Solved Svchost.exe trojan

M

mburns

Posts: 22   +0
Hi all,

I have an svchost.exe trojan that was partially cleared up; I'm going to bite the bullet and admit I went through some steps on some past threads on this forum and used combofix and some extra scanners that were recommended in the past. It hasn't done any harm to my computer but if it's relevant enough I can track down a list of the techniques I used.

Either way, it cleared up the trojan as far as malwarebytes and avg (avg couldn't pick up on it in the first place) could detect but I'm still getting messages from malwarebytes that it's blocking svchost from access suspicious websites after all of that. I also still have an svchost.exe *32 process in task manager, so the problem isn't resolved yet.

I'll paste the malwarebytes, GMER, and DDS logs in the next posts. Thanks in advance for any help!
 
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.29.09

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
mburns :: K563 [administrator]

Protection: Enabled

7/29/2012 3:28:48 PM
mbam-log-2012-07-29 (15-28-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238050
Time elapsed: 8 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
The GMER log is something like 180K characters, I have no idea how many posts that's going to take up so I'll skip to the DDS logs:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by mburns at 21:50:45 on 2012-07-29
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4029.1894 [GMT -4:00]
.
AV: AVG Anti-Virus Business Edition *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Business Edition *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\SysWOW64\lkads.exe
C:\Windows\SysWOW64\lktsrv.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files (x86)\AVG\AVG9\avgam.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
C:\Windows\SysWOW64\nipalsm.exe
C:\Windows\SysWOW64\nipalsm.exe
C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
C:\Windows\SysWOW64\nisvcloc.exe
C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
C:\Windows\SysWOW64\nipalsm.exe
C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\MathType\MathType.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskhost.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.stevens.edu/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [NUSB3MON] "c:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AIRMOU~1.LNK - C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130
TCP: Interfaces\{93969BDB-469E-4DA2-B5B0-7D36F7841D93} : DhcpNameServer = 155.246.1.21 155.246.1.20
TCP: Interfaces\{FFFF8047-A2FA-4405-BFFA-58EDC6B067C7} : DhcpNameServer = 167.206.245.129 167.206.245.130
TCP: Interfaces\{FFFF8047-A2FA-4405-BFFA-58EDC6B067C7}\3547566756E637 : DhcpNameServer = 155.246.1.21 155.246.1.20
TCP: Interfaces\{FFFF8047-A2FA-4405-BFFA-58EDC6B067C7}\75962756C6563737 : DhcpNameServer = 8.8.8.8 8.8.4.4 4.2.2.2
TCP: Interfaces\{FFFF8047-A2FA-4405-BFFA-58EDC6B067C7}\75962756C6563737023427F677E6560205C616A716 : DhcpNameServer = 8.8.8.8 8.8.4.4 4.2.2.2
TCP: Interfaces\{FFFF8047-A2FA-4405-BFFA-58EDC6B067C7}\A6566666562737F6E61323 : DhcpNameServer = 167.206.245.129 167.206.245.130
TCP: Interfaces\{FFFF8047-A2FA-4405-BFFA-58EDC6B067C7}\E4544574541425 : DhcpNameServer = 167.206.245.129 167.206.245.130 167.206.245.71
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [NUSB3MON] "c:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Class2014\AppData\Roaming\Mozilla\Firefox\Profiles\gadqgzz4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.stevens.edu
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npEModelPlugin.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPLV80Win32.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPLV82Win32.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nplv85win32.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nplv86win32.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nplv90win32.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nplv90win64.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Class2014\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Class2014\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Class2014\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AvgRkx64;avgrkx64.sys;C:\Windows\system32\Drivers\avgrkx64.sys --> C:\Windows\system32\Drivers\avgrkx64.sys [?]
R0 nipbcfk;National Instruments Class Upper Filter Driver;C:\Windows\system32\drivers\nipbcfk.sys --> C:\Windows\system32\drivers\nipbcfk.sys [?]
R1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\system32\Drivers\avgldx64.sys --> C:\Windows\system32\Drivers\avgldx64.sys [?]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\system32\Drivers\avgmfx64.sys --> C:\Windows\system32\Drivers\avgmfx64.sys [?]
R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\system32\Drivers\avgtdia.sys --> C:\Windows\system32\Drivers\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe [2010-7-8 89600]
R2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-7-22 308136]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-1-27 102968]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-29 655944]
R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-5-4 25824]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
R2 ni488enumsvc;NI-488.2 Enumeration Service;C:\Windows\SysWOW64\nipalsm.exe [2008-8-21 12696]
R2 nidevldu;NI Device Loader;C:\Windows\SysWOW64\nipalsm.exe [2008-8-21 12696]
R2 niLXIDiscovery;National Instruments LXI Discovery Service;C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2009-3-5 131704]
R2 nimDNSResponder;National Instruments mDNS Responder Service;C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2009-6-4 193648]
R2 nipxirmk;NI PXI Resource Manager;\??\C:\Windows\system32\drivers\nipxirmkl.sys --> C:\Windows\system32\drivers\nipxirmkl.sys [?]
R2 NiViPxiK;NI-VISA PXI Driver;C:\Windows\system32\drivers\NiViPxiKl.sys --> C:\Windows\system32\drivers\NiViPxiKl.sys [?]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-12-8 6810728]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-7-8 2320920]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-18 1664304]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-7-8 228408]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 nidimk;nidimk;\??\C:\Windows\system32\drivers\nidimkl.sys --> C:\Windows\system32\drivers\nidimkl.sys [?]
R3 nimru2k;nimru2k;\??\C:\Windows\system32\drivers\nimru2kl.sys --> C:\Windows\system32\drivers\nimru2kl.sys [?]
R3 nimstsk;nimstsk;\??\C:\Windows\system32\drivers\nimstskl.sys --> C:\Windows\system32\drivers\nimstskl.sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 rismcx64;RICOH Smart Card Reader;C:\Windows\system32\DRIVERS\rismcx64.sys --> C:\Windows\system32\DRIVERS\rismcx64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2010-12-2 87336]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-7-12 1431888]
S3 lvalarmk;lvalarmk;\??\C:\Windows\system32\drivers\lvalarmk.sys --> C:\Windows\system32\drivers\lvalarmk.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]
S3 ni1006k;NI PXI-1006 Chassis Pilot;\??\C:\Windows\system32\drivers\ni1006k.sys --> C:\Windows\system32\drivers\ni1006k.sys [?]
S3 ni1045k;NI PXI-1045 Chassis Pilot;\??\C:\Windows\system32\drivers\ni1045kl.sys --> C:\Windows\system32\drivers\ni1045kl.sys [?]
S3 ni1065k;NI PXIe-1065 Chassis Pilot;\??\C:\Windows\system32\drivers\ni1065k.sys --> C:\Windows\system32\drivers\ni1065k.sys [?]
S3 ni488lock;NI-488.2 Locking Service;\??\C:\Windows\system32\drivers\ni488lock.sys --> C:\Windows\system32\drivers\ni488lock.sys [?]
S3 nicdrk;nicdrk;\??\C:\Windows\system32\drivers\nicdrkl.sys --> C:\Windows\system32\drivers\nicdrkl.sys [?]
S3 nicsrk;nicsrk;\??\C:\Windows\system32\drivers\nicsrkl.sys --> C:\Windows\system32\drivers\nicsrkl.sys [?]
S3 nidmxfk;nidmxfk;\??\C:\Windows\system32\drivers\nidmxfkl.sys --> C:\Windows\system32\drivers\nidmxfkl.sys [?]
S3 nidsark;nidsark;\??\C:\Windows\system32\drivers\nidsarkl.sys --> C:\Windows\system32\drivers\nidsarkl.sys [?]
S3 nidwgk;nidwgk;\??\C:\Windows\system32\drivers\nidwgkl.sys --> C:\Windows\system32\drivers\nidwgkl.sys [?]
S3 niemrk;niemrk;\??\C:\Windows\system32\drivers\niemrkl.sys --> C:\Windows\system32\drivers\niemrkl.sys [?]
S3 niemrkw;niemrkw;C:\Windows\system32\DRIVERS\niemrkw.sys --> C:\Windows\system32\DRIVERS\niemrkw.sys [?]
S3 niesrk;niesrk;\??\C:\Windows\system32\drivers\niesrkl.sys --> C:\Windows\system32\drivers\niesrkl.sys [?]
S3 nifslk;nifslk;\??\C:\Windows\system32\drivers\nifslkl.sys --> C:\Windows\system32\drivers\nifslkl.sys [?]
S3 nigplk;nigplk;\??\C:\Windows\system32\drivers\nigplkl.sys --> C:\Windows\system32\drivers\nigplkl.sys [?]
S3 nihsdrk;nihsdrk;\??\C:\Windows\system32\drivers\nihsdrkl.sys --> C:\Windows\system32\drivers\nihsdrkl.sys [?]
S3 nimsdrk;nimsdrk;\??\C:\Windows\system32\drivers\nimsdrkl.sys --> C:\Windows\system32\drivers\nimsdrkl.sys [?]
S3 nimxpk;nimxpk;\??\C:\Windows\system32\drivers\nimxpkl.sys --> C:\Windows\system32\drivers\nimxpkl.sys [?]
S3 ninshsdk;ninshsdk;\??\C:\Windows\system32\drivers\ninshsdkl.sys --> C:\Windows\system32\drivers\ninshsdkl.sys [?]
S3 nipalfwedl;nipalfwedl;C:\Windows\system32\drivers\nipalfwedl.sys --> C:\Windows\system32\drivers\nipalfwedl.sys [?]
S3 nipalusbedl;nipalusbedl;C:\Windows\system32\drivers\nipalusbedl.sys --> C:\Windows\system32\drivers\nipalusbedl.sys [?]
S3 nipsdk;nipsdk;\??\C:\Windows\system32\drivers\nipsdkl.sys --> C:\Windows\system32\drivers\nipsdkl.sys [?]
S3 nipxigpk;NI PXI Generic Chassis Pilot;\??\C:\Windows\system32\drivers\nipxigpk.sys --> C:\Windows\system32\drivers\nipxigpk.sys [?]
S3 niRFSA2k;niRFSA2k;\??\C:\Windows\system32\drivers\niRFSA2kl.sys --> C:\Windows\system32\drivers\niRFSA2kl.sys [?]
S3 niRFSGk;niRFSGk;\??\C:\Windows\system32\drivers\niRFSGkl.sys --> C:\Windows\system32\drivers\niRFSGkl.sys [?]
S3 NiRioRpc;National Instruments RIO Server;C:\Windows\SysWOW64\NiRioRpc.exe [2009-6-22 28744]
S3 niscdk;niscdk;\??\C:\Windows\system32\drivers\niscdkl.sys --> C:\Windows\system32\drivers\niscdkl.sys [?]
