW 2009 Web Server
    NI LabVIEW 2009 WWW
    NI LabVIEW 8.5.1 Real-Time cRIO 9014 Upgrade
    NI LabVIEW 8.6 Real-Time LabVIEW
    NI LabVIEW 8.6 Real-Time MSVS71 Support
    NI LabVIEW 8.6 Real-Time Pharlap Base
    NI LabVIEW 8.6 Real-Time Pharlap LabVIEW
    NI LabVIEW 8.6 Real-Time Support for cRIO
    NI LabVIEW 8.6 Real-Time VxWorks Base Support
    NI LabVIEW 8.6 Real-Time VxWorks LabVIEW
    NI LabVIEW Analog Modulation Toolkit 4.1
    NI LabVIEW Broker
    NI LabVIEW C Interface
    NI LabVIEW Compare Utility 9.0.0
    NI LabVIEW Deployable License 2009
    NI LabVIEW EWB DeviceHandler 2009
    NI LabVIEW MAX XML
    NI LabVIEW Merge Utility 9.0.0
    NI LabVIEW Modulation Toolkit 4.1
    NI LabVIEW Real-Time Error Dialog
    NI LabVIEW Real-Time FIFO for Runtime
    NI LabVIEW Real-Time NBFifo
    NI LabVIEW Run-Time Engine 2009
    NI LabVIEW Run-Time Engine 7.1.1
    NI LabVIEW Run-Time Engine 8.0.1
    NI LabVIEW Run-Time Engine 8.2.1
    NI LabVIEW Run-Time Engine 8.5.1
    NI LabVIEW Run-Time Engine 8.6.1
    NI LabVIEW Run-Time Engine Interop 2009
    NI LabVIEW Run-Time Engine Web Services
    NI LabVIEW SignalExpress 2009
    NI LabVIEW SignalExpress 2009 Core
    NI LabVIEW SignalExpress 2009 Core LabVIEW Support
    NI LabVIEW SignalExpress 2009 Core LabVIEW90 Support
    NI LabVIEW SignalExpress 2009 Datatypes
    NI LabVIEW SignalExpress 2009 Datatypes LabVIEW 2009 Support
    NI LabVIEW SignalExpress 2009 LabVIEW 2009 Support
    NI LabVIEW SignalExpress 2009 LabVIEW Support
    NI LabVIEW SignalExpress 2009 Licenses
    NI LabVIEW SignalExpress 2009 Steps
    NI LabVIEW SignalExpress 2009 Tools
    NI LabVIEW Web Server for Run-Time Engine
    NI LabVIEW Web Services Runtime
    NI LabWindows/CVI 9.0.1 Run-Time Engine
    NI LabWindows/CVI Code Generator
    NI LabWindows/CVI DLL Builder for LabVIEW
    NI License Manager
    NI Logos 5.1
    NI Logos LabVIEW 2009 Support
    NI Logos Support for LabVIEW Real-Time
    NI Logos XT Support
    NI Logos XT Support for LabVIEW Real-Time
    NI LVBrokerAux 8.2.1
    NI LVBrokerAux 8.5.0
    NI LVBrokerAux1071
    NI LVBrokerAux71
    NI LVBrokerAux8.0
    NI Math Kernel Libraries
    NI MAX LabVIEW Support 4.6.0
    NI MAX Remote Configuration Installer 4.6
    NI MDF Support
    NI mDNS Responder 1.1.0
    NI Measurement & Automation Explorer 4.6.0
    NI Measurement Studio 8.1 Enterprise RunTime for VS2005
    NI Measurement Studio Common .NET Assemblies for the .NET 3.5
    NI Measurement Studio Common .NET Language Assemblies for the .NET Framework 2.0
    NI Measurement Studio Recipe Processor
    NI MetaSuite Installer
    NI MIO Device Drivers 2.0.2
    NI ModInst 1.5
    NI MXS 4.6.0
    NI MXS 4.6.0f0 for LabVIEW Real-Time
    NI OCR Upgrade Manager
    NI OPC Support
    NI Portable Configuration 4.6.0
    NI PXI Platform Framework 1.1.3
    NI PXI Platform Framework 1.1.3 for Phar Lap ETS
    NI PXI Platform Services 2.5.1
    NI PXI Platform Services 2.5.1 Configuration Support
    NI PXI Platform Services 2.5.1 Expert
    NI PXI Platform Services 2.5.1 Expert for LabVIEW Real-Time
    NI PXI Platform Services 2.5.1 for LabVIEW Real-Time
    NI Registration Wizard
    NI Remote Provider for MAX 4.6.0
    NI Remote PXI Provider for MAX 4.6.0
    NI Script Editor 1.3.1
    NI SCXI 1.10.0
    NI Service Locator
    NI Software Provider for MAX 4.6.0
    NI Sound and Vibration Frequency Analysis 2009
    NI Sound and Vibration Frequency Analysis LabVIEW 2009 Support
    NI Spy 2.7.0
    NI Spy API LV90
    NI SSL LabVIEW 2009 Support
    NI SSL Support
    NI STC 1.2.0
    NI System API RT
    NI System API Windows 32-bit
    NI System Identification Assistant LabVIEW Support
    NI System State Publisher
    NI TDM Excel Add-In 2.1
    NI TDMS
    NI TDMS RT
    NI Timing Installer 1.13.0
    NI Trace Engine
    NI Uninstaller
    NI Update Service 1.0
    NI Update Service Extras 1.0
    NI USI 1.7.0
    NI Variable Engine 2.3.0
    NI Variable Engine LabVIEW 2009 Support
    NI VC2005MSMs x86
    NI VC2008MSMs x86
    NI Vision .NET 2009
    NI Vision .NET Run-Time Engine 2009
    NI Vision 2009
    NI Vision Assistant 2009
    NI Vision Assistant 2009 .NET
    NI Vision Builder AI 3.6.1
    NI Vision Run-Time Engine 2009
    NI Web Pipeline 2.0.1
    NI Xalan Delay Load 1.10.1
    NI Xerces Delay Load 2.7.1
    NVIDIA 3D Vision Controller Driver
    NVIDIA PhysX
    Octoshape add-in for Adobe Flash Player
    ooVoo
    Pad2Pad 1.9.74
    Pando Media Booster
    Parallel Computing Toolkit 2.1
    Pharos
    PhotoView 360
    Pidgin
    Portal 2
    Project64 1.6
    QLBCASL
    QuickTime
    R for Windows 2.11.1
    RICOH Media Driver
    Scientific Viewer 5.5
    Scratch
    Seagate Dashboard
    Search Toolbar
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft Expression Design 3 (KB2667727)
    Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio 2010 (KB2553374) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
    Security Update for Microsoft Visual Studio 2010 Premium - ENU (KB2251489)
    Security Update for Microsoft Visual Studio 2010 Premium - ENU (KB2644980)
    Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
    Skype Toolbars
    Skype™ 4.2
    SmartWebPrinting
    SolidWorks 2010 x64 Edition SP05
    SolidWorks eDrawings 2010
    SolutionCenter
    Status
    Steam
    swMSM
    System Requirements Lab for Intel
    TextPad 5
    Toolbox
    TrayApp
    Truss Analysis 5.3
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    VC80CRTRedist - 8.0.50727.4053
    Verizon Wireless USB720-V740 Firmware Updates
    Verizon Wireless USB727 Firmware Updates
    VISA Shared Components 64-Bit
    Visual C++ 8.0 Runtime Setup Package (x64)
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    VLC media player 1.1.0
    VZAccess Manager
    WebReg
    Winamp
    Windows Movie Maker 2.6
    WinSCP 4.3.2
    Wolfram Notebook Indexer 2.0
    World Community Grid - BOINC for Windows
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/29/2012 9:51:45 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
    7/29/2012 3:51:30 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
    7/29/2012 12:14:34 PM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc24690.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    7/29/2012 12:12:50 PM, Error: Service Control Manager [7000] - The cvintdrv service failed to start due to the following error: This driver has been blocked from loading
    7/29/2012 12:12:50 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\cvintdrv.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    7/29/2012 11:57:43 AM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc2DAA5.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    7/29/2012 1:23:34 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    7/29/2012 1:22:31 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    7/29/2012 1:03:04 PM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
    7/29/2012 1:03:04 PM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
    7/28/2012 8:03:09 PM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc2863F.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    7/28/2012 7:49:04 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    7/28/2012 7:48:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    7/28/2012 7:48:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    7/28/2012 7:48:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    7/28/2012 7:48:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    7/28/2012 7:48:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    7/28/2012 7:48:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    7/28/2012 7:48:21 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx64 AvgMfx64 AvgTdiA CSC DfsC discache NetBIOS NetBT NIPALK nipbcfk nsiproxy Psched rdbss spldr sptd tdx vpcnfltr vpcvmm vwififlt Wanarpv6 WfpLwf ws2ifsl
    7/28/2012 7:48:20 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    7/28/2012 7:48:20 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    7/28/2012 7:48:20 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    7/28/2012 7:48:20 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    7/28/2012 7:48:20 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    7/28/2012 7:48:20 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    7/28/2012 7:48:19 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    7/28/2012 7:48:19 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    7/28/2012 7:48:19 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    7/28/2012 7:48:19 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    7/28/2012 7:48:19 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    7/28/2012 7:48:19 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    7/28/2012 7:47:41 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    7/28/2012 7:20:04 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Apple Mobile Device service to connect.
    7/28/2012 7:20:04 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/28/2012 7:20:02 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
    7/28/2012 7:19:48 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Adobe Acrobat Update Service service to connect.
    7/28/2012 7:17:46 PM, Error: Service Control Manager [7038] - The MSSQL$SQLEXPRESS service was unable to log on as NT AUTHORITY\NETWORK SERVICE with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    7/28/2012 7:17:46 PM, Error: Service Control Manager [7000] - The SQL Server (SQLEXPRESS) service failed to start due to the following error: The service did not start due to a logon failure.
    7/28/2012 7:17:46 PM, Error: Service Control Manager [7000] - The MemeoBackgroundService service failed to start due to the following error: The pipe has been ended.
    7/28/2012 7:17:43 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Intel(R) Management and Security Application Local Management Service service to connect.
    7/28/2012 7:17:43 PM, Error: Service Control Manager [7000] - The Intel(R) Management and Security Application Local Management Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/28/2012 7:17:28 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the National Instruments Time Synchronization service to connect.
    7/28/2012 7:17:13 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the National Instruments PSP Server Locator service to connect.
    7/28/2012 7:16:57 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the LightScribeService Direct Disc Labeling Service service to connect.
    7/28/2012 7:16:42 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the HP CUE DeviceDiscovery Service service to connect.
    7/28/2012 7:16:42 PM, Error: Service Control Manager [7000] - The HP CUE DeviceDiscovery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/28/2012 7:16:26 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the AVG WatchDog service to connect.
    7/28/2012 7:16:26 PM, Error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/28/2012 7:12:14 PM, Error: Service Control Manager [7038] - The DPS service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    7/28/2012 7:12:14 PM, Error: Service Control Manager [7038] - The CryptSvc service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    7/28/2012 7:12:14 PM, Error: Service Control Manager [7000] - The Diagnostic Policy Service service failed to start due to the following error: The service did not start due to a logon failure.
    7/28/2012 7:12:14 PM, Error: Service Control Manager [7000] - The Cryptographic Services service failed to start due to the following error: The service did not start due to a logon failure.
    7/28/2012 7:12:14 PM, Error: Service Control Manager [7000] - The Certificate Propagation service failed to start due to the following error: A system shutdown is in progress.
    7/28/2012 7:12:14 PM, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The pipe has been ended.
    7/28/2012 6:56:51 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the hpqwmiex service to connect.
    7/28/2012 6:56:51 PM, Error: Service Control Manager [7000] - The hpqwmiex service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/28/2012 6:53:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}
    7/28/2012 6:53:13 PM, Error: Service Control Manager [7001] - The Intel(R) Management & Security Application User Notification Service service depends on the Intel(R) Management and Security Application Local Management Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    7/28/2012 6:53:12 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Nero Update service to connect.
    7/28/2012 6:53:12 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
    7/28/2012 6:51:11 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Seagate Dashboard Service service to connect.
    7/28/2012 6:51:11 PM, Error: Service Control Manager [7000] - The Seagate Dashboard Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/28/2012 6:50:56 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the rpcnetp service to connect.
    7/28/2012 6:50:56 PM, Error: Service Control Manager [7000] - The rpcnetp service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/28/2012 6:50:41 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Remote Procedure Call (RPC) Net service to connect.
    7/28/2012 6:50:41 PM, Error: Service Control Manager [7000] - The Remote Procedure Call (RPC) Net service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/28/2012 6:50:26 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Pharos Systems ComTaskMaster service to connect.
    7/28/2012 6:50:26 PM, Error: Service Control Manager [7000] - The Pharos Systems ComTaskMaster service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/28/2012 6:50:10 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the NI Service Locator service to connect.
    7/28/2012 6:49:55 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the National Instruments Domain Service service to connect.
    7/28/2012 6:49:55 PM, Error: Service Control Manager [7001] - The NI PXI Resource Manager service depends on the NI Configuration Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    7/28/2012 6:49:40 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the NI-488.2 Enumeration Service service to connect.
    7/28/2012 6:49:40 PM, Error: Service Control Manager [7001] - The NI Device Loader service depends on the NI Configuration Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    7/28/2012 6:49:40 PM, Error: Service Control Manager [7000] - The NI-488.2 Enumeration Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/28/2012 6:49:25 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the NI Configuration Manager service to connect.
    7/28/2012 6:27:23 PM, Error: Service Control Manager [7001] - The World Wide Web Publishing Service service depends on the Windows Process Activation Service service which failed to start because of the following error: The system cannot find the path specified.
    7/28/2012 6:27:23 PM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: The system cannot find the path specified.
    7/28/2012 6:27:23 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Windows Management Instrumentation service which failed to start because of the following error: The system cannot find the path specified.
    7/28/2012 6:27:23 PM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: The dependency service or group failed to start.
    7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The Windows Process Activation Service service failed to start due to the following error: The system cannot find the path specified.
    7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The system cannot find the path specified.
    7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The Telephony service failed to start due to the following error: The system cannot find the path specified.
    7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The TCP/IP Registry Compatibility service failed to start due to the following error: The media is write protected.
    7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The SQL Server VSS Writer service failed to start due to the following error: The system cannot find the path specified.
    7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The Security Driver service failed to start due to the following error: The media is write protected.
    7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The Secure Socket Tunneling Protocol Service service failed to start due to the following error: The system cannot find the path specified.
    7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The Secondary Logon service failed to start due to the following error: The system cannot find the path specified.
    7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The Seagate Dashboard Service service failed to start due to the following error: The system cannot find the path specified.
    7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The rpcnetp service failed to start due to the following error: The system cannot find the path specified.
    7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The Remote Procedure Call (RPC) Net service failed to start due to the following error: The system cannot find the path specified.
    7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The Program Compatibility Assistant Service service failed to start due to the following error: The system cannot find the path specified.
    7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The system cannot find the path specified.
    7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The Pharos Systems ComTaskMaster service failed to start due to the following error: The system cannot find the path specified.
    7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The PEAUTH service failed to start due to the following error: The media is write protected.
    7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The NI PXI Resource Manager service failed to start due to the following error: The media is write protected.
    7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The NI-VISA PXI Driver service failed to start due to the following error: The media is write protected.
    7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The Network Location Awareness service failed to start due to the following error: The system cannot find the path specified.
    7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The system cannot find the path specified.
    7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The Distributed Link Tracking Client service failed to start due to the following error: The system cannot find the path specified.
    7/28/2012 2:44:18 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    7/27/2012 7:18:08 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    7/27/2012 6:05:45 PM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc2C2F0.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    7/26/2012 6:05:59 PM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc2C199.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    7/25/2012 8:57:35 PM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc25D9.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    7/25/2012 8:55:42 PM, Error: Service Control Manager [7022] - The Audio Service service hung on starting.
    7/24/2012 7:20:13 PM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc2928E.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    7/24/2012 6:05:32 PM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc2B395.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    7/23/2012 7:35:43 PM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc2CFFB.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    .
    ==== End Of File ===========================
  5. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================================

    Never run Combofix on your own!

    ============================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ===========================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  6. mburns

    mburns Newcomer, in training Topic Starter Posts: 22

    Wow, wasn't expecting an answer so soon, I really appreciate this. Here's the logs:

    RogueKiller V7.6.4 [07/17/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7600 ) 64 bits version
    Started in : Normal mode
    User: mburns [Admin rights]
    Mode: Scan -- Date: 07/29/2012 23:16:34

    ¤¤¤ Bad processes: 1 ¤¤¤
    [SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries: 5 ¤¤¤
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FOLDER] U : c:\windows\installer\{42a20c13-7b7a-d9b4-448a-5855ff432868}\U --> FOUND
    [ZeroAccess][FOLDER] L : c:\windows\installer\{42a20c13-7b7a-d9b4-448a-5855ff432868}\L --> FOUND
    [ZeroAccess][FILE] @ : c:\users\class2014\appdata\local\{42a20c13-7b7a-d9b4-448a-5855ff432868}\@ --> FOUND
    [ZeroAccess][FOLDER] U : c:\users\class2014\appdata\local\{42a20c13-7b7a-d9b4-448a-5855ff432868}\U --> FOUND
    [ZeroAccess][FOLDER] L : c:\users\class2014\appdata\local\{42a20c13-7b7a-d9b4-448a-5855ff432868}\L --> FOUND
    [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND
    [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST9500420AS ATA Device +++++
    --- User ---
    [MBR] 100fe8340e9e7fb52f6b6d27dd001a51
    [BSP] ca0a18c02b5622e4126dc0532bff4694 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1052 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2156544 | Size: 468816 Mo
    2 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 962291712 | Size: 7070 Mo
    User = LL1 ... OK!
    User != LL2 ... KO!
    --- LL2 ---
    [MBR] f371def9e24b8d101909320ef20fdead
    [BSP] ca0a18c02b5622e4126dc0532bff4694 : Windows 7 MBR Code
    Partition table:
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1052 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2156544 | Size: 468816 Mo
    3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 962291712 | Size: 7070 Mo

    +++++ PhysicalDrive1: Generic Flash Disk USB Device +++++
    --- User ---
    [MBR] f4f44b73dbe886ac34bee13d0b4ca68c
    [BSP] 650f0735156de32a923a3bcdf7cea1c8 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 1544 | Size: 929 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[3].txt >>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

    -------------------------------------------------------------------------------------------------------------------------------

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-07-29 23:16:57
    -----------------------------
    23:16:57.717 OS Version: Windows x64 6.1.7600
    23:16:57.717 Number of processors: 8 586 0x1E05
    23:16:57.718 ComputerName: K563 UserName:
    23:17:00.548 Initialize success
    23:20:23.311 AVAST engine defs: 12072901
    23:20:43.409 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    23:20:43.413 Disk 0 Vendor: ST9500420AS 0006HPM1 Size: 476940MB BusType: 11
    23:20:43.418 Device \Driver\atapi -> MajorFunction fffffa80053855e8
    23:20:43.423 Disk 0 MBR read successfully
    23:20:43.428 Disk 0 MBR scan
    23:20:43.435 Disk 0 Windows 7 default MBR code
    23:20:43.441 Disk 0 MBR hidden
    23:20:43.473 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1052 MB offset 2048
    23:20:43.486 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 468816 MB offset 2156544
    23:20:43.524 Disk 0 Partition 3 00 0C FAT32 LBA MSDOS5.0 7070 MB offset 962291712
    23:20:43.587 Disk 0 scanning C:\Windows\system32\drivers
    23:21:03.707 Service scanning
    23:21:41.391 Modules scanning
    23:21:41.407 Disk 0 trace - called modules:
    23:21:41.418 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys >>UNKNOWN [0xfffffa80053855e8]<<
    23:21:41.427 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004fa8060]
    23:21:41.436 3 CLASSPNP.SYS[fffff88001bb943f] -> nt!IofCallDriver -> [0xfffffa8004e0bb10]
    23:21:41.445 5 hpdskflt.sys[fffff88001b602bd] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004c8d060]
    23:21:41.454 \Driver\atapi[0xfffffa8004fa7e70] -> IRP_MJ_CREATE -> 0xfffffa80053855e8
    23:21:44.431 AVAST engine scan C:\Windows
    23:21:49.003 AVAST engine scan C:\Windows\system32
    23:24:10.996 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
    23:24:18.632 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
    23:26:56.860 AVAST engine scan C:\Windows\system32\drivers
    23:27:37.867 AVAST engine scan C:\Users\Class2014
    23:44:00.383 AVAST engine scan C:\ProgramData
    23:48:17.090 Scan finished successfully
    23:55:28.388 Disk 0 MBR has been saved successfully to "C:\Users\Class2014\Desktop\MBR.dat"
    23:55:28.397 The log file has been saved successfully to "C:\Users\Class2014\Desktop\aswMBR.txt"
  7. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes to your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
  8. mburns

    mburns Newcomer, in training Topic Starter Posts: 22

    Sorry, I have a university-issued laptop and they didn't include an installation disk. I tried getting to system recovery through advanced options but apparently I need the disk for that method too.

