Svchost.exe trojan

Hi all,

I have an svchost.exe trojan that was partially cleared up; I'm going to bite the bullet and admit I went through some steps on some past threads on this forum and used combofix and some extra scanners that were recommended in the past. It hasn't done any harm to my computer but if it's relevant enough I can track down a list of the techniques I used.

Either way, it cleared up the trojan as far as malwarebytes and avg (avg couldn't pick up on it in the first place) could detect but I'm still getting messages from malwarebytes that it's blocking svchost from access suspicious websites after all of that. I also still have an svchost.exe *32 process in task manager, so the problem isn't resolved yet.

I'll paste the malwarebytes, GMER, and DDS logs in the next posts. Thanks in advance for any help!

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.29.09

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
mburns :: K563 [administrator]

Protection: Enabled

7/29/2012 3:28:48 PM
mbam-log-2012-07-29 (15-28-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238050
Time elapsed: 8 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

The GMER log is something like 180K characters, I have no idea how many posts that's going to take up so I'll skip to the DDS logs:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by mburns at 21:50:45 on 2012-07-29
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4029.1894 [GMT -4:00]
.
AV: AVG Anti-Virus Business Edition *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Business Edition *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\SysWOW64\lkads.exe
C:\Windows\SysWOW64\lktsrv.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files (x86)\AVG\AVG9\avgam.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
C:\Windows\SysWOW64\nipalsm.exe
C:\Windows\SysWOW64\nipalsm.exe
C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
C:\Windows\SysWOW64\nisvcloc.exe
C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
C:\Windows\SysWOW64\nipalsm.exe
C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\MathType\MathType.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskhost.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.stevens.edu/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [NUSB3MON] "c:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AIRMOU~1.LNK - C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130
TCP: Interfaces\{93969BDB-469E-4DA2-B5B0-7D36F7841D93} : DhcpNameServer = 155.246.1.21 155.246.1.20
TCP: Interfaces\{FFFF8047-A2FA-4405-BFFA-58EDC6B067C7} : DhcpNameServer = 167.206.245.129 167.206.245.130
TCP: Interfaces\{FFFF8047-A2FA-4405-BFFA-58EDC6B067C7}\3547566756E637 : DhcpNameServer = 155.246.1.21 155.246.1.20
TCP: Interfaces\{FFFF8047-A2FA-4405-BFFA-58EDC6B067C7}\75962756C6563737 : DhcpNameServer = 8.8.8.8 8.8.4.4 4.2.2.2
TCP: Interfaces\{FFFF8047-A2FA-4405-BFFA-58EDC6B067C7}\75962756C6563737023427F677E6560205C616A716 : DhcpNameServer = 8.8.8.8 8.8.4.4 4.2.2.2
TCP: Interfaces\{FFFF8047-A2FA-4405-BFFA-58EDC6B067C7}\A6566666562737F6E61323 : DhcpNameServer = 167.206.245.129 167.206.245.130
TCP: Interfaces\{FFFF8047-A2FA-4405-BFFA-58EDC6B067C7}\E4544574541425 : DhcpNameServer = 167.206.245.129 167.206.245.130 167.206.245.71
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [NUSB3MON] "c:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Class2014\AppData\Roaming\Mozilla\Firefox\Profiles\gadqgzz4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.stevens.edu
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npEModelPlugin.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPLV80Win32.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPLV82Win32.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nplv85win32.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nplv86win32.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nplv90win32.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nplv90win64.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Class2014\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Class2014\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Class2014\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AvgRkx64;avgrkx64.sys;C:\Windows\system32\Drivers\avgrkx64.sys --> C:\Windows\system32\Drivers\avgrkx64.sys [?]
R0 nipbcfk;National Instruments Class Upper Filter Driver;C:\Windows\system32\drivers\nipbcfk.sys --> C:\Windows\system32\drivers\nipbcfk.sys [?]
R1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\system32\Drivers\avgldx64.sys --> C:\Windows\system32\Drivers\avgldx64.sys [?]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\system32\Drivers\avgmfx64.sys --> C:\Windows\system32\Drivers\avgmfx64.sys [?]
R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\system32\Drivers\avgtdia.sys --> C:\Windows\system32\Drivers\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe [2010-7-8 89600]
R2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-7-22 308136]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-1-27 102968]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-29 655944]
R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-5-4 25824]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
R2 ni488enumsvc;NI-488.2 Enumeration Service;C:\Windows\SysWOW64\nipalsm.exe [2008-8-21 12696]
R2 nidevldu;NI Device Loader;C:\Windows\SysWOW64\nipalsm.exe [2008-8-21 12696]
R2 niLXIDiscovery;National Instruments LXI Discovery Service;C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2009-3-5 131704]
R2 nimDNSResponder;National Instruments mDNS Responder Service;C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2009-6-4 193648]
R2 nipxirmk;NI PXI Resource Manager;\??\C:\Windows\system32\drivers\nipxirmkl.sys --> C:\Windows\system32\drivers\nipxirmkl.sys [?]
R2 NiViPxiK;NI-VISA PXI Driver;C:\Windows\system32\drivers\NiViPxiKl.sys --> C:\Windows\system32\drivers\NiViPxiKl.sys [?]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-12-8 6810728]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-7-8 2320920]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-18 1664304]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-7-8 228408]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 nidimk;nidimk;\??\C:\Windows\system32\drivers\nidimkl.sys --> C:\Windows\system32\drivers\nidimkl.sys [?]
R3 nimru2k;nimru2k;\??\C:\Windows\system32\drivers\nimru2kl.sys --> C:\Windows\system32\drivers\nimru2kl.sys [?]
R3 nimstsk;nimstsk;\??\C:\Windows\system32\drivers\nimstskl.sys --> C:\Windows\system32\drivers\nimstskl.sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 rismcx64;RICOH Smart Card Reader;C:\Windows\system32\DRIVERS\rismcx64.sys --> C:\Windows\system32\DRIVERS\rismcx64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2010-12-2 87336]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-7-12 1431888]
S3 lvalarmk;lvalarmk;\??\C:\Windows\system32\drivers\lvalarmk.sys --> C:\Windows\system32\drivers\lvalarmk.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]
S3 ni1006k;NI PXI-1006 Chassis Pilot;\??\C:\Windows\system32\drivers\ni1006k.sys --> C:\Windows\system32\drivers\ni1006k.sys [?]
S3 ni1045k;NI PXI-1045 Chassis Pilot;\??\C:\Windows\system32\drivers\ni1045kl.sys --> C:\Windows\system32\drivers\ni1045kl.sys [?]
S3 ni1065k;NI PXIe-1065 Chassis Pilot;\??\C:\Windows\system32\drivers\ni1065k.sys --> C:\Windows\system32\drivers\ni1065k.sys [?]
S3 ni488lock;NI-488.2 Locking Service;\??\C:\Windows\system32\drivers\ni488lock.sys --> C:\Windows\system32\drivers\ni488lock.sys [?]
S3 nicdrk;nicdrk;\??\C:\Windows\system32\drivers\nicdrkl.sys --> C:\Windows\system32\drivers\nicdrkl.sys [?]
S3 nicsrk;nicsrk;\??\C:\Windows\system32\drivers\nicsrkl.sys --> C:\Windows\system32\drivers\nicsrkl.sys [?]
S3 nidmxfk;nidmxfk;\??\C:\Windows\system32\drivers\nidmxfkl.sys --> C:\Windows\system32\drivers\nidmxfkl.sys [?]
S3 nidsark;nidsark;\??\C:\Windows\system32\drivers\nidsarkl.sys --> C:\Windows\system32\drivers\nidsarkl.sys [?]
S3 nidwgk;nidwgk;\??\C:\Windows\system32\drivers\nidwgkl.sys --> C:\Windows\system32\drivers\nidwgkl.sys [?]
S3 niemrk;niemrk;\??\C:\Windows\system32\drivers\niemrkl.sys --> C:\Windows\system32\drivers\niemrkl.sys [?]
S3 niemrkw;niemrkw;C:\Windows\system32\DRIVERS\niemrkw.sys --> C:\Windows\system32\DRIVERS\niemrkw.sys [?]
S3 niesrk;niesrk;\??\C:\Windows\system32\drivers\niesrkl.sys --> C:\Windows\system32\drivers\niesrkl.sys [?]
S3 nifslk;nifslk;\??\C:\Windows\system32\drivers\nifslkl.sys --> C:\Windows\system32\drivers\nifslkl.sys [?]
S3 nigplk;nigplk;\??\C:\Windows\system32\drivers\nigplkl.sys --> C:\Windows\system32\drivers\nigplkl.sys [?]
S3 nihsdrk;nihsdrk;\??\C:\Windows\system32\drivers\nihsdrkl.sys --> C:\Windows\system32\drivers\nihsdrkl.sys [?]
S3 nimsdrk;nimsdrk;\??\C:\Windows\system32\drivers\nimsdrkl.sys --> C:\Windows\system32\drivers\nimsdrkl.sys [?]
S3 nimxpk;nimxpk;\??\C:\Windows\system32\drivers\nimxpkl.sys --> C:\Windows\system32\drivers\nimxpkl.sys [?]
S3 ninshsdk;ninshsdk;\??\C:\Windows\system32\drivers\ninshsdkl.sys --> C:\Windows\system32\drivers\ninshsdkl.sys [?]
S3 nipalfwedl;nipalfwedl;C:\Windows\system32\drivers\nipalfwedl.sys --> C:\Windows\system32\drivers\nipalfwedl.sys [?]
S3 nipalusbedl;nipalusbedl;C:\Windows\system32\drivers\nipalusbedl.sys --> C:\Windows\system32\drivers\nipalusbedl.sys [?]
S3 nipsdk;nipsdk;\??\C:\Windows\system32\drivers\nipsdkl.sys --> C:\Windows\system32\drivers\nipsdkl.sys [?]
S3 nipxigpk;NI PXI Generic Chassis Pilot;\??\C:\Windows\system32\drivers\nipxigpk.sys --> C:\Windows\system32\drivers\nipxigpk.sys [?]
S3 niRFSA2k;niRFSA2k;\??\C:\Windows\system32\drivers\niRFSA2kl.sys --> C:\Windows\system32\drivers\niRFSA2kl.sys [?]
S3 niRFSGk;niRFSGk;\??\C:\Windows\system32\drivers\niRFSGkl.sys --> C:\Windows\system32\drivers\niRFSGkl.sys [?]
S3 NiRioRpc;National Instruments RIO Server;C:\Windows\SysWOW64\NiRioRpc.exe [2009-6-22 28744]
S3 niscdk;niscdk;\??\C:\Windows\system32\drivers\niscdkl.sys --> C:\Windows\system32\drivers\niscdkl.sys [?]
S3 nisdigk;nisdigk;\??\C:\Windows\system32\drivers\nisdigkl.sys --> C:\Windows\system32\drivers\nisdigkl.sys [?]
S3 nisftk;nisftk;\??\C:\Windows\system32\drivers\nisftkl.sys --> C:\Windows\system32\drivers\nisftkl.sys [?]
S3 nisldk;nisldk;\??\C:\Windows\system32\drivers\nisldkl.sys --> C:\Windows\system32\drivers\nisldkl.sys [?]
S3 nispdk;nispdk;\??\C:\Windows\system32\drivers\nispdkl.sys --> C:\Windows\system32\drivers\nispdkl.sys [?]
S3 nisrcdk;nisrcdk;\??\C:\Windows\system32\drivers\nisrcdkl.sys --> C:\Windows\system32\drivers\nisrcdkl.sys [?]
S3 nissrk;nissrk;\??\C:\Windows\system32\drivers\nissrkl.sys --> C:\Windows\system32\drivers\nissrkl.sys [?]
S3 nistc2k;nistc2k;\??\C:\Windows\system32\drivers\nistc2kl.sys --> C:\Windows\system32\drivers\nistc2kl.sys [?]
S3 nistcrk;nistcrk;\??\C:\Windows\system32\drivers\nistcrkl.sys --> C:\Windows\system32\drivers\nistcrkl.sys [?]
S3 niswdk;niswdk;\??\C:\Windows\system32\drivers\niswdkl.sys --> C:\Windows\system32\drivers\niswdkl.sys [?]
S3 nitiork;nitiork;\??\C:\Windows\system32\drivers\nitiorkl.sys --> C:\Windows\system32\drivers\nitiorkl.sys [?]
S3 nitnr2k;nitnr2k;\??\C:\Windows\system32\drivers\nitnr2kl.sys --> C:\Windows\system32\drivers\nitnr2kl.sys [?]
S3 niufurk;niufurk;\??\C:\Windows\system32\drivers\niufurkl.sys --> C:\Windows\system32\drivers\niufurkl.sys [?]
S3 NiViFWK;NI-VISA FireWire Driver;C:\Windows\system32\drivers\NiViFWKl.sys --> C:\Windows\system32\drivers\NiViFWKl.sys [?]
S3 NiViPciK;NI-VISA PCI Driver;C:\Windows\system32\drivers\NiViPciKl.sys --> C:\Windows\system32\drivers\NiViPciKl.sys [?]
S3 niwfrk;niwfrk;\??\C:\Windows\system32\drivers\niwfrkl.sys --> C:\Windows\system32\drivers\niwfrkl.sys [?]
S3 nixsrk;nixsrk;\??\C:\Windows\system32\drivers\nixsrkl.sys --> C:\Windows\system32\drivers\nixsrkl.sys [?]
S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?]
S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?]
S3 Remote Solver for Flow Simulation 2010;Remote Solver for Flow Simulation 2010;C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2010-10-6 94472]
S3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-5-25 43032]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2012-07-29 23:58:00 20480 ----a-w- C:\Windows\svchost.exe
2012-07-29 19:26:37 -------- d-sh--w- C:\$RECYCLE.BIN
2012-07-29 17:33:18 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-29 17:03:37 98816 ----a-w- C:\Windows\sed.exe
2012-07-29 17:03:37 518144 ----a-w- C:\Windows\SWREG.exe
2012-07-29 17:03:37 256000 ----a-w- C:\Windows\PEV.exe
2012-07-29 17:03:37 208896 ----a-w- C:\Windows\MBR.exe
2012-07-29 16:00:46 -------- d-----w- C:\Users\Class2014\AppData\Roaming\Malwarebytes
2012-07-29 16:00:16 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-29 16:00:15 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-29 16:00:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-14 19:50:10 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-14 19:33:44 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-12 04:22:37 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 11:12:58 -------- d-----w- C:\8ca979b7f09b658e9dc76c61d1
2012-07-11 11:10:07 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 11:10:07 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-11 11:10:07 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-07-11 11:10:06 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-07-07 19:10:27 -------- d-----w- C:\Program Files (x86)\EAGLE-6.2.0