S3 nisdigk;nisdigk;\??\C:\Windows\system32\drivers\nisdigkl.sys --> C:\Windows\system32\drivers\nisdigkl.sys [?]
S3 nisftk;nisftk;\??\C:\Windows\system32\drivers\nisftkl.sys --> C:\Windows\system32\drivers\nisftkl.sys [?]
S3 nisldk;nisldk;\??\C:\Windows\system32\drivers\nisldkl.sys --> C:\Windows\system32\drivers\nisldkl.sys [?]
S3 nispdk;nispdk;\??\C:\Windows\system32\drivers\nispdkl.sys --> C:\Windows\system32\drivers\nispdkl.sys [?]
S3 nisrcdk;nisrcdk;\??\C:\Windows\system32\drivers\nisrcdkl.sys --> C:\Windows\system32\drivers\nisrcdkl.sys [?]
S3 nissrk;nissrk;\??\C:\Windows\system32\drivers\nissrkl.sys --> C:\Windows\system32\drivers\nissrkl.sys [?]
S3 nistc2k;nistc2k;\??\C:\Windows\system32\drivers\nistc2kl.sys --> C:\Windows\system32\drivers\nistc2kl.sys [?]
S3 nistcrk;nistcrk;\??\C:\Windows\system32\drivers\nistcrkl.sys --> C:\Windows\system32\drivers\nistcrkl.sys [?]
S3 niswdk;niswdk;\??\C:\Windows\system32\drivers\niswdkl.sys --> C:\Windows\system32\drivers\niswdkl.sys [?]
S3 nitiork;nitiork;\??\C:\Windows\system32\drivers\nitiorkl.sys --> C:\Windows\system32\drivers\nitiorkl.sys [?]
S3 nitnr2k;nitnr2k;\??\C:\Windows\system32\drivers\nitnr2kl.sys --> C:\Windows\system32\drivers\nitnr2kl.sys [?]
S3 niufurk;niufurk;\??\C:\Windows\system32\drivers\niufurkl.sys --> C:\Windows\system32\drivers\niufurkl.sys [?]
S3 NiViFWK;NI-VISA FireWire Driver;C:\Windows\system32\drivers\NiViFWKl.sys --> C:\Windows\system32\drivers\NiViFWKl.sys [?]
S3 NiViPciK;NI-VISA PCI Driver;C:\Windows\system32\drivers\NiViPciKl.sys --> C:\Windows\system32\drivers\NiViPciKl.sys [?]
S3 niwfrk;niwfrk;\??\C:\Windows\system32\drivers\niwfrkl.sys --> C:\Windows\system32\drivers\niwfrkl.sys [?]
S3 nixsrk;nixsrk;\??\C:\Windows\system32\drivers\nixsrkl.sys --> C:\Windows\system32\drivers\nixsrkl.sys [?]
S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?]
S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?]
S3 Remote Solver for Flow Simulation 2010;Remote Solver for Flow Simulation 2010;C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2010-10-6 94472]
S3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-5-25 43032]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2012-07-29 23:58:00 20480 ----a-w- C:\Windows\svchost.exe
2012-07-29 19:26:37 -------- d-sh--w- C:\$RECYCLE.BIN
2012-07-29 17:33:18 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-29 17:03:37 98816 ----a-w- C:\Windows\sed.exe
2012-07-29 17:03:37 518144 ----a-w- C:\Windows\SWREG.exe
2012-07-29 17:03:37 256000 ----a-w- C:\Windows\PEV.exe
2012-07-29 17:03:37 208896 ----a-w- C:\Windows\MBR.exe
2012-07-29 16:00:46 -------- d-----w- C:\Users\Class2014\AppData\Roaming\Malwarebytes
2012-07-29 16:00:16 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-29 16:00:15 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-29 16:00:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-14 19:50:10 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-14 19:33:44 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-12 04:22:37 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 11:12:58 -------- d-----w- C:\8ca979b7f09b658e9dc76c61d1
2012-07-11 11:10:07 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 11:10:07 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-11 11:10:07 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-07-11 11:10:06 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-07-07 19:10:27 -------- d-----w- C:\Program Files (x86)\EAGLE-6.2.0
2012-07-07 19:10:17 -------- d-----w- C:\Users\Class2014\AppData\Roaming\CadSoft
.
==================== Find3M ====================
.
2012-07-30 01:46:00 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2012-07-29 16:13:20 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2012-07-29 00:02:23 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
2012-07-28 23:47:52 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
2012-07-14 19:33:44 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
.
============= FINISH: 21:52:22.03 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/7/2010 2:41:53 PM
System Uptime: 7/29/2012 12:11:56 PM (9 hours ago)
.
Motherboard: Hewlett-Packard | | 1521
Processor: Intel(R) Core(TM) i7 CPU Q 820 @ 1.73GHz | CPU 1 | 1196/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 458 GiB total, 225.879 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 6.312 GiB free.
E: is CDROM ()
F: is Removable
G: is FIXED (NTFS) - 901 GiB total, 519.689 GiB free.
H: is CDROM ()
I: is FIXED (NTFS) - 496 GiB total, 426.68 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP220: 7/15/2012 10:43:38 PM - ComboFix created restore point
RP221: 7/24/2012 11:38:34 PM - Scheduled Checkpoint
RP222: 7/29/2012 1:03:50 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
µTorrent
Adobe Acrobat 9 Pro
Adobe Acrobat 9.4.2 - CPSID_83708
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.6
Apple Application Support
Apple Software Update
Audacity 1.3.13 (Unicode)
AVG 9.0
BufferChm
Computrace
CoreTempMC
Coupon Printer for Windows
Crystal Reports for Visual Studio
D2600
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DeviceDiscovery
DivX Setup
DJ_SF_05_D2600_Software_Min
Dotfuscator Software Services - Community Edition
EAGLE 6.2.0
Elica 5.3
Empire Earth II
Free FLV Converter V 6.92.0
Free Video Converter V 2.92
Futuremark SystemInfo
GCalc 3
Google Chrome
Google Talk Plugin
GPBaseService2
HI-TECH C PRO for the PIC10/12/16 MCU Family V9.65PL1
HI-TECH C51-lite V9.60PL0
HI-TECH PICC lite V9.60PL0
HI-TIDE V3.15PL2
Hotfix for Microsoft Visual Studio 2010 Premium - ENU (KB2455033)
HP Photo Creations
HP Quick Launch Buttons
HP QuickWeb
HP Update
HP Webcam
HP Webcam Driver
HPPhotoGadget
HPProductAssistant
HPSSupply
IDT Audio
Intel(R) Management Engine Components
IVI Shared Components
Java 3D 1.3.1 (OpenGL) Runtime
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) 7 Update 4
Java(TM) SE Development Kit 6 Update 20
JavaFX 2.1.0
LAME v3.99.3 (for Windows)
League of Legends
LightScribe System Software
Malwarebytes Anti-Malware version 1.62.0.1300
MarketResearch
MathType 6
Memeo AutoSync
Memeo Instant Backup
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Expression Design 3
Microsoft Expression Encoder 3
Microsoft Expression Web 3
Microsoft Expression Web 3 SP1
Microsoft Office 2003 Web Components
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Project MUI (English) 2010
Microsoft Office Project Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Visio 2010
Microsoft Office Visio MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Project 2010 Service Pack 1 (SP1)
Microsoft Project Professional 2010
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Visio 2010 Service Pack 1 (SP1)
Microsoft Visio Premium 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2005 Tools for Applications - ENU
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Premium - ENU
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio Macro Tools
MiniTool Partition Wizard Home Edition 7.0
Mirror's Edge™
Mobile Broadband Generic Drivers
Mobile Mouse Server
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
National Instruments Software
NEC Electronics USB 3.0 Host Controller Driver
Nero 10 Movie ThemePack Basic
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10 VL Basic
Nero StartSmart 10 Help (CHM)
Nero Update
NetBeans IDE 6.9
NI-488.2 2.7.1
NI-488.2 Provider for MAX version 2.7.1
NI-653x Installer 1.9.0
NI-APAL Error Files 1.5.0f0
NI-DAQ C and VB6 API
NI-DAQ Document Set
NI-DAQ INF Files
NI-DAQmx - LabVIEW shared documentation
NI-DAQmx 8.9.5
NI-DAQmx Documentation
NI-DAQmx MAX Support 1.12.5
NI-DAQmx OPC Support
NI-DAQmx support for LabVIEW
NI-DAQmx Switch Core 1.15.0
NI-DCPower 1.3.1
NI-DIM 1.9.0f0
NI-DIM 1.9.0f0 for Phar Lap ETS
NI-DIO Driver 160f1
NI-DMM 3.0
NI-FGEN 2.6.3
NI-FGEN Driver 163f1
NI-FieldPoint 6.0.5
NI-FieldPoint for LabVIEW Real-Time 6.0.5
NI-HSD Driver 1.10.2f1
NI-HSDIO 1.6.1
NI-IMAQ Camera Files
NI-Intel8255x for LabVIEW Real-Time
NI-MDBG 1.9.0f0
NI-MDBG 1.9.0f0 for Phar Lap ETS
NI-MRU 2.10.1f0
NI-MXDF 1.10.0f0
NI-MXDF 1.10.0f0 for Phar Lap ETS
NI-MXEF 2.2.5
NI-MXLC Core (32-bit)
NI-MXLC LabVIEW 2009 Support
NI-ORB 1.9.3f0
NI-ORB 1.9.3f0 for Phar Lap ETS
NI-PAL 2.4.0f0 for Phar Lap ETS
NI-PAL 2.4.1f0
NI-PAL 2.4.1f0 for Phar Lap ETS
NI-RFSA 2.1.2
NI-RFSG 1.5.1
NI-RIO 3.2.0
NI-RIO 3.2.0 driver for Real-Time Embedded Targets
NI-RIO I/O Control for LabVIEW 2009
NI-RIO I/O Control for LabVIEW 8.5
NI-RIO I/O Control for LabVIEW 8.6
NI-RIO Scan Interface for Real-Time Embedded Targets
NI-RPC 4.1.0f0 for Phar Lap ETS
NI-RPC 4.1.1f0
NI-RPC 4.1.1f0 for Phar Lap ETS
NI-SCOPE 3.5.2
NI-Serial 3.3.4 for LabVIEW Real-Time
NI-Serial 3.4
NI-Serial 3.4 Help
NI-Serial 3.4 MAX Provider
NI-STE10/100A 2.1.0f2 for Phar Lap ETS
NI-STE10/100A for Phar Lap ETS
NI-SWITCH 3.8.5
NI-TClk 1.7.1
NI-TNF 1.4.4f0 for Phar Lap ETS
NI-TNR Driver
NI-VISA 4.4 for LabVIEW Real-Time
NI-VISA 4.5.1
NI-VISA 4.5.1 for LabVIEW Real-Time
NI-VISA 4.5.1 MAX Provider
NI-VISA Runtime 4.5.1
NI-VISA Server 4.5.1
NI-WatchDog 4.0 for LabVIEW Real-Time
NI-WatchDog Host 4.0
NI-WatchDog LabVIEW 9.0 Support
NI 2009 Control Design Assistant
NI AFW Channel Configuration Tool
NI AFW Custom UI
NI Assistant Framework
NI Assistant Framework LabVIEW 2009 Support
NI Assistant Framework LabVIEW Code Generator 2009
NI Calibration Provider for MAX 4.6.0
NI Certificates Deployment Support
NI Circuit Design Suite 10.1.1 Core
NI Circuit Design Suite 10.1.1 Edu Licenses
NI Circuit Design Suite 10.1.1 Education
NI CodeSignAPI
NI Common Digital 1.9.0
NI DAQ Assistant 1.10.5
NI DataSocket 4.7.0
NI DHV DCMP Installer 1.1.3f1
NI DHV GPL 108f4
NI Distributed System Manager 2009
NI DN 2.0 installer
NI DN 2.0 Language Pack installer
NI Dynamic Signal Acquisition Installer 1.13.1
NI Enhanced DSC Deployment Support 8.5
NI EULA Depot
NI Example Finder 9.0
NI FieldPoint MAX Provider
NI FlexRIO support for Real-Time Embedded Targets
NI FSL Installer 1.8.0
NI Help Assistant
NI Hierarchical Waveform Storage 1.4.7
NI IMAQ Vision for Measurement Studio Upgrade Manager
NI Instrument I/O Assistant