    Just as a quick update: On start-up today I wasn't able to run any programs and my active processes had dropped from around 100 to about 55. It went away after a reboot but definitely should be mentioned.
  9. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    You're infected with ZeroAccess rootkit and it's serious.

    You shouldn't need Windows 7 DVD.
    At what exact point are you stuck?
  10. mburns

    mburns Newcomer, in training Topic Starter Posts: 22

    I get stuck right after selecting 'Repair Your Computer' in the Advanced Boot Options instructions
  11. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    What happens when you click Repair your computer?
    I'm not there you know....
  12. mburns

    mburns Newcomer, in training Topic Starter Posts: 22

    After selecting Repair Your Computer under Advanced Boot Options I get a message that's pretty much in the same style as the menus:

    "Windows failed to start. A recent hardware or software change might be the cause. To fix the problem:

    1. Insert your windows installation disc and restart your computer.
    2. Choose your language settings, and then click "Next."
    3. Click "Repair your computer."

    If you do not have this disc, contact your system administrator or computer manufacturer for assistance.

    Status: 0xc000000e
    Info: The boot selection failed because a required device is inaccessible."

    Enter to continue, esc to exit
  13. Broni

    Broni Malware Annihilator Posts: 45,226   +243

     
  14. mburns

    mburns Newcomer, in training Topic Starter Posts: 22

    Alright, I've got to pick up blank DVDs tomorrow. Just for clarity I'm assuming you want me follow "How to Create and Make Bootable Windows 7 ISO from EXE Plus Setup1.Box and Setup2.Box Files?"

    Is this DVD just to get through the last set of instructions you gave or is it for a fresh reinstall? If it's the latter I'd rather drop off my laptop at the school's tech center and have them take care of it since there's a lot of software they loaded it with. However, if it's just so we can move on with a fix I'll gladly go ahead with it.

    Thanks for the help so far
  15. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Yes.

    That DVD will allow you use method #2:
  16. mburns

    mburns Newcomer, in training Topic Starter Posts: 22

    FRST.txt:

    Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
    Ran by SYSTEM at 31-07-2012 22:07:17
    Running from I:\
    Windows 7 Professional (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2095912 2010-05-14] (Synaptics Incorporated)
    HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-11-18] (IDT, Inc.)
    HKLM\...\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet [1875048 2010-07-07] ()
    HKLM-x32\...\Run: [NUSB3MON] "c:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [106496 2009-11-20] (NEC Electronics Corporation)
    HKLM-x32\...\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [111640 2009-11-04] ()
    HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe [2077536 2012-01-26] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
    HKU\Administrator\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-06-17] (Hewlett-Packard Company)
    Winlogon\Notify\ScCertProp: wlnotify.dll [X]
    Tcpip\Parameters: [DhcpNameServer] 167.206.245.129 167.206.245.130
    AppInit_DLLs: C:\Windows\System32\avgrssta.dll
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Air Mouse.lnk
    ShortcutTarget: Air Mouse.lnk -> C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe ()

    ==================== Services (Whitelisted) ======

    2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
    2 avg9wd; "C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe" [308136 2010-07-22] (AVG Technologies CZ, s.r.o.)
    3 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2008-10-31] (National Instruments, Inc.)
    2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [42544 2009-06-18] (National Instruments Corporation)
    2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [53296 2009-06-18] (National Instruments Corporation)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
    2 MSSQL$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [57617752 2009-03-30] (Microsoft Corporation)
    2 mxssvr; "C:\Program Files (x86)\National Instruments\MAX\nimxs.exe" [12696 2009-06-15] (National Instruments Corporation)
    2 ni488enumsvc; C:\Windows\SysWOW64\nipalsm.exe [12696 2008-08-21] (National Instruments Corporation)
    2 nidevldu; C:\Windows\SysWOW64\nipalsm.exe [12696 2008-08-21] (National Instruments Corporation)
    2 NIDomainService; "C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe" [356912 2009-06-18] (National Instruments Corporation)
    4 NILM License Manager; "C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe" [1007616 2009-06-26] (Macrovision Corporation)
    2 niLXIDiscovery; "C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe" [131704 2009-03-05] (National Instruments Corporation)
    2 nimDNSResponder; "C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe" [193648 2009-06-04] (National Instruments Corporation)
    2 nipxirmu; C:\Windows\SysWOW64\nipalsm.exe [12696 2008-08-21] (National Instruments Corporation)
    3 NiRioRpc; C:\Windows\SysWOW64\NiRioRpc.exe [28744 2009-06-22] (National Instruments Corporation)
    2 niSvcLoc; C:\Windows\SysWOW64\nisvcloc.exe -s [13896 2009-06-04] (National Instruments Corporation)
    2 NITaggerService; "C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe" [740968 2009-06-23] (National Instruments Corporation)
    2 NVIDIA Performance Driver Service; "C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe" [6810728 2009-12-08] ()
    3 OpcEnum; C:\Windows\SysWOW64\OpcEnum.exe [98304 2007-05-09] (OPC Foundation)
    2 Pharos Systems ComTaskMaster; "C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe" [290816 2008-05-16] (Pharos Systems International)
    4 SQLAgent$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -I SQLEXPRESS [427880 2009-03-30] (Microsoft Corporation)
    2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\STacSV64.exe [244224 2009-11-18] (IDT, Inc.)
    2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2320920 2009-11-04] (Intel Corporation)
    2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [451072 2009-07-13] (Microsoft Corporation)
    2 W3SVC; C:\Windows\SysWow64\inetsrv\iisw3adm.dll [396288 2009-07-13] (Microsoft Corporation)

    ========================== Drivers (Whitelisted) =============

    1 AvgLdx64; C:\Windows\System32\Drivers\AvgLdx64.sys [269904 2010-07-22] (AVG Technologies CZ, s.r.o.)
    1 AvgMfx64; C:\Windows\System32\Drivers\AvgMfx64.sys [35664 2011-09-12] (AVG Technologies CZ, s.r.o.)
    0 AvgRkx64; C:\Windows\System32\Drivers\AvgRkx64.sys [56008 2010-07-19] (AVG Technologies CZ, s.r.o.)
    1 AvgTdiA; C:\Windows\System32\Drivers\AvgTdiA.sys [317520 2011-05-05] (AVG Technologies CZ, s.r.o.)
    3 cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2009-12-18] ()
    2 cvintdrv; C:\Windows\SysWow64\Drivers\cvintdrv.sys [4096 2005-10-18] ()
    3 e1kexpress; C:\Windows\System32\DRIVERS\e1k62x64.sys [283824 2009-09-23] (Intel Corporation)
    3 FTDIBUS; C:\Windows\System32\Drivers\FTDIBUS.sys [74376 2011-03-18] (FTDI Ltd.)
    3 FTSER2K; C:\Windows\System32\Drivers\FTSER2K.sys [85384 2011-03-18] (FTDI Ltd.)
    3 lvalarmk; C:\Windows\System32\Drivers\lvalarmk.sys [25224 2008-12-05] (National Instruments Corporation)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
    3 ni1006k; C:\Windows\System32\Drivers\ni1006k.sys [30800 2009-04-01] (National Instruments Corporation)
    3 ni1045k; \??\C:\Windows\system32\drivers\ni1045kl.sys [11856 2009-06-17] (National Instruments Corporation)
    3 ni1065k; C:\Windows\System32\Drivers\ni1065k.sys [26704 2009-04-01] (National Instruments Corporation)
    3 ni488lock; C:\Windows\System32\Drivers\ni488lock.sys [18504 2009-01-28] (National Instruments Corporation)
    3 nicdrk; \??\C:\Windows\system32\drivers\nicdrkl.sys [11864 2009-01-02] (National Instruments Corporation)
    3 nicsrk; \??\C:\Windows\system32\drivers\nicsrkl.sys [11848 2009-05-28] (National Instruments Corporation)
    3 nidimk; \??\C:\Windows\system32\drivers\nidimkl.sys [11872 2008-06-13] (National Instruments Corporation)
    3 nidmxfk; \??\C:\Windows\system32\drivers\nidmxfkl.sys [11848 2009-06-16] (National Instruments Corporation)
    3 nidsark; \??\C:\Windows\system32\drivers\nidsarkl.sys [11856 2009-06-17] (National Instruments Corporation)
    3 nidwgk; \??\C:\Windows\system32\drivers\nidwgkl.sys [11872 2009-05-27] (National Instruments Corporation)
    3 niemrk; \??\C:\Windows\system32\drivers\niemrkl.sys [11848 2009-05-28] (National Instruments Corporation)
    3 niemrkw; C:\Windows\System32\Drivers\niemrkw.sys [11336 2009-05-28] (National Instruments Corporation)
    3 niesrk; \??\C:\Windows\system32\drivers\niesrkl.sys [11848 2009-05-28] (National Instruments Corporation)
    3 nifslk; \??\C:\Windows\system32\drivers\nifslkl.sys [11864 2009-01-06] (National Instruments Corporation)
    3 nigplk; \??\C:\Windows\system32\drivers\nigplkl.sys [12152 2009-06-17] (National Instruments Corporation)
    3 nihsdrk; \??\C:\Windows\system32\drivers\nihsdrkl.sys [11864 2009-04-08] (National Instruments Corporation)
    3 nimdbgk; \??\C:\Windows\system32\drivers\nimdbgkl.sys [11872 2008-06-13] (National Instruments Corporation)
    3 nimru2k; \??\C:\Windows\system32\drivers\nimru2kl.sys [11872 2008-11-23] (National Instruments Corporation)
    3 nimsdrk; \??\C:\Windows\system32\drivers\nimsdrkl.sys [11904 2008-12-29] (National Instruments Corporation)
    3 nimstsk; \??\C:\Windows\system32\drivers\nimstskl.sys [11872 2008-12-29] (National Instruments Corporation)
    3 nimxdfk; \??\C:\Windows\system32\drivers\nimxdfkl.sys [11856 2008-06-13] (National Instruments Corporation)
    3 nimxpk; \??\C:\Windows\system32\drivers\nimxpkl.sys [11880 2009-06-16] (National Instruments Corporation)
    3 ninshsdk; \??\C:\Windows\system32\drivers\ninshsdkl.sys [11872 2009-03-30] (National Instruments Corporation)
    3 niorbk; \??\C:\Windows\system32\drivers\niorbkl.sys [11856 2009-06-14] (National Instruments Corporation)
    3 nipalfwedl; C:\Windows\System32\Drivers\nipalfwedl.sys [12928 2009-05-26] (National Instruments Corporation)
    0 NIPALK; C:\Windows\System32\Drivers\NIPALK.sys [883288 2009-05-26] (National Instruments Corporation)
    3 nipalusbedl; C:\Windows\System32\Drivers\nipalusbedl.sys [12920 2009-05-26] (National Instruments Corporation)
    0 nipbcfk; C:\Windows\System32\Drivers\nipbcfk.sys [16472 2008-08-21] (National Instruments Corporation)
    3 nipsdk; \??\C:\Windows\system32\drivers\nipsdkl.sys [11904 2009-06-11] (National Instruments Corporation)
    3 nipxigpk; C:\Windows\System32\Drivers\nipxigpk.sys [22104 2008-06-25] (National Instruments Corporation)
    2 nipxirmk; \??\C:\Windows\system32\drivers\nipxirmkl.sys [11856 2009-06-04] (National Instruments Corporation)
    3 niRFSA2k; \??\C:\Windows\system32\drivers\niRFSA2kl.sys [11840 2009-06-01] (National Instruments Corporation)
    3 niRFSGk; \??\C:\Windows\system32\drivers\niRFSGkl.sys [11840 2009-04-27] (National Instruments Corporation)
    3 niscdk; \??\C:\Windows\system32\drivers\niscdkl.sys [11888 2009-01-05] (National Instruments Corporation)
    3 nisdigk; \??\C:\Windows\system32\drivers\nisdigkl.sys [11864 2009-02-05] (National Instruments Corporation)
    3 nisftk; \??\C:\Windows\system32\drivers\nisftkl.sys [11856 2009-03-30] (National Instruments Corporation)
    3 nisldk; \??\C:\Windows\system32\drivers\nisldkl.sys [11856 2009-06-17] (National Instruments Corporation)
    3 nispdk; \??\C:\Windows\system32\drivers\nispdkl.sys [11888 2009-01-05] (National Instruments Corporation)
    3 nisrcdk; \??\C:\Windows\system32\drivers\nisrcdkl.sys [11864 2009-06-26] (National Instruments Corporation)
    3 nissrk; \??\C:\Windows\system32\drivers\nissrkl.sys [11848 2009-05-28] (National Instruments Corporation)
    3 nistc2k; \??\C:\Windows\system32\drivers\nistc2kl.sys [11824 2009-01-02] (National Instruments Corporation)
    3 nistcrk; \??\C:\Windows\system32\drivers\nistcrkl.sys [11872 2009-01-02] (National Instruments Corporation)
    3 niswdk; \??\C:\Windows\system32\drivers\niswdkl.sys [11848 2008-07-28] (National Instruments Corporation)
    3 nitiork; \??\C:\Windows\system32\drivers\nitiorkl.sys [11872 2009-01-02] (National Instruments Corporation)
    3 nitnr2k; \??\C:\Windows\system32\drivers\nitnr2kl.sys [11840 2009-04-10] (National Instruments Corporation)
    3 niufurk; \??\C:\Windows\system32\drivers\niufurkl.sys [11880 2009-05-28] (National Instruments Corporation)
    3 NiViFWK; C:\Windows\System32\Drivers\NiViFWK.sys [39544 2009-03-05] (National Instruments Corporation)
    3 NiViPciK; C:\Windows\System32\Drivers\NiViPciK.sys [91744 2009-06-21] (National Instruments Corporation)
    2 NiViPxiK; C:\Windows\System32\Drivers\NiViPxiK.sys [44640 2009-06-21] (National Instruments Corporation)
    3 niwdk; C:\Windows\SysWow64\Drivers\niwdk.sys [27744 2009-06-16] (National Instruments Corporation)
    3 niwfrk; \??\C:\Windows\system32\drivers\niwfrkl.sys [11848 2009-05-28] (National Instruments Corporation)
    3 nixsrk; \??\C:\Windows\system32\drivers\nixsrkl.sys [11848 2009-05-28] (National Instruments Corporation)
    3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213376 2009-06-03] (Novatel Wireless Inc.)
    3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213376 2009-06-03] (Novatel Wireless Inc.)
    3 pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [19936 2011-09-02] ()
    3 pwdspio; \??\C:\Windows\system32\pwdspio.sys [13280 2011-09-02] ()
    3 rismcx64; C:\Windows\System32\Drivers\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
    3 SMSIVZAM5X64; \??\C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [43032 2009-05-25] (Smith Micro Inc.)
    3 SNP2UVC; C:\Windows\System32\Drivers\SNP2UVC.sys [1805104 2009-09-17] ()
    0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-08-28] (Duplex Secure Ltd.)
    3 ALSysIO; \??\C:\Users\CLASS2~1\AppData\Local\Temp\ALSysIO64.sys [x]
    3 catchme; \??\C:\ComboFix\catchme.sys [x]
    3 cpuz130; \??\C:\Users\CLASS2~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
    4 mchInjDrv; \??\C:\Windows\TEMP\mc29230.tmp [x]
    3 usb6xxxk; \??\C:\Windows\system32\drivers\usb6xxxkl.sys [x]
    3 X6va003; \??\C:\Users\CLASS2~1\AppData\Local\Temp\003302D.tmp [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-31 15:20 - 2012-07-31 15:18 - 3224686592 ____A C:\Users\Class2014\Desktop\X15-65805.iso
    2012-07-31 14:50 - 2012-07-31 15:18 - 3224686592 ____A C:\Users\Class2014\Downloads\X15-65805.iso
    2012-07-30 16:27 - 2012-07-30 16:27 - 00009008 __RSH C:\Users\All Users\3002.abs
    2012-07-29 19:55 - 2012-07-29 19:55 - 00002414 ____A C:\Users\Class2014\Desktop\aswMBR.txt
    2012-07-29 19:55 - 2012-07-29 19:55 - 00000512 ____A C:\Users\Class2014\Desktop\MBR.dat
    2012-07-29 19:16 - 2012-07-29 19:16 - 00002992 ____A C:\Users\Class2014\Desktop\RKreport[3].txt
    2012-07-29 19:15 - 2012-07-29 19:15 - 04731392 ____A (AVAST Software) C:\Users\Class2014\Desktop\aswMBR.exe
    2012-07-29 19:13 - 2012-07-29 19:13 - 00002974 ____A C:\Users\Class2014\Desktop\RKreport[2].txt
    2012-07-29 19:12 - 2012-07-29 19:12 - 00002956 ____A C:\Users\Class2014\Desktop\RKreport[1].txt
    2012-07-29 19:11 - 2012-07-29 19:12 - 00000000 ____D C:\Users\Class2014\Desktop\RK_Quarantine
    2012-07-29 19:10 - 2012-07-29 19:10 - 01552384 ____A C:\Users\Class2014\Desktop\RogueKiller.exe
    2012-07-29 17:49 - 2012-07-29 17:49 - 00607260 ____R (Swearware) C:\Users\Class2014\Desktop\dds.scr
    2012-07-29 17:46 - 2012-07-29 17:46 - 00187610 ____A C:\Users\Class2014\Desktop\Rootkit Log.log
    2012-07-29 15:59 - 2012-07-29 15:59 - 00302592 ____A C:\Users\Class2014\Desktop\zcw1x2vh.exe
    2012-07-29 15:58 - 2009-07-13 17:14 - 00020480 ____N (Microsoft Corporation) C:\Windows\svchost.exe
    2012-07-29 09:30 - 2012-07-29 09:30 - 00025842 ____A C:\ComboFix.txt
    2012-07-29 09:03 - 2012-07-29 09:30 - 00000000 ___AD C:\Qoobox
    2012-07-29 09:03 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
    2012-07-29 09:03 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
    2012-07-29 09:03 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2012-07-29 09:03 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2012-07-29 09:03 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2012-07-29 09:03 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
    2012-07-29 09:03 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
    2012-07-29 09:03 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
    2012-07-29 08:57 - 2012-07-29 08:57 - 04721417 ____A (Swearware) C:\Users\Class2014\Downloads\ComboFix.exe
    2012-07-29 08:00 - 2012-07-29 08:00 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-29 08:00 - 2012-07-29 08:00 - 00000000 ____D C:\Users\Class2014\AppData\Roaming\Malwarebytes
    2012-07-29 08:00 - 2012-07-29 08:00 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-07-29 08:00 - 2012-07-29 08:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-29 08:00 - 2012-07-03 09:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-28 16:05 - 2012-07-28 16:05 - 00000496 ____A C:\rkill.log
    2012-07-18 13:51 - 2012-07-18 13:51 - 01047240 ____A C:\Windows\Minidump\071812-30997-01.dmp
    2012-07-15 17:59 - 2012-07-29 09:02 - 00000000 ____D C:\Windows\erdnt
    2012-07-15 11:49 - 2012-07-15 11:49 - 00000000 ____D C:\Users\Administrator\AppData\Local\AirMouse
    2012-07-14 11:50 - 2012-07-14 11:50 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-07-14 11:33 - 2012-07-14 11:33 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-11 20:22 - 2012-06-11 19:02 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-11 03:12 - 2012-07-11 03:15 - 00000000 ____D C:\8ca979b7f09b658e9dc76c61d1
    2012-07-11 03:11 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-07-11 03:11 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-07-11 03:11 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-07-11 03:11 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-07-11 03:11 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-07-11 03:11 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-07-11 03:11 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-07-11 03:11 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-07-11 03:11 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-07-11 03:11 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-07-11 03:11 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-07-11 03:11 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-07-11 03:11 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-07-11 03:11 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-07-11 03:11 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-07-11 03:11 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-07-11 03:11 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-07-11 03:11 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-07-11 03:11 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-07-11 03:11 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-07-11 03:11 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-07-11 03:11 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-07-11 03:11 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-07-11 03:11 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-07-11 03:11 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-07-11 03:11 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-07-11 03:11 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-07-11 03:11 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-07-11 03:10 - 2012-06-05 21:50 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-07-11 03:10 - 2012-06-05 21:50 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-07-11 03:10 - 2012-06-05 21:09 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-07-11 03:10 - 2012-06-05 21:09 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-07-11 03:09 - 2012-06-08 21:30 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-07-11 03:09 - 2012-06-08 20:46 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-07-11 03:09 - 2012-06-01 21:38 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-07-11 03:09 - 2012-06-01 21:38 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-07-11 03:09 - 2012-06-01 21:37 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-07-11 03:09 - 2012-06-01 21:27 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-07-11 03:09 - 2012-06-01 21:27 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-07-11 03:09 - 2012-06-01 20:48 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-07-11 03:09 - 2012-06-01 20:48 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-07-11 03:09 - 2012-06-01 20:47 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-07-11 03:09 - 2012-06-01 20:42 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-07-11 03:09 - 2012-04-23 21:59 - 01460224 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-07-11 03:09 - 2012-04-23 21:59 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-07-11 03:09 - 2012-04-23 21:59 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-07-11 03:09 - 2012-04-23 20:47 - 01156608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-07-11 03:09 - 2012-04-23 20:47 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-07-11 03:09 - 2012-04-23 20:47 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-07-10 17:55 - 2012-07-10 17:55 - 00000000 ____D C:\Users\Class2014\Documents\Semester 4
    2012-07-07 11:11 - 2012-07-07 11:12 - 00000000 ____D C:\Users\Class2014\Documents\eagle
    2012-07-07 11:11 - 2012-07-07 11:11 - 00001075 ____A C:\Users\Class2014\Desktop\EAGLE 6.2.0.lnk
    2012-07-07 11:10 - 2012-07-07 11:10 - 00000000 ____D C:\Users\Class2014\AppData\Roaming\CadSoft
    2012-07-07 11:10 - 2012-07-07 11:10 - 00000000 ____D C:\Program Files (x86)\EAGLE-6.2.0
    2012-07-07 11:09 - 2012-07-07 11:09 - 43585536 ____A C:\Users\Class2014\Downloads\eagle-win-6.2.0.exe