2012-07-07 19:10:17 -------- d-----w- C:\Users\Class2014\AppData\Roaming\CadSoft
.
==================== Find3M ====================
.
2012-07-30 01:46:00 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2012-07-29 16:13:20 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2012-07-29 00:02:23 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
2012-07-28 23:47:52 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
2012-07-14 19:33:44 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
.
============= FINISH: 21:52:22.03 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/7/2010 2:41:53 PM
System Uptime: 7/29/2012 12:11:56 PM (9 hours ago)
.
Motherboard: Hewlett-Packard | | 1521
Processor: Intel(R) Core(TM) i7 CPU Q 820 @ 1.73GHz | CPU 1 | 1196/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 458 GiB total, 225.879 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 6.312 GiB free.
E: is CDROM ()
F: is Removable
G: is FIXED (NTFS) - 901 GiB total, 519.689 GiB free.
H: is CDROM ()
I: is FIXED (NTFS) - 496 GiB total, 426.68 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP220: 7/15/2012 10:43:38 PM - ComboFix created restore point
RP221: 7/24/2012 11:38:34 PM - Scheduled Checkpoint
RP222: 7/29/2012 1:03:50 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
µTorrent
Adobe Acrobat 9 Pro
Adobe Acrobat 9.4.2 - CPSID_83708
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.6
Apple Application Support
Apple Software Update
Audacity 1.3.13 (Unicode)
AVG 9.0
BufferChm
Computrace
CoreTempMC
Coupon Printer for Windows
Crystal Reports for Visual Studio
D2600
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DeviceDiscovery
DivX Setup
DJ_SF_05_D2600_Software_Min
Dotfuscator Software Services - Community Edition
EAGLE 6.2.0
Elica 5.3
Empire Earth II
Free FLV Converter V 6.92.0
Free Video Converter V 2.92
Futuremark SystemInfo
GCalc 3
Google Chrome
Google Talk Plugin
GPBaseService2
HI-TECH C PRO for the PIC10/12/16 MCU Family V9.65PL1
HI-TECH C51-lite V9.60PL0
HI-TECH PICC lite V9.60PL0
HI-TIDE V3.15PL2
Hotfix for Microsoft Visual Studio 2010 Premium - ENU (KB2455033)
HP Photo Creations
HP Quick Launch Buttons
HP QuickWeb
HP Update
HP Webcam
HP Webcam Driver
HPPhotoGadget
HPProductAssistant
HPSSupply
IDT Audio
Intel(R) Management Engine Components
IVI Shared Components
Java 3D 1.3.1 (OpenGL) Runtime
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) 7 Update 4
Java(TM) SE Development Kit 6 Update 20
JavaFX 2.1.0
LAME v3.99.3 (for Windows)
League of Legends
LightScribe System Software
Malwarebytes Anti-Malware version 1.62.0.1300
MarketResearch
MathType 6
Memeo AutoSync
Memeo Instant Backup
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Expression Design 3
Microsoft Expression Encoder 3
Microsoft Expression Web 3
Microsoft Expression Web 3 SP1
Microsoft Office 2003 Web Components
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Project MUI (English) 2010
Microsoft Office Project Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Visio 2010
Microsoft Office Visio MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Project 2010 Service Pack 1 (SP1)
Microsoft Project Professional 2010
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Visio 2010 Service Pack 1 (SP1)
Microsoft Visio Premium 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2005 Tools for Applications - ENU
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Premium - ENU
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio Macro Tools
MiniTool Partition Wizard Home Edition 7.0
Mirror's Edge™
Mobile Broadband Generic Drivers
Mobile Mouse Server
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
National Instruments Software
NEC Electronics USB 3.0 Host Controller Driver
Nero 10 Movie ThemePack Basic
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10 VL Basic
Nero StartSmart 10 Help (CHM)
Nero Update
NetBeans IDE 6.9
NI-488.2 2.7.1
NI-488.2 Provider for MAX version 2.7.1
NI-653x Installer 1.9.0
NI-APAL Error Files 1.5.0f0
NI-DAQ C and VB6 API
NI-DAQ Document Set
NI-DAQ INF Files
NI-DAQmx - LabVIEW shared documentation
NI-DAQmx 8.9.5
NI-DAQmx Documentation
NI-DAQmx MAX Support 1.12.5
NI-DAQmx OPC Support
NI-DAQmx support for LabVIEW
NI-DAQmx Switch Core 1.15.0
NI-DCPower 1.3.1
NI-DIM 1.9.0f0
NI-DIM 1.9.0f0 for Phar Lap ETS
NI-DIO Driver 160f1
NI-DMM 3.0
NI-FGEN 2.6.3
NI-FGEN Driver 163f1
NI-FieldPoint 6.0.5
NI-FieldPoint for LabVIEW Real-Time 6.0.5
NI-HSD Driver 1.10.2f1
NI-HSDIO 1.6.1
NI-IMAQ Camera Files
NI-Intel8255x for LabVIEW Real-Time
NI-MDBG 1.9.0f0
NI-MDBG 1.9.0f0 for Phar Lap ETS
NI-MRU 2.10.1f0
NI-MXDF 1.10.0f0
NI-MXDF 1.10.0f0 for Phar Lap ETS
NI-MXEF 2.2.5
NI-MXLC Core (32-bit)
NI-MXLC LabVIEW 2009 Support
NI-ORB 1.9.3f0
NI-ORB 1.9.3f0 for Phar Lap ETS
NI-PAL 2.4.0f0 for Phar Lap ETS
NI-PAL 2.4.1f0
NI-PAL 2.4.1f0 for Phar Lap ETS
NI-RFSA 2.1.2
NI-RFSG 1.5.1
NI-RIO 3.2.0
NI-RIO 3.2.0 driver for Real-Time Embedded Targets
NI-RIO I/O Control for LabVIEW 2009
NI-RIO I/O Control for LabVIEW 8.5
NI-RIO I/O Control for LabVIEW 8.6
NI-RIO Scan Interface for Real-Time Embedded Targets
NI-RPC 4.1.0f0 for Phar Lap ETS
NI-RPC 4.1.1f0
NI-RPC 4.1.1f0 for Phar Lap ETS
NI-SCOPE 3.5.2
NI-Serial 3.3.4 for LabVIEW Real-Time
NI-Serial 3.4
NI-Serial 3.4 Help
NI-Serial 3.4 MAX Provider
NI-STE10/100A 2.1.0f2 for Phar Lap ETS
NI-STE10/100A for Phar Lap ETS
NI-SWITCH 3.8.5
NI-TClk 1.7.1
NI-TNF 1.4.4f0 for Phar Lap ETS
NI-TNR Driver
NI-VISA 4.4 for LabVIEW Real-Time
NI-VISA 4.5.1
NI-VISA 4.5.1 for LabVIEW Real-Time
NI-VISA 4.5.1 MAX Provider
NI-VISA Runtime 4.5.1
NI-VISA Server 4.5.1
NI-WatchDog 4.0 for LabVIEW Real-Time
NI-WatchDog Host 4.0
NI-WatchDog LabVIEW 9.0 Support
NI 2009 Control Design Assistant
NI AFW Channel Configuration Tool
NI AFW Custom UI
NI Assistant Framework
NI Assistant Framework LabVIEW 2009 Support
NI Assistant Framework LabVIEW Code Generator 2009
NI Calibration Provider for MAX 4.6.0
NI Certificates Deployment Support
NI Circuit Design Suite 10.1.1 Core
NI Circuit Design Suite 10.1.1 Edu Licenses
NI Circuit Design Suite 10.1.1 Education
NI CodeSignAPI
NI Common Digital 1.9.0
NI DAQ Assistant 1.10.5
NI DataSocket 4.7.0
NI DHV DCMP Installer 1.1.3f1
NI DHV GPL 108f4
NI Distributed System Manager 2009
NI DN 2.0 installer
NI DN 2.0 Language Pack installer
NI Dynamic Signal Acquisition Installer 1.13.1
NI Enhanced DSC Deployment Support 8.5
NI EULA Depot
NI Example Finder 9.0
NI FieldPoint MAX Provider
NI FlexRIO support for Real-Time Embedded Targets
NI FSL Installer 1.8.0
NI Help Assistant
NI Hierarchical Waveform Storage 1.4.7
NI IMAQ Vision for Measurement Studio Upgrade Manager
NI Instrument I/O Assistant
NI Instrument IO Assistant for LabVIEW 9.0 32
NI IVI Class Driver LabVIEW 2009 Support
NI IVI Class Drivers
NI IVI Class Simulation Drivers
NI IVI Compliance Package 4.0
NI IVI Engine
NI IVI Online Help
NI IVI Provider for MAX
NI LabVIEW 2009
NI LabVIEW 2009 Applibs
NI LabVIEW 2009 CINtools
NI LabVIEW 2009 Control Design and Simulation Module
NI LabVIEW 2009 Control Design Shared VIs
NI LabVIEW 2009 Deployment Framework
NI LabVIEW 2009 Desktop Execution Trace Toolkit
NI LabVIEW 2009 Desktop Execution Trace Toolkit LV 2009 Supp
NI LabVIEW 2009 Digital Filter Design Toolkit
NI LabVIEW 2009 Digital Filter Design Toolkit License
NI LabVIEW 2009 Digital Filter Design Toolkit RT Support
NI LabVIEW 2009 Examples
NI LabVIEW 2009 FPGA Realtime Support
NI LabVIEW 2009 gMath
NI LabVIEW 2009 Help
NI LabVIEW 2009 Help File
NI LabVIEW 2009 Instr.lib
NI LabVIEW 2009 License
NI LabVIEW 2009 Manuals
NI LabVIEW 2009 MathScript RT Module
NI LabVIEW 2009 MathScript RT Module License
NI LabVIEW 2009 MeasAppChm File
NI LabVIEW 2009 Menus
NI LabVIEW 2009 Project
NI LabVIEW 2009 Resource
NI LabVIEW 2009 Simulation
NI LabVIEW 2009 System Identification Assistant
NI LabVIEW 2009 System Identification Toolkit
NI LabVIEW 2009 System Identification Toolkit License
NI LabVIEW 2009 System Identification Toolkit VIs
NI LabVIEW 2009 Templates
NI LabVIEW 2009 User.lib
NI LabVIEW 2009 VI.lib
NI LabVIEW 2009 Web Server
NI LabVIEW 2009 WWW
NI LabVIEW 8.5.1 Real-Time cRIO 9014 Upgrade
NI LabVIEW 8.6 Real-Time LabVIEW
NI LabVIEW 8.6 Real-Time MSVS71 Support
NI LabVIEW 8.6 Real-Time Pharlap Base
NI LabVIEW 8.6 Real-Time Pharlap LabVIEW
NI LabVIEW 8.6 Real-Time Support for cRIO
NI LabVIEW 8.6 Real-Time VxWorks Base Support
NI LabVIEW 8.6 Real-Time VxWorks LabVIEW
NI LabVIEW Analog Modulation Toolkit 4.1
NI LabVIEW Broker
NI LabVIEW C Interface
NI LabVIEW Compare Utility 9.0.0
NI LabVIEW Deployable License 2009
NI LabVIEW EWB DeviceHandler 2009
NI LabVIEW MAX XML
NI LabVIEW Merge Utility 9.0.0
NI LabVIEW Modulation Toolkit 4.1
NI LabVIEW Real-Time Error Dialog
NI LabVIEW Real-Time FIFO for Runtime
NI LabVIEW Real-Time NBFifo
NI LabVIEW Run-Time Engine 2009
NI LabVIEW Run-Time Engine 7.1.1
NI LabVIEW Run-Time Engine 8.0.1
NI LabVIEW Run-Time Engine 8.2.1
NI LabVIEW Run-Time Engine 8.5.1
NI LabVIEW Run-Time Engine 8.6.1
NI LabVIEW Run-Time Engine Interop 2009
NI LabVIEW Run-Time Engine Web Services
NI LabVIEW SignalExpress 2009
NI LabVIEW SignalExpress 2009 Core
NI LabVIEW SignalExpress 2009 Core LabVIEW Support
NI LabVIEW SignalExpress 2009 Core LabVIEW90 Support
NI LabVIEW SignalExpress 2009 Datatypes
NI LabVIEW SignalExpress 2009 Datatypes LabVIEW 2009 Support
NI LabVIEW SignalExpress 2009 LabVIEW 2009 Support
NI LabVIEW SignalExpress 2009 LabVIEW Support
NI LabVIEW SignalExpress 2009 Licenses
NI LabVIEW SignalExpress 2009 Steps
NI LabVIEW SignalExpress 2009 Tools
NI LabVIEW Web Server for Run-Time Engine
NI LabVIEW Web Services Runtime
NI LabWindows/CVI 9.0.1 Run-Time Engine
NI LabWindows/CVI Code Generator
NI LabWindows/CVI DLL Builder for LabVIEW
NI License Manager
NI Logos 5.1
NI Logos LabVIEW 2009 Support
NI Logos Support for LabVIEW Real-Time
NI Logos XT Support
NI Logos XT Support for LabVIEW Real-Time
NI LVBrokerAux 8.2.1
NI LVBrokerAux 8.5.0
NI LVBrokerAux1071
NI LVBrokerAux71
NI LVBrokerAux8.0
NI Math Kernel Libraries
NI MAX LabVIEW Support 4.6.0
NI MAX Remote Configuration Installer 4.6
NI MDF Support
NI mDNS Responder 1.1.0
NI Measurement & Automation Explorer 4.6.0
NI Measurement Studio 8.1 Enterprise RunTime for VS2005
NI Measurement Studio Common .NET Assemblies for the .NET 3.5
NI Measurement Studio Common .NET Language Assemblies for the .NET Framework 2.0
NI Measurement Studio Recipe Processor
NI MetaSuite Installer
NI MIO Device Drivers 2.0.2
NI ModInst 1.5
NI MXS 4.6.0
NI MXS 4.6.0f0 for LabVIEW Real-Time
NI OCR Upgrade Manager
NI OPC Support
NI Portable Configuration 4.6.0
NI PXI Platform Framework 1.1.3
NI PXI Platform Framework 1.1.3 for Phar Lap ETS
NI PXI Platform Services 2.5.1
NI PXI Platform Services 2.5.1 Configuration Support
NI PXI Platform Services 2.5.1 Expert
NI PXI Platform Services 2.5.1 Expert for LabVIEW Real-Time
NI PXI Platform Services 2.5.1 for LabVIEW Real-Time
NI Registration Wizard
NI Remote Provider for MAX 4.6.0
NI Remote PXI Provider for MAX 4.6.0
NI Script Editor 1.3.1
NI SCXI 1.10.0
NI Service Locator
NI Software Provider for MAX 4.6.0
NI Sound and Vibration Frequency Analysis 2009
NI Sound and Vibration Frequency Analysis LabVIEW 2009 Support
NI Spy 2.7.0
NI Spy API LV90
NI SSL LabVIEW 2009 Support
NI SSL Support
NI STC 1.2.0
NI System API RT
NI System API Windows 32-bit
NI System Identification Assistant LabVIEW Support
NI System State Publisher
NI TDM Excel Add-In 2.1
NI TDMS
NI TDMS RT
NI Timing Installer 1.13.0
NI Trace Engine
NI Uninstaller
NI Update Service 1.0
NI Update Service Extras 1.0
NI USI 1.7.0
NI Variable Engine 2.3.0
NI Variable Engine LabVIEW 2009 Support
NI VC2005MSMs x86
NI VC2008MSMs x86
NI Vision .NET 2009
NI Vision .NET Run-Time Engine 2009
NI Vision 2009
NI Vision Assistant 2009
NI Vision Assistant 2009 .NET
NI Vision Builder AI 3.6.1
NI Vision Run-Time Engine 2009
NI Web Pipeline 2.0.1
NI Xalan Delay Load 1.10.1
NI Xerces Delay Load 2.7.1
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
Octoshape add-in for Adobe Flash Player
ooVoo
Pad2Pad 1.9.74
Pando Media Booster
Parallel Computing Toolkit 2.1
Pharos
PhotoView 360
Pidgin
Portal 2
Project64 1.6
QLBCASL
QuickTime
R for Windows 2.11.1
RICOH Media Driver
Scientific Viewer 5.5
Scratch
Seagate Dashboard
Search Toolbar
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Expression Design 3 (KB2667727)
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio 2010 (KB2553374) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Security Update for Microsoft Visual Studio 2010 Premium - ENU (KB2251489)
Security Update for Microsoft Visual Studio 2010 Premium - ENU (KB2644980)
Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
Skype Toolbars
Skype™ 4.2
SmartWebPrinting
SolidWorks 2010 x64 Edition SP05
SolidWorks eDrawings 2010
SolutionCenter
Status
Steam
swMSM
System Requirements Lab for Intel
TextPad 5
Toolbox
TrayApp
Truss Analysis 5.3
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VC80CRTRedist - 8.0.50727.4053
Verizon Wireless USB720-V740 Firmware Updates
Verizon Wireless USB727 Firmware Updates
VISA Shared Components 64-Bit
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 1.1.0
VZAccess Manager
WebReg
Winamp
Windows Movie Maker 2.6
WinSCP 4.3.2
Wolfram Notebook Indexer 2.0
World Community Grid - BOINC for Windows
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
7/29/2012 9:51:45 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