NI Instrument IO Assistant for LabVIEW 9.0 32
NI IVI Class Driver LabVIEW 2009 Support
NI IVI Class Drivers
NI IVI Class Simulation Drivers
NI IVI Compliance Package 4.0
NI IVI Engine
NI IVI Online Help
NI IVI Provider for MAX
NI LabVIEW 2009
NI LabVIEW 2009 Applibs
NI LabVIEW 2009 CINtools
NI LabVIEW 2009 Control Design and Simulation Module
NI LabVIEW 2009 Control Design Shared VIs
NI LabVIEW 2009 Deployment Framework
NI LabVIEW 2009 Desktop Execution Trace Toolkit
NI LabVIEW 2009 Desktop Execution Trace Toolkit LV 2009 Supp
NI LabVIEW 2009 Digital Filter Design Toolkit
NI LabVIEW 2009 Digital Filter Design Toolkit License
NI LabVIEW 2009 Digital Filter Design Toolkit RT Support
NI LabVIEW 2009 Examples
NI LabVIEW 2009 FPGA Realtime Support
NI LabVIEW 2009 gMath
NI LabVIEW 2009 Help
NI LabVIEW 2009 Help File
NI LabVIEW 2009 Instr.lib
NI LabVIEW 2009 License
NI LabVIEW 2009 Manuals
NI LabVIEW 2009 MathScript RT Module
NI LabVIEW 2009 MathScript RT Module License
NI LabVIEW 2009 MeasAppChm File
NI LabVIEW 2009 Menus
NI LabVIEW 2009 Project
NI LabVIEW 2009 Resource
NI LabVIEW 2009 Simulation
NI LabVIEW 2009 System Identification Assistant
NI LabVIEW 2009 System Identification Toolkit
NI LabVIEW 2009 System Identification Toolkit License
NI LabVIEW 2009 System Identification Toolkit VIs
NI LabVIEW 2009 Templates
NI LabVIEW 2009 User.lib
NI LabVIEW 2009 VI.lib
NI LabVIEW 2009 Web Server
NI LabVIEW 2009 WWW
NI LabVIEW 8.5.1 Real-Time cRIO 9014 Upgrade
NI LabVIEW 8.6 Real-Time LabVIEW
NI LabVIEW 8.6 Real-Time MSVS71 Support
NI LabVIEW 8.6 Real-Time Pharlap Base
NI LabVIEW 8.6 Real-Time Pharlap LabVIEW
NI LabVIEW 8.6 Real-Time Support for cRIO
NI LabVIEW 8.6 Real-Time VxWorks Base Support
NI LabVIEW 8.6 Real-Time VxWorks LabVIEW
NI LabVIEW Analog Modulation Toolkit 4.1
NI LabVIEW Broker
NI LabVIEW C Interface
NI LabVIEW Compare Utility 9.0.0
NI LabVIEW Deployable License 2009
NI LabVIEW EWB DeviceHandler 2009
NI LabVIEW MAX XML
NI LabVIEW Merge Utility 9.0.0
NI LabVIEW Modulation Toolkit 4.1
NI LabVIEW Real-Time Error Dialog
NI LabVIEW Real-Time FIFO for Runtime
NI LabVIEW Real-Time NBFifo
NI LabVIEW Run-Time Engine 2009
NI LabVIEW Run-Time Engine 7.1.1
NI LabVIEW Run-Time Engine 8.0.1
NI LabVIEW Run-Time Engine 8.2.1
NI LabVIEW Run-Time Engine 8.5.1
NI LabVIEW Run-Time Engine 8.6.1
NI LabVIEW Run-Time Engine Interop 2009
NI LabVIEW Run-Time Engine Web Services
NI LabVIEW SignalExpress 2009
NI LabVIEW SignalExpress 2009 Core
NI LabVIEW SignalExpress 2009 Core LabVIEW Support
NI LabVIEW SignalExpress 2009 Core LabVIEW90 Support
NI LabVIEW SignalExpress 2009 Datatypes
NI LabVIEW SignalExpress 2009 Datatypes LabVIEW 2009 Support
NI LabVIEW SignalExpress 2009 LabVIEW 2009 Support
NI LabVIEW SignalExpress 2009 LabVIEW Support
NI LabVIEW SignalExpress 2009 Licenses
NI LabVIEW SignalExpress 2009 Steps
NI LabVIEW SignalExpress 2009 Tools
NI LabVIEW Web Server for Run-Time Engine
NI LabVIEW Web Services Runtime
NI LabWindows/CVI 9.0.1 Run-Time Engine
NI LabWindows/CVI Code Generator
NI LabWindows/CVI DLL Builder for LabVIEW
NI License Manager
NI Logos 5.1
NI Logos LabVIEW 2009 Support
NI Logos Support for LabVIEW Real-Time
NI Logos XT Support
NI Logos XT Support for LabVIEW Real-Time
NI LVBrokerAux 8.2.1
NI LVBrokerAux 8.5.0
NI LVBrokerAux1071
NI LVBrokerAux71
NI LVBrokerAux8.0
NI Math Kernel Libraries
NI MAX LabVIEW Support 4.6.0
NI MAX Remote Configuration Installer 4.6
NI MDF Support
NI mDNS Responder 1.1.0
NI Measurement & Automation Explorer 4.6.0
NI Measurement Studio 8.1 Enterprise RunTime for VS2005
NI Measurement Studio Common .NET Assemblies for the .NET 3.5
NI Measurement Studio Common .NET Language Assemblies for the .NET Framework 2.0
NI Measurement Studio Recipe Processor
NI MetaSuite Installer
NI MIO Device Drivers 2.0.2
NI ModInst 1.5
NI MXS 4.6.0
NI MXS 4.6.0f0 for LabVIEW Real-Time
NI OCR Upgrade Manager
NI OPC Support
NI Portable Configuration 4.6.0
NI PXI Platform Framework 1.1.3
NI PXI Platform Framework 1.1.3 for Phar Lap ETS
NI PXI Platform Services 2.5.1
NI PXI Platform Services 2.5.1 Configuration Support
NI PXI Platform Services 2.5.1 Expert
NI PXI Platform Services 2.5.1 Expert for LabVIEW Real-Time
NI PXI Platform Services 2.5.1 for LabVIEW Real-Time
NI Registration Wizard
NI Remote Provider for MAX 4.6.0
NI Remote PXI Provider for MAX 4.6.0
NI Script Editor 1.3.1
NI SCXI 1.10.0
NI Service Locator
NI Software Provider for MAX 4.6.0
NI Sound and Vibration Frequency Analysis 2009
NI Sound and Vibration Frequency Analysis LabVIEW 2009 Support
NI Spy 2.7.0
NI Spy API LV90
NI SSL LabVIEW 2009 Support
NI SSL Support
NI STC 1.2.0
NI System API RT
NI System API Windows 32-bit
NI System Identification Assistant LabVIEW Support
NI System State Publisher
NI TDM Excel Add-In 2.1
NI TDMS
NI TDMS RT
NI Timing Installer 1.13.0
NI Trace Engine
NI Uninstaller
NI Update Service 1.0
NI Update Service Extras 1.0
NI USI 1.7.0
NI Variable Engine 2.3.0
NI Variable Engine LabVIEW 2009 Support
NI VC2005MSMs x86
NI VC2008MSMs x86
NI Vision .NET 2009
NI Vision .NET Run-Time Engine 2009
NI Vision 2009
NI Vision Assistant 2009
NI Vision Assistant 2009 .NET
NI Vision Builder AI 3.6.1
NI Vision Run-Time Engine 2009
NI Web Pipeline 2.0.1
NI Xalan Delay Load 1.10.1
NI Xerces Delay Load 2.7.1
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
Octoshape add-in for Adobe Flash Player
ooVoo
Pad2Pad 1.9.74
Pando Media Booster
Parallel Computing Toolkit 2.1
Pharos
PhotoView 360
Pidgin
Portal 2
Project64 1.6
QLBCASL
QuickTime
R for Windows 2.11.1
RICOH Media Driver
Scientific Viewer 5.5
Scratch
Seagate Dashboard
Search Toolbar
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Expression Design 3 (KB2667727)
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio 2010 (KB2553374) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Security Update for Microsoft Visual Studio 2010 Premium - ENU (KB2251489)
Security Update for Microsoft Visual Studio 2010 Premium - ENU (KB2644980)
Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
Skype Toolbars
Skype™ 4.2
SmartWebPrinting
SolidWorks 2010 x64 Edition SP05
SolidWorks eDrawings 2010
SolutionCenter
Status
Steam
swMSM
System Requirements Lab for Intel
TextPad 5
Toolbox
TrayApp
Truss Analysis 5.3
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VC80CRTRedist - 8.0.50727.4053
Verizon Wireless USB720-V740 Firmware Updates
Verizon Wireless USB727 Firmware Updates
VISA Shared Components 64-Bit
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 1.1.0
VZAccess Manager
WebReg
Winamp
Windows Movie Maker 2.6
WinSCP 4.3.2
Wolfram Notebook Indexer 2.0
World Community Grid - BOINC for Windows
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
7/29/2012 9:51:45 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
7/29/2012 3:51:30 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
7/29/2012 12:14:34 PM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc24690.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/29/2012 12:12:50 PM, Error: Service Control Manager [7000] - The cvintdrv service failed to start due to the following error: This driver has been blocked from loading
7/29/2012 12:12:50 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\cvintdrv.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/29/2012 11:57:43 AM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc2DAA5.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/29/2012 1:23:34 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/29/2012 1:22:31 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/29/2012 1:03:04 PM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
7/29/2012 1:03:04 PM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
7/28/2012 8:03:09 PM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc2863F.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/28/2012 7:49:04 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
7/28/2012 7:48:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/28/2012 7:48:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/28/2012 7:48:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/28/2012 7:48:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/28/2012 7:48:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/28/2012 7:48:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/28/2012 7:48:21 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx64 AvgMfx64 AvgTdiA CSC DfsC discache NetBIOS NetBT NIPALK nipbcfk nsiproxy Psched rdbss spldr sptd tdx vpcnfltr vpcvmm vwififlt Wanarpv6 WfpLwf ws2ifsl
7/28/2012 7:48:20 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/28/2012 7:48:20 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/28/2012 7:48:20 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/28/2012 7:48:20 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/28/2012 7:48:20 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/28/2012 7:48:20 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/28/2012 7:48:19 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/28/2012 7:48:19 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/28/2012 7:48:19 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
7/28/2012 7:48:19 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/28/2012 7:48:19 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/28/2012 7:48:19 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/28/2012 7:47:41 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
7/28/2012 7:20:04 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Apple Mobile Device service to connect.
7/28/2012 7:20:04 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/28/2012 7:20:02 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
7/28/2012 7:19:48 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Adobe Acrobat Update Service service to connect.
7/28/2012 7:17:46 PM, Error: Service Control Manager [7038] - The MSSQL$SQLEXPRESS service was unable to log on as NT AUTHORITY\NETWORK SERVICE with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/28/2012 7:17:46 PM, Error: Service Control Manager [7000] - The SQL Server (SQLEXPRESS) service failed to start due to the following error: The service did not start due to a logon failure.