    ============ 3 Months Modified Files ========================

    2012-07-31 17:43 - 2012-02-18 20:07 - 00589824 ____A C:\Windows\System32\Ikeext.etl
    2012-07-31 17:43 - 2010-08-23 20:07 - 00000866 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1273285964-1369492898-2689800442-1000Core.job
    2012-07-31 17:43 - 2010-07-07 10:43 - 01071530 ____A C:\Windows\WindowsUpdate.log
    2012-07-31 17:40 - 2010-08-23 20:07 - 00000918 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1273285964-1369492898-2689800442-1000UA.job
    2012-07-31 17:39 - 2010-12-09 06:31 - 00017920 ____A C:\Windows\System32\rpcnetp.exe
    2012-07-31 15:18 - 2012-07-31 15:20 - 3224686592 ____A C:\Users\Class2014\Desktop\X15-65805.iso
    2012-07-31 15:18 - 2012-07-31 14:50 - 3224686592 ____A C:\Users\Class2014\Downloads\X15-65805.iso
    2012-07-31 14:54 - 2009-07-13 20:45 - 00014976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-31 14:54 - 2009-07-13 20:45 - 00014976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-31 14:25 - 2009-07-13 21:13 - 00918646 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-31 14:20 - 2009-07-13 20:51 - 00162546 ____A C:\Windows\setupact.log
    2012-07-31 14:17 - 2010-08-05 12:04 - 00058288 ____A (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
    2012-07-31 14:17 - 2010-08-05 09:45 - 00017920 ____A C:\Windows\SysWOW64\rpcnetp.dll
    2012-07-31 14:17 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-31 14:14 - 2010-12-09 06:31 - 00017920 ____A C:\Windows\SysWOW64\rpcnetp.exe
    2012-07-30 17:49 - 2011-03-17 09:39 - 00000000 ____A C:\Users\Class2014\AppData\Local\prvlcl.dat
    2012-07-30 17:40 - 2010-08-23 20:08 - 00002469 ____A C:\Users\Class2014\Desktop\Google Chrome.lnk
    2012-07-30 17:29 - 2010-08-05 12:04 - 00058288 ____N (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
    2012-07-30 17:29 - 2010-08-05 12:04 - 00013160 ____A (Absolute Software Corp.) C:\Windows\SysWOW64\Upgrd.exe
    2012-07-30 16:27 - 2012-07-30 16:27 - 00009008 __RSH C:\Users\All Users\3002.abs
    2012-07-30 16:24 - 2010-07-08 09:29 - 00080986 ____A C:\Windows\PFRO.log
    2012-07-29 19:55 - 2012-07-29 19:55 - 00002414 ____A C:\Users\Class2014\Desktop\aswMBR.txt
    2012-07-29 19:55 - 2012-07-29 19:55 - 00000512 ____A C:\Users\Class2014\Desktop\MBR.dat
    2012-07-29 19:16 - 2012-07-29 19:16 - 00002992 ____A C:\Users\Class2014\Desktop\RKreport[3].txt
    2012-07-29 19:15 - 2012-07-29 19:15 - 04731392 ____A (AVAST Software) C:\Users\Class2014\Desktop\aswMBR.exe
    2012-07-29 19:13 - 2012-07-29 19:13 - 00002974 ____A C:\Users\Class2014\Desktop\RKreport[2].txt
    2012-07-29 19:12 - 2012-07-29 19:12 - 00002956 ____A C:\Users\Class2014\Desktop\RKreport[1].txt
    2012-07-29 19:10 - 2012-07-29 19:10 - 01552384 ____A C:\Users\Class2014\Desktop\RogueKiller.exe
    2012-07-29 17:49 - 2012-07-29 17:49 - 00607260 ____R (Swearware) C:\Users\Class2014\Desktop\dds.scr
    2012-07-29 17:46 - 2012-07-29 17:46 - 00187610 ____A C:\Users\Class2014\Desktop\Rootkit Log.log
    2012-07-29 15:59 - 2012-07-29 15:59 - 00302592 ____A C:\Users\Class2014\Desktop\zcw1x2vh.exe
    2012-07-29 09:30 - 2012-07-29 09:30 - 00025842 ____A C:\ComboFix.txt
    2012-07-29 09:23 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
    2012-07-29 08:57 - 2012-07-29 08:57 - 04721417 ____A (Swearware) C:\Users\Class2014\Downloads\ComboFix.exe
    2012-07-29 08:00 - 2012-07-29 08:00 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-28 16:05 - 2012-07-28 16:05 - 00000496 ____A C:\rkill.log
    2012-07-18 13:51 - 2012-07-18 13:51 - 01047240 ____A C:\Windows\Minidump\071812-30997-01.dmp
    2012-07-18 13:50 - 2010-07-26 06:20 - 722934899 ____A C:\Windows\MEMORY.DMP
    2012-07-15 11:33 - 2011-03-09 21:24 - 00135928 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-07-14 11:33 - 2012-07-14 11:33 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-14 11:33 - 2012-01-04 18:45 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-12 14:08 - 2009-07-13 20:45 - 00479424 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-11 03:13 - 2010-07-08 09:42 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-07 11:11 - 2012-07-07 11:11 - 00001075 ____A C:\Users\Class2014\Desktop\EAGLE 6.2.0.lnk
    2012-07-07 11:09 - 2012-07-07 11:09 - 43585536 ____A C:\Users\Class2014\Downloads\eagle-win-6.2.0.exe
    2012-07-03 09:46 - 2012-07-29 08:00 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-21 19:33 - 2009-07-13 21:08 - 00032560 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-06-11 19:02 - 2012-07-11 20:22 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-08 21:30 - 2012-07-11 03:09 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-08 20:46 - 2012-07-11 03:09 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-06-05 21:50 - 2012-07-11 03:10 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-05 21:50 - 2012-07-11 03:10 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-05 21:09 - 2012-07-11 03:10 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-06-05 21:09 - 2012-07-11 03:10 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-06-02 14:19 - 2012-06-24 09:10 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-24 09:10 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-24 09:10 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-24 09:09 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-24 09:09 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-24 09:10 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-24 09:09 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 11:19 - 2012-06-24 09:09 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 11:15 - 2012-06-24 09:09 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-02 06:18 - 2012-06-02 06:17 - 00291688 ____A C:\Windows\Minidump\060212-53929-01.dmp
    2012-06-02 04:49 - 2012-07-11 03:11 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-02 04:17 - 2012-07-11 03:11 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-02 04:12 - 2012-07-11 03:11 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-02 04:05 - 2012-07-11 03:11 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-02 04:05 - 2012-07-11 03:11 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-02 04:04 - 2012-07-11 03:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-02 04:04 - 2012-07-11 03:11 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-02 04:03 - 2012-07-11 03:11 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-02 04:01 - 2012-07-11 03:11 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-02 04:00 - 2012-07-11 03:11 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-02 03:59 - 2012-07-11 03:11 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-02 03:57 - 2012-07-11 03:11 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-02 03:57 - 2012-07-11 03:11 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-02 03:54 - 2012-07-11 03:11 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-02 01:07 - 2012-07-11 03:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-02 00:43 - 2012-07-11 03:11 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-02 00:33 - 2012-07-11 03:11 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-02 00:26 - 2012-07-11 03:11 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-02 00:25 - 2012-07-11 03:11 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-02 00:25 - 2012-07-11 03:11 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-02 00:23 - 2012-07-11 03:11 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-02 00:21 - 2012-07-11 03:11 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-02 00:20 - 2012-07-11 03:11 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-02 00:19 - 2012-07-11 03:11 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-02 00:19 - 2012-07-11 03:11 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-02 00:17 - 2012-07-11 03:11 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-02 00:16 - 2012-07-11 03:11 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-02 00:14 - 2012-07-11 03:11 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-01 21:38 - 2012-07-11 03:09 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-06-01 21:38 - 2012-07-11 03:09 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-06-01 21:37 - 2012-07-11 03:09 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-06-01 21:27 - 2012-07-11 03:09 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-06-01 21:27 - 2012-07-11 03:09 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-06-01 20:48 - 2012-07-11 03:09 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-06-01 20:48 - 2012-07-11 03:09 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-06-01 20:47 - 2012-07-11 03:09 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-06-01 20:42 - 2012-07-11 03:09 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-05-24 19:25 - 2012-05-24 19:25 - 00001279 ____A C:\Users\Class2014\Desktop\Minecraft.lnk
    2012-05-24 19:11 - 2011-12-11 14:39 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-05-24 19:11 - 2011-12-11 14:39 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-05-24 19:09 - 2012-05-24 19:09 - 00892360 ____A (Oracle Corporation) C:\Users\Class2014\Downloads\chromeinstall-7u4.exe
    2012-05-24 17:12 - 2012-05-24 17:12 - 00892360 ____A (Oracle Corporation) C:\Users\Class2014\Downloads\jxpiinstall.exe
    2012-05-20 05:37 - 2012-05-20 05:36 - 01047240 ____A C:\Windows\Minidump\052012-88499-01.dmp
    2012-05-17 10:12 - 2012-05-17 10:11 - 01080584 ____A C:\Windows\Minidump\051712-55536-01.dmp
    2012-05-12 18:51 - 2012-05-12 18:51 - 00000893 ____A C:\Users\Public\Desktop\Pad2Pad.lnk
    2012-05-12 18:51 - 2012-05-12 18:51 - 00000512 ____A C:\Windows\randseed.rnd
    2012-05-12 18:51 - 2012-05-12 18:49 - 07953471 ____A (Pad2Pad.com ) C:\Users\Class2014\Downloads\p2psetup1974.exe
    2012-05-12 09:07 - 2012-05-12 09:06 - 01073736 ____A C:\Windows\Minidump\051212-66503-01.dmp
    2012-05-07 18:22 - 2012-05-07 18:22 - 00024464 ____A C:\Users\Class2014\Desktop\suck on it trebek.3gp
    2012-05-07 18:20 - 2009-07-13 18:34 - 00000636 ____A C:\Windows\win.ini
    2012-05-07 14:13 - 2012-05-07 14:13 - 00348909 ____A C:\Users\Class2014\Desktop\suck on it trebek.mp4
    2012-05-04 21:29 - 2012-05-04 21:28 - 00527423 ____A ( ) C:\Users\Class2014\Downloads\Lame_v3.99.3_for_Windows.exe
    2012-05-04 20:18 - 2012-05-04 20:18 - 00000000 ____A C:\Users\Class2014\AppData\Local\Temptable.xml
    2012-05-04 13:25 - 2010-07-08 08:14 - 00135928 ____A C:\Users\Class2014\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-05-04 13:18 - 2012-05-04 13:18 - 00000964 ____A C:\Users\Public\Desktop\Scientific Viewer 5.5.lnk
    2012-05-04 11:57 - 2012-05-04 11:57 - 14055734 ____A (InstallShield Software Corporation) C:\Users\Class2014\Downloads\sviewer550.exe
    2012-05-04 02:52 - 2012-06-13 16:13 - 05505392 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 02:08 - 2012-06-13 16:13 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:08 - 2012-06-13 16:13 - 03902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-05-03 17:59 - 2011-03-06 14:43 - 00003584 ____A C:\Users\Class2014\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini


    ZeroAccess:
    C:\Windows\Installer\{42a20c13-7b7a-d9b4-448a-5855ff432868}
    C:\Windows\Installer\{42a20c13-7b7a-d9b4-448a-5855ff432868}\L
    C:\Windows\Installer\{42a20c13-7b7a-d9b4-448a-5855ff432868}\U

    ZeroAccess:
    C:\Users\Class2014\AppData\Local\{42a20c13-7b7a-d9b4-448a-5855ff432868}
    C:\Users\Class2014\AppData\Local\{42a20c13-7b7a-d9b4-448a-5855ff432868}\@
    C:\Users\Class2014\AppData\Local\{42a20c13-7b7a-d9b4-448a-5855ff432868}\L
    C:\Users\Class2014\AppData\Local\{42a20c13-7b7a-d9b4-448a-5855ff432868}\U

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    Possible partition infection:
    C:\Windows\svchost.exe

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 23%
    Total physical RAM: 4029.32 MB
    Available physical RAM: 3098.7 MB
    Total Pagefile: 4027.47 MB
    Available Pagefile: 3162.98 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:457.83 GB) (Free:217.75 GB) NTFS
    2 Drive e: (HP_TOOLS) (Fixed) (Total:6.89 GB) (Free:6.31 GB) FAT32
    3 Drive f: (GRMCPRXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
    4 Drive g: (Laptop Backup) (Fixed) (Total:496.06 GB) (Free:426.68 GB) NTFS
    5 Drive h: (FreeAgent GoFlex Drive) (Fixed) (Total:901.2 GB) (Free:519.69 GB) NTFS
    6 Drive I: () (Removable) (Total:0.91 GB) (Free:0.6 GB) FAT
    7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    8 Drive y: (System Reserved) (Fixed) (Total:1.03 GB) (Free:0.98 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B
    Disk 1 Online 1397 GB 1024 KB
    Disk 2 Online 970 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1052 MB 1024 KB
    Partition 2 Primary 457 GB 1053 MB
    Partition 3 Primary 7070 MB 458 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System Rese NTFS Partition 1052 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 457 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E HP_TOOLS FAT32 Partition 7070 MB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 901 GB 31 KB
    Partition 2 Primary 496 GB 901 GB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 H FreeAgent G NTFS Partition 901 GB Healthy

    ==================================================================================

    Disk: 1
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 G Laptop Back NTFS Partition 496 GB Healthy

    ==================================================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 929 MB 772 KB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 06
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 I FAT Removable 929 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-30 16:56

    ======================= End Of Log ==========================
  17. mburns

    mburns Newcomer, in training Topic Starter Posts: 22

    Search.txt:

    Farbar Recovery Scan Tool Version: 25-07-2012 01
    Ran by SYSTEM at 2012-07-31 21:58:12
    Running from I:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\erdnt\cache64\services.exe
    [2012-07-15 18:35] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    ====== End Of Search ======
  18. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

    Attached Files:

  19. mburns

    mburns Newcomer, in training Topic Starter Posts: 22

    Okay, I got a blue screen the first time I tried running Combofix so I went through with your RKill instructions and it worked. Here are the 3 logs:

    Fixlog.txt:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
    Ran by SYSTEM at 2012-08-01 21:34:56 Run:1
    Running from G:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    C:\Windows\Installer\{42a20c13-7b7a-d9b4-448a-5855ff432868} moved successfully.
    C:\Users\Class2014\AppData\Local\{42a20c13-7b7a-d9b4-448a-5855ff432868} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
    C:\Windows\svchost.exe moved successfully.