7/29/2012 3:51:30 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
7/29/2012 12:14:34 PM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc24690.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/29/2012 12:12:50 PM, Error: Service Control Manager [7000] - The cvintdrv service failed to start due to the following error: This driver has been blocked from loading
7/29/2012 12:12:50 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\cvintdrv.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/29/2012 11:57:43 AM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc2DAA5.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/29/2012 1:23:34 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/29/2012 1:22:31 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/29/2012 1:03:04 PM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
7/29/2012 1:03:04 PM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
7/28/2012 8:03:09 PM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc2863F.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/28/2012 7:49:04 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
7/28/2012 7:48:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/28/2012 7:48:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/28/2012 7:48:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/28/2012 7:48:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/28/2012 7:48:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/28/2012 7:48:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/28/2012 7:48:21 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx64 AvgMfx64 AvgTdiA CSC DfsC discache NetBIOS NetBT NIPALK nipbcfk nsiproxy Psched rdbss spldr sptd tdx vpcnfltr vpcvmm vwififlt Wanarpv6 WfpLwf ws2ifsl
7/28/2012 7:48:20 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/28/2012 7:48:20 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/28/2012 7:48:20 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/28/2012 7:48:20 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/28/2012 7:48:20 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/28/2012 7:48:20 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/28/2012 7:48:19 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/28/2012 7:48:19 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/28/2012 7:48:19 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
7/28/2012 7:48:19 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/28/2012 7:48:19 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/28/2012 7:48:19 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/28/2012 7:47:41 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
7/28/2012 7:20:04 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Apple Mobile Device service to connect.
7/28/2012 7:20:04 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/28/2012 7:20:02 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
7/28/2012 7:19:48 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Adobe Acrobat Update Service service to connect.
7/28/2012 7:17:46 PM, Error: Service Control Manager [7038] - The MSSQL$SQLEXPRESS service was unable to log on as NT AUTHORITY\NETWORK SERVICE with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/28/2012 7:17:46 PM, Error: Service Control Manager [7000] - The SQL Server (SQLEXPRESS) service failed to start due to the following error: The service did not start due to a logon failure.
7/28/2012 7:17:46 PM, Error: Service Control Manager [7000] - The MemeoBackgroundService service failed to start due to the following error: The pipe has been ended.
7/28/2012 7:17:43 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Intel(R) Management and Security Application Local Management Service service to connect.
7/28/2012 7:17:43 PM, Error: Service Control Manager [7000] - The Intel(R) Management and Security Application Local Management Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/28/2012 7:17:28 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the National Instruments Time Synchronization service to connect.
7/28/2012 7:17:13 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the National Instruments PSP Server Locator service to connect.
7/28/2012 7:16:57 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the LightScribeService Direct Disc Labeling Service service to connect.
7/28/2012 7:16:42 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the HP CUE DeviceDiscovery Service service to connect.
7/28/2012 7:16:42 PM, Error: Service Control Manager [7000] - The HP CUE DeviceDiscovery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/28/2012 7:16:26 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the AVG WatchDog service to connect.
7/28/2012 7:16:26 PM, Error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/28/2012 7:12:14 PM, Error: Service Control Manager [7038] - The DPS service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/28/2012 7:12:14 PM, Error: Service Control Manager [7038] - The CryptSvc service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/28/2012 7:12:14 PM, Error: Service Control Manager [7000] - The Diagnostic Policy Service service failed to start due to the following error: The service did not start due to a logon failure.
7/28/2012 7:12:14 PM, Error: Service Control Manager [7000] - The Cryptographic Services service failed to start due to the following error: The service did not start due to a logon failure.
7/28/2012 7:12:14 PM, Error: Service Control Manager [7000] - The Certificate Propagation service failed to start due to the following error: A system shutdown is in progress.
7/28/2012 7:12:14 PM, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The pipe has been ended.
7/28/2012 6:56:51 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the hpqwmiex service to connect.
7/28/2012 6:56:51 PM, Error: Service Control Manager [7000] - The hpqwmiex service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/28/2012 6:53:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}
7/28/2012 6:53:13 PM, Error: Service Control Manager [7001] - The Intel(R) Management & Security Application User Notification Service service depends on the Intel(R) Management and Security Application Local Management Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
7/28/2012 6:53:12 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Nero Update service to connect.
7/28/2012 6:53:12 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
7/28/2012 6:51:11 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Seagate Dashboard Service service to connect.
7/28/2012 6:51:11 PM, Error: Service Control Manager [7000] - The Seagate Dashboard Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/28/2012 6:50:56 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the rpcnetp service to connect.
7/28/2012 6:50:56 PM, Error: Service Control Manager [7000] - The rpcnetp service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/28/2012 6:50:41 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Remote Procedure Call (RPC) Net service to connect.
7/28/2012 6:50:41 PM, Error: Service Control Manager [7000] - The Remote Procedure Call (RPC) Net service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/28/2012 6:50:26 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Pharos Systems ComTaskMaster service to connect.
7/28/2012 6:50:26 PM, Error: Service Control Manager [7000] - The Pharos Systems ComTaskMaster service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/28/2012 6:50:10 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the NI Service Locator service to connect.
7/28/2012 6:49:55 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the National Instruments Domain Service service to connect.
7/28/2012 6:49:55 PM, Error: Service Control Manager [7001] - The NI PXI Resource Manager service depends on the NI Configuration Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
7/28/2012 6:49:40 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the NI-488.2 Enumeration Service service to connect.
7/28/2012 6:49:40 PM, Error: Service Control Manager [7001] - The NI Device Loader service depends on the NI Configuration Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
7/28/2012 6:49:40 PM, Error: Service Control Manager [7000] - The NI-488.2 Enumeration Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/28/2012 6:49:25 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the NI Configuration Manager service to connect.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7001] - The World Wide Web Publishing Service service depends on the Windows Process Activation Service service which failed to start because of the following error: The system cannot find the path specified.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: The system cannot find the path specified.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Windows Management Instrumentation service which failed to start because of the following error: The system cannot find the path specified.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: The dependency service or group failed to start.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The Windows Process Activation Service service failed to start due to the following error: The system cannot find the path specified.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The system cannot find the path specified.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The Telephony service failed to start due to the following error: The system cannot find the path specified.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The TCP/IP Registry Compatibility service failed to start due to the following error: The media is write protected.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The SQL Server VSS Writer service failed to start due to the following error: The system cannot find the path specified.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The Security Driver service failed to start due to the following error: The media is write protected.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The Secure Socket Tunneling Protocol Service service failed to start due to the following error: The system cannot find the path specified.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The Secondary Logon service failed to start due to the following error: The system cannot find the path specified.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The Seagate Dashboard Service service failed to start due to the following error: The system cannot find the path specified.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The rpcnetp service failed to start due to the following error: The system cannot find the path specified.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The Remote Procedure Call (RPC) Net service failed to start due to the following error: The system cannot find the path specified.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The Program Compatibility Assistant Service service failed to start due to the following error: The system cannot find the path specified.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The system cannot find the path specified.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The Pharos Systems ComTaskMaster service failed to start due to the following error: The system cannot find the path specified.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The PEAUTH service failed to start due to the following error: The media is write protected.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The NI PXI Resource Manager service failed to start due to the following error: The media is write protected.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The NI-VISA PXI Driver service failed to start due to the following error: The media is write protected.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The Network Location Awareness service failed to start due to the following error: The system cannot find the path specified.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The system cannot find the path specified.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The Distributed Link Tracking Client service failed to start due to the following error: The system cannot find the path specified.
7/28/2012 2:44:18 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
7/27/2012 7:18:08 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
7/27/2012 6:05:45 PM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc2C2F0.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/26/2012 6:05:59 PM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc2C199.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/25/2012 8:57:35 PM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc25D9.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/25/2012 8:55:42 PM, Error: Service Control Manager [7022] - The Audio Service service hung on starting.
7/24/2012 7:20:13 PM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc2928E.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/24/2012 6:05:32 PM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc2B395.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/23/2012 7:35:43 PM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc2CFFB.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
.
==== End Of File ===========================