7/28/2012 7:17:46 PM, Error: Service Control Manager [7000] - The MemeoBackgroundService service failed to start due to the following error: The pipe has been ended.
7/28/2012 7:17:43 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Intel(R) Management and Security Application Local Management Service service to connect.
7/28/2012 7:17:43 PM, Error: Service Control Manager [7000] - The Intel(R) Management and Security Application Local Management Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/28/2012 7:17:28 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the National Instruments Time Synchronization service to connect.
7/28/2012 7:17:13 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the National Instruments PSP Server Locator service to connect.
7/28/2012 7:16:57 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the LightScribeService Direct Disc Labeling Service service to connect.
7/28/2012 7:16:42 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the HP CUE DeviceDiscovery Service service to connect.
7/28/2012 7:16:42 PM, Error: Service Control Manager [7000] - The HP CUE DeviceDiscovery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/28/2012 7:16:26 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the AVG WatchDog service to connect.
7/28/2012 7:16:26 PM, Error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/28/2012 7:12:14 PM, Error: Service Control Manager [7038] - The DPS service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/28/2012 7:12:14 PM, Error: Service Control Manager [7038] - The CryptSvc service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/28/2012 7:12:14 PM, Error: Service Control Manager [7000] - The Diagnostic Policy Service service failed to start due to the following error: The service did not start due to a logon failure.
7/28/2012 7:12:14 PM, Error: Service Control Manager [7000] - The Cryptographic Services service failed to start due to the following error: The service did not start due to a logon failure.
7/28/2012 7:12:14 PM, Error: Service Control Manager [7000] - The Certificate Propagation service failed to start due to the following error: A system shutdown is in progress.
7/28/2012 7:12:14 PM, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The pipe has been ended.
7/28/2012 6:56:51 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the hpqwmiex service to connect.
7/28/2012 6:56:51 PM, Error: Service Control Manager [7000] - The hpqwmiex service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/28/2012 6:53:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}
7/28/2012 6:53:13 PM, Error: Service Control Manager [7001] - The Intel(R) Management & Security Application User Notification Service service depends on the Intel(R) Management and Security Application Local Management Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
7/28/2012 6:53:12 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Nero Update service to connect.
7/28/2012 6:53:12 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
7/28/2012 6:51:11 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Seagate Dashboard Service service to connect.
7/28/2012 6:51:11 PM, Error: Service Control Manager [7000] - The Seagate Dashboard Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/28/2012 6:50:56 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the rpcnetp service to connect.
7/28/2012 6:50:56 PM, Error: Service Control Manager [7000] - The rpcnetp service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/28/2012 6:50:41 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Remote Procedure Call (RPC) Net service to connect.
7/28/2012 6:50:41 PM, Error: Service Control Manager [7000] - The Remote Procedure Call (RPC) Net service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/28/2012 6:50:26 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Pharos Systems ComTaskMaster service to connect.
7/28/2012 6:50:26 PM, Error: Service Control Manager [7000] - The Pharos Systems ComTaskMaster service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/28/2012 6:50:10 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the NI Service Locator service to connect.
7/28/2012 6:49:55 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the National Instruments Domain Service service to connect.
7/28/2012 6:49:55 PM, Error: Service Control Manager [7001] - The NI PXI Resource Manager service depends on the NI Configuration Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
7/28/2012 6:49:40 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the NI-488.2 Enumeration Service service to connect.
7/28/2012 6:49:40 PM, Error: Service Control Manager [7001] - The NI Device Loader service depends on the NI Configuration Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
7/28/2012 6:49:40 PM, Error: Service Control Manager [7000] - The NI-488.2 Enumeration Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/28/2012 6:49:25 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the NI Configuration Manager service to connect.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7001] - The World Wide Web Publishing Service service depends on the Windows Process Activation Service service which failed to start because of the following error: The system cannot find the path specified.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: The system cannot find the path specified.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Windows Management Instrumentation service which failed to start because of the following error: The system cannot find the path specified.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: The dependency service or group failed to start.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The Windows Process Activation Service service failed to start due to the following error: The system cannot find the path specified.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The system cannot find the path specified.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The Telephony service failed to start due to the following error: The system cannot find the path specified.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The TCP/IP Registry Compatibility service failed to start due to the following error: The media is write protected.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The SQL Server VSS Writer service failed to start due to the following error: The system cannot find the path specified.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The Security Driver service failed to start due to the following error: The media is write protected.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The Secure Socket Tunneling Protocol Service service failed to start due to the following error: The system cannot find the path specified.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The Secondary Logon service failed to start due to the following error: The system cannot find the path specified.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The Seagate Dashboard Service service failed to start due to the following error: The system cannot find the path specified.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The rpcnetp service failed to start due to the following error: The system cannot find the path specified.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The Remote Procedure Call (RPC) Net service failed to start due to the following error: The system cannot find the path specified.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The Program Compatibility Assistant Service service failed to start due to the following error: The system cannot find the path specified.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The system cannot find the path specified.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The Pharos Systems ComTaskMaster service failed to start due to the following error: The system cannot find the path specified.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The PEAUTH service failed to start due to the following error: The media is write protected.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The NI PXI Resource Manager service failed to start due to the following error: The media is write protected.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The NI-VISA PXI Driver service failed to start due to the following error: The media is write protected.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The Network Location Awareness service failed to start due to the following error: The system cannot find the path specified.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The system cannot find the path specified.
7/28/2012 6:27:23 PM, Error: Service Control Manager [7000] - The Distributed Link Tracking Client service failed to start due to the following error: The system cannot find the path specified.
7/28/2012 2:44:18 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
7/27/2012 7:18:08 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
7/27/2012 6:05:45 PM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc2C2F0.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/26/2012 6:05:59 PM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc2C199.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/25/2012 8:57:35 PM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc25D9.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/25/2012 8:55:42 PM, Error: Service Control Manager [7022] - The Audio Service service hung on starting.
7/24/2012 7:20:13 PM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc2928E.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/24/2012 6:05:32 PM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc2B395.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/23/2012 7:35:43 PM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc2CFFB.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================================