    ==== End of Fixlog ====


    -----------------------------------------------------------------------------------------------------------------------------

    RKill Log:

    Rkill 2.0.3 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2012 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 08/01/2012 10:12:40 PM in x64 mode.
    Windows Version: Windows 7

    Checking for Windows services to stop.

    * No malware services found to stop.

    Checking for processes to terminate.

    * No malware processes found to kill.

    Checking Registry for malware related settings.

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
    * HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!

    * HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!


    Performing miscellaneous checks.

    * No issues found.

    Restarting Explorer.exe in order to apply changes.

    Program finished at: 08/01/2012 10:12:56 PM
    Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)



    ----------------------------------------------------------------------------------------------------------------------------------------



    ComboFix Log:

    ComboFix 12-07-31.03 - mburns 08/01/2012 22:15:52.4.8 - x64
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4029.2090 [GMT -4:00]
    Running from: c:\users\Class2014\Desktop\your_name.exe
    AV: AVG Anti-Virus Business Edition *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Business Edition *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\3002.abs
    c:\windows\svchost.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-02 02:28 . 2012-08-02 02:28 -------- d-----w- c:\users\mburns\AppData\Local\temp
    2012-08-02 02:28 . 2012-08-02 02:28 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-02 02:28 . 2012-08-02 02:28 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2012-08-01 05:49 . 2012-08-01 05:50 -------- d-----w- C:\FRST
    2012-07-29 16:00 . 2012-07-29 16:00 -------- d-----w- c:\users\Class2014\AppData\Roaming\Malwarebytes
    2012-07-29 16:00 . 2012-07-29 16:00 -------- d-----w- c:\programdata\Malwarebytes
    2012-07-29 16:00 . 2012-07-29 16:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-29 16:00 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-15 19:49 . 2012-07-15 19:49 -------- d-----w- c:\users\Administrator\AppData\Local\AirMouse
    2012-07-14 19:50 . 2012-07-14 19:50 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-07-14 19:33 . 2012-07-14 19:33 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-12 04:22 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
    2012-07-11 11:12 . 2012-07-11 11:15 -------- d-----w- C:\8ca979b7f09b658e9dc76c61d1
    2012-07-11 11:10 . 2012-06-06 05:50 2003968 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-11 11:10 . 2012-06-06 05:50 1880064 ----a-w- c:\windows\system32\msxml3.dll
    2012-07-11 11:10 . 2012-06-06 05:09 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-07-11 11:10 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2012-07-07 19:10 . 2012-07-07 19:10 -------- d-----w- c:\program files (x86)\EAGLE-6.2.0
    2012-07-07 19:10 . 2012-07-07 19:10 -------- d-----w- c:\users\Class2014\AppData\Roaming\CadSoft
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-02 02:04 . 2010-12-09 14:31 17920 ----a-w- c:\windows\system32\rpcnetp.exe
    2012-08-02 02:04 . 2010-08-05 20:04 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
    2012-08-02 01:35 . 2010-12-09 14:31 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
    2012-08-01 02:26 . 2010-08-05 17:45 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
    2012-07-31 01:29 . 2010-08-05 20:04 13160 ----a-w- c:\windows\SysWow64\Upgrd.exe
    2012-07-31 01:29 . 2010-08-05 20:04 58288 ------w- c:\windows\SysWow64\rpcnet.exe
    2012-07-14 19:33 . 2012-01-05 02:45 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-11 11:13 . 2010-07-08 17:42 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-06-02 22:19 . 2012-06-24 17:09 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-24 17:10 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-24 17:10 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-24 17:10 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-24 17:09 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-24 17:10 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-24 17:09 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 19:19 . 2012-06-24 17:09 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 19:15 . 2012-06-24 17:09 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-05-04 10:52 . 2012-06-14 00:13 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 10:08 . 2012-06-14 00:13 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:08 . 2012-06-14 00:13 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-07-29_17.23.43 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-08-01 02:56 . 2012-08-01 02:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
    - 2012-07-14 19:58 . 2012-07-29 00:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
    + 2012-07-14 19:58 . 2012-07-31 03:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
    + 2012-08-01 02:56 . 2012-08-01 02:56 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012073120120801\index.dat
    + 2012-08-01 02:56 . 2012-08-01 02:56 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012072320120730\index.dat
    + 2012-07-14 19:49 . 2012-08-02 02:04 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    + 2010-07-08 17:31 . 2012-08-02 01:21 69610 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-08-02 02:07 44682 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2010-08-16 20:55 . 2012-08-02 02:07 24490 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1273285964-1369492898-2689800442-1000_UserData.bin
    + 2012-08-01 02:56 . 2012-08-01 02:56 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{72619510-DB84-11E1-B5E5-A9D11B1356CE}.dat
    + 2012-08-01 02:56 . 2012-08-01 02:56 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{72619511-DB84-11E1-B5E5-A9D11B1356CE}.dat
    - 2010-07-07 21:21 . 2012-07-29 16:11 3245 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
    + 2010-07-07 21:21 . 2012-08-02 01:26 3245 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
    - 2012-07-29 16:12 . 2012-07-29 16:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-08-02 01:36 . 2012-08-02 02:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-08-02 01:36 . 2012-08-02 02:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-07-29 16:12 . 2012-07-29 16:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2010-08-16 20:52 . 2012-08-02 02:04 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2010-08-16 20:52 . 2012-07-29 16:14 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2012-08-01 02:57 . 2012-08-01 02:56 360448 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
    + 2009-07-14 04:54 . 2012-08-02 02:13 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 02:36 . 2012-08-02 02:12 763312 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-07-29 16:21 763312 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-07-29 16:21 156836 c:\windows\system32\perfc009.dat
    + 2009-07-14 02:36 . 2012-08-02 02:12 156836 c:\windows\system32\perfc009.dat
    - 2009-07-14 05:01 . 2012-07-29 16:11 430472 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-08-02 01:26 430472 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 04:54 . 2012-08-02 02:13 6848512 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2012-07-16 02:04 . 2012-08-02 01:26 2357236 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
    + 2009-07-14 04:54 . 2012-08-02 02:13 10633216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 02:34 . 2012-07-29 16:28 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2009-07-14 02:34 . 2012-07-31 00:54 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2010-08-24 05:04 . 2012-08-02 01:26 35007536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1273285964-1369492898-2689800442-1000-12288.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
    "IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-11-04 111640]
    "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
    "AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2012-01-26 2077536]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Air Mouse.lnk - c:\program files (x86)\Air Mouse\Air Mouse\Air Mouse.exe [2010-12-27 1044648]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2010-12-02 87336]
    R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
    R3 cpuz130;cpuz130;c:\users\CLASS2~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-04-28 1431888]
    R3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [2008-12-05 25224]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-21 113120]
    R3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2009-04-01 30800]
    R3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2009-06-17 11856]
    R3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [2009-04-01 26704]
    R3 ni488lock;NI-488.2 Locking Service;c:\windows\system32\drivers\ni488lock.sys [2009-01-29 18504]
    R3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [2009-01-02 11864]
    R3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [2009-05-29 11848]
    R3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [2009-06-17 11848]
    R3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [2009-06-17 11856]
    R3 nidwgk;nidwgk;c:\windows\system32\drivers\nidwgkl.sys [2009-05-27 11872]
    R3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [2009-05-29 11848]
    R3 niemrkw;niemrkw;c:\windows\system32\DRIVERS\niemrkw.sys [2009-05-29 11336]
    R3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [2009-05-29 11848]
    R3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [2009-01-06 11864]
    R3 nigplk;nigplk;c:\windows\system32\drivers\nigplkl.sys [2009-06-17 12152]
    R3 nihsdrk;nihsdrk;c:\windows\system32\drivers\nihsdrkl.sys [2009-04-08 11864]
    R3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [2008-12-29 11904]
    R3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [2009-06-17 11880]
    R3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [2009-03-30 11872]
    R3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2009-05-27 12928]
    R3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2009-05-27 12920]
    R3 nipsdk;nipsdk;c:\windows\system32\drivers\nipsdkl.sys [2009-06-11 11904]
    R3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2008-06-25 22104]
    R3 niRFSA2k;niRFSA2k;c:\windows\system32\drivers\niRFSA2kl.sys [2009-06-01 11840]
    R3 niRFSGk;niRFSGk;c:\windows\system32\drivers\niRFSGkl.sys [2009-04-28 11840]
    R3 NiRioRpc;National Instruments RIO Server;c:\windows\SysWOW64\NiRioRpc.exe [2009-06-22 28744]
    R3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [2009-01-05 11888]
    R3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [2009-02-06 11864]
    R3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [2009-03-30 11856]
    R3 nisldk;nisldk;c:\windows\system32\drivers\nisldkl.sys [2009-06-18 11856]
    R3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [2009-01-05 11888]
    R3 nisrcdk;nisrcdk;c:\windows\system32\drivers\nisrcdkl.sys [2009-06-26 11864]
    R3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [2009-05-29 11848]
    R3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [2009-01-02 11824]
    R3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [2009-01-02 11872]
    R3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [2008-07-28 11848]
    R3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [2009-01-02 11872]
    R3 nitnr2k;nitnr2k;c:\windows\system32\drivers\nitnr2kl.sys [2009-04-10 11840]
    R3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [2009-05-29 11880]
    R3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [2009-03-05 11896]
    R3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2009-06-21 11872]
    R3 niwdk;niwdk; [x]
    R3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [2009-05-29 11848]
    R3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [2009-05-29 11848]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2011-09-03 19936]
    R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2011-09-03 13280]
    R3 Remote Solver for Flow Simulation 2010;Remote Solver for Flow Simulation 2010;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2010-10-07 94472]
    R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-05-25 43032]
    R3 usb6xxxk;usb6xxxk;c:\windows\system32\drivers\usb6xxxkl.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-18 68440]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-08 1255736]
    R3 X6va003;X6va003;c:\users\CLASS2~1\AppData\Local\Temp\003302D.tmp [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
    S0 AvgRkx64;avgrkx64.sys;c:\windows\System32\Drivers\avgrkx64.sys [2010-07-19 56008]
    S0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [2008-08-22 16472]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-28 834544]
    S1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\system32\Drivers\avgldx64.sys [2010-07-22 269904]
    S1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\system32\Drivers\avgmfx64.sys [2011-09-12 35664]
    S1 AvgTdiA;AVG Network Redirector x64;c:\windows\system32\Drivers\avgtdia.sys [2011-05-05 317520]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe [2009-03-03 89600]
    S2 avg9wd;AVG WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2010-07-22 308136]
    S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 30520]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
    S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-05-04 25824]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
    S2 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\SysWOW64\nipalsm.exe [2008-08-22 12696]
    S2 nidevldu;NI Device Loader;c:\windows\SysWOW64\nipalsm.exe [2008-08-22 12696]
    S2 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2009-03-05 131704]
    S2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2009-06-04 193648]
    S2 nipxirmk;NI PXI Resource Manager;c:\windows\system32\drivers\nipxirmkl.sys [2009-06-04 11856]
    S2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2009-06-21 11872]
    S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-12-08 6810728]
    S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
    S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-18 2045232]
    S3 ALSysIO;ALSysIO;c:\users\CLASS2~1\AppData\Local\Temp\ALSysIO64.sys [x]
    S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
    S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-09-24 283824]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
    S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-05-31 7689216]
    S3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2008-06-13 11872]
    S3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [2008-11-24 11872]
    S3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [2008-12-29 11872]
    S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
    S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-05-10 174184]
    S3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismcx64.sys [2009-07-20 59008]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-06-17 16:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1273285964-1369492898-2689800442-1000Core.job
    - c:\users\Class2014\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-24 04:07]
    .
    2012-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1273285964-1369492898-2689800442-1000UA.job
    - c:\users\Class2014\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-24 04:07]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-11-18 487424]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1875048]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\avgrssta.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.stevens.edu/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 167.206.245.129 167.206.245.130
    FF - ProfilePath - c:\users\Class2014\AppData\Roaming\Mozilla\Firefox\Profiles\gadqgzz4.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.stevens.edu
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mchInjDrv]
    "ImagePath"="\??\c:\windows\TEMP\mc285E1.tmp"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va003]
    "ImagePath"="\??\c:\users\CLASS2~1\AppData\Local\Temp\003302D.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
    43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
    eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
    "{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
    06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
    "{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
    07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
    36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
    "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
    38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
    "{593DDEC6-7468-4CDD-90E1-42DADAA222E9}"=hex:51,66,7a,6c,4c,1d,38,12,a8,dd,2e,
    5d,5a,3a,b3,09,ef,f7,01,9a,df,fc,66,fd
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
    aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
    "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
    aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
    "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
    b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
    f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
    "{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
    f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
    "{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
    fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    "{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
    51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:a3,e0,81,37,91,6f,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-08-01 22:34:11
    ComboFix-quarantined-files.txt 2012-08-02 02:34
    ComboFix2.txt 2012-07-29 17:30
    ComboFix3.txt 2012-07-16 02:38
    .
    Pre-Run: 234,116,300,800 bytes free
    Post-Run: 233,847,635,968 bytes free
    .
    - - End Of File - - 45516CE6A168CDCEB79107392AD0C977
  20. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  21. mburns

    mburns Newcomer, in training Topic Starter Posts: 22

    (1/2)