Wow, wasn't expecting an answer so soon, I really appreciate this. Here's the logs:

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: mburns [Admin rights]
Mode: Scan -- Date: 07/29/2012 23:16:34

¤¤¤ Bad processes: 1 ¤¤¤
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 5 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : c:\windows\installer\{42a20c13-7b7a-d9b4-448a-5855ff432868}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{42a20c13-7b7a-d9b4-448a-5855ff432868}\L --> FOUND
[ZeroAccess][FILE] @ : c:\users\class2014\appdata\local\{42a20c13-7b7a-d9b4-448a-5855ff432868}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\users\class2014\appdata\local\{42a20c13-7b7a-d9b4-448a-5855ff432868}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\users\class2014\appdata\local\{42a20c13-7b7a-d9b4-448a-5855ff432868}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500420AS ATA Device +++++
--- User ---
[MBR] 100fe8340e9e7fb52f6b6d27dd001a51
[BSP] ca0a18c02b5622e4126dc0532bff4694 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1052 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2156544 | Size: 468816 Mo
2 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 962291712 | Size: 7070 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] f371def9e24b8d101909320ef20fdead
[BSP] ca0a18c02b5622e4126dc0532bff4694 : Windows 7 MBR Code
Partition table:
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1052 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2156544 | Size: 468816 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 962291712 | Size: 7070 Mo

+++++ PhysicalDrive1: Generic Flash Disk USB Device +++++
--- User ---
[MBR] f4f44b73dbe886ac34bee13d0b4ca68c
[BSP] 650f0735156de32a923a3bcdf7cea1c8 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 1544 | Size: 929 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

-------------------------------------------------------------------------------------------------------------------------------

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-29 23:16:57
-----------------------------
23:16:57.717 OS Version: Windows x64 6.1.7600
23:16:57.717 Number of processors: 8 586 0x1E05
23:16:57.718 ComputerName: K563 UserName:
23:17:00.548 Initialize success
23:20:23.311 AVAST engine defs: 12072901
23:20:43.409 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:20:43.413 Disk 0 Vendor: ST9500420AS 0006HPM1 Size: 476940MB BusType: 11
23:20:43.418 Device \Driver\atapi -> MajorFunction fffffa80053855e8
23:20:43.423 Disk 0 MBR read successfully
23:20:43.428 Disk 0 MBR scan
23:20:43.435 Disk 0 Windows 7 default MBR code
23:20:43.441 Disk 0 MBR hidden
23:20:43.473 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1052 MB offset 2048
23:20:43.486 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 468816 MB offset 2156544
23:20:43.524 Disk 0 Partition 3 00 0C FAT32 LBA MSDOS5.0 7070 MB offset 962291712
23:20:43.587 Disk 0 scanning C:\Windows\system32\drivers
23:21:03.707 Service scanning
23:21:41.391 Modules scanning
23:21:41.407 Disk 0 trace - called modules:
23:21:41.418 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys >>UNKNOWN [0xfffffa80053855e8]<<
23:21:41.427 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004fa8060]
23:21:41.436 3 CLASSPNP.SYS[fffff88001bb943f] -> nt!IofCallDriver -> [0xfffffa8004e0bb10]
23:21:41.445 5 hpdskflt.sys[fffff88001b602bd] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004c8d060]
23:21:41.454 \Driver\atapi[0xfffffa8004fa7e70] -> IRP_MJ_CREATE -> 0xfffffa80053855e8
23:21:44.431 AVAST engine scan C:\Windows
23:21:49.003 AVAST engine scan C:\Windows\system32
23:24:10.996 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
23:24:18.632 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
23:26:56.860 AVAST engine scan C:\Windows\system32\drivers
23:27:37.867 AVAST engine scan C:\Users\Class2014
23:44:00.383 AVAST engine scan C:\ProgramData
23:48:17.090 Scan finished successfully
23:55:28.388 Disk 0 MBR has been saved successfully to "C:\Users\Class2014\Desktop\MBR.dat"
23:55:28.397 The log file has been saved successfully to "C:\Users\Class2014\Desktop\aswMBR.txt"

Sorry, I have a university-issued laptop and they didn't include an installation disk. I tried getting to system recovery through advanced options but apparently I need the disk for that method too.

Just as a quick update: On start-up today I wasn't able to run any programs and my active processes had dropped from around 100 to about 55. It went away after a reboot but definitely should be mentioned.