Never run Combofix on your own!

============================================

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

===========================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Wow, wasn't expecting an answer so soon, I really appreciate this. Here's the logs:

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: mburns [Admin rights]
Mode: Scan -- Date: 07/29/2012 23:16:34

¤¤¤ Bad processes: 1 ¤¤¤
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 5 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : c:\windows\installer\{42a20c13-7b7a-d9b4-448a-5855ff432868}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{42a20c13-7b7a-d9b4-448a-5855ff432868}\L --> FOUND
[ZeroAccess][FILE] @ : c:\users\class2014\appdata\local\{42a20c13-7b7a-d9b4-448a-5855ff432868}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\users\class2014\appdata\local\{42a20c13-7b7a-d9b4-448a-5855ff432868}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\users\class2014\appdata\local\{42a20c13-7b7a-d9b4-448a-5855ff432868}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500420AS ATA Device +++++
--- User ---
[MBR] 100fe8340e9e7fb52f6b6d27dd001a51
[BSP] ca0a18c02b5622e4126dc0532bff4694 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1052 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2156544 | Size: 468816 Mo
2 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 962291712 | Size: 7070 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] f371def9e24b8d101909320ef20fdead
[BSP] ca0a18c02b5622e4126dc0532bff4694 : Windows 7 MBR Code
Partition table:
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1052 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2156544 | Size: 468816 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 962291712 | Size: 7070 Mo

+++++ PhysicalDrive1: Generic Flash Disk USB Device +++++
--- User ---
[MBR] f4f44b73dbe886ac34bee13d0b4ca68c
[BSP] 650f0735156de32a923a3bcdf7cea1c8 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 1544 | Size: 929 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

-------------------------------------------------------------------------------------------------------------------------------

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-29 23:16:57
-----------------------------
23:16:57.717 OS Version: Windows x64 6.1.7600
23:16:57.717 Number of processors: 8 586 0x1E05
23:16:57.718 ComputerName: K563 UserName:
23:17:00.548 Initialize success
23:20:23.311 AVAST engine defs: 12072901
23:20:43.409 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:20:43.413 Disk 0 Vendor: ST9500420AS 0006HPM1 Size: 476940MB BusType: 11
23:20:43.418 Device \Driver\atapi -> MajorFunction fffffa80053855e8
23:20:43.423 Disk 0 MBR read successfully
23:20:43.428 Disk 0 MBR scan
23:20:43.435 Disk 0 Windows 7 default MBR code
23:20:43.441 Disk 0 MBR hidden
23:20:43.473 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1052 MB offset 2048
23:20:43.486 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 468816 MB offset 2156544
23:20:43.524 Disk 0 Partition 3 00 0C FAT32 LBA MSDOS5.0 7070 MB offset 962291712
23:20:43.587 Disk 0 scanning C:\Windows\system32\drivers
23:21:03.707 Service scanning
23:21:41.391 Modules scanning
23:21:41.407 Disk 0 trace - called modules:
23:21:41.418 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys >>UNKNOWN [0xfffffa80053855e8]<<
23:21:41.427 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004fa8060]
23:21:41.436 3 CLASSPNP.SYS[fffff88001bb943f] -> nt!IofCallDriver -> [0xfffffa8004e0bb10]
23:21:41.445 5 hpdskflt.sys[fffff88001b602bd] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004c8d060]
23:21:41.454 \Driver\atapi[0xfffffa8004fa7e70] -> IRP_MJ_CREATE -> 0xfffffa80053855e8
23:21:44.431 AVAST engine scan C:\Windows
23:21:49.003 AVAST engine scan C:\Windows\system32
23:24:10.996 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
23:24:18.632 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
23:26:56.860 AVAST engine scan C:\Windows\system32\drivers
23:27:37.867 AVAST engine scan C:\Users\Class2014
23:44:00.383 AVAST engine scan C:\ProgramData
23:48:17.090 Scan finished successfully
23:55:28.388 Disk 0 MBR has been saved successfully to "C:\Users\Class2014\Desktop\MBR.dat"
23:55:28.397 The log file has been saved successfully to "C:\Users\Class2014\Desktop\aswMBR.txt"
 
For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Next...

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.

I'll expect two logs:
- FRST.txt
- Search.txt
 
Sorry, I have a university-issued laptop and they didn't include an installation disk. I tried getting to system recovery through advanced options but apparently I need the disk for that method too.

Just as a quick update: On start-up today I wasn't able to run any programs and my active processes had dropped from around 100 to about 55. It went away after a reboot but definitely should be mentioned.
 
You're infected with ZeroAccess rootkit and it's serious.

I tried getting to system recovery through advanced options but apparently I need the disk for that method too
Click to expand...
You shouldn't need Windows 7 DVD.
At what exact point are you stuck?
 
I get stuck right after selecting 'Repair Your Computer' in the Advanced Boot Options instructions
 
After selecting Repair Your Computer under Advanced Boot Options I get a message that's pretty much in the same style as the menus:

"Windows failed to start. A recent hardware or software change might be the cause. To fix the problem:

1. Insert your windows installation disc and restart your computer.
2. Choose your language settings, and then click "Next."
3. Click "Repair your computer."

If you do not have this disc, contact your system administrator or computer manufacturer for assistance.

Status: 0xc000000e
Info: The boot selection failed because a required device is inaccessible."

Enter to continue, esc to exit
 
Alright, I've got to pick up blank DVDs tomorrow. Just for clarity I'm assuming you want me follow "How to Create and Make Bootable Windows 7 ISO from EXE Plus Setup1.Box and Setup2.Box Files?"

Is this DVD just to get through the last set of instructions you gave or is it for a fresh reinstall? If it's the latter I'd rather drop off my laptop at the school's tech center and have them take care of it since there's a lot of software they loaded it with. However, if it's just so we can move on with a fix I'll gladly go ahead with it.

Thanks for the help so far
 
Just for clarity I'm assuming you want me follow "How to Create and Make Bootable Windows 7 ISO from EXE Plus Setup1.Box and Setup2.Box Files?"
Click to expand...
Yes.

That DVD will allow you use method #2:
To enter System Recovery Options by using Windows installation disc:
Click to expand...
 
FRST.txt:

Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 31-07-2012 22:07:17
Running from I:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2095912 2010-05-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-11-18] (IDT, Inc.)
HKLM\...\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet [1875048 2010-07-07] ()
HKLM-x32\...\Run: [NUSB3MON] "c:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [106496 2009-11-20] (NEC Electronics Corporation)
HKLM-x32\...\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [111640 2009-11-04] ()
HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe [2077536 2012-01-26] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKU\Administrator\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-06-17] (Hewlett-Packard Company)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Tcpip\Parameters: [DhcpNameServer] 167.206.245.129 167.206.245.130
AppInit_DLLs: C:\Windows\System32\avgrssta.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Air Mouse.lnk
ShortcutTarget: Air Mouse.lnk -> C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe ()

==================== Services (Whitelisted) ======

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
2 avg9wd; "C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe" [308136 2010-07-22] (AVG Technologies CZ, s.r.o.)
3 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2008-10-31] (National Instruments, Inc.)
2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [42544 2009-06-18] (National Instruments Corporation)
2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [53296 2009-06-18] (National Instruments Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 MSSQL$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [57617752 2009-03-30] (Microsoft Corporation)
2 mxssvr; "C:\Program Files (x86)\National Instruments\MAX\nimxs.exe" [12696 2009-06-15] (National Instruments Corporation)
2 ni488enumsvc; C:\Windows\SysWOW64\nipalsm.exe [12696 2008-08-21] (National Instruments Corporation)
2 nidevldu; C:\Windows\SysWOW64\nipalsm.exe [12696 2008-08-21] (National Instruments Corporation)
2 NIDomainService; "C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe" [356912 2009-06-18] (National Instruments Corporation)
4 NILM License Manager; "C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe" [1007616 2009-06-26] (Macrovision Corporation)
2 niLXIDiscovery; "C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe" [131704 2009-03-05] (National Instruments Corporation)
2 nimDNSResponder; "C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe" [193648 2009-06-04] (National Instruments Corporation)
2 nipxirmu; C:\Windows\SysWOW64\nipalsm.exe [12696 2008-08-21] (National Instruments Corporation)
3 NiRioRpc; C:\Windows\SysWOW64\NiRioRpc.exe [28744 2009-06-22] (National Instruments Corporation)
2 niSvcLoc; C:\Windows\SysWOW64\nisvcloc.exe -s [13896 2009-06-04] (National Instruments Corporation)
2 NITaggerService; "C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe" [740968 2009-06-23] (National Instruments Corporation)
2 NVIDIA Performance Driver Service; "C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe" [6810728 2009-12-08] ()
3 OpcEnum; C:\Windows\SysWOW64\OpcEnum.exe [98304 2007-05-09] (OPC Foundation)
2 Pharos Systems ComTaskMaster; "C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe" [290816 2008-05-16] (Pharos Systems International)
4 SQLAgent$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -I SQLEXPRESS [427880 2009-03-30] (Microsoft Corporation)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\STacSV64.exe [244224 2009-11-18] (IDT, Inc.)
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2320920 2009-11-04] (Intel Corporation)
2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [451072 2009-07-13] (Microsoft Corporation)
2 W3SVC; C:\Windows\SysWow64\inetsrv\iisw3adm.dll [396288 2009-07-13] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