    22:58:44.0954 6876 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
    22:58:45.0234 6876 ============================================================
    22:58:45.0234 6876 Current date / time: 2012/08/01 22:58:45.0234
    22:58:45.0234 6876 SystemInfo:
    22:58:45.0234 6876
    22:58:45.0234 6876 OS Version: 6.1.7600 ServicePack: 0.0
    22:58:45.0234 6876 Product type: Workstation
    22:58:45.0235 6876 ComputerName: K563
    22:58:45.0235 6876 UserName: mburns
    22:58:45.0235 6876 Windows directory: C:\Windows
    22:58:45.0235 6876 System windows directory: C:\Windows
    22:58:45.0235 6876 Running under WOW64
    22:58:45.0235 6876 Processor architecture: Intel x64
    22:58:45.0235 6876 Number of processors: 8
    22:58:45.0235 6876 Page size: 0x1000
    22:58:45.0235 6876 Boot type: Normal boot
    22:58:45.0235 6876 ============================================================
    22:58:47.0281 6876 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    22:58:47.0295 6876 Drive \Device\Harddisk1\DR1 - Size: 0x3CA00000 (0.95 Gb), SectorSize: 0x200, Cylinders: 0x7B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    22:58:47.0299 6876 Drive \Device\Harddisk2\DR2 - Size: 0x15D50F65E00 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    22:59:07.0534 6876 ============================================================
    22:59:07.0534 6876 \Device\Harddisk0\DR0:
    22:59:07.0535 6876 MBR partitions:
    22:59:07.0535 6876 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x20E000
    22:59:07.0535 6876 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x20E800, BlocksNum 0x393A8000
    22:59:07.0535 6876 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x395B6800, BlocksNum 0xDCF030
    22:59:07.0535 6876 \Device\Harddisk1\DR1:
    22:59:07.0536 6876 MBR partitions:
    22:59:07.0536 6876 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x608, BlocksNum 0x1D09F8
    22:59:07.0536 6876 \Device\Harddisk2\DR2:
    22:59:07.0546 6876 MBR partitions:
    22:59:07.0546 6876 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x70A65C4D
    22:59:07.0546 6876 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x70A65C8C, BlocksNum 0x3E020AB5
    22:59:07.0546 6876 ============================================================
    22:59:07.0593 6876 C: <-> \Device\Harddisk0\DR0\Partition1
    22:59:07.0608 6876 D: <-> \Device\Harddisk0\DR0\Partition2
    22:59:07.0642 6876 I: <-> \Device\Harddisk2\DR2\Partition1
    22:59:07.0677 6876 G: <-> \Device\Harddisk2\DR2\Partition0
    22:59:07.0677 6876 ============================================================
    22:59:07.0677 6876 Initialize success
    22:59:07.0677 6876 ============================================================
    22:59:13.0201 7280 ============================================================
    22:59:13.0201 7280 Scan started
    22:59:13.0201 7280 Mode: Manual;
    22:59:13.0201 7280 ============================================================
    22:59:15.0648 7280 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
    22:59:15.0663 7280 1394ohci - ok
    22:59:15.0686 7280 Accelerometer (3e2427d4966c7606097341e55ab4e105) C:\Windows\system32\DRIVERS\Accelerometer.sys
    22:59:15.0690 7280 Accelerometer - ok
    22:59:15.0736 7280 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    22:59:15.0743 7280 ACPI - ok
    22:59:15.0764 7280 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    22:59:15.0805 7280 AcpiPmi - ok
    22:59:15.0972 7280 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    22:59:16.0033 7280 AdobeARMservice - ok
    22:59:16.0097 7280 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    22:59:16.0116 7280 adp94xx - ok
    22:59:16.0161 7280 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    22:59:16.0179 7280 adpahci - ok
    22:59:16.0200 7280 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    22:59:16.0213 7280 adpu320 - ok
    22:59:16.0245 7280 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    22:59:16.0247 7280 AeLookupSvc - ok
    22:59:16.0346 7280 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe
    22:59:16.0399 7280 AESTFilters - ok
    22:59:16.0481 7280 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
    22:59:16.0497 7280 AFD - ok
    22:59:16.0691 7280 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
    22:59:16.0723 7280 AgereSoftModem - ok
    22:59:16.0757 7280 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    22:59:16.0760 7280 agp440 - ok
    22:59:16.0869 7280 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    22:59:16.0933 7280 ALG - ok
    22:59:16.0946 7280 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    22:59:16.0961 7280 aliide - ok
    22:59:17.0050 7280 ALSysIO - ok
    22:59:17.0057 7280 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    22:59:17.0059 7280 amdide - ok
    22:59:17.0078 7280 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    22:59:17.0082 7280 AmdK8 - ok
    22:59:17.0198 7280 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    22:59:17.0246 7280 AmdPPM - ok
    22:59:17.0271 7280 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
    22:59:17.0281 7280 amdsata - ok
    22:59:17.0300 7280 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    22:59:17.0316 7280 amdsbs - ok
    22:59:17.0325 7280 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
    22:59:17.0328 7280 amdxata - ok
    22:59:17.0377 7280 AppHostSvc (03fbb7c5ea4ef153f10282614b9771cb) C:\Windows\system32\inetsrv\apphostsvc.dll
    22:59:17.0405 7280 AppHostSvc - ok
    22:59:17.0452 7280 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    22:59:17.0524 7280 AppID - ok
    22:59:17.0549 7280 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    22:59:17.0554 7280 AppIDSvc - ok
    22:59:17.0575 7280 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
    22:59:17.0596 7280 Appinfo - ok
    22:59:17.0680 7280 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    22:59:17.0700 7280 Apple Mobile Device - ok
    22:59:17.0751 7280 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
    22:59:17.0909 7280 AppMgmt - ok
    22:59:17.0933 7280 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    22:59:17.0937 7280 arc - ok
    22:59:17.0963 7280 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    22:59:17.0967 7280 arcsas - ok
    22:59:18.0062 7280 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    22:59:18.0094 7280 aspnet_state - ok
    22:59:18.0130 7280 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    22:59:18.0172 7280 AsyncMac - ok
    22:59:18.0197 7280 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    22:59:18.0198 7280 atapi - ok
    22:59:18.0257 7280 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
    22:59:18.0340 7280 AudioEndpointBuilder - ok
    22:59:18.0349 7280 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
    22:59:18.0356 7280 AudioSrv - ok
    22:59:18.0452 7280 avg9wd (c4d15594db5be042d3346ea58df87d89) C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    22:59:18.0466 7280 avg9wd - ok
    22:59:18.0504 7280 AvgLdx64 (b447db072bf939db9e07bef2adf4ecbd) C:\Windows\system32\Drivers\avgldx64.sys
    22:59:18.0561 7280 AvgLdx64 - ok
    22:59:18.0589 7280 AvgMfx64 (0db5a749acd8e66091736f88c40207bd) C:\Windows\system32\Drivers\avgmfx64.sys
    22:59:18.0593 7280 AvgMfx64 - ok
    22:59:18.0618 7280 AvgRkx64 (5e7f0f9cbe0f7823371a4d51df29f7ff) C:\Windows\system32\Drivers\avgrkx64.sys
    22:59:18.0622 7280 AvgRkx64 - ok
    22:59:18.0676 7280 AvgTdiA (8aa68c0ba2b84fd7eb3e1f10bbfc825b) C:\Windows\system32\Drivers\avgtdia.sys
    22:59:18.0693 7280 AvgTdiA - ok
    22:59:18.0732 7280 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
    22:59:18.0742 7280 AxInstSV - ok
    22:59:18.0803 7280 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    22:59:18.0883 7280 b06bdrv - ok
    22:59:18.0919 7280 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    22:59:18.0972 7280 b57nd60a - ok
    22:59:19.0006 7280 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    22:59:19.0010 7280 BDESVC - ok
    22:59:19.0027 7280 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    22:59:19.0031 7280 Beep - ok
    22:59:19.0097 7280 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
    22:59:19.0167 7280 BFE - ok
    22:59:19.0247 7280 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
    22:59:19.0276 7280 BITS - ok
    22:59:19.0315 7280 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    22:59:19.0381 7280 blbdrive - ok
    22:59:19.0498 7280 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    22:59:19.0543 7280 Bonjour Service - ok
    22:59:19.0603 7280 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
    22:59:19.0688 7280 bowser - ok
    22:59:19.0719 7280 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    22:59:19.0723 7280 BrFiltLo - ok
    22:59:19.0735 7280 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    22:59:19.0739 7280 BrFiltUp - ok
    22:59:19.0775 7280 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
    22:59:19.0835 7280 BridgeMP - ok
    22:59:19.0876 7280 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
    22:59:19.0928 7280 Browser - ok
    22:59:19.0957 7280 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    22:59:20.0031 7280 Brserid - ok
    22:59:20.0045 7280 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    22:59:20.0050 7280 BrSerWdm - ok
    22:59:20.0056 7280 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    22:59:20.0102 7280 BrUsbMdm - ok
    22:59:20.0133 7280 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    22:59:20.0164 7280 BrUsbSer - ok
    22:59:20.0237 7280 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
    22:59:20.0272 7280 BthEnum - ok
    22:59:20.0332 7280 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    22:59:20.0337 7280 BTHMODEM - ok
    22:59:20.0367 7280 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
    22:59:20.0435 7280 BthPan - ok
    22:59:20.0506 7280 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
    22:59:20.0731 7280 BTHPORT - ok
    22:59:20.0763 7280 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    22:59:20.0815 7280 bthserv - ok
    22:59:20.0858 7280 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
    22:59:20.0944 7280 BTHUSB - ok
    22:59:20.0968 7280 catchme - ok
    22:59:21.0008 7280 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    22:59:21.0084 7280 cdfs - ok
    22:59:21.0137 7280 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    22:59:21.0153 7280 cdrom - ok
    22:59:21.0191 7280 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
    22:59:21.0230 7280 CertPropSvc - ok
    22:59:21.0262 7280 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    22:59:21.0288 7280 circlass - ok
    22:59:21.0340 7280 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    22:59:21.0358 7280 CLFS - ok
    22:59:21.0420 7280 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    22:59:21.0439 7280 clr_optimization_v2.0.50727_32 - ok
    22:59:21.0476 7280 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    22:59:21.0481 7280 clr_optimization_v2.0.50727_64 - ok
    22:59:21.0542 7280 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    22:59:21.0551 7280 clr_optimization_v4.0.30319_32 - ok
    22:59:21.0584 7280 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    22:59:21.0619 7280 clr_optimization_v4.0.30319_64 - ok
    22:59:21.0648 7280 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    22:59:21.0683 7280 CmBatt - ok
    22:59:21.0727 7280 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    22:59:21.0784 7280 cmdide - ok
    22:59:21.0853 7280 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys
    22:59:21.0876 7280 CNG - ok
    22:59:21.0964 7280 Com4QLBEx (f9a79c5b27037821112c50a9c8fb367a) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    22:59:21.0979 7280 Com4QLBEx - ok
    22:59:22.0001 7280 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    22:59:22.0004 7280 Compbatt - ok
    22:59:22.0036 7280 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    22:59:22.0072 7280 CompositeBus - ok
    22:59:22.0100 7280 COMSysApp - ok
    22:59:22.0207 7280 CoordinatorServiceHost (69b6ecd0c2c978a78fb01dd73c4d952b) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
    22:59:22.0211 7280 CoordinatorServiceHost - ok
    22:59:22.0262 7280 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
    22:59:22.0297 7280 cpudrv64 - ok
    22:59:22.0410 7280 cpuz130 - ok
    22:59:22.0434 7280 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    22:59:22.0438 7280 crcdisk - ok
    22:59:22.0496 7280 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
    22:59:22.0527 7280 CryptSvc - ok
    22:59:22.0577 7280 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
    22:59:22.0671 7280 CSC - ok
    22:59:22.0717 7280 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
    22:59:22.0730 7280 CscService - ok
    22:59:22.0770 7280 cvintdrv - ok
    22:59:22.0837 7280 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
    22:59:22.0859 7280 DcomLaunch - ok
    22:59:22.0902 7280 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    22:59:22.0922 7280 defragsvc - ok
    22:59:22.0966 7280 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
    22:59:22.0977 7280 DfsC - ok
    22:59:23.0018 7280 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
    22:59:23.0036 7280 Dhcp - ok
    22:59:23.0062 7280 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    22:59:23.0064 7280 discache - ok
    22:59:23.0086 7280 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    22:59:23.0090 7280 Disk - ok
    22:59:23.0138 7280 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
    22:59:23.0187 7280 Dnscache - ok
    22:59:23.0215 7280 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
    22:59:23.0277 7280 dot3svc - ok
    22:59:23.0313 7280 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
    22:59:23.0370 7280 Dot4 - ok
    22:59:23.0404 7280 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    22:59:23.0435 7280 Dot4Print - ok
    22:59:23.0471 7280 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
    22:59:23.0503 7280 dot4usb - ok
    22:59:23.0539 7280 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
    22:59:23.0553 7280 DPS - ok
    22:59:23.0585 7280 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    22:59:23.0628 7280 drmkaud - ok
    22:59:23.0732 7280 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
    22:59:23.0758 7280 DXGKrnl - ok
    22:59:23.0814 7280 e1kexpress (52a482dc61f24b498c8268866b90bb44) C:\Windows\system32\DRIVERS\e1k62x64.sys
    22:59:23.0844 7280 e1kexpress - ok
    22:59:23.0875 7280 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    22:59:23.0927 7280 EapHost - ok
    22:59:24.0129 7280 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    22:59:24.0289 7280 ebdrv - ok
    22:59:24.0397 7280 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
    22:59:24.0414 7280 EFS - ok
    22:59:24.0509 7280 ehRecvr (3d69fae60ede442e004611a4ee4db44c) C:\Windows\ehome\ehRecvr.exe
    22:59:24.0571 7280 ehRecvr - ok
    22:59:24.0615 7280 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    22:59:24.0707 7280 ehSched - ok
    22:59:24.0823 7280 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    22:59:24.0845 7280 elxstor - ok
    22:59:24.0865 7280 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    22:59:24.0917 7280 ErrDev - ok
    22:59:25.0003 7280 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    22:59:25.0070 7280 EventSystem - ok
    22:59:25.0105 7280 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    22:59:25.0120 7280 exfat - ok
    22:59:25.0142 7280 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    22:59:25.0160 7280 fastfat - ok
    22:59:25.0223 7280 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
    22:59:25.0302 7280 Fax - ok
    22:59:25.0316 7280 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    22:59:25.0347 7280 fdc - ok
    22:59:25.0378 7280 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    22:59:25.0410 7280 fdPHost - ok
    22:59:25.0439 7280 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    22:59:25.0467 7280 FDResPub - ok
    22:59:25.0497 7280 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    22:59:25.0501 7280 FileInfo - ok
    22:59:25.0508 7280 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    22:59:25.0795 7280 Filetrace - ok
    22:59:26.0027 7280 FLEXnet Licensing Service (73081cf28f0ae20a52ca4f67cee6e6b0) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    22:59:26.0138 7280 FLEXnet Licensing Service - ok
    22:59:26.0470 7280 FLEXnet Licensing Service 64 (5cee6cd43ae5844c49300ea0b1e557ee) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    22:59:26.0509 7280 FLEXnet Licensing Service 64 - ok
    22:59:26.0594 7280 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    22:59:26.0624 7280 flpydisk - ok
    22:59:26.0669 7280 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    22:59:26.0682 7280 FltMgr - ok
    22:59:26.0784 7280 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
    22:59:26.0860 7280 FontCache - ok
    22:59:26.0920 7280 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    22:59:26.0924 7280 FontCache3.0.0.0 - ok
    22:59:26.0948 7280 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    22:59:26.0952 7280 FsDepends - ok
    22:59:26.0985 7280 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
    22:59:26.0988 7280 Fs_Rec - ok
    22:59:27.0047 7280 FTDIBUS (fa169871d8fadcc6539c4e8726610286) C:\Windows\system32\drivers\ftdibus.sys
    22:59:27.0051 7280 FTDIBUS - ok
    22:59:27.0065 7280 FTSER2K (24237091348d1efb5635a1cf9649e311) C:\Windows\system32\drivers\ftser2k.sys
    22:59:27.0069 7280 FTSER2K - ok
    22:59:27.0108 7280 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
    22:59:27.0123 7280 fvevol - ok
    22:59:27.0145 7280 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    22:59:27.0148 7280 gagp30kx - ok
    22:59:27.0185 7280 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    22:59:27.0188 7280 GEARAspiWDM - ok
    22:59:27.0246 7280 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
    22:59:27.0324 7280 gpsvc - ok
    22:59:27.0337 7280 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    22:59:27.0411 7280 hcw85cir - ok
    22:59:27.0465 7280 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
    22:59:27.0485 7280 HdAudAddService - ok
    22:59:27.0503 7280 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    22:59:27.0514 7280 HDAudBus - ok
    22:59:27.0547 7280 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
    22:59:27.0551 7280 HECIx64 - ok
    22:59:27.0560 7280 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    22:59:27.0605 7280 HidBatt - ok
    22:59:27.0641 7280 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    22:59:27.0702 7280 HidBth - ok
    22:59:27.0725 7280 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    22:59:27.0807 7280 HidIr - ok
    22:59:27.0827 7280 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
    22:59:27.0831 7280 hidserv - ok
    22:59:27.0850 7280 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    22:59:27.0932 7280 HidUsb - ok
    22:59:27.0967 7280 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
    22:59:27.0986 7280 hkmsvc - ok
    22:59:28.0016 7280 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
    22:59:28.0094 7280 HomeGroupListener - ok
    22:59:28.0127 7280 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
    22:59:28.0217 7280 HomeGroupProvider - ok
    22:59:28.0287 7280 HP Wireless Assistant Service (9abd12fce4a62905731c286bb1d66789) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    22:59:28.0299 7280 HP Wireless Assistant Service - ok
    22:59:28.0323 7280 hpdskflt (ccbe758967cc0f53f5ba3b271653c4e6) C:\Windows\system32\DRIVERS\hpdskflt.sys
    22:59:28.0327 7280 hpdskflt - ok
    22:59:28.0441 7280 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
    22:59:28.0514 7280 hpqcxs08 - ok
    22:59:28.0545 7280 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
    22:59:28.0589 7280 hpqddsvc - ok
    22:59:28.0629 7280 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
    22:59:28.0646 7280 HpqKbFiltr - ok
    22:59:28.0698 7280 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    22:59:28.0712 7280 hpqwmiex - ok
    22:59:28.0741 7280 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    22:59:28.0745 7280 HpSAMD - ok
    22:59:28.0770 7280 hpsrv (e2223a37896a76861d7f79fd81a2a193) C:\Windows\system32\Hpservice.exe
    22:59:28.0774 7280 hpsrv - ok
    22:59:28.0843 7280 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    22:59:28.0885 7280 HTTP - ok
    22:59:28.0900 7280 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    22:59:28.0901 7280 hwpolicy - ok
    22:59:28.0944 7280 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    22:59:28.0955 7280 i8042prt - ok
    22:59:28.0998 7280 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
    22:59:29.0038 7280 iaStorV - ok
    22:59:29.0132 7280 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    22:59:29.0191 7280 idsvc - ok
    22:59:29.0308 7280 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    22:59:29.0311 7280 iirsp - ok
    22:59:29.0403 7280 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
    22:59:29.0478 7280 IKEEXT - ok
    22:59:29.0504 7280 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    22:59:29.0507 7280 intelide - ok
    22:59:29.0530 7280 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    22:59:29.0558 7280 intelppm - ok
    22:59:29.0614 7280 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    22:59:29.0647 7280 IPBusEnum - ok
    22:59:29.0681 7280 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    22:59:29.0708 7280 IpFilterDriver - ok
    22:59:29.0787 7280 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
    22:59:29.0857 7280 iphlpsvc - ok
    22:59:29.0872 7280 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    22:59:29.0876 7280 IPMIDRV - ok
    22:59:29.0922 7280 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    22:59:29.0953 7280 IPNAT - ok
    22:59:30.0109 7280 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
    22:59:30.0144 7280 iPod Service - ok
    22:59:30.0180 7280 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    22:59:30.0184 7280 IRENUM - ok
    22:59:30.0197 7280 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    22:59:30.0200 7280 isapnp - ok
    22:59:30.0227 7280 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    22:59:30.0243 7280 iScsiPrt - ok
    22:59:30.0260 7280 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    22:59:30.0264 7280 kbdclass - ok
    22:59:30.0293 7280 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    22:59:30.0339 7280 kbdhid - ok
    22:59:30.0403 7280 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    22:59:30.0405 7280 KeyIso - ok
    22:59:30.0454 7280 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys
    22:59:30.0459 7280 KSecDD - ok
    22:59:30.0479 7280 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys
    22:59:30.0491 7280 KSecPkg - ok
    22:59:30.0508 7280 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    22:59:30.0531 7280 ksthunk - ok
    22:59:30.0588 7280 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    22:59:30.0649 7280 KtmRm - ok
    22:59:30.0704 7280 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
    22:59:30.0785 7280 LanmanServer - ok
    22:59:30.0825 7280 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
    22:59:30.0902 7280 LanmanWorkstation - ok
    22:59:30.0990 7280 LightScribeService (83d8be94e1cbcbe2ea8372db1a95a159) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    22:59:31.0126 7280 LightScribeService - ok
    22:59:31.0268 7280 LkCitadelServer (20cdb07017497c94a0bad253c4bafcbc) C:\Windows\SysWOW64\lkcitdl.exe
    22:59:31.0357 7280 LkCitadelServer - ok
    22:59:31.0533 7280 lkClassAds (c373079f8d6a3543faadb96c874cf06b) C:\Windows\SysWOW64\lkads.exe
    22:59:31.0568 7280 lkClassAds - ok
    22:59:31.0578 7280 lkTimeSync (ed1c2f1b9b7dedee5c6287211ac4422e) C:\Windows\SysWOW64\lktsrv.exe
    22:59:31.0606 7280 lkTimeSync - ok
    22:59:31.0715 7280 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    22:59:31.0793 7280 lltdio - ok
    22:59:31.0837 7280 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    22:59:31.0917 7280 lltdsvc - ok
    22:59:31.0936 7280 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    22:59:31.0942 7280 lmhosts - ok
    22:59:32.0033 7280 LMS (17a9c5ffa241aaab275ee5cacef77686) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    22:59:32.0050 7280 LMS - ok
    22:59:32.0068 7280 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    22:59:32.0073 7280 LSI_FC - ok
    22:59:32.0095 7280 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    22:59:32.0099 7280 LSI_SAS - ok
    22:59:32.0112 7280 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    22:59:32.0117 7280 LSI_SAS2 - ok
    22:59:32.0138 7280 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    22:59:32.0149 7280 LSI_SCSI - ok
    22:59:32.0166 7280 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    22:59:32.0227 7280 luafv - ok
    22:59:32.0259 7280 lvalarmk (69eee440421dcd5e019aaaaf82c52f7c) C:\Windows\system32\drivers\lvalarmk.sys
    22:59:32.0279 7280 lvalarmk - ok
    22:59:32.0368 7280 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
    22:59:32.0372 7280 MBAMProtector - ok
    22:59:32.0478 7280 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    22:59:32.0503 7280 MBAMService - ok
    22:59:32.0625 7280 mchInjDrv - ok
    22:59:32.0662 7280 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
    22:59:32.0731 7280 Mcx2Svc - ok
    22:59:32.0761 7280 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    22:59:32.0765 7280 megasas - ok
    22:59:32.0803 7280 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    22:59:32.0819 7280 MegaSR - ok
    22:59:32.0907 7280 MemeoBackgroundService (780d96f551833e0dcfe0a33b02b774e8) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
    22:59:32.0911 7280 MemeoBackgroundService - ok
    22:59:33.0081 7280 Microsoft SharePoint Workspace Audit Service - ok
    22:59:33.0113 7280 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    22:59:33.0118 7280 MMCSS - ok
    22:59:33.0140 7280 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    22:59:33.0145 7280 Modem - ok
    22:59:33.0172 7280 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    22:59:33.0177 7280 monitor - ok
    22:59:33.0205 7280 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    22:59:33.0209 7280 mouclass - ok
    22:59:33.0226 7280 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    22:59:33.0255 7280 mouhid - ok
    22:59:33.0301 7280 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    22:59:33.0304 7280 mountmgr - ok
    22:59:33.0405 7280 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    22:59:33.0415 7280 MozillaMaintenance - ok
    22:59:33.0443 7280 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    22:59:33.0459 7280 mpio - ok
    22:59:33.0473 7280 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    22:59:33.0478 7280 mpsdrv - ok
    22:59:33.0571 7280 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
    22:59:33.0643 7280 MpsSvc - ok
    22:59:33.0666 7280 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    22:59:33.0680 7280 MRxDAV - ok
    22:59:33.0776 7280 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    22:59:33.0908 7280 mrxsmb - ok
    22:59:33.0982 7280 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    22:59:34.0042 7280 mrxsmb10 - ok
    22:59:34.0061 7280 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    22:59:34.0115 7280 mrxsmb20 - ok
    22:59:34.0147 7280 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
    22:59:34.0151 7280 msahci - ok
    22:59:34.0171 7280 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    22:59:34.0186 7280 msdsm - ok
    22:59:34.0206 7280 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    22:59:34.0274 7280 MSDTC - ok
    22:59:34.0295 7280 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    22:59:34.0300 7280 Msfs - ok
    22:59:34.0311 7280 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    22:59:34.0315 7280 mshidkmdf - ok
    22:59:34.0325 7280 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    22:59:34.0329 7280 msisadrv - ok
    22:59:34.0374 7280 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    22:59:34.0465 7280 MSiSCSI - ok
    22:59:34.0469 7280 msiserver - ok
    22:59:34.0496 7280 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    22:59:34.0520 7280 MSKSSRV - ok
    22:59:34.0545 7280 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    22:59:34.0570 7280 MSPCLOCK - ok
    22:59:34.0575 7280 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    22:59:34.0581 7280 MSPQM - ok
    22:59:34.0646 7280 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    22:59:34.0661 7280 MsRPC - ok
    22:59:34.0672 7280 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    22:59:34.0675 7280 mssmbios - ok
    22:59:34.0738 7280 MSSQL$SQLEXPRESS - ok
    22:59:34.0783 7280 MSSQLServerADHelper100 (7a2a8c975356858eb38466a6b1592e8d) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
    22:59:34.0808 7280 MSSQLServerADHelper100 - ok
    22:59:34.0841 7280 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    22:59:34.0876 7280 MSTEE - ok
    22:59:34.0908 7280 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    22:59:34.0912 7280 MTConfig - ok
    22:59:34.0924 7280 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    22:59:34.0928 7280 Mup - ok
    22:59:35.0020 7280 mxssvr (a3ba8a14490fdbf106939c37a125e82c) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
    22:59:35.0022 7280 mxssvr - ok
    22:59:35.0077 7280 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
    22:59:35.0215 7280 napagent - ok
    22:59:35.0246 7280 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    22:59:35.0261 7280 NativeWifiP - ok
    22:59:35.0321 7280 NAUpdate (e4534bccdd1ea7a7a256bb9d6688a5fc) C:\Program Files (x86)\Nero\Update\NASvc.exe
    22:59:35.0349 7280 NAUpdate - ok
    22:59:35.0439 7280 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    22:59:35.0478 7280 NDIS - ok
    22:59:35.0510 7280 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    22:59:35.0548 7280 NdisCap - ok
    22:59:35.0577 7280 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    22:59:35.0581 7280 NdisTapi - ok
    22:59:35.0595 7280 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    22:59:35.0658 7280 Ndisuio - ok
    22:59:35.0682 7280 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    22:59:35.0805 7280 NdisWan - ok
    22:59:35.0831 7280 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    22:59:35.0983 7280 NDProxy - ok
    22:59:36.0040 7280 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
    22:59:36.0109 7280 Net Driver HPZ12 - ok
    22:59:36.0128 7280 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    22:59:36.0164 7280 NetBIOS - ok
    22:59:36.0207 7280 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    22:59:36.0222 7280 NetBT - ok
    22:59:36.0260 7280 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