I get stuck right after selecting 'Repair Your Computer' in the Advanced Boot Options instructions

After selecting Repair Your Computer under Advanced Boot Options I get a message that's pretty much in the same style as the menus:

"Windows failed to start. A recent hardware or software change might be the cause. To fix the problem:

1. Insert your windows installation disc and restart your computer.
2. Choose your language settings, and then click "Next."
3. Click "Repair your computer."

If you do not have this disc, contact your system administrator or computer manufacturer for assistance.

Status: 0xc000000e
Info: The boot selection failed because a required device is inaccessible."

Enter to continue, esc to exit

Alright, I've got to pick up blank DVDs tomorrow. Just for clarity I'm assuming you want me follow "How to Create and Make Bootable Windows 7 ISO from EXE Plus Setup1.Box and Setup2.Box Files?"

Is this DVD just to get through the last set of instructions you gave or is it for a fresh reinstall? If it's the latter I'd rather drop off my laptop at the school's tech center and have them take care of it since there's a lot of software they loaded it with. However, if it's just so we can move on with a fix I'll gladly go ahead with it.

Thanks for the help so far

FRST.txt:

Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 31-07-2012 22:07:17
Running from I:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2095912 2010-05-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-11-18] (IDT, Inc.)
HKLM\...\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet [1875048 2010-07-07] ()
HKLM-x32\...\Run: [NUSB3MON] "c:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [106496 2009-11-20] (NEC Electronics Corporation)
HKLM-x32\...\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [111640 2009-11-04] ()
HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe [2077536 2012-01-26] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKU\Administrator\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-06-17] (Hewlett-Packard Company)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Tcpip\Parameters: [DhcpNameServer] 167.206.245.129 167.206.245.130
AppInit_DLLs: C:\Windows\System32\avgrssta.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Air Mouse.lnk
ShortcutTarget: Air Mouse.lnk -> C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe ()

==================== Services (Whitelisted) ======

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
2 avg9wd; "C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe" [308136 2010-07-22] (AVG Technologies CZ, s.r.o.)
3 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2008-10-31] (National Instruments, Inc.)
2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [42544 2009-06-18] (National Instruments Corporation)
2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [53296 2009-06-18] (National Instruments Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 MSSQL$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [57617752 2009-03-30] (Microsoft Corporation)
2 mxssvr; "C:\Program Files (x86)\National Instruments\MAX\nimxs.exe" [12696 2009-06-15] (National Instruments Corporation)
2 ni488enumsvc; C:\Windows\SysWOW64\nipalsm.exe [12696 2008-08-21] (National Instruments Corporation)
2 nidevldu; C:\Windows\SysWOW64\nipalsm.exe [12696 2008-08-21] (National Instruments Corporation)
2 NIDomainService; "C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe" [356912 2009-06-18] (National Instruments Corporation)
4 NILM License Manager; "C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe" [1007616 2009-06-26] (Macrovision Corporation)
2 niLXIDiscovery; "C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe" [131704 2009-03-05] (National Instruments Corporation)
2 nimDNSResponder; "C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe" [193648 2009-06-04] (National Instruments Corporation)
2 nipxirmu; C:\Windows\SysWOW64\nipalsm.exe [12696 2008-08-21] (National Instruments Corporation)
3 NiRioRpc; C:\Windows\SysWOW64\NiRioRpc.exe [28744 2009-06-22] (National Instruments Corporation)
2 niSvcLoc; C:\Windows\SysWOW64\nisvcloc.exe -s [13896 2009-06-04] (National Instruments Corporation)
2 NITaggerService; "C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe" [740968 2009-06-23] (National Instruments Corporation)
2 NVIDIA Performance Driver Service; "C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe" [6810728 2009-12-08] ()
3 OpcEnum; C:\Windows\SysWOW64\OpcEnum.exe [98304 2007-05-09] (OPC Foundation)
2 Pharos Systems ComTaskMaster; "C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe" [290816 2008-05-16] (Pharos Systems International)
4 SQLAgent$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -I SQLEXPRESS [427880 2009-03-30] (Microsoft Corporation)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\STacSV64.exe [244224 2009-11-18] (IDT, Inc.)
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2320920 2009-11-04] (Intel Corporation)
2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [451072 2009-07-13] (Microsoft Corporation)
2 W3SVC; C:\Windows\SysWow64\inetsrv\iisw3adm.dll [396288 2009-07-13] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