1 AvgLdx64; C:\Windows\System32\Drivers\AvgLdx64.sys [269904 2010-07-22] (AVG Technologies CZ, s.r.o.)
1 AvgMfx64; C:\Windows\System32\Drivers\AvgMfx64.sys [35664 2011-09-12] (AVG Technologies CZ, s.r.o.)
0 AvgRkx64; C:\Windows\System32\Drivers\AvgRkx64.sys [56008 2010-07-19] (AVG Technologies CZ, s.r.o.)
1 AvgTdiA; C:\Windows\System32\Drivers\AvgTdiA.sys [317520 2011-05-05] (AVG Technologies CZ, s.r.o.)
3 cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2009-12-18] ()
2 cvintdrv; C:\Windows\SysWow64\Drivers\cvintdrv.sys [4096 2005-10-18] ()
3 e1kexpress; C:\Windows\System32\DRIVERS\e1k62x64.sys [283824 2009-09-23] (Intel Corporation)
3 FTDIBUS; C:\Windows\System32\Drivers\FTDIBUS.sys [74376 2011-03-18] (FTDI Ltd.)
3 FTSER2K; C:\Windows\System32\Drivers\FTSER2K.sys [85384 2011-03-18] (FTDI Ltd.)
3 lvalarmk; C:\Windows\System32\Drivers\lvalarmk.sys [25224 2008-12-05] (National Instruments Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 ni1006k; C:\Windows\System32\Drivers\ni1006k.sys [30800 2009-04-01] (National Instruments Corporation)
3 ni1045k; \??\C:\Windows\system32\drivers\ni1045kl.sys [11856 2009-06-17] (National Instruments Corporation)
3 ni1065k; C:\Windows\System32\Drivers\ni1065k.sys [26704 2009-04-01] (National Instruments Corporation)
3 ni488lock; C:\Windows\System32\Drivers\ni488lock.sys [18504 2009-01-28] (National Instruments Corporation)
3 nicdrk; \??\C:\Windows\system32\drivers\nicdrkl.sys [11864 2009-01-02] (National Instruments Corporation)
3 nicsrk; \??\C:\Windows\system32\drivers\nicsrkl.sys [11848 2009-05-28] (National Instruments Corporation)
3 nidimk; \??\C:\Windows\system32\drivers\nidimkl.sys [11872 2008-06-13] (National Instruments Corporation)
3 nidmxfk; \??\C:\Windows\system32\drivers\nidmxfkl.sys [11848 2009-06-16] (National Instruments Corporation)
3 nidsark; \??\C:\Windows\system32\drivers\nidsarkl.sys [11856 2009-06-17] (National Instruments Corporation)
3 nidwgk; \??\C:\Windows\system32\drivers\nidwgkl.sys [11872 2009-05-27] (National Instruments Corporation)
3 niemrk; \??\C:\Windows\system32\drivers\niemrkl.sys [11848 2009-05-28] (National Instruments Corporation)
3 niemrkw; C:\Windows\System32\Drivers\niemrkw.sys [11336 2009-05-28] (National Instruments Corporation)
3 niesrk; \??\C:\Windows\system32\drivers\niesrkl.sys [11848 2009-05-28] (National Instruments Corporation)
3 nifslk; \??\C:\Windows\system32\drivers\nifslkl.sys [11864 2009-01-06] (National Instruments Corporation)
3 nigplk; \??\C:\Windows\system32\drivers\nigplkl.sys [12152 2009-06-17] (National Instruments Corporation)
3 nihsdrk; \??\C:\Windows\system32\drivers\nihsdrkl.sys [11864 2009-04-08] (National Instruments Corporation)
3 nimdbgk; \??\C:\Windows\system32\drivers\nimdbgkl.sys [11872 2008-06-13] (National Instruments Corporation)
3 nimru2k; \??\C:\Windows\system32\drivers\nimru2kl.sys [11872 2008-11-23] (National Instruments Corporation)
3 nimsdrk; \??\C:\Windows\system32\drivers\nimsdrkl.sys [11904 2008-12-29] (National Instruments Corporation)
3 nimstsk; \??\C:\Windows\system32\drivers\nimstskl.sys [11872 2008-12-29] (National Instruments Corporation)
3 nimxdfk; \??\C:\Windows\system32\drivers\nimxdfkl.sys [11856 2008-06-13] (National Instruments Corporation)
3 nimxpk; \??\C:\Windows\system32\drivers\nimxpkl.sys [11880 2009-06-16] (National Instruments Corporation)
3 ninshsdk; \??\C:\Windows\system32\drivers\ninshsdkl.sys [11872 2009-03-30] (National Instruments Corporation)
3 niorbk; \??\C:\Windows\system32\drivers\niorbkl.sys [11856 2009-06-14] (National Instruments Corporation)
3 nipalfwedl; C:\Windows\System32\Drivers\nipalfwedl.sys [12928 2009-05-26] (National Instruments Corporation)
0 NIPALK; C:\Windows\System32\Drivers\NIPALK.sys [883288 2009-05-26] (National Instruments Corporation)
3 nipalusbedl; C:\Windows\System32\Drivers\nipalusbedl.sys [12920 2009-05-26] (National Instruments Corporation)
0 nipbcfk; C:\Windows\System32\Drivers\nipbcfk.sys [16472 2008-08-21] (National Instruments Corporation)
3 nipsdk; \??\C:\Windows\system32\drivers\nipsdkl.sys [11904 2009-06-11] (National Instruments Corporation)
3 nipxigpk; C:\Windows\System32\Drivers\nipxigpk.sys [22104 2008-06-25] (National Instruments Corporation)
2 nipxirmk; \??\C:\Windows\system32\drivers\nipxirmkl.sys [11856 2009-06-04] (National Instruments Corporation)
3 niRFSA2k; \??\C:\Windows\system32\drivers\niRFSA2kl.sys [11840 2009-06-01] (National Instruments Corporation)
3 niRFSGk; \??\C:\Windows\system32\drivers\niRFSGkl.sys [11840 2009-04-27] (National Instruments Corporation)
3 niscdk; \??\C:\Windows\system32\drivers\niscdkl.sys [11888 2009-01-05] (National Instruments Corporation)
3 nisdigk; \??\C:\Windows\system32\drivers\nisdigkl.sys [11864 2009-02-05] (National Instruments Corporation)
3 nisftk; \??\C:\Windows\system32\drivers\nisftkl.sys [11856 2009-03-30] (National Instruments Corporation)
3 nisldk; \??\C:\Windows\system32\drivers\nisldkl.sys [11856 2009-06-17] (National Instruments Corporation)
3 nispdk; \??\C:\Windows\system32\drivers\nispdkl.sys [11888 2009-01-05] (National Instruments Corporation)
3 nisrcdk; \??\C:\Windows\system32\drivers\nisrcdkl.sys [11864 2009-06-26] (National Instruments Corporation)
3 nissrk; \??\C:\Windows\system32\drivers\nissrkl.sys [11848 2009-05-28] (National Instruments Corporation)
3 nistc2k; \??\C:\Windows\system32\drivers\nistc2kl.sys [11824 2009-01-02] (National Instruments Corporation)
3 nistcrk; \??\C:\Windows\system32\drivers\nistcrkl.sys [11872 2009-01-02] (National Instruments Corporation)
3 niswdk; \??\C:\Windows\system32\drivers\niswdkl.sys [11848 2008-07-28] (National Instruments Corporation)
3 nitiork; \??\C:\Windows\system32\drivers\nitiorkl.sys [11872 2009-01-02] (National Instruments Corporation)
3 nitnr2k; \??\C:\Windows\system32\drivers\nitnr2kl.sys [11840 2009-04-10] (National Instruments Corporation)
3 niufurk; \??\C:\Windows\system32\drivers\niufurkl.sys [11880 2009-05-28] (National Instruments Corporation)
3 NiViFWK; C:\Windows\System32\Drivers\NiViFWK.sys [39544 2009-03-05] (National Instruments Corporation)
3 NiViPciK; C:\Windows\System32\Drivers\NiViPciK.sys [91744 2009-06-21] (National Instruments Corporation)
2 NiViPxiK; C:\Windows\System32\Drivers\NiViPxiK.sys [44640 2009-06-21] (National Instruments Corporation)
3 niwdk; C:\Windows\SysWow64\Drivers\niwdk.sys [27744 2009-06-16] (National Instruments Corporation)
3 niwfrk; \??\C:\Windows\system32\drivers\niwfrkl.sys [11848 2009-05-28] (National Instruments Corporation)
3 nixsrk; \??\C:\Windows\system32\drivers\nixsrkl.sys [11848 2009-05-28] (National Instruments Corporation)
3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213376 2009-06-03] (Novatel Wireless Inc.)
3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213376 2009-06-03] (Novatel Wireless Inc.)
3 pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [19936 2011-09-02] ()
3 pwdspio; \??\C:\Windows\system32\pwdspio.sys [13280 2011-09-02] ()
3 rismcx64; C:\Windows\System32\Drivers\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
3 SMSIVZAM5X64; \??\C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [43032 2009-05-25] (Smith Micro Inc.)
3 SNP2UVC; C:\Windows\System32\Drivers\SNP2UVC.sys [1805104 2009-09-17] ()
0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-08-28] (Duplex Secure Ltd.)
3 ALSysIO; \??\C:\Users\CLASS2~1\AppData\Local\Temp\ALSysIO64.sys [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 cpuz130; \??\C:\Users\CLASS2~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