    (1/2)
  22. mburns

    mburns Newcomer, in training Topic Starter Posts: 22

    (2/2)

    22:59:36.0262 7280 Netlogon - ok
    22:59:36.0303 7280 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    22:59:36.0322 7280 Netman - ok
    22:59:36.0394 7280 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    22:59:36.0404 7280 NetMsmqActivator - ok
    22:59:36.0420 7280 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    22:59:36.0422 7280 NetPipeActivator - ok
    22:59:36.0470 7280 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    22:59:36.0499 7280 netprofm - ok
    22:59:36.0509 7280 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    22:59:36.0511 7280 NetTcpActivator - ok
    22:59:36.0515 7280 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    22:59:36.0517 7280 NetTcpPortSharing - ok
    22:59:37.0002 7280 NETw5s64 (18555f48844c2861d9dce8f2b7223ae5) C:\Windows\system32\DRIVERS\NETw5s64.sys
    22:59:37.0214 7280 NETw5s64 - ok
    22:59:37.0334 7280 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    22:59:37.0338 7280 nfrd960 - ok
    22:59:37.0359 7280 ni1006k (51845465fa15703ca34ea48e3d288809) C:\Windows\system32\drivers\ni1006k.sys
    22:59:37.0363 7280 ni1006k - ok
    22:59:37.0372 7280 ni1045k (672b25e5c3db5dd356749a0386747155) C:\Windows\system32\drivers\ni1045kl.sys
    22:59:37.0375 7280 ni1045k - ok
    22:59:37.0389 7280 ni1065k (a7a0621af90d1bff14f46e1e1e378097) C:\Windows\system32\drivers\ni1065k.sys
    22:59:37.0393 7280 ni1065k - ok
    22:59:37.0458 7280 ni488enumsvc (a3ba8a14490fdbf106939c37a125e82c) C:\Windows\SysWOW64\nipalsm.exe
    22:59:37.0461 7280 ni488enumsvc - ok
    22:59:37.0485 7280 ni488lock (05999946f51152ac304ee6dbb819ab3e) C:\Windows\system32\drivers\ni488lock.sys
    22:59:37.0506 7280 ni488lock - ok
    22:59:37.0539 7280 nicdrk (a7645dbdfed0f17a5efeb75f1bb04af1) C:\Windows\system32\drivers\nicdrkl.sys
    22:59:37.0564 7280 nicdrk - ok
    22:59:37.0602 7280 nicsrk (1605d0ce0d1d9082847e2fa60d4506f6) C:\Windows\system32\drivers\nicsrkl.sys
    22:59:37.0604 7280 nicsrk - ok
    22:59:37.0608 7280 nidevldu (a3ba8a14490fdbf106939c37a125e82c) C:\Windows\SysWOW64\nipalsm.exe
    22:59:37.0611 7280 nidevldu - ok
    22:59:37.0641 7280 nidimk (c2a493c8eecf09cb8f30ce0704ea367f) C:\Windows\system32\drivers\nidimkl.sys
    22:59:37.0665 7280 nidimk - ok
    22:59:37.0687 7280 nidmxfk (cdffa9027c52da25b0ce1843396713a9) C:\Windows\system32\drivers\nidmxfkl.sys
    22:59:37.0753 7280 nidmxfk - ok
    22:59:38.0065 7280 NIDomainService (a36307747e7bb2dc015f9fe4350a4a08) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
    22:59:38.0082 7280 NIDomainService - ok
    22:59:38.0103 7280 nidsark (5cada6df2a227257d9cd4aee2f696a83) C:\Windows\system32\drivers\nidsarkl.sys
    22:59:38.0143 7280 nidsark - ok
    22:59:38.0179 7280 nidwgk (e1344a6bab4cf5a9d8b2dc73d1625dbf) C:\Windows\system32\drivers\nidwgkl.sys
    22:59:38.0182 7280 nidwgk - ok
    22:59:38.0212 7280 niemrk (3a9260a907d69436373571fc009dc10f) C:\Windows\system32\drivers\niemrkl.sys
    22:59:38.0217 7280 niemrk - ok
    22:59:38.0261 7280 niemrkw (1c628f4b305a12394ec46ce4301eee8b) C:\Windows\system32\DRIVERS\niemrkw.sys
    22:59:38.0265 7280 niemrkw - ok
    22:59:38.0274 7280 niesrk (df9a2dd7b71b40fc08e904dfdccbc383) C:\Windows\system32\drivers\niesrkl.sys
    22:59:38.0295 7280 niesrk - ok
    22:59:38.0334 7280 nifslk (aea68c1234051673150bcbe6ef00f45b) C:\Windows\system32\drivers\nifslkl.sys
    22:59:38.0338 7280 nifslk - ok
    22:59:38.0343 7280 nigplk (787101e5ec8db16f2b09cbc8a0e61bc7) C:\Windows\system32\drivers\nigplkl.sys
    22:59:38.0346 7280 nigplk - ok
    22:59:38.0352 7280 nihsdrk (076fa360fa6c71b0063ea1fce84afc81) C:\Windows\system32\drivers\nihsdrkl.sys
    22:59:38.0354 7280 nihsdrk - ok
    22:59:38.0475 7280 NILM License Manager (b17093b9a2c5f874975c732c1a8ba771) C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe
    22:59:38.0761 7280 NILM License Manager - ok
    22:59:38.0836 7280 niLXIDiscovery (7f54ec83b7c3c47ad7a04887749414a1) C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
    22:59:38.0846 7280 niLXIDiscovery - ok
    22:59:38.0857 7280 nimdbgk (6203ab84b0b9d604f8f94e2c9e752ae5) C:\Windows\system32\drivers\nimdbgkl.sys
    22:59:38.0860 7280 nimdbgk - ok
    22:59:38.0901 7280 nimDNSResponder (15fc75d9bcff0d19a4365737c9bee3ac) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
    22:59:38.0957 7280 nimDNSResponder - ok
    22:59:38.0982 7280 nimru2k (86f67e441bcd216bcd1d289e07c59767) C:\Windows\system32\drivers\nimru2kl.sys
    22:59:38.0987 7280 nimru2k - ok
    22:59:38.0999 7280 nimsdrk (15e836bea87eb7ace4347d48b057680a) C:\Windows\system32\drivers\nimsdrkl.sys
    22:59:39.0003 7280 nimsdrk - ok
    22:59:39.0035 7280 nimstsk (88652f2b3e8adecb3a1656c1e70885a1) C:\Windows\system32\drivers\nimstskl.sys
    22:59:39.0039 7280 nimstsk - ok
    22:59:39.0055 7280 nimxdfk (029a01307f7720d70b2049de39a7726b) C:\Windows\system32\drivers\nimxdfkl.sys
    22:59:39.0059 7280 nimxdfk - ok
    22:59:39.0064 7280 nimxpk (62df79df34ba53b6f0618a4a4bc7f9f9) C:\Windows\system32\drivers\nimxpkl.sys
    22:59:39.0067 7280 nimxpk - ok
    22:59:39.0096 7280 ninshsdk (ce7eb2c8390e5e2cd2cad67b056d90e2) C:\Windows\system32\drivers\ninshsdkl.sys
    22:59:39.0100 7280 ninshsdk - ok
    22:59:39.0128 7280 niorbk (ca6882d4a8fbd313d2b4694154f1182b) C:\Windows\system32\drivers\niorbkl.sys
    22:59:39.0132 7280 niorbk - ok
    22:59:39.0158 7280 nipalfwedl (7dd219978f0f981a16a088fae1f21f29) C:\Windows\system32\drivers\nipalfwedl.sys
    22:59:39.0161 7280 nipalfwedl - ok
    22:59:39.0228 7280 NIPALK (b418de3b430ac5ccfe518228829fbb44) C:\Windows\system32\drivers\nipalk.sys
    22:59:39.0263 7280 NIPALK - ok
    22:59:39.0269 7280 nipalusbedl (f6dcfa9e0e20d21680e4a4638078aa6f) C:\Windows\system32\drivers\nipalusbedl.sys
    22:59:39.0272 7280 nipalusbedl - ok
    22:59:39.0290 7280 nipbcfk (a2cc7e62a620361cf0b7d953ebe83c62) C:\Windows\system32\drivers\nipbcfk.sys
    22:59:39.0294 7280 nipbcfk - ok
    22:59:39.0323 7280 nipsdk (477b1ef2be6d8b8fee64234153d91f00) C:\Windows\system32\drivers\nipsdkl.sys
    22:59:39.0327 7280 nipsdk - ok
    22:59:39.0339 7280 nipxigpk (9b4669e0113c2cd0a09ebb999b5a0068) C:\Windows\system32\drivers\nipxigpk.sys
    22:59:39.0369 7280 nipxigpk - ok
    22:59:39.0375 7280 nipxirmk (0838d54ed6683a45826f9228a0670b7b) C:\Windows\system32\drivers\nipxirmkl.sys
    22:59:39.0378 7280 nipxirmk - ok
    22:59:39.0464 7280 nipxirmu (a3ba8a14490fdbf106939c37a125e82c) C:\Windows\SysWOW64\nipalsm.exe
    22:59:39.0466 7280 nipxirmu - ok
    22:59:39.0495 7280 niRFSA2k (7ed8a1814e6086d429c60e9adf52d275) C:\Windows\system32\drivers\niRFSA2kl.sys
    22:59:39.0499 7280 niRFSA2k - ok
    22:59:39.0529 7280 niRFSGk (bc9a60c6ac96fa5a61f0289575c850a4) C:\Windows\system32\drivers\niRFSGkl.sys
    22:59:39.0534 7280 niRFSGk - ok
    22:59:39.0552 7280 NiRioRpc (683b0312a761c9a2a6803bb14c0d1760) C:\Windows\SysWOW64\NiRioRpc.exe
    22:59:39.0557 7280 NiRioRpc - ok
    22:59:39.0592 7280 niscdk (5525c4bcb5b066fdec5531bf02b87968) C:\Windows\system32\drivers\niscdkl.sys
    22:59:39.0596 7280 niscdk - ok
    22:59:39.0626 7280 nisdigk (be00ad79fa67dae3a397966557f9d99a) C:\Windows\system32\drivers\nisdigkl.sys
    22:59:39.0630 7280 nisdigk - ok
    22:59:39.0649 7280 nisftk (41dc2d01dfabdf80b6fc808ee0c5ac35) C:\Windows\system32\drivers\nisftkl.sys
    22:59:39.0652 7280 nisftk - ok
    22:59:39.0668 7280 nisldk (afde79dda568ee72006a5e6df43db3bd) C:\Windows\system32\drivers\nisldkl.sys
    22:59:39.0672 7280 nisldk - ok
    22:59:39.0691 7280 nispdk (62036ecc1e0212f2605507b8a1eea14f) C:\Windows\system32\drivers\nispdkl.sys
    22:59:39.0694 7280 nispdk - ok
    22:59:39.0706 7280 nisrcdk (eec01e7536af1d63802837da14024709) C:\Windows\system32\drivers\nisrcdkl.sys
    22:59:39.0729 7280 nisrcdk - ok
    22:59:39.0747 7280 nissrk (e1203aeaf565e8dae91427a33f8ffd8d) C:\Windows\system32\drivers\nissrkl.sys
    22:59:39.0752 7280 nissrk - ok
    22:59:39.0761 7280 nistc2k (a7ed8a3e7769722416a7ab3a1795f2d6) C:\Windows\system32\drivers\nistc2kl.sys
    22:59:39.0764 7280 nistc2k - ok
    22:59:39.0791 7280 nistcrk (f952a3a8c813a4abadc9765c37a15e3d) C:\Windows\system32\drivers\nistcrkl.sys
    22:59:39.0796 7280 nistcrk - ok
    22:59:39.0800 7280 niSvcLoc - ok
    22:59:39.0821 7280 niswdk (ccfdcb30ab10451bc8b0582e1bf85dec) C:\Windows\system32\drivers\niswdkl.sys
    22:59:39.0825 7280 niswdk - ok
    22:59:39.0948 7280 NITaggerService (e559ce29cd58cd6b58f3654c24d7a812) C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
    22:59:39.0974 7280 NITaggerService - ok
    22:59:39.0980 7280 nitiork (768b7046ad0d7227a431e4977e8b1671) C:\Windows\system32\drivers\nitiorkl.sys
    22:59:39.0983 7280 nitiork - ok
    22:59:39.0999 7280 nitnr2k (81990b8ae13bb426fd82aae96888f8ca) C:\Windows\system32\drivers\nitnr2kl.sys
    22:59:40.0002 7280 nitnr2k - ok
    22:59:40.0022 7280 niufurk (2316ea872cdab9b8b9de0cfe0212d5b9) C:\Windows\system32\drivers\niufurkl.sys
    22:59:40.0041 7280 niufurk - ok
    22:59:40.0077 7280 NiViFWK (3f53966676f2b542286d0a1803d6215a) C:\Windows\system32\drivers\NiViFWKl.sys
    22:59:40.0081 7280 NiViFWK - ok
    22:59:40.0107 7280 NiViPciK (8cc607d58c517437e05183d000aa0841) C:\Windows\system32\drivers\NiViPciKl.sys
    22:59:40.0111 7280 NiViPciK - ok
    22:59:40.0121 7280 NiViPxiK (58277050d1141becd10f27ffc7438108) C:\Windows\system32\drivers\NiViPxiKl.sys
    22:59:40.0125 7280 NiViPxiK - ok
    22:59:40.0130 7280 niwdk - ok
    22:59:40.0153 7280 niwfrk (240ce2156ccc67576a6189afbb78d1f3) C:\Windows\system32\drivers\niwfrkl.sys
    22:59:40.0157 7280 niwfrk - ok
    22:59:40.0175 7280 nixsrk (65a6d7625140bc630d3f8a6da1ad9f25) C:\Windows\system32\drivers\nixsrkl.sys
    22:59:40.0179 7280 nixsrk - ok
    22:59:40.0226 7280 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
    22:59:40.0244 7280 NlaSvc - ok
    22:59:40.0268 7280 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    22:59:40.0322 7280 Npfs - ok
    22:59:40.0339 7280 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    22:59:40.0365 7280 nsi - ok
    22:59:40.0397 7280 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    22:59:40.0398 7280 nsiproxy - ok
    22:59:40.0513 7280 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
    22:59:40.0559 7280 Ntfs - ok
    22:59:40.0989 7280 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    22:59:40.0992 7280 Null - ok
    22:59:41.0019 7280 nusb3hub (785298579b5f9b4032152dfbb992fdb6) C:\Windows\system32\DRIVERS\nusb3hub.sys
    22:59:41.0024 7280 nusb3hub - ok
    22:59:41.0129 7280 nusb3xhc (df2750481b4964814467c974f2b0eef1) C:\Windows\system32\DRIVERS\nusb3xhc.sys
    22:59:41.0138 7280 nusb3xhc - ok
    22:59:41.0182 7280 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
    22:59:41.0197 7280 NVHDA - ok
    22:59:41.0618 7280 NVIDIA Performance Driver Service (53a7e1dea2e7fa22fd4f0c28c078f5a0) C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
    22:59:41.0755 7280 NVIDIA Performance Driver Service - ok
    22:59:42.0639 7280 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    22:59:42.0895 7280 nvlddmkm - ok
    22:59:42.0972 7280 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
    22:59:42.0987 7280 nvraid - ok
    22:59:43.0006 7280 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
    22:59:43.0021 7280 nvstor - ok
    22:59:43.0068 7280 nvsvc (43bc8151893ae6afe42e149d663c2221) C:\Windows\system32\nvvsvc.exe
    22:59:43.0083 7280 nvsvc - ok
    22:59:43.0112 7280 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    22:59:43.0122 7280 nv_agp - ok
    22:59:43.0171 7280 NWADI (17bcf5df3c54dcf2af2e164eb84a0169) C:\Windows\system32\DRIVERS\NWADIenum.sys
    22:59:43.0217 7280 NWADI - ok
    22:59:43.0276 7280 NWUSBModem (a3fadcf96abf4803e7a946cd48641ac3) C:\Windows\system32\DRIVERS\nwusbmdm.sys
    22:59:43.0290 7280 NWUSBModem - ok
    22:59:43.0317 7280 NWUSBPort (a3fadcf96abf4803e7a946cd48641ac3) C:\Windows\system32\DRIVERS\nwusbser.sys
    22:59:43.0380 7280 NWUSBPort - ok
    22:59:43.0409 7280 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    22:59:43.0414 7280 ohci1394 - ok
    22:59:43.0507 7280 OpcEnum (eae6208900e2986f66f68b30aef86e4d) C:\Windows\SysWOW64\OpcEnum.exe
    22:59:43.0589 7280 OpcEnum - ok
    22:59:43.0653 7280 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    22:59:43.0663 7280 ose - ok
    22:59:44.0043 7280 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    22:59:44.0168 7280 osppsvc - ok
    22:59:44.0293 7280 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    22:59:44.0362 7280 p2pimsvc - ok
    22:59:44.0411 7280 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    22:59:44.0458 7280 p2psvc - ok
    22:59:44.0516 7280 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    22:59:44.0578 7280 Parport - ok
    22:59:44.0629 7280 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
    22:59:44.0660 7280 partmgr - ok
    22:59:44.0687 7280 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    22:59:44.0761 7280 PcaSvc - ok
    22:59:44.0784 7280 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    22:59:44.0799 7280 pci - ok
    22:59:44.0818 7280 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    22:59:44.0822 7280 pciide - ok
    22:59:44.0848 7280 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    22:59:44.0879 7280 pcmcia - ok
    22:59:44.0898 7280 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    22:59:44.0903 7280 pcw - ok
    22:59:44.0953 7280 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    22:59:45.0045 7280 PEAUTH - ok
    22:59:45.0142 7280 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
    22:59:45.0177 7280 PeerDistSvc - ok
    22:59:45.0259 7280 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    22:59:45.0265 7280 PerfHost - ok
    22:59:45.0348 7280 Pharos Systems ComTaskMaster (35045ca2ab16a08330450fc0c1bc5c54) C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
    22:59:45.0460 7280 Pharos Systems ComTaskMaster - ok
    22:59:45.0734 7280 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
    22:59:45.0784 7280 pla - ok
    22:59:45.0845 7280 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
    22:59:45.0878 7280 PlugPlay - ok
    22:59:45.0904 7280 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
    22:59:45.0973 7280 Pml Driver HPZ12 - ok
    22:59:45.0987 7280 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    22:59:45.0992 7280 PNRPAutoReg - ok
    22:59:46.0027 7280 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    22:59:46.0032 7280 PNRPsvc - ok
    22:59:46.0080 7280 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
    22:59:46.0108 7280 PolicyAgent - ok
    22:59:46.0139 7280 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    22:59:46.0204 7280 Power - ok
    22:59:46.0266 7280 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    22:59:46.0276 7280 PptpMiniport - ok
    22:59:46.0292 7280 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    22:59:46.0297 7280 Processor - ok
    22:59:46.0323 7280 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
    22:59:46.0380 7280 ProfSvc - ok
    22:59:46.0417 7280 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    22:59:46.0419 7280 ProtectedStorage - ok
    22:59:46.0445 7280 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    22:59:46.0453 7280 Psched - ok
    22:59:46.0482 7280 pwdrvio (595a22c4cce855e72d475835f3df2d53) C:\Windows\system32\pwdrvio.sys
    22:59:46.0528 7280 pwdrvio - ok
    22:59:46.0612 7280 pwdspio (70eb529f6fedac79d0a8e3bb79999277) C:\Windows\system32\pwdspio.sys
    22:59:46.0634 7280 pwdspio - ok
    22:59:46.0746 7280 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    22:59:46.0789 7280 ql2300 - ok
    22:59:46.0928 7280 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    22:59:46.0936 7280 ql40xx - ok
    22:59:46.0977 7280 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    22:59:46.0992 7280 QWAVE - ok
    22:59:47.0007 7280 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    22:59:47.0012 7280 QWAVEdrv - ok
    22:59:47.0027 7280 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    22:59:47.0032 7280 RasAcd - ok
    22:59:47.0056 7280 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    22:59:47.0061 7280 RasAgileVpn - ok
    22:59:47.0079 7280 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    22:59:47.0131 7280 RasAuto - ok
    22:59:47.0168 7280 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    22:59:47.0226 7280 Rasl2tp - ok
    22:59:47.0270 7280 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
    22:59:47.0347 7280 RasMan - ok
    22:59:47.0367 7280 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    22:59:47.0427 7280 RasPppoe - ok
    22:59:47.0452 7280 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    22:59:47.0554 7280 RasSstp - ok
    22:59:47.0586 7280 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    22:59:47.0605 7280 rdbss - ok
    22:59:47.0622 7280 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    22:59:47.0662 7280 rdpbus - ok
    22:59:47.0699 7280 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    22:59:47.0700 7280 RDPCDD - ok
    22:59:47.0793 7280 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
    22:59:47.0820 7280 RDPDR - ok
    22:59:47.0857 7280 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    22:59:47.0858 7280 RDPENCDD - ok
    22:59:47.0879 7280 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    22:59:47.0880 7280 RDPREFMP - ok
    22:59:47.0926 7280 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
    22:59:48.0006 7280 RDPWD - ok
    22:59:48.0031 7280 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    22:59:48.0040 7280 rdyboost - ok
    22:59:48.0163 7280 Remote Solver for Flow Simulation 2010 (d0b8e82dd29d8bfd964063894038a883) C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe
    22:59:48.0228 7280 Remote Solver for Flow Simulation 2010 - ok
    22:59:48.0263 7280 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    22:59:48.0316 7280 RemoteAccess - ok
    22:59:48.0362 7280 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    22:59:48.0428 7280 RemoteRegistry - ok
    22:59:48.0462 7280 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
    22:59:48.0519 7280 RFCOMM - ok
    22:59:48.0547 7280 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
    22:59:48.0552 7280 rimmptsk - ok
    22:59:48.0570 7280 rimsptsk (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
    22:59:48.0575 7280 rimsptsk - ok
    22:59:48.0593 7280 rismcx64 (d018844dc53d8428410a2feeeee9373e) C:\Windows\system32\DRIVERS\rismcx64.sys
    22:59:48.0598 7280 rismcx64 - ok
    22:59:48.0612 7280 rismxdp (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
    22:59:48.0618 7280 rismxdp - ok
    22:59:48.0632 7280 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    22:59:48.0685 7280 RpcEptMapper - ok
    22:59:48.0708 7280 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    22:59:48.0714 7280 RpcLocator - ok
    22:59:48.0806 7280 rpcnet (6684437f3628ef237c354f77d33426d1) C:\Windows\SysWOW64\rpcnet.exe
    22:59:48.0893 7280 rpcnet - ok
    22:59:48.0951 7280 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
    22:59:48.0958 7280 RpcSs - ok
    22:59:49.0026 7280 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
    22:59:49.0062 7280 RsFx0103 - ok
    22:59:49.0090 7280 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    22:59:49.0095 7280 rspndr - ok
    22:59:49.0114 7280 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
    22:59:49.0118 7280 s3cap - ok
    22:59:49.0206 7280 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    22:59:49.0207 7280 SamSs - ok
    22:59:49.0227 7280 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    22:59:49.0237 7280 sbp2port - ok
    22:59:49.0274 7280 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    22:59:49.0290 7280 SCardSvr - ok
    22:59:49.0306 7280 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    22:59:49.0332 7280 scfilter - ok
    22:59:49.0435 7280 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
    22:59:49.0540 7280 Schedule - ok
    22:59:49.0572 7280 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
    22:59:49.0574 7280 SCPolicySvc - ok
    22:59:49.0607 7280 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\DRIVERS\sdbus.sys
    22:59:49.0624 7280 sdbus - ok
    22:59:49.0655 7280 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