1 AvgLdx64; C:\Windows\System32\Drivers\AvgLdx64.sys [269904 2010-07-22] (AVG Technologies CZ, s.r.o.)
1 AvgMfx64; C:\Windows\System32\Drivers\AvgMfx64.sys [35664 2011-09-12] (AVG Technologies CZ, s.r.o.)
0 AvgRkx64; C:\Windows\System32\Drivers\AvgRkx64.sys [56008 2010-07-19] (AVG Technologies CZ, s.r.o.)
1 AvgTdiA; C:\Windows\System32\Drivers\AvgTdiA.sys [317520 2011-05-05] (AVG Technologies CZ, s.r.o.)
3 cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2009-12-18] ()
2 cvintdrv; C:\Windows\SysWow64\Drivers\cvintdrv.sys [4096 2005-10-18] ()
3 e1kexpress; C:\Windows\System32\DRIVERS\e1k62x64.sys [283824 2009-09-23] (Intel Corporation)
3 FTDIBUS; C:\Windows\System32\Drivers\FTDIBUS.sys [74376 2011-03-18] (FTDI Ltd.)
3 FTSER2K; C:\Windows\System32\Drivers\FTSER2K.sys [85384 2011-03-18] (FTDI Ltd.)
3 lvalarmk; C:\Windows\System32\Drivers\lvalarmk.sys [25224 2008-12-05] (National Instruments Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 ni1006k; C:\Windows\System32\Drivers\ni1006k.sys [30800 2009-04-01] (National Instruments Corporation)
3 ni1045k; \??\C:\Windows\system32\drivers\ni1045kl.sys [11856 2009-06-17] (National Instruments Corporation)
3 ni1065k; C:\Windows\System32\Drivers\ni1065k.sys [26704 2009-04-01] (National Instruments Corporation)
3 ni488lock; C:\Windows\System32\Drivers\ni488lock.sys [18504 2009-01-28] (National Instruments Corporation)
3 nicdrk; \??\C:\Windows\system32\drivers\nicdrkl.sys [11864 2009-01-02] (National Instruments Corporation)
3 nicsrk; \??\C:\Windows\system32\drivers\nicsrkl.sys [11848 2009-05-28] (National Instruments Corporation)
3 nidimk; \??\C:\Windows\system32\drivers\nidimkl.sys [11872 2008-06-13] (National Instruments Corporation)
3 nidmxfk; \??\C:\Windows\system32\drivers\nidmxfkl.sys [11848 2009-06-16] (National Instruments Corporation)
3 nidsark; \??\C:\Windows\system32\drivers\nidsarkl.sys [11856 2009-06-17] (National Instruments Corporation)
3 nidwgk; \??\C:\Windows\system32\drivers\nidwgkl.sys [11872 2009-05-27] (National Instruments Corporation)
3 niemrk; \??\C:\Windows\system32\drivers\niemrkl.sys [11848 2009-05-28] (National Instruments Corporation)
3 niemrkw; C:\Windows\System32\Drivers\niemrkw.sys [11336 2009-05-28] (National Instruments Corporation)
3 niesrk; \??\C:\Windows\system32\drivers\niesrkl.sys [11848 2009-05-28] (National Instruments Corporation)
3 nifslk; \??\C:\Windows\system32\drivers\nifslkl.sys [11864 2009-01-06] (National Instruments Corporation)
3 nigplk; \??\C:\Windows\system32\drivers\nigplkl.sys [12152 2009-06-17] (National Instruments Corporation)
3 nihsdrk; \??\C:\Windows\system32\drivers\nihsdrkl.sys [11864 2009-04-08] (National Instruments Corporation)
3 nimdbgk; \??\C:\Windows\system32\drivers\nimdbgkl.sys [11872 2008-06-13] (National Instruments Corporation)
3 nimru2k; \??\C:\Windows\system32\drivers\nimru2kl.sys [11872 2008-11-23] (National Instruments Corporation)
3 nimsdrk; \??\C:\Windows\system32\drivers\nimsdrkl.sys [11904 2008-12-29] (National Instruments Corporation)
3 nimstsk; \??\C:\Windows\system32\drivers\nimstskl.sys [11872 2008-12-29] (National Instruments Corporation)
3 nimxdfk; \??\C:\Windows\system32\drivers\nimxdfkl.sys [11856 2008-06-13] (National Instruments Corporation)
3 nimxpk; \??\C:\Windows\system32\drivers\nimxpkl.sys [11880 2009-06-16] (National Instruments Corporation)
3 ninshsdk; \??\C:\Windows\system32\drivers\ninshsdkl.sys [11872 2009-03-30] (National Instruments Corporation)
3 niorbk; \??\C:\Windows\system32\drivers\niorbkl.sys [11856 2009-06-14] (National Instruments Corporation)
3 nipalfwedl; C:\Windows\System32\Drivers\nipalfwedl.sys [12928 2009-05-26] (National Instruments Corporation)
0 NIPALK; C:\Windows\System32\Drivers\NIPALK.sys [883288 2009-05-26] (National Instruments Corporation)
3 nipalusbedl; C:\Windows\System32\Drivers\nipalusbedl.sys [12920 2009-05-26] (National Instruments Corporation)
0 nipbcfk; C:\Windows\System32\Drivers\nipbcfk.sys [16472 2008-08-21] (National Instruments Corporation)
3 nipsdk; \??\C:\Windows\system32\drivers\nipsdkl.sys [11904 2009-06-11] (National Instruments Corporation)
3 nipxigpk; C:\Windows\System32\Drivers\nipxigpk.sys [22104 2008-06-25] (National Instruments Corporation)
2 nipxirmk; \??\C:\Windows\system32\drivers\nipxirmkl.sys [11856 2009-06-04] (National Instruments Corporation)
3 niRFSA2k; \??\C:\Windows\system32\drivers\niRFSA2kl.sys [11840 2009-06-01] (National Instruments Corporation)
3 niRFSGk; \??\C:\Windows\system32\drivers\niRFSGkl.sys [11840 2009-04-27] (National Instruments Corporation)
3 niscdk; \??\C:\Windows\system32\drivers\niscdkl.sys [11888 2009-01-05] (National Instruments Corporation)
3 nisdigk; \??\C:\Windows\system32\drivers\nisdigkl.sys [11864 2009-02-05] (National Instruments Corporation)
3 nisftk; \??\C:\Windows\system32\drivers\nisftkl.sys [11856 2009-03-30] (National Instruments Corporation)
3 nisldk; \??\C:\Windows\system32\drivers\nisldkl.sys [11856 2009-06-17] (National Instruments Corporation)
3 nispdk; \??\C:\Windows\system32\drivers\nispdkl.sys [11888 2009-01-05] (National Instruments Corporation)
3 nisrcdk; \??\C:\Windows\system32\drivers\nisrcdkl.sys [11864 2009-06-26] (National Instruments Corporation)
3 nissrk; \??\C:\Windows\system32\drivers\nissrkl.sys [11848 2009-05-28] (National Instruments Corporation)
3 nistc2k; \??\C:\Windows\system32\drivers\nistc2kl.sys [11824 2009-01-02] (National Instruments Corporation)
3 nistcrk; \??\C:\Windows\system32\drivers\nistcrkl.sys [11872 2009-01-02] (National Instruments Corporation)
3 niswdk; \??\C:\Windows\system32\drivers\niswdkl.sys [11848 2008-07-28] (National Instruments Corporation)
3 nitiork; \??\C:\Windows\system32\drivers\nitiorkl.sys [11872 2009-01-02] (National Instruments Corporation)
3 nitnr2k; \??\C:\Windows\system32\drivers\nitnr2kl.sys [11840 2009-04-10] (National Instruments Corporation)
3 niufurk; \??\C:\Windows\system32\drivers\niufurkl.sys [11880 2009-05-28] (National Instruments Corporation)
3 NiViFWK; C:\Windows\System32\Drivers\NiViFWK.sys [39544 2009-03-05] (National Instruments Corporation)
3 NiViPciK; C:\Windows\System32\Drivers\NiViPciK.sys [91744 2009-06-21] (National Instruments Corporation)
2 NiViPxiK; C:\Windows\System32\Drivers\NiViPxiK.sys [44640 2009-06-21] (National Instruments Corporation)
3 niwdk; C:\Windows\SysWow64\Drivers\niwdk.sys [27744 2009-06-16] (National Instruments Corporation)
3 niwfrk; \??\C:\Windows\system32\drivers\niwfrkl.sys [11848 2009-05-28] (National Instruments Corporation)
3 nixsrk; \??\C:\Windows\system32\drivers\nixsrkl.sys [11848 2009-05-28] (National Instruments Corporation)
3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213376 2009-06-03] (Novatel Wireless Inc.)
3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213376 2009-06-03] (Novatel Wireless Inc.)
3 pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [19936 2011-09-02] ()
3 pwdspio; \??\C:\Windows\system32\pwdspio.sys [13280 2011-09-02] ()
3 rismcx64; C:\Windows\System32\Drivers\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
3 SMSIVZAM5X64; \??\C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [43032 2009-05-25] (Smith Micro Inc.)
3 SNP2UVC; C:\Windows\System32\Drivers\SNP2UVC.sys [1805104 2009-09-17] ()
0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-08-28] (Duplex Secure Ltd.)
3 ALSysIO; \??\C:\Users\CLASS2~1\AppData\Local\Temp\ALSysIO64.sys [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 cpuz130; \??\C:\Users\CLASS2~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
4 mchInjDrv; \??\C:\Windows\TEMP\mc29230.tmp [x]
3 usb6xxxk; \??\C:\Windows\system32\drivers\usb6xxxkl.sys [x]
3 X6va003; \??\C:\Users\CLASS2~1\AppData\Local\Temp\003302D.tmp [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-31 15:20 - 2012-07-31 15:18 - 3224686592 ____A C:\Users\Class2014\Desktop\X15-65805.iso
2012-07-31 14:50 - 2012-07-31 15:18 - 3224686592 ____A C:\Users\Class2014\Downloads\X15-65805.iso
2012-07-30 16:27 - 2012-07-30 16:27 - 00009008 __RSH C:\Users\All Users\3002.abs
2012-07-29 19:55 - 2012-07-29 19:55 - 00002414 ____A C:\Users\Class2014\Desktop\aswMBR.txt
2012-07-29 19:55 - 2012-07-29 19:55 - 00000512 ____A C:\Users\Class2014\Desktop\MBR.dat
2012-07-29 19:16 - 2012-07-29 19:16 - 00002992 ____A C:\Users\Class2014\Desktop\RKreport[3].txt
2012-07-29 19:15 - 2012-07-29 19:15 - 04731392 ____A (AVAST Software) C:\Users\Class2014\Desktop\aswMBR.exe
2012-07-29 19:13 - 2012-07-29 19:13 - 00002974 ____A C:\Users\Class2014\Desktop\RKreport[2].txt
2012-07-29 19:12 - 2012-07-29 19:12 - 00002956 ____A C:\Users\Class2014\Desktop\RKreport[1].txt
2012-07-29 19:11 - 2012-07-29 19:12 - 00000000 ____D C:\Users\Class2014\Desktop\RK_Quarantine
2012-07-29 19:10 - 2012-07-29 19:10 - 01552384 ____A C:\Users\Class2014\Desktop\RogueKiller.exe
2012-07-29 17:49 - 2012-07-29 17:49 - 00607260 ____R (Swearware) C:\Users\Class2014\Desktop\dds.scr
2012-07-29 17:46 - 2012-07-29 17:46 - 00187610 ____A C:\Users\Class2014\Desktop\Rootkit Log.log
2012-07-29 15:59 - 2012-07-29 15:59 - 00302592 ____A C:\Users\Class2014\Desktop\zcw1x2vh.exe
2012-07-29 15:58 - 2009-07-13 17:14 - 00020480 ____N (Microsoft Corporation) C:\Windows\svchost.exe
2012-07-29 09:30 - 2012-07-29 09:30 - 00025842 ____A C:\ComboFix.txt
2012-07-29 09:03 - 2012-07-29 09:30 - 00000000 ___AD C:\Qoobox
2012-07-29 09:03 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-07-29 09:03 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-07-29 09:03 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-07-29 09:03 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-07-29 09:03 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-07-29 09:03 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-07-29 09:03 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-07-29 09:03 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-07-29 08:57 - 2012-07-29 08:57 - 04721417 ____A (Swearware) C:\Users\Class2014\Downloads\ComboFix.exe
2012-07-29 08:00 - 2012-07-29 08:00 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-29 08:00 - 2012-07-29 08:00 - 00000000 ____D C:\Users\Class2014\AppData\Roaming\Malwarebytes
2012-07-29 08:00 - 2012-07-29 08:00 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-29 08:00 - 2012-07-29 08:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-29 08:00 - 2012-07-03 09:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-28 16:05 - 2012-07-28 16:05 - 00000496 ____A C:\rkill.log
2012-07-18 13:51 - 2012-07-18 13:51 - 01047240 ____A C:\Windows\Minidump\071812-30997-01.dmp
2012-07-15 17:59 - 2012-07-29 09:02 - 00000000 ____D C:\Windows\erdnt
2012-07-15 11:49 - 2012-07-15 11:49 - 00000000 ____D C:\Users\Administrator\AppData\Local\AirMouse
2012-07-14 11:50 - 2012-07-14 11:50 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-14 11:33 - 2012-07-14 11:33 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-11 20:22 - 2012-06-11 19:02 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 03:12 - 2012-07-11 03:15 - 00000000 ____D C:\8ca979b7f09b658e9dc76c61d1
2012-07-11 03:11 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 03:11 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 03:11 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 03:11 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 03:11 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 03:11 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 03:11 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 03:11 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 03:11 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 03:11 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 03:11 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 03:11 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 03:11 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 03:11 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 03:11 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 03:11 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 03:11 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 03:11 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 03:11 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 03:11 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 03:11 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 03:11 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 03:11 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 03:11 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 03:11 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 03:11 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 03:11 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 03:11 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-11 03:10 - 2012-06-05 21:50 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 03:10 - 2012-06-05 21:50 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 03:10 - 2012-06-05 21:09 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-11 03:10 - 2012-06-05 21:09 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-11 03:09 - 2012-06-08 21:30 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 03:09 - 2012-06-08 20:46 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-11 03:09 - 2012-06-01 21:38 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-11 03:09 - 2012-06-01 21:38 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 03:09 - 2012-06-01 21:37 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-11 03:09 - 2012-06-01 21:27 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 03:09 - 2012-06-01 21:27 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 03:09 - 2012-06-01 20:48 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-11 03:09 - 2012-06-01 20:48 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-11 03:09 - 2012-06-01 20:47 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-11 03:09 - 2012-06-01 20:42 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-11 03:09 - 2012-04-23 21:59 - 01460224 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-07-11 03:09 - 2012-04-23 21:59 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-07-11 03:09 - 2012-04-23 21:59 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-07-11 03:09 - 2012-04-23 20:47 - 01156608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-07-11 03:09 - 2012-04-23 20:47 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-07-11 03:09 - 2012-04-23 20:47 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-07-10 17:55 - 2012-07-10 17:55 - 00000000 ____D C:\Users\Class2014\Documents\Semester 4
2012-07-07 11:11 - 2012-07-07 11:12 - 00000000 ____D C:\Users\Class2014\Documents\eagle
2012-07-07 11:11 - 2012-07-07 11:11 - 00001075 ____A C:\Users\Class2014\Desktop\EAGLE 6.2.0.lnk
2012-07-07 11:10 - 2012-07-07 11:10 - 00000000 ____D C:\Users\Class2014\AppData\Roaming\CadSoft
2012-07-07 11:10 - 2012-07-07 11:10 - 00000000 ____D C:\Program Files (x86)\EAGLE-6.2.0
2012-07-07 11:09 - 2012-07-07 11:09 - 43585536 ____A C:\Users\Class2014\Downloads\eagle-win-6.2.0.exe