4 mchInjDrv; \??\C:\Windows\TEMP\mc29230.tmp [x]
3 usb6xxxk; \??\C:\Windows\system32\drivers\usb6xxxkl.sys [x]
3 X6va003; \??\C:\Users\CLASS2~1\AppData\Local\Temp\003302D.tmp [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-31 15:20 - 2012-07-31 15:18 - 3224686592 ____A C:\Users\Class2014\Desktop\X15-65805.iso
2012-07-31 14:50 - 2012-07-31 15:18 - 3224686592 ____A C:\Users\Class2014\Downloads\X15-65805.iso
2012-07-30 16:27 - 2012-07-30 16:27 - 00009008 __RSH C:\Users\All Users\3002.abs
2012-07-29 19:55 - 2012-07-29 19:55 - 00002414 ____A C:\Users\Class2014\Desktop\aswMBR.txt
2012-07-29 19:55 - 2012-07-29 19:55 - 00000512 ____A C:\Users\Class2014\Desktop\MBR.dat
2012-07-29 19:16 - 2012-07-29 19:16 - 00002992 ____A C:\Users\Class2014\Desktop\RKreport[3].txt
2012-07-29 19:15 - 2012-07-29 19:15 - 04731392 ____A (AVAST Software) C:\Users\Class2014\Desktop\aswMBR.exe
2012-07-29 19:13 - 2012-07-29 19:13 - 00002974 ____A C:\Users\Class2014\Desktop\RKreport[2].txt
2012-07-29 19:12 - 2012-07-29 19:12 - 00002956 ____A C:\Users\Class2014\Desktop\RKreport[1].txt
2012-07-29 19:11 - 2012-07-29 19:12 - 00000000 ____D C:\Users\Class2014\Desktop\RK_Quarantine
2012-07-29 19:10 - 2012-07-29 19:10 - 01552384 ____A C:\Users\Class2014\Desktop\RogueKiller.exe
2012-07-29 17:49 - 2012-07-29 17:49 - 00607260 ____R (Swearware) C:\Users\Class2014\Desktop\dds.scr
2012-07-29 17:46 - 2012-07-29 17:46 - 00187610 ____A C:\Users\Class2014\Desktop\Rootkit Log.log
2012-07-29 15:59 - 2012-07-29 15:59 - 00302592 ____A C:\Users\Class2014\Desktop\zcw1x2vh.exe
2012-07-29 15:58 - 2009-07-13 17:14 - 00020480 ____N (Microsoft Corporation) C:\Windows\svchost.exe
2012-07-29 09:30 - 2012-07-29 09:30 - 00025842 ____A C:\ComboFix.txt
2012-07-29 09:03 - 2012-07-29 09:30 - 00000000 ___AD C:\Qoobox
2012-07-29 09:03 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-07-29 09:03 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-07-29 09:03 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-07-29 09:03 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-07-29 09:03 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-07-29 09:03 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-07-29 09:03 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-07-29 09:03 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-07-29 08:57 - 2012-07-29 08:57 - 04721417 ____A (Swearware) C:\Users\Class2014\Downloads\ComboFix.exe
2012-07-29 08:00 - 2012-07-29 08:00 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-29 08:00 - 2012-07-29 08:00 - 00000000 ____D C:\Users\Class2014\AppData\Roaming\Malwarebytes
2012-07-29 08:00 - 2012-07-29 08:00 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-29 08:00 - 2012-07-29 08:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-29 08:00 - 2012-07-03 09:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-28 16:05 - 2012-07-28 16:05 - 00000496 ____A C:\rkill.log
2012-07-18 13:51 - 2012-07-18 13:51 - 01047240 ____A C:\Windows\Minidump\071812-30997-01.dmp
2012-07-15 17:59 - 2012-07-29 09:02 - 00000000 ____D C:\Windows\erdnt
2012-07-15 11:49 - 2012-07-15 11:49 - 00000000 ____D C:\Users\Administrator\AppData\Local\AirMouse
2012-07-14 11:50 - 2012-07-14 11:50 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-14 11:33 - 2012-07-14 11:33 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-11 20:22 - 2012-06-11 19:02 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 03:12 - 2012-07-11 03:15 - 00000000 ____D C:\8ca979b7f09b658e9dc76c61d1
2012-07-11 03:11 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 03:11 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 03:11 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 03:11 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 03:11 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 03:11 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 03:11 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 03:11 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 03:11 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 03:11 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 03:11 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 03:11 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 03:11 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 03:11 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 03:11 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 03:11 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 03:11 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 03:11 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 03:11 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 03:11 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 03:11 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 03:11 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 03:11 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 03:11 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 03:11 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 03:11 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 03:11 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 03:11 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-11 03:10 - 2012-06-05 21:50 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 03:10 - 2012-06-05 21:50 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 03:10 - 2012-06-05 21:09 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-11 03:10 - 2012-06-05 21:09 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-11 03:09 - 2012-06-08 21:30 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 03:09 - 2012-06-08 20:46 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-11 03:09 - 2012-06-01 21:38 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-11 03:09 - 2012-06-01 21:38 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 03:09 - 2012-06-01 21:37 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-11 03:09 - 2012-06-01 21:27 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 03:09 - 2012-06-01 21:27 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 03:09 - 2012-06-01 20:48 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-11 03:09 - 2012-06-01 20:48 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-11 03:09 - 2012-06-01 20:47 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-11 03:09 - 2012-06-01 20:42 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-11 03:09 - 2012-04-23 21:59 - 01460224 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-07-11 03:09 - 2012-04-23 21:59 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-07-11 03:09 - 2012-04-23 21:59 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-07-11 03:09 - 2012-04-23 20:47 - 01156608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-07-11 03:09 - 2012-04-23 20:47 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-07-11 03:09 - 2012-04-23 20:47 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-07-10 17:55 - 2012-07-10 17:55 - 00000000 ____D C:\Users\Class2014\Documents\Semester 4
2012-07-07 11:11 - 2012-07-07 11:12 - 00000000 ____D C:\Users\Class2014\Documents\eagle
2012-07-07 11:11 - 2012-07-07 11:11 - 00001075 ____A C:\Users\Class2014\Desktop\EAGLE 6.2.0.lnk
2012-07-07 11:10 - 2012-07-07 11:10 - 00000000 ____D C:\Users\Class2014\AppData\Roaming\CadSoft
2012-07-07 11:10 - 2012-07-07 11:10 - 00000000 ____D C:\Program Files (x86)\EAGLE-6.2.0
2012-07-07 11:09 - 2012-07-07 11:09 - 43585536 ____A C:\Users\Class2014\Downloads\eagle-win-6.2.0.exe