    22:59:49.0672 7280 SDRSVC - ok
    22:59:49.0792 7280 SeagateDashboardService (16b44d246835eac156f8daf0aa4f530c) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    22:59:49.0794 7280 SeagateDashboardService - ok
    22:59:49.0832 7280 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    22:59:49.0837 7280 secdrv - ok
    22:59:49.0853 7280 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
    22:59:49.0859 7280 seclogon - ok
    22:59:49.0879 7280 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
    22:59:49.0905 7280 SENS - ok
    22:59:49.0937 7280 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    22:59:49.0943 7280 SensrSvc - ok
    22:59:49.0954 7280 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    22:59:49.0989 7280 Serenum - ok
    22:59:50.0022 7280 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    22:59:50.0091 7280 Serial - ok
    22:59:50.0107 7280 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    22:59:50.0136 7280 sermouse - ok
    22:59:50.0199 7280 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
    22:59:50.0209 7280 SessionEnv - ok
    22:59:50.0227 7280 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    22:59:50.0232 7280 sffdisk - ok
    22:59:50.0259 7280 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    22:59:50.0263 7280 sffp_mmc - ok
    22:59:50.0287 7280 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
    22:59:50.0322 7280 sffp_sd - ok
    22:59:50.0370 7280 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    22:59:50.0375 7280 sfloppy - ok
    22:59:50.0451 7280 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    22:59:50.0468 7280 SharedAccess - ok
    22:59:50.0502 7280 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
    22:59:50.0522 7280 ShellHWDetection - ok
    22:59:50.0542 7280 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    22:59:50.0546 7280 SiSRaid2 - ok
    22:59:50.0560 7280 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    22:59:50.0564 7280 SiSRaid4 - ok
    22:59:50.0583 7280 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    22:59:50.0651 7280 Smb - ok
    22:59:50.0738 7280 SMSIVZAM5X64 (b5d3c24e4ea8e6d4850e83dad8c510d4) C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS
    22:59:50.0743 7280 SMSIVZAM5X64 - ok
    22:59:50.0786 7280 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    22:59:50.0839 7280 SNMPTRAP - ok
    22:59:50.0995 7280 SNP2UVC (a676e7f5c305cbc3d3d0e4d718f23329) C:\Windows\system32\DRIVERS\snp2uvc.sys
    22:59:51.0097 7280 SNP2UVC - ok
    22:59:51.0164 7280 SolidWorks Licensing Service (4945020bc094c322571184a6e8056b3a) C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
    22:59:51.0224 7280 SolidWorks Licensing Service - ok
    22:59:51.0381 7280 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    22:59:51.0385 7280 spldr - ok
    22:59:51.0438 7280 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
    22:59:51.0507 7280 Spooler - ok
    22:59:51.0802 7280 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
    22:59:51.0889 7280 sppsvc - ok
    22:59:51.0983 7280 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    22:59:51.0996 7280 sppuinotify - ok
    22:59:52.0118 7280 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
    22:59:52.0206 7280 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
    22:59:52.0207 7280 sptd ( LockedFile.Multi.Generic ) - warning
    22:59:52.0207 7280 sptd - detected LockedFile.Multi.Generic (1)
    22:59:52.0329 7280 SQLAgent$SQLEXPRESS (12e6d95cde974b131defaa44bab8b056) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
    22:59:52.0363 7280 SQLAgent$SQLEXPRESS - ok
    22:59:52.0444 7280 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    22:59:52.0456 7280 SQLBrowser - ok
    22:59:52.0488 7280 SQLWriter (6d65985945b03ca59b67d0b73702fc7b) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    22:59:52.0539 7280 SQLWriter - ok
    22:59:52.0719 7280 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
    22:59:52.0806 7280 srv - ok
    22:59:52.0842 7280 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
    22:59:52.0858 7280 srv2 - ok
    22:59:52.0907 7280 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
    22:59:52.0921 7280 srvnet - ok
    22:59:52.0966 7280 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    22:59:52.0980 7280 SSDPSRV - ok
    22:59:52.0997 7280 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    22:59:53.0009 7280 SstpSvc - ok
    22:59:53.0118 7280 STacSV (21b53d0f289d6671489431ddff55045f) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\STacSV64.exe
    22:59:53.0130 7280 STacSV - ok
    22:59:53.0185 7280 Steam Client Service - ok
    22:59:53.0204 7280 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    22:59:53.0208 7280 stexstor - ok
    22:59:53.0253 7280 STHDA (97fdbc63c92e6dab900fd37656cca782) C:\Windows\system32\DRIVERS\stwrt64.sys
    22:59:53.0277 7280 STHDA - ok
    22:59:53.0342 7280 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
    22:59:53.0366 7280 stisvc - ok
    22:59:53.0396 7280 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
    22:59:53.0400 7280 storflt - ok
    22:59:53.0417 7280 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
    22:59:53.0423 7280 StorSvc - ok
    22:59:53.0440 7280 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
    22:59:53.0444 7280 storvsc - ok
    22:59:53.0455 7280 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    22:59:53.0459 7280 swenum - ok
    22:59:53.0498 7280 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    22:59:53.0567 7280 swprv - ok
    22:59:53.0615 7280 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
    22:59:53.0631 7280 SynTP - ok
    22:59:53.0770 7280 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
    22:59:53.0867 7280 SysMain - ok
    22:59:53.0970 7280 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
    22:59:54.0023 7280 TabletInputService - ok
    22:59:54.0061 7280 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
    22:59:54.0120 7280 TapiSrv - ok
    22:59:54.0136 7280 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    22:59:54.0142 7280 TBS - ok
    22:59:54.0299 7280 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
    22:59:54.0356 7280 Tcpip - ok
    22:59:54.0569 7280 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
    22:59:54.0588 7280 TCPIP6 - ok
    22:59:54.0730 7280 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    22:59:54.0776 7280 tcpipreg - ok
    22:59:54.0811 7280 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    22:59:54.0815 7280 TDPIPE - ok
    22:59:54.0854 7280 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
    22:59:54.0923 7280 TDTCP - ok
    22:59:54.0957 7280 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    22:59:55.0010 7280 tdx - ok
    22:59:55.0037 7280 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    22:59:55.0042 7280 TermDD - ok
    22:59:55.0107 7280 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
    22:59:55.0152 7280 TermService - ok
    22:59:55.0173 7280 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    22:59:55.0179 7280 Themes - ok
    22:59:55.0208 7280 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    22:59:55.0210 7280 THREADORDER - ok
    22:59:55.0241 7280 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
    22:59:55.0293 7280 TPM - ok
    22:59:55.0327 7280 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    22:59:55.0386 7280 TrkWks - ok
    22:59:55.0449 7280 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
    22:59:55.0505 7280 TrustedInstaller - ok
    22:59:55.0523 7280 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    22:59:55.0565 7280 tssecsrv - ok
    22:59:55.0615 7280 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    22:59:55.0665 7280 tunnel - ok
    22:59:55.0696 7280 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    22:59:55.0701 7280 uagp35 - ok
    22:59:55.0737 7280 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
    22:59:55.0752 7280 udfs - ok
    22:59:55.0782 7280 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    22:59:55.0854 7280 UI0Detect - ok
    22:59:55.0885 7280 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    22:59:55.0889 7280 uliagpkx - ok
    22:59:55.0903 7280 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    22:59:55.0908 7280 umbus - ok
    22:59:55.0927 7280 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    22:59:55.0932 7280 UmPass - ok
    22:59:55.0964 7280 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
    22:59:56.0021 7280 UmRdpService - ok
    22:59:56.0237 7280 UNS (7953d636309b7f505c70667a7a2437cf) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    22:59:56.0297 7280 UNS - ok
    22:59:56.0472 7280 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    22:59:56.0531 7280 upnphost - ok
    22:59:56.0564 7280 usb6xxxk - ok
    22:59:56.0604 7280 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
    22:59:56.0647 7280 USBAAPL64 - ok
    22:59:56.0689 7280 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
    22:59:56.0700 7280 usbccgp - ok
    22:59:56.0727 7280 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    22:59:56.0737 7280 usbcir - ok
    22:59:56.0752 7280 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
    22:59:56.0823 7280 usbehci - ok
    22:59:56.0869 7280 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
    22:59:56.0886 7280 usbhub - ok
    22:59:56.0897 7280 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    22:59:56.0932 7280 usbohci - ok
    22:59:56.0963 7280 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    22:59:57.0008 7280 usbprint - ok
    22:59:57.0040 7280 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    22:59:57.0051 7280 USBSTOR - ok
    22:59:57.0061 7280 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    22:59:57.0065 7280 usbuhci - ok
    22:59:57.0105 7280 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
    22:59:57.0178 7280 usbvideo - ok
    22:59:57.0288 7280 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    22:59:57.0293 7280 UxSms - ok
    22:59:57.0324 7280 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    22:59:57.0326 7280 VaultSvc - ok
    22:59:57.0496 7280 vcsFPService (bbe2b5036d2ff45458c747fb2513591d) C:\Windows\system32\vcsFPService.exe
    22:59:57.0589 7280 vcsFPService - ok
    22:59:57.0738 7280 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    22:59:57.0742 7280 vdrvroot - ok
    22:59:57.0796 7280 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
    22:59:57.0839 7280 vds - ok
    22:59:57.0865 7280 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    22:59:57.0870 7280 vga - ok
    22:59:57.0882 7280 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    22:59:57.0909 7280 VgaSave - ok
    22:59:57.0960 7280 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    22:59:57.0974 7280 vhdmp - ok
    22:59:57.0986 7280 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    22:59:57.0990 7280 viaide - ok
    22:59:58.0027 7280 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
    22:59:58.0042 7280 vmbus - ok
    22:59:58.0053 7280 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
    22:59:58.0101 7280 VMBusHID - ok
    22:59:58.0144 7280 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    22:59:58.0149 7280 volmgr - ok
    22:59:58.0182 7280 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    22:59:58.0198 7280 volmgrx - ok
    22:59:58.0223 7280 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    22:59:58.0235 7280 volsnap - ok
    22:59:58.0268 7280 vpcbus (abd9b4a7e2d0ae51a3b8df1af3152d61) C:\Windows\system32\DRIVERS\vpchbus.sys
    22:59:58.0349 7280 vpcbus - ok
    22:59:58.0379 7280 vpcnfltr (8acda395841538ce9713a67fe8b2a3eb) C:\Windows\system32\DRIVERS\vpcnfltr.sys
    22:59:58.0384 7280 vpcnfltr - ok
    22:59:58.0404 7280 vpcusb (31924e31bc315773e6d149b157db46d5) C:\Windows\system32\DRIVERS\vpcusb.sys
    22:59:58.0464 7280 vpcusb - ok
    22:59:58.0502 7280 vpcvmm (c5b651e52540e6f46da66574c74b4898) C:\Windows\system32\drivers\vpcvmm.sys
    22:59:58.0519 7280 vpcvmm - ok
    22:59:58.0559 7280 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    22:59:58.0577 7280 vsmraid - ok
    22:59:58.0687 7280 VSPerfDrv100 (1928b9ca20f51bfbbad54d2c2c447b13) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
    22:59:58.0731 7280 VSPerfDrv100 - ok
    22:59:58.0854 7280 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
    22:59:58.0920 7280 VSS - ok
    22:59:59.0050 7280 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    22:59:59.0054 7280 vwifibus - ok
    22:59:59.0067 7280 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    22:59:59.0072 7280 vwififlt - ok
    22:59:59.0103 7280 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    22:59:59.0108 7280 vwifimp - ok
    22:59:59.0157 7280 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    22:59:59.0199 7280 W32Time - ok
    22:59:59.0268 7280 W3SVC (06d2b9bc146bb0f45f45ff7a296d50c4) C:\Windows\system32\inetsrv\iisw3adm.dll
    22:59:59.0346 7280 W3SVC - ok
    22:59:59.0358 7280 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    22:59:59.0364 7280 WacomPen - ok
    22:59:59.0391 7280 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    22:59:59.0493 7280 WANARP - ok
    22:59:59.0497 7280 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    22:59:59.0499 7280 Wanarpv6 - ok
    22:59:59.0508 7280 WAS (06d2b9bc146bb0f45f45ff7a296d50c4) C:\Windows\system32\inetsrv\iisw3adm.dll
    22:59:59.0512 7280 WAS - ok
    22:59:59.0633 7280 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    22:59:59.0690 7280 WatAdminSvc - ok
    22:59:59.0816 7280 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
    22:59:59.0876 7280 wbengine - ok
    23:00:00.0007 7280 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    23:00:00.0030 7280 WbioSrvc - ok
    23:00:00.0084 7280 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
    23:00:00.0102 7280 wcncsvc - ok
    23:00:00.0122 7280 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    23:00:00.0128 7280 WcsPlugInService - ok
    23:00:00.0165 7280 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    23:00:00.0169 7280 Wd - ok
    23:00:00.0215 7280 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    23:00:00.0245 7280 Wdf01000 - ok
    23:00:00.0282 7280 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    23:00:00.0334 7280 WdiServiceHost - ok
    23:00:00.0338 7280 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    23:00:00.0341 7280 WdiSystemHost - ok
    23:00:00.0382 7280 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
    23:00:00.0446 7280 WebClient - ok
    23:00:00.0478 7280 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    23:00:00.0494 7280 Wecsvc - ok
    23:00:00.0514 7280 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    23:00:00.0715 7280 wercplsupport - ok
    23:00:00.0846 7280 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    23:00:00.0900 7280 WerSvc - ok
    23:00:00.0943 7280 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    23:00:00.0947 7280 WfpLwf - ok
    23:00:00.0961 7280 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    23:00:00.0965 7280 WIMMount - ok
    23:00:01.0013 7280 WinDefend - ok
    23:00:01.0024 7280 WinHttpAutoProxySvc - ok
    23:00:01.0092 7280 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    23:00:01.0164 7280 Winmgmt - ok
    23:00:01.0317 7280 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
    23:00:01.0371 7280 WinRM - ok
    23:00:01.0516 7280 WinUSB (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
    23:00:01.0543 7280 WinUSB - ok
    23:00:01.0629 7280 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    23:00:01.0658 7280 Wlansvc - ok
    23:00:01.0687 7280 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    23:00:01.0721 7280 WmiAcpi - ok
    23:00:01.0803 7280 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    23:00:01.0867 7280 wmiApSrv - ok
    23:00:01.0902 7280 WMPNetworkSvc - ok
    23:00:01.0923 7280 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    23:00:01.0931 7280 WPCSvc - ok
    23:00:01.0952 7280 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
    23:00:02.0020 7280 WPDBusEnum - ok
    23:00:02.0042 7280 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    23:00:02.0043 7280 ws2ifsl - ok
    23:00:02.0073 7280 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
    23:00:02.0085 7280 wscsvc - ok
    23:00:02.0090 7280 WSearch - ok
    23:00:02.0270 7280 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
    23:00:02.0338 7280 wuauserv - ok
    23:00:02.0441 7280 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    23:00:02.0452 7280 WudfPf - ok
    23:00:02.0489 7280 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    23:00:02.0505 7280 WUDFRd - ok
    23:00:02.0525 7280 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
    23:00:02.0594 7280 wudfsvc - ok
    23:00:02.0627 7280 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    23:00:02.0708 7280 WwanSvc - ok
    23:00:02.0801 7280 X6va003 - ok
    23:00:02.0875 7280 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    23:00:02.0957 7280 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    23:00:02.0958 7280 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    23:00:02.0966 7280 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR1
    23:00:02.0976 7280 \Device\Harddisk1\DR1 - ok
    23:00:02.0981 7280 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
    23:00:02.0986 7280 \Device\Harddisk2\DR2 - ok
    23:00:03.0023 7280 Boot (0x1200) (0712a72868e70c1ed528494aff497b5d) \Device\Harddisk0\DR0\Partition0
    23:00:03.0027 7280 \Device\Harddisk0\DR0\Partition0 - ok
    23:00:03.0036 7280 Boot (0x1200) (866a30999bb56dfc701508ea8a8dfbb1) \Device\Harddisk0\DR0\Partition1
    23:00:03.0039 7280 \Device\Harddisk0\DR0\Partition1 - ok
    23:00:03.0073 7280 Boot (0x1200) (069e2578102a4d6b06d8d1fdb3bad4b6) \Device\Harddisk0\DR0\Partition2
    23:00:03.0076 7280 \Device\Harddisk0\DR0\Partition2 - ok
    23:00:03.0081 7280 Boot (0x1200) (32dfeb0c7ba969f10477c14651111841) \Device\Harddisk1\DR1\Partition0
    23:00:03.0083 7280 \Device\Harddisk1\DR1\Partition0 - ok
    23:00:03.0088 7280 Boot (0x1200) (86455b6a0b95a60e2365cb5d817550d7) \Device\Harddisk2\DR2\Partition0
    23:00:03.0091 7280 \Device\Harddisk2\DR2\Partition0 - ok
    23:00:03.0096 7280 Boot (0x1200) (53a9ef232f178ee95663adda157ba93d) \Device\Harddisk2\DR2\Partition1
    23:00:03.0100 7280 \Device\Harddisk2\DR2\Partition1 - ok
    23:00:03.0100 7280 ============================================================
    23:00:03.0100 7280 Scan finished
    23:00:03.0100 7280 ============================================================
    23:00:03.0118 3688 Detected object count: 2
    23:00:03.0118 3688 Actual detected object count: 2
    23:00:36.0227 3688 sptd ( LockedFile.Multi.Generic ) - skipped by user
    23:00:36.0227 3688 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
    23:00:37.0419 3688 \Device\Harddisk0\DR0\# - copied to quarantine
    23:00:37.0419 3688 \Device\Harddisk0\DR0 - copied to quarantine
    23:00:37.0563 3688 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    23:00:37.0570 3688 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    23:00:37.0588 3688 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    23:00:37.0597 3688 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    23:00:37.0630 3688 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    23:00:37.0647 3688 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    23:00:37.0649 3688 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    23:00:37.0650 3688 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    23:00:37.0653 3688 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    23:00:37.0656 3688 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    23:00:37.0661 3688 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    23:00:37.0687 3688 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    23:00:37.0690 3688 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    23:00:37.0692 3688 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    23:00:37.0728 3688 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    23:00:37.0731 3688 \Device\Harddisk0\DR0 - ok
    23:00:37.0814 3688 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    23:00:50.0164 5292 Deinitialize success