============ 3 Months Modified Files ========================

2012-07-31 17:43 - 2012-02-18 20:07 - 00589824 ____A C:\Windows\System32\Ikeext.etl
2012-07-31 17:43 - 2010-08-23 20:07 - 00000866 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1273285964-1369492898-2689800442-1000Core.job
2012-07-31 17:43 - 2010-07-07 10:43 - 01071530 ____A C:\Windows\WindowsUpdate.log
2012-07-31 17:40 - 2010-08-23 20:07 - 00000918 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1273285964-1369492898-2689800442-1000UA.job
2012-07-31 17:39 - 2010-12-09 06:31 - 00017920 ____A C:\Windows\System32\rpcnetp.exe
2012-07-31 15:18 - 2012-07-31 15:20 - 3224686592 ____A C:\Users\Class2014\Desktop\X15-65805.iso
2012-07-31 15:18 - 2012-07-31 14:50 - 3224686592 ____A C:\Users\Class2014\Downloads\X15-65805.iso
2012-07-31 14:54 - 2009-07-13 20:45 - 00014976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-31 14:54 - 2009-07-13 20:45 - 00014976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-31 14:25 - 2009-07-13 21:13 - 00918646 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-31 14:20 - 2009-07-13 20:51 - 00162546 ____A C:\Windows\setupact.log
2012-07-31 14:17 - 2010-08-05 12:04 - 00058288 ____A (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
2012-07-31 14:17 - 2010-08-05 09:45 - 00017920 ____A C:\Windows\SysWOW64\rpcnetp.dll
2012-07-31 14:17 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-31 14:14 - 2010-12-09 06:31 - 00017920 ____A C:\Windows\SysWOW64\rpcnetp.exe
2012-07-30 17:49 - 2011-03-17 09:39 - 00000000 ____A C:\Users\Class2014\AppData\Local\prvlcl.dat
2012-07-30 17:40 - 2010-08-23 20:08 - 00002469 ____A C:\Users\Class2014\Desktop\Google Chrome.lnk
2012-07-30 17:29 - 2010-08-05 12:04 - 00058288 ____N (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
2012-07-30 17:29 - 2010-08-05 12:04 - 00013160 ____A (Absolute Software Corp.) C:\Windows\SysWOW64\Upgrd.exe
2012-07-30 16:27 - 2012-07-30 16:27 - 00009008 __RSH C:\Users\All Users\3002.abs
2012-07-30 16:24 - 2010-07-08 09:29 - 00080986 ____A C:\Windows\PFRO.log
2012-07-29 19:55 - 2012-07-29 19:55 - 00002414 ____A C:\Users\Class2014\Desktop\aswMBR.txt
2012-07-29 19:55 - 2012-07-29 19:55 - 00000512 ____A C:\Users\Class2014\Desktop\MBR.dat
2012-07-29 19:16 - 2012-07-29 19:16 - 00002992 ____A C:\Users\Class2014\Desktop\RKreport[3].txt
2012-07-29 19:15 - 2012-07-29 19:15 - 04731392 ____A (AVAST Software) C:\Users\Class2014\Desktop\aswMBR.exe
2012-07-29 19:13 - 2012-07-29 19:13 - 00002974 ____A C:\Users\Class2014\Desktop\RKreport[2].txt
2012-07-29 19:12 - 2012-07-29 19:12 - 00002956 ____A C:\Users\Class2014\Desktop\RKreport[1].txt
2012-07-29 19:10 - 2012-07-29 19:10 - 01552384 ____A C:\Users\Class2014\Desktop\RogueKiller.exe
2012-07-29 17:49 - 2012-07-29 17:49 - 00607260 ____R (Swearware) C:\Users\Class2014\Desktop\dds.scr
2012-07-29 17:46 - 2012-07-29 17:46 - 00187610 ____A C:\Users\Class2014\Desktop\Rootkit Log.log
2012-07-29 15:59 - 2012-07-29 15:59 - 00302592 ____A C:\Users\Class2014\Desktop\zcw1x2vh.exe
2012-07-29 09:30 - 2012-07-29 09:30 - 00025842 ____A C:\ComboFix.txt
2012-07-29 09:23 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-07-29 08:57 - 2012-07-29 08:57 - 04721417 ____A (Swearware) C:\Users\Class2014\Downloads\ComboFix.exe
2012-07-29 08:00 - 2012-07-29 08:00 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-28 16:05 - 2012-07-28 16:05 - 00000496 ____A C:\rkill.log
2012-07-18 13:51 - 2012-07-18 13:51 - 01047240 ____A C:\Windows\Minidump\071812-30997-01.dmp
2012-07-18 13:50 - 2010-07-26 06:20 - 722934899 ____A C:\Windows\MEMORY.DMP
2012-07-15 11:33 - 2011-03-09 21:24 - 00135928 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-14 11:33 - 2012-07-14 11:33 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-14 11:33 - 2012-01-04 18:45 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-12 14:08 - 2009-07-13 20:45 - 00479424 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 03:13 - 2010-07-08 09:42 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-07 11:11 - 2012-07-07 11:11 - 00001075 ____A C:\Users\Class2014\Desktop\EAGLE 6.2.0.lnk
2012-07-07 11:09 - 2012-07-07 11:09 - 43585536 ____A C:\Users\Class2014\Downloads\eagle-win-6.2.0.exe
2012-07-03 09:46 - 2012-07-29 08:00 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-21 19:33 - 2009-07-13 21:08 - 00032560 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-11 19:02 - 2012-07-11 20:22 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:30 - 2012-07-11 03:09 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:46 - 2012-07-11 03:09 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 21:50 - 2012-07-11 03:10 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:50 - 2012-07-11 03:10 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:09 - 2012-07-11 03:10 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:09 - 2012-07-11 03:10 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-02 14:19 - 2012-06-24 09:10 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-24 09:10 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-24 09:10 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-24 09:09 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-24 09:09 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-24 09:10 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-24 09:09 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-24 09:09 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-24 09:09 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 06:18 - 2012-06-02 06:17 - 00291688 ____A C:\Windows\Minidump\060212-53929-01.dmp
2012-06-02 04:49 - 2012-07-11 03:11 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-11 03:11 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-11 03:11 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-11 03:11 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-11 03:11 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-11 03:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-11 03:11 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-11 03:11 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-11 03:11 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-11 03:11 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-11 03:11 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-11 03:11 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-11 03:11 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-11 03:11 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-11 03:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-11 03:11 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-11 03:11 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-11 03:11 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-11 03:11 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 03:11 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-11 03:11 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-11 03:11 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 03:11 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 03:11 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-11 03:11 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-11 03:11 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 03:11 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 03:11 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:38 - 2012-07-11 03:09 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:38 - 2012-07-11 03:09 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:37 - 2012-07-11 03:09 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:27 - 2012-07-11 03:09 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:27 - 2012-07-11 03:09 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:48 - 2012-07-11 03:09 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:48 - 2012-07-11 03:09 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:47 - 2012-07-11 03:09 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:42 - 2012-07-11 03:09 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-24 19:25 - 2012-05-24 19:25 - 00001279 ____A C:\Users\Class2014\Desktop\Minecraft.lnk
2012-05-24 19:11 - 2011-12-11 14:39 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-05-24 19:11 - 2011-12-11 14:39 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-05-24 19:09 - 2012-05-24 19:09 - 00892360 ____A (Oracle Corporation) C:\Users\Class2014\Downloads\chromeinstall-7u4.exe
2012-05-24 17:12 - 2012-05-24 17:12 - 00892360 ____A (Oracle Corporation) C:\Users\Class2014\Downloads\jxpiinstall.exe
2012-05-20 05:37 - 2012-05-20 05:36 - 01047240 ____A C:\Windows\Minidump\052012-88499-01.dmp
2012-05-17 10:12 - 2012-05-17 10:11 - 01080584 ____A C:\Windows\Minidump\051712-55536-01.dmp
2012-05-12 18:51 - 2012-05-12 18:51 - 00000893 ____A C:\Users\Public\Desktop\Pad2Pad.lnk
2012-05-12 18:51 - 2012-05-12 18:51 - 00000512 ____A C:\Windows\randseed.rnd
2012-05-12 18:51 - 2012-05-12 18:49 - 07953471 ____A (Pad2Pad.com ) C:\Users\Class2014\Downloads\p2psetup1974.exe
2012-05-12 09:07 - 2012-05-12 09:06 - 01073736 ____A C:\Windows\Minidump\051212-66503-01.dmp
2012-05-07 18:22 - 2012-05-07 18:22 - 00024464 ____A C:\Users\Class2014\Desktop\suck on it trebek.3gp
2012-05-07 18:20 - 2009-07-13 18:34 - 00000636 ____A C:\Windows\win.ini
2012-05-07 14:13 - 2012-05-07 14:13 - 00348909 ____A C:\Users\Class2014\Desktop\suck on it trebek.mp4
2012-05-04 21:29 - 2012-05-04 21:28 - 00527423 ____A ( ) C:\Users\Class2014\Downloads\Lame_v3.99.3_for_Windows.exe
2012-05-04 20:18 - 2012-05-04 20:18 - 00000000 ____A C:\Users\Class2014\AppData\Local\Temptable.xml
2012-05-04 13:25 - 2010-07-08 08:14 - 00135928 ____A C:\Users\Class2014\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-04 13:18 - 2012-05-04 13:18 - 00000964 ____A C:\Users\Public\Desktop\Scientific Viewer 5.5.lnk
2012-05-04 11:57 - 2012-05-04 11:57 - 14055734 ____A (InstallShield Software Corporation) C:\Users\Class2014\Downloads\sviewer550.exe
2012-05-04 02:52 - 2012-06-13 16:13 - 05505392 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:08 - 2012-06-13 16:13 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:08 - 2012-06-13 16:13 - 03902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-03 17:59 - 2011-03-06 14:43 - 00003584 ____A C:\Users\Class2014\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini


ZeroAccess:
C:\Windows\Installer\{42a20c13-7b7a-d9b4-448a-5855ff432868}
C:\Windows\Installer\{42a20c13-7b7a-d9b4-448a-5855ff432868}\L
C:\Windows\Installer\{42a20c13-7b7a-d9b4-448a-5855ff432868}\U

ZeroAccess:
C:\Users\Class2014\AppData\Local\{42a20c13-7b7a-d9b4-448a-5855ff432868}
C:\Users\Class2014\AppData\Local\{42a20c13-7b7a-d9b4-448a-5855ff432868}\@
C:\Users\Class2014\AppData\Local\{42a20c13-7b7a-d9b4-448a-5855ff432868}\L
C:\Users\Class2014\AppData\Local\{42a20c13-7b7a-d9b4-448a-5855ff432868}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

Possible partition infection:
C:\Windows\svchost.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 23%
Total physical RAM: 4029.32 MB
Available physical RAM: 3098.7 MB
Total Pagefile: 4027.47 MB
Available Pagefile: 3162.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:457.83 GB) (Free:217.75 GB) NTFS
2 Drive e: (HP_TOOLS) (Fixed) (Total:6.89 GB) (Free:6.31 GB) FAT32
3 Drive f: (GRMCPRXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
4 Drive g: (Laptop Backup) (Fixed) (Total:496.06 GB) (Free:426.68 GB) NTFS
5 Drive h: (FreeAgent GoFlex Drive) (Fixed) (Total:901.2 GB) (Free:519.69 GB) NTFS
6 Drive I: () (Removable) (Total:0.91 GB) (Free:0.6 GB) FAT
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (System Reserved) (Fixed) (Total:1.03 GB) (Free:0.98 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 1397 GB 1024 KB
Disk 2 Online 970 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1052 MB 1024 KB
Partition 2 Primary 457 GB 1053 MB
Partition 3 Primary 7070 MB 458 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 1052 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 457 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E HP_TOOLS FAT32 Partition 7070 MB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 901 GB 31 KB
Partition 2 Primary 496 GB 901 GB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 H FreeAgent G NTFS Partition 901 GB Healthy

==================================================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 G Laptop Back NTFS Partition 496 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 929 MB 772 KB

==================================================================================

Disk: 2
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I FAT Removable 929 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-30 16:56

======================= End Of Log ==========================

Search.txt:

Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-31 21:58:12
Running from I:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\erdnt\cache64\services.exe
[2012-07-15 18:35] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

Okay, I got a blue screen the first time I tried running Combofix so I went through with your RKill instructions and it worked. Here are the 3 logs:

Fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-08-01 21:34:56 Run:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
C:\Windows\Installer\{42a20c13-7b7a-d9b4-448a-5855ff432868} moved successfully.
C:\Users\Class2014\AppData\Local\{42a20c13-7b7a-d9b4-448a-5855ff432868} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\svchost.exe moved successfully.

==== End of Fixlog ====


-----------------------------------------------------------------------------------------------------------------------------

RKill Log:

Rkill 2.0.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/01/2012 10:12:40 PM in x64 mode.
Windows Version: Windows 7

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!

* HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!


Performing miscellaneous checks.

* No issues found.

Restarting Explorer.exe in order to apply changes.

Program finished at: 08/01/2012 10:12:56 PM
Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)



----------------------------------------------------------------------------------------------------------------------------------------



ComboFix Log:

ComboFix 12-07-31.03 - mburns 08/01/2012 22:15:52.4.8 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4029.2090 [GMT -4:00]
Running from: c:\users\Class2014\Desktop\your_name.exe
AV: AVG Anti-Virus Business Edition *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Business Edition *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\3002.abs
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
.
.
2012-08-02 02:28 . 2012-08-02 02:28 -------- d-----w- c:\users\mburns\AppData\Local\temp
2012-08-02 02:28 . 2012-08-02 02:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-02 02:28 . 2012-08-02 02:28 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-08-01 05:49 . 2012-08-01 05:50 -------- d-----w- C:\FRST
2012-07-29 16:00 . 2012-07-29 16:00 -------- d-----w- c:\users\Class2014\AppData\Roaming\Malwarebytes
2012-07-29 16:00 . 2012-07-29 16:00 -------- d-----w- c:\programdata\Malwarebytes
2012-07-29 16:00 . 2012-07-29 16:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-29 16:00 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-15 19:49 . 2012-07-15 19:49 -------- d-----w- c:\users\Administrator\AppData\Local\AirMouse
2012-07-14 19:50 . 2012-07-14 19:50 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-14 19:33 . 2012-07-14 19:33 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 04:22 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 11:12 . 2012-07-11 11:15 -------- d-----w- C:\8ca979b7f09b658e9dc76c61d1
2012-07-11 11:10 . 2012-06-06 05:50 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 11:10 . 2012-06-06 05:50 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 11:10 . 2012-06-06 05:09 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 11:10 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-07 19:10 . 2012-07-07 19:10 -------- d-----w- c:\program files (x86)\EAGLE-6.2.0
2012-07-07 19:10 . 2012-07-07 19:10 -------- d-----w- c:\users\Class2014\AppData\Roaming\CadSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 02:04 . 2010-12-09 14:31 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-08-02 02:04 . 2010-08-05 20:04 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2012-08-02 01:35 . 2010-12-09 14:31 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2012-08-01 02:26 . 2010-08-05 17:45 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2012-07-31 01:29 . 2010-08-05 20:04 13160 ----a-w- c:\windows\SysWow64\Upgrd.exe
2012-07-31 01:29 . 2010-08-05 20:04 58288 ------w- c:\windows\SysWow64\rpcnet.exe
2012-07-14 19:33 . 2012-01-05 02:45 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 11:13 . 2010-07-08 17:42 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-24 17:09 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-24 17:10 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-24 17:10 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-24 17:10 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-24 17:09 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-24 17:10 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-24 17:09 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-24 17:09 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-24 17:09 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-04 10:52 . 2012-06-14 00:13 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:08 . 2012-06-14 00:13 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08 . 2012-06-14 00:13 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-29_17.23.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-01 02:56 . 2012-08-01 02:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
- 2012-07-14 19:58 . 2012-07-29 00:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-07-14 19:58 . 2012-07-31 03:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-08-01 02:56 . 2012-08-01 02:56 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012073120120801\index.dat
+ 2012-08-01 02:56 . 2012-08-01 02:56 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012072320120730\index.dat
+ 2012-07-14 19:49 . 2012-08-02 02:04 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-07-08 17:31 . 2012-08-02 01:21 69610 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-02 02:07 44682 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-16 20:55 . 2012-08-02 02:07 24490 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1273285964-1369492898-2689800442-1000_UserData.bin
+ 2012-08-01 02:56 . 2012-08-01 02:56 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{72619510-DB84-11E1-B5E5-A9D11B1356CE}.dat
+ 2012-08-01 02:56 . 2012-08-01 02:56 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{72619511-DB84-11E1-B5E5-A9D11B1356CE}.dat
- 2010-07-07 21:21 . 2012-07-29 16:11 3245 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2010-07-07 21:21 . 2012-08-02 01:26 3245 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-07-29 16:12 . 2012-07-29 16:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-02 01:36 . 2012-08-02 02:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-02 01:36 . 2012-08-02 02:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-29 16:12 . 2012-07-29 16:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-08-16 20:52 . 2012-08-02 02:04 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-08-16 20:52 . 2012-07-29 16:14 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-08-01 02:57 . 2012-08-01 02:56 360448 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
+ 2009-07-14 04:54 . 2012-08-02 02:13 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 02:36 . 2012-08-02 02:12 763312 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-29 16:21 763312 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-29 16:21 156836 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-08-02 02:12 156836 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-07-29 16:11 430472 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-02 01:26 430472 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-08-02 02:13 6848512 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-07-16 02:04 . 2012-08-02 01:26 2357236 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2009-07-14 04:54 . 2012-08-02 02:13 10633216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:34 . 2012-07-29 16:28 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-07-31 00:54 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-08-24 05:04 . 2012-08-02 01:26 35007536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1273285964-1369492898-2689800442-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-11-04 111640]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
"AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2012-01-26 2077536]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Air Mouse.lnk - c:\program files (x86)\Air Mouse\Air Mouse\Air Mouse.exe [2010-12-27 1044648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2010-12-02 87336]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 cpuz130;cpuz130;c:\users\CLASS2~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-04-28 1431888]
R3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [2008-12-05 25224]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-21 113120]
R3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2009-04-01 30800]
R3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2009-06-17 11856]
R3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [2009-04-01 26704]
R3 ni488lock;NI-488.2 Locking Service;c:\windows\system32\drivers\ni488lock.sys [2009-01-29 18504]
R3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [2009-01-02 11864]
R3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [2009-05-29 11848]
R3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [2009-06-17 11848]
R3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [2009-06-17 11856]
R3 nidwgk;nidwgk;c:\windows\system32\drivers\nidwgkl.sys [2009-05-27 11872]
R3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [2009-05-29 11848]
R3 niemrkw;niemrkw;c:\windows\system32\DRIVERS\niemrkw.sys [2009-05-29 11336]
R3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [2009-05-29 11848]
R3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [2009-01-06 11864]
R3 nigplk;nigplk;c:\windows\system32\drivers\nigplkl.sys [2009-06-17 12152]
R3 nihsdrk;nihsdrk;c:\windows\system32\drivers\nihsdrkl.sys [2009-04-08 11864]
R3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [2008-12-29 11904]
R3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [2009-06-17 11880]
R3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [2009-03-30 11872]
R3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2009-05-27 12928]
R3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2009-05-27 12920]
R3 nipsdk;nipsdk;c:\windows\system32\drivers\nipsdkl.sys [2009-06-11 11904]
R3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2008-06-25 22104]
R3 niRFSA2k;niRFSA2k;c:\windows\system32\drivers\niRFSA2kl.sys [2009-06-01 11840]
R3 niRFSGk;niRFSGk;c:\windows\system32\drivers\niRFSGkl.sys [2009-04-28 11840]
R3 NiRioRpc;National Instruments RIO Server;c:\windows\SysWOW64\NiRioRpc.exe [2009-06-22 28744]
R3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [2009-01-05 11888]
R3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [2009-02-06 11864]
R3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [2009-03-30 11856]
R3 nisldk;nisldk;c:\windows\system32\drivers\nisldkl.sys [2009-06-18 11856]
R3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [2009-01-05 11888]
R3 nisrcdk;nisrcdk;c:\windows\system32\drivers\nisrcdkl.sys [2009-06-26 11864]
R3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [2009-05-29 11848]
R3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [2009-01-02 11824]
R3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [2009-01-02 11872]
R3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [2008-07-28 11848]
R3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [2009-01-02 11872]
R3 nitnr2k;nitnr2k;c:\windows\system32\drivers\nitnr2kl.sys [2009-04-10 11840]
R3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [2009-05-29 11880]
R3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [2009-03-05 11896]
R3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2009-06-21 11872]
R3 niwdk;niwdk; [x]
R3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [2009-05-29 11848]
R3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [2009-05-29 11848]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2011-09-03 19936]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2011-09-03 13280]
R3 Remote Solver for Flow Simulation 2010;Remote Solver for Flow Simulation 2010;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2010-10-07 94472]
R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-05-25 43032]
R3 usb6xxxk;usb6xxxk;c:\windows\system32\drivers\usb6xxxkl.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-18 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-08 1255736]
R3 X6va003;X6va003;c:\users\CLASS2~1\AppData\Local\Temp\003302D.tmp [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 AvgRkx64;avgrkx64.sys;c:\windows\System32\Drivers\avgrkx64.sys [2010-07-19 56008]
S0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [2008-08-22 16472]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-28 834544]
S1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\system32\Drivers\avgldx64.sys [2010-07-22 269904]
S1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\system32\Drivers\avgmfx64.sys [2011-09-12 35664]
S1 AvgTdiA;AVG Network Redirector x64;c:\windows\system32\Drivers\avgtdia.sys [2011-05-05 317520]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe [2009-03-03 89600]
S2 avg9wd;AVG WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2010-07-22 308136]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 30520]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-05-04 25824]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\SysWOW64\nipalsm.exe [2008-08-22 12696]
S2 nidevldu;NI Device Loader;c:\windows\SysWOW64\nipalsm.exe [2008-08-22 12696]
S2 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2009-03-05 131704]
S2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2009-06-04 193648]
S2 nipxirmk;NI PXI Resource Manager;c:\windows\system32\drivers\nipxirmkl.sys [2009-06-04 11856]
S2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2009-06-21 11872]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-12-08 6810728]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-18 2045232]
S3 ALSysIO;ALSysIO;c:\users\CLASS2~1\AppData\Local\Temp\ALSysIO64.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-09-24 283824]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-05-31 7689216]
S3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2008-06-13 11872]
S3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [2008-11-24 11872]
S3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [2008-12-29 11872]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-05-10 174184]
S3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismcx64.sys [2009-07-20 59008]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 16:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1273285964-1369492898-2689800442-1000Core.job
- c:\users\Class2014\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-24 04:07]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1273285964-1369492898-2689800442-1000UA.job
- c:\users\Class2014\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-24 04:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-11-18 487424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1875048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\avgrssta.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.stevens.edu/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130
FF - ProfilePath - c:\users\Class2014\AppData\Roaming\Mozilla\Firefox\Profiles\gadqgzz4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.stevens.edu
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc285E1.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\CLASS2~1\AppData\Local\Temp\003302D.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{593DDEC6-7468-4CDD-90E1-42DADAA222E9}"=hex:51,66,7a,6c,4c,1d,38,12,a8,dd,2e,
5d,5a,3a,b3,09,ef,f7,01,9a,df,fc,66,fd
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a3,e0,81,37,91,6f,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-01 22:34:11
ComboFix-quarantined-files.txt 2012-08-02 02:34
ComboFix2.txt 2012-07-29 17:30
ComboFix3.txt 2012-07-16 02:38
.
Pre-Run: 234,116,300,800 bytes free
Post-Run: 233,847,635,968 bytes free
.
- - End Of File - - 45516CE6A168CDCEB79107392AD0C977