============ 3 Months Modified Files ========================

2012-07-31 17:43 - 2012-02-18 20:07 - 00589824 ____A C:\Windows\System32\Ikeext.etl
2012-07-31 17:43 - 2010-08-23 20:07 - 00000866 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1273285964-1369492898-2689800442-1000Core.job
2012-07-31 17:43 - 2010-07-07 10:43 - 01071530 ____A C:\Windows\WindowsUpdate.log
2012-07-31 17:40 - 2010-08-23 20:07 - 00000918 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1273285964-1369492898-2689800442-1000UA.job
2012-07-31 17:39 - 2010-12-09 06:31 - 00017920 ____A C:\Windows\System32\rpcnetp.exe
2012-07-31 15:18 - 2012-07-31 15:20 - 3224686592 ____A C:\Users\Class2014\Desktop\X15-65805.iso
2012-07-31 15:18 - 2012-07-31 14:50 - 3224686592 ____A C:\Users\Class2014\Downloads\X15-65805.iso
2012-07-31 14:54 - 2009-07-13 20:45 - 00014976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-31 14:54 - 2009-07-13 20:45 - 00014976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-31 14:25 - 2009-07-13 21:13 - 00918646 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-31 14:20 - 2009-07-13 20:51 - 00162546 ____A C:\Windows\setupact.log
2012-07-31 14:17 - 2010-08-05 12:04 - 00058288 ____A (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
2012-07-31 14:17 - 2010-08-05 09:45 - 00017920 ____A C:\Windows\SysWOW64\rpcnetp.dll
2012-07-31 14:17 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-31 14:14 - 2010-12-09 06:31 - 00017920 ____A C:\Windows\SysWOW64\rpcnetp.exe
2012-07-30 17:49 - 2011-03-17 09:39 - 00000000 ____A C:\Users\Class2014\AppData\Local\prvlcl.dat
2012-07-30 17:40 - 2010-08-23 20:08 - 00002469 ____A C:\Users\Class2014\Desktop\Google Chrome.lnk
2012-07-30 17:29 - 2010-08-05 12:04 - 00058288 ____N (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
2012-07-30 17:29 - 2010-08-05 12:04 - 00013160 ____A (Absolute Software Corp.) C:\Windows\SysWOW64\Upgrd.exe
2012-07-30 16:27 - 2012-07-30 16:27 - 00009008 __RSH C:\Users\All Users\3002.abs
2012-07-30 16:24 - 2010-07-08 09:29 - 00080986 ____A C:\Windows\PFRO.log
2012-07-29 19:55 - 2012-07-29 19:55 - 00002414 ____A C:\Users\Class2014\Desktop\aswMBR.txt
2012-07-29 19:55 - 2012-07-29 19:55 - 00000512 ____A C:\Users\Class2014\Desktop\MBR.dat
2012-07-29 19:16 - 2012-07-29 19:16 - 00002992 ____A C:\Users\Class2014\Desktop\RKreport[3].txt
2012-07-29 19:15 - 2012-07-29 19:15 - 04731392 ____A (AVAST Software) C:\Users\Class2014\Desktop\aswMBR.exe
2012-07-29 19:13 - 2012-07-29 19:13 - 00002974 ____A C:\Users\Class2014\Desktop\RKreport[2].txt
2012-07-29 19:12 - 2012-07-29 19:12 - 00002956 ____A C:\Users\Class2014\Desktop\RKreport[1].txt
2012-07-29 19:10 - 2012-07-29 19:10 - 01552384 ____A C:\Users\Class2014\Desktop\RogueKiller.exe
2012-07-29 17:49 - 2012-07-29 17:49 - 00607260 ____R (Swearware) C:\Users\Class2014\Desktop\dds.scr
2012-07-29 17:46 - 2012-07-29 17:46 - 00187610 ____A C:\Users\Class2014\Desktop\Rootkit Log.log
2012-07-29 15:59 - 2012-07-29 15:59 - 00302592 ____A C:\Users\Class2014\Desktop\zcw1x2vh.exe
2012-07-29 09:30 - 2012-07-29 09:30 - 00025842 ____A C:\ComboFix.txt
2012-07-29 09:23 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-07-29 08:57 - 2012-07-29 08:57 - 04721417 ____A (Swearware) C:\Users\Class2014\Downloads\ComboFix.exe
2012-07-29 08:00 - 2012-07-29 08:00 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-28 16:05 - 2012-07-28 16:05 - 00000496 ____A C:\rkill.log
2012-07-18 13:51 - 2012-07-18 13:51 - 01047240 ____A C:\Windows\Minidump\071812-30997-01.dmp
2012-07-18 13:50 - 2010-07-26 06:20 - 722934899 ____A C:\Windows\MEMORY.DMP
2012-07-15 11:33 - 2011-03-09 21:24 - 00135928 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-14 11:33 - 2012-07-14 11:33 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-14 11:33 - 2012-01-04 18:45 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-12 14:08 - 2009-07-13 20:45 - 00479424 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 03:13 - 2010-07-08 09:42 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-07 11:11 - 2012-07-07 11:11 - 00001075 ____A C:\Users\Class2014\Desktop\EAGLE 6.2.0.lnk
2012-07-07 11:09 - 2012-07-07 11:09 - 43585536 ____A C:\Users\Class2014\Downloads\eagle-win-6.2.0.exe
2012-07-03 09:46 - 2012-07-29 08:00 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-21 19:33 - 2009-07-13 21:08 - 00032560 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-11 19:02 - 2012-07-11 20:22 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:30 - 2012-07-11 03:09 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:46 - 2012-07-11 03:09 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 21:50 - 2012-07-11 03:10 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:50 - 2012-07-11 03:10 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:09 - 2012-07-11 03:10 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:09 - 2012-07-11 03:10 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-02 14:19 - 2012-06-24 09:10 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-24 09:10 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-24 09:10 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-24 09:09 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-24 09:09 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-24 09:10 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-24 09:09 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-24 09:09 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-24 09:09 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 06:18 - 2012-06-02 06:17 - 00291688 ____A C:\Windows\Minidump\060212-53929-01.dmp
2012-06-02 04:49 - 2012-07-11 03:11 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-11 03:11 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-11 03:11 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-11 03:11 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-11 03:11 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-11 03:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-11 03:11 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-11 03:11 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-11 03:11 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-11 03:11 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-11 03:11 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-11 03:11 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-11 03:11 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-11 03:11 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-11 03:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-11 03:11 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-11 03:11 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-11 03:11 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-11 03:11 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 03:11 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-11 03:11 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-11 03:11 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 03:11 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 03:11 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-11 03:11 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-11 03:11 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 03:11 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 03:11 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:38 - 2012-07-11 03:09 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:38 - 2012-07-11 03:09 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:37 - 2012-07-11 03:09 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:27 - 2012-07-11 03:09 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:27 - 2012-07-11 03:09 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:48 - 2012-07-11 03:09 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:48 - 2012-07-11 03:09 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:47 - 2012-07-11 03:09 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:42 - 2012-07-11 03:09 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-24 19:25 - 2012-05-24 19:25 - 00001279 ____A C:\Users\Class2014\Desktop\Minecraft.lnk
2012-05-24 19:11 - 2011-12-11 14:39 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-05-24 19:11 - 2011-12-11 14:39 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-05-24 19:09 - 2012-05-24 19:09 - 00892360 ____A (Oracle Corporation) C:\Users\Class2014\Downloads\chromeinstall-7u4.exe
2012-05-24 17:12 - 2012-05-24 17:12 - 00892360 ____A (Oracle Corporation) C:\Users\Class2014\Downloads\jxpiinstall.exe
2012-05-20 05:37 - 2012-05-20 05:36 - 01047240 ____A C:\Windows\Minidump\052012-88499-01.dmp
2012-05-17 10:12 - 2012-05-17 10:11 - 01080584 ____A C:\Windows\Minidump\051712-55536-01.dmp
2012-05-12 18:51 - 2012-05-12 18:51 - 00000893 ____A C:\Users\Public\Desktop\Pad2Pad.lnk
2012-05-12 18:51 - 2012-05-12 18:51 - 00000512 ____A C:\Windows\randseed.rnd
2012-05-12 18:51 - 2012-05-12 18:49 - 07953471 ____A (Pad2Pad.com ) C:\Users\Class2014\Downloads\p2psetup1974.exe
2012-05-12 09:07 - 2012-05-12 09:06 - 01073736 ____A C:\Windows\Minidump\051212-66503-01.dmp
2012-05-07 18:22 - 2012-05-07 18:22 - 00024464 ____A C:\Users\Class2014\Desktop\suck on it trebek.3gp
2012-05-07 18:20 - 2009-07-13 18:34 - 00000636 ____A C:\Windows\win.ini
2012-05-07 14:13 - 2012-05-07 14:13 - 00348909 ____A C:\Users\Class2014\Desktop\suck on it trebek.mp4
2012-05-04 21:29 - 2012-05-04 21:28 - 00527423 ____A ( ) C:\Users\Class2014\Downloads\Lame_v3.99.3_for_Windows.exe
2012-05-04 20:18 - 2012-05-04 20:18 - 00000000 ____A C:\Users\Class2014\AppData\Local\Temptable.xml
2012-05-04 13:25 - 2010-07-08 08:14 - 00135928 ____A C:\Users\Class2014\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-04 13:18 - 2012-05-04 13:18 - 00000964 ____A C:\Users\Public\Desktop\Scientific Viewer 5.5.lnk
2012-05-04 11:57 - 2012-05-04 11:57 - 14055734 ____A (InstallShield Software Corporation) C:\Users\Class2014\Downloads\sviewer550.exe
2012-05-04 02:52 - 2012-06-13 16:13 - 05505392 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:08 - 2012-06-13 16:13 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:08 - 2012-06-13 16:13 - 03902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-03 17:59 - 2011-03-06 14:43 - 00003584 ____A C:\Users\Class2014\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini


ZeroAccess:
C:\Windows\Installer\{42a20c13-7b7a-d9b4-448a-5855ff432868}
C:\Windows\Installer\{42a20c13-7b7a-d9b4-448a-5855ff432868}\L
C:\Windows\Installer\{42a20c13-7b7a-d9b4-448a-5855ff432868}\U

ZeroAccess:
C:\Users\Class2014\AppData\Local\{42a20c13-7b7a-d9b4-448a-5855ff432868}
C:\Users\Class2014\AppData\Local\{42a20c13-7b7a-d9b4-448a-5855ff432868}\@
C:\Users\Class2014\AppData\Local\{42a20c13-7b7a-d9b4-448a-5855ff432868}\L
C:\Users\Class2014\AppData\Local\{42a20c13-7b7a-d9b4-448a-5855ff432868}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

Possible partition infection:
C:\Windows\svchost.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 23%
Total physical RAM: 4029.32 MB
Available physical RAM: 3098.7 MB
Total Pagefile: 4027.47 MB
Available Pagefile: 3162.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:457.83 GB) (Free:217.75 GB) NTFS
2 Drive e: (HP_TOOLS) (Fixed) (Total:6.89 GB) (Free:6.31 GB) FAT32
3 Drive f: (GRMCPRXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
4 Drive g: (Laptop Backup) (Fixed) (Total:496.06 GB) (Free:426.68 GB) NTFS
5 Drive h: (FreeAgent GoFlex Drive) (Fixed) (Total:901.2 GB) (Free:519.69 GB) NTFS
6 Drive I: () (Removable) (Total:0.91 GB) (Free:0.6 GB) FAT
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (System Reserved) (Fixed) (Total:1.03 GB) (Free:0.98 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 1397 GB 1024 KB
Disk 2 Online 970 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1052 MB 1024 KB
Partition 2 Primary 457 GB 1053 MB
Partition 3 Primary 7070 MB 458 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 1052 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 457 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E HP_TOOLS FAT32 Partition 7070 MB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 901 GB 31 KB
Partition 2 Primary 496 GB 901 GB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 H FreeAgent G NTFS Partition 901 GB Healthy

==================================================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 G Laptop Back NTFS Partition 496 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 929 MB 772 KB

==================================================================================

Disk: 2
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I FAT Removable 929 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-30 16:56

======================= End Of Log ==========================
 
Search.txt:

Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-31 21:58:12
Running from I:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\erdnt\cache64\services.exe
[2012-07-15 18:35] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

Restart normally.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 

Attachments

  • fixlist.txt
    308 bytes · Views: 2
Okay, I got a blue screen the first time I tried running Combofix so I went through with your RKill instructions and it worked. Here are the 3 logs:

Fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-08-01 21:34:56 Run:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
C:\Windows\Installer\{42a20c13-7b7a-d9b4-448a-5855ff432868} moved successfully.
C:\Users\Class2014\AppData\Local\{42a20c13-7b7a-d9b4-448a-5855ff432868} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\svchost.exe moved successfully.

==== End of Fixlog ====


-----------------------------------------------------------------------------------------------------------------------------

RKill Log:

Rkill 2.0.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/01/2012 10:12:40 PM in x64 mode.
Windows Version: Windows 7

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!

* HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!


Performing miscellaneous checks.

* No issues found.

Restarting Explorer.exe in order to apply changes.

Program finished at: 08/01/2012 10:12:56 PM
Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)



----------------------------------------------------------------------------------------------------------------------------------------



ComboFix Log:

ComboFix 12-07-31.03 - mburns 08/01/2012 22:15:52.4.8 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4029.2090 [GMT -4:00]
Running from: c:\users\Class2