    (2/2)
  23. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Good :)

    Re-run Combofix one more time.
  24. mburns

    mburns Newcomer, in training Topic Starter Posts: 22

    ComboFix 12-07-31.03 - mburns 08/01/2012 23:38:32.5.8 - x64
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4029.2079 [GMT -4:00]
    Running from: c:\users\Class2014\Desktop\your_name.exe
    AV: AVG Anti-Virus Business Edition *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Business Edition *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\3002.abs
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-02 03:50 . 2012-08-02 03:50 -------- d-----w- c:\users\mburns\AppData\Local\temp
    2012-08-02 03:50 . 2012-08-02 03:50 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-02 03:50 . 2012-08-02 03:50 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2012-07-29 16:00 . 2012-07-29 16:00 -------- d-----w- c:\users\Class2014\AppData\Roaming\Malwarebytes
    2012-07-29 16:00 . 2012-07-29 16:00 -------- d-----w- c:\programdata\Malwarebytes
    2012-07-29 16:00 . 2012-07-29 16:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-29 16:00 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-15 19:49 . 2012-07-15 19:49 -------- d-----w- c:\users\Administrator\AppData\Local\AirMouse
    2012-07-14 19:50 . 2012-07-14 19:50 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-07-14 19:33 . 2012-07-14 19:33 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-12 04:22 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
    2012-07-11 11:12 . 2012-07-11 11:15 -------- d-----w- C:\8ca979b7f09b658e9dc76c61d1
    2012-07-11 11:10 . 2012-06-06 05:50 2003968 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-11 11:10 . 2012-06-06 05:50 1880064 ----a-w- c:\windows\system32\msxml3.dll
    2012-07-11 11:10 . 2012-06-06 05:09 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-07-11 11:10 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2012-07-07 19:10 . 2012-07-07 19:10 -------- d-----w- c:\program files (x86)\EAGLE-6.2.0
    2012-07-07 19:10 . 2012-07-07 19:10 -------- d-----w- c:\users\Class2014\AppData\Roaming\CadSoft
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-02 03:03 . 2010-12-09 14:31 17920 ----a-w- c:\windows\system32\rpcnetp.exe
    2012-08-02 03:03 . 2010-08-05 20:04 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
    2012-08-02 01:35 . 2010-12-09 14:31 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
    2012-08-01 02:26 . 2010-08-05 17:45 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
    2012-07-31 01:29 . 2010-08-05 20:04 13160 ----a-w- c:\windows\SysWow64\Upgrd.exe
    2012-07-31 01:29 . 2010-08-05 20:04 58288 ------w- c:\windows\SysWow64\rpcnet.exe
    2012-07-14 19:33 . 2012-01-05 02:45 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-11 11:13 . 2010-07-08 17:42 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-06-02 22:19 . 2012-06-24 17:09 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-24 17:10 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-24 17:10 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-24 17:10 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-24 17:09 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-24 17:10 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-24 17:09 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 19:19 . 2012-06-24 17:09 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 19:15 . 2012-06-24 17:09 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-05-04 10:52 . 2012-06-14 00:13 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 10:08 . 2012-06-14 00:13 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:08 . 2012-06-14 00:13 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-07-29_17.23.43 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-08-01 02:56 . 2012-08-01 02:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
    - 2012-07-14 19:58 . 2012-07-29 00:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
    + 2012-07-14 19:58 . 2012-08-02 02:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
    + 2012-08-01 02:56 . 2012-08-01 02:56 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012073120120801\index.dat
    + 2012-08-01 02:56 . 2012-08-01 02:56 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012072320120730\index.dat
    + 2012-07-14 19:49 . 2012-08-02 02:30 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    + 2010-07-08 17:31 . 2012-08-02 03:06 69750 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-08-02 03:06 44690 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2010-08-16 20:55 . 2012-08-02 03:06 24644 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1273285964-1369492898-2689800442-1000_UserData.bin
    + 2012-08-01 02:56 . 2012-08-01 02:56 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{72619510-DB84-11E1-B5E5-A9D11B1356CE}.dat
    + 2012-08-01 02:56 . 2012-08-01 02:56 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{72619511-DB84-11E1-B5E5-A9D11B1356CE}.dat
    - 2010-07-07 21:21 . 2012-07-29 16:11 3245 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
    + 2010-07-07 21:21 . 2012-08-02 03:01 3245 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
    - 2012-07-29 16:12 . 2012-07-29 16:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-08-02 03:02 . 2012-08-02 03:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-08-02 03:02 . 2012-08-02 03:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-07-29 16:12 . 2012-07-29 16:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2010-08-16 20:52 . 2012-08-02 02:30 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2010-08-16 20:52 . 2012-07-29 16:14 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2012-08-01 02:57 . 2012-08-01 02:56 360448 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
    + 2009-07-14 04:54 . 2012-08-02 02:13 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 02:36 . 2012-08-02 03:11 763312 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-07-29 16:21 763312 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-07-29 16:21 156836 c:\windows\system32\perfc009.dat
    + 2009-07-14 02:36 . 2012-08-02 03:11 156836 c:\windows\system32\perfc009.dat
    - 2009-07-14 05:01 . 2012-07-29 16:11 430472 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-08-02 03:01 430472 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 04:54 . 2012-08-02 02:13 6848512 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2012-07-16 02:04 . 2012-08-02 03:01 2357236 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
    + 2009-07-14 04:54 . 2012-08-02 02:13 10633216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 02:34 . 2012-07-29 16:28 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2009-07-14 02:34 . 2012-08-02 03:18 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2010-08-24 05:04 . 2012-08-02 03:01 35007536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1273285964-1369492898-2689800442-1000-12288.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
    "IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-11-04 111640]
    "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
    "AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2012-01-26 2077536]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Air Mouse.lnk - c:\program files (x86)\Air Mouse\Air Mouse\Air Mouse.exe [2010-12-27 1044648]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2010-12-02 87336]
    R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
    R3 cpuz130;cpuz130;c:\users\CLASS2~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-04-28 1431888]
    R3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [2008-12-05 25224]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-21 113120]
    R3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2009-04-01 30800]
    R3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2009-06-17 11856]
    R3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [2009-04-01 26704]
    R3 ni488lock;NI-488.2 Locking Service;c:\windows\system32\drivers\ni488lock.sys [2009-01-29 18504]
    R3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [2009-01-02 11864]
    R3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [2009-05-29 11848]
    R3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [2009-06-17 11848]
    R3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [2009-06-17 11856]
    R3 nidwgk;nidwgk;c:\windows\system32\drivers\nidwgkl.sys [2009-05-27 11872]
    R3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [2009-05-29 11848]
    R3 niemrkw;niemrkw;c:\windows\system32\DRIVERS\niemrkw.sys [2009-05-29 11336]
    R3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [2009-05-29 11848]
    R3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [2009-01-06 11864]
    R3 nigplk;nigplk;c:\windows\system32\drivers\nigplkl.sys [2009-06-17 12152]
    R3 nihsdrk;nihsdrk;c:\windows\system32\drivers\nihsdrkl.sys [2009-04-08 11864]
    R3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [2008-12-29 11904]
    R3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [2009-06-17 11880]
    R3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [2009-03-30 11872]
    R3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2009-05-27 12928]
    R3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2009-05-27 12920]
    R3 nipsdk;nipsdk;c:\windows\system32\drivers\nipsdkl.sys [2009-06-11 11904]
    R3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2008-06-25 22104]
    R3 niRFSA2k;niRFSA2k;c:\windows\system32\drivers\niRFSA2kl.sys [2009-06-01 11840]
    R3 niRFSGk;niRFSGk;c:\windows\system32\drivers\niRFSGkl.sys [2009-04-28 11840]
    R3 NiRioRpc;National Instruments RIO Server;c:\windows\SysWOW64\NiRioRpc.exe [2009-06-22 28744]
    R3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [2009-01-05 11888]
    R3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [2009-02-06 11864]
    R3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [2009-03-30 11856]
    R3 nisldk;nisldk;c:\windows\system32\drivers\nisldkl.sys [2009-06-18 11856]
    R3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [2009-01-05 11888]
    R3 nisrcdk;nisrcdk;c:\windows\system32\drivers\nisrcdkl.sys [2009-06-26 11864]
    R3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [2009-05-29 11848]
    R3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [2009-01-02 11824]
    R3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [2009-01-02 11872]
    R3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [2008-07-28 11848]
    R3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [2009-01-02 11872]
    R3 nitnr2k;nitnr2k;c:\windows\system32\drivers\nitnr2kl.sys [2009-04-10 11840]
    R3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [2009-05-29 11880]
    R3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [2009-03-05 11896]
    R3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2009-06-21 11872]
    R3 niwdk;niwdk; [x]
    R3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [2009-05-29 11848]
    R3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [2009-05-29 11848]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2011-09-03 19936]
    R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2011-09-03 13280]
    R3 Remote Solver for Flow Simulation 2010;Remote Solver for Flow Simulation 2010;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2010-10-07 94472]
    R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-05-25 43032]
    R3 usb6xxxk;usb6xxxk;c:\windows\system32\drivers\usb6xxxkl.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-18 68440]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-08 1255736]
    R3 X6va003;X6va003;c:\users\CLASS2~1\AppData\Local\Temp\003302D.tmp [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
    S0 AvgRkx64;avgrkx64.sys;c:\windows\System32\Drivers\avgrkx64.sys [2010-07-19 56008]
    S0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [2008-08-22 16472]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-28 834544]
    S1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\system32\Drivers\avgldx64.sys [2010-07-22 269904]
    S1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\system32\Drivers\avgmfx64.sys [2011-09-12 35664]
    S1 AvgTdiA;AVG Network Redirector x64;c:\windows\system32\Drivers\avgtdia.sys [2011-05-05 317520]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe [2009-03-03 89600]
    S2 avg9wd;AVG WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2010-07-22 308136]
    S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 30520]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
    S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-05-04 25824]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
    S2 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\SysWOW64\nipalsm.exe [2008-08-22 12696]
    S2 nidevldu;NI Device Loader;c:\windows\SysWOW64\nipalsm.exe [2008-08-22 12696]
    S2 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2009-03-05 131704]
    S2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2009-06-04 193648]
    S2 nipxirmk;NI PXI Resource Manager;c:\windows\system32\drivers\nipxirmkl.sys [2009-06-04 11856]
    S2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2009-06-21 11872]
    S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-12-08 6810728]
    S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
    S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-18 2045232]
    S3 ALSysIO;ALSysIO;c:\users\CLASS2~1\AppData\Local\Temp\ALSysIO64.sys [x]
    S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
    S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-09-24 283824]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
    S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-05-31 7689216]
    S3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2008-06-13 11872]
    S3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [2008-11-24 11872]
    S3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [2008-12-29 11872]
    S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
    S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-05-10 174184]
    S3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismcx64.sys [2009-07-20 59008]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ALSYSIO
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-06-17 16:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1273285964-1369492898-2689800442-1000Core.job
    - c:\users\Class2014\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-24 04:07]
    .
    2012-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1273285964-1369492898-2689800442-1000UA.job
    - c:\users\Class2014\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-24 04:07]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-11-18 487424]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1875048]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\avgrssta.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.stevens.edu/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 167.206.245.129 167.206.245.130
    FF - ProfilePath - c:\users\Class2014\AppData\Roaming\Mozilla\Firefox\Profiles\gadqgzz4.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.stevens.edu
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mchInjDrv]
    "ImagePath"="\??\c:\windows\TEMP\mc28CA5.tmp"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va003]
    "ImagePath"="\??\c:\users\CLASS2~1\AppData\Local\Temp\003302D.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
    43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
    eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
    "{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
    06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
    "{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
    07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
    36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
    "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
    38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
    "{593DDEC6-7468-4CDD-90E1-42DADAA222E9}"=hex:51,66,7a,6c,4c,1d,38,12,a8,dd,2e,
    5d,5a,3a,b3,09,ef,f7,01,9a,df,fc,66,fd
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
    aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
    "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
    aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
    "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
    b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
    f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
    "{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
    f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
    "{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
    fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    "{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
    51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:a3,e0,81,37,91,6f,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-08-01 23:55:59
    ComboFix-quarantined-files.txt 2012-08-02 03:55
    ComboFix2.txt 2012-08-02 02:34
    ComboFix3.txt 2012-07-29 17:30
    ComboFix4.txt 2012-07-16 02:38
    .
    Pre-Run: 233,644,838,912 bytes free
    Post-Run: 233,547,771,904 bytes free
    .
    - - End Of File - - F0367DD98ACDA3B0E77148F9927082D0
  25. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Good :)

    How is computer doing?

    ================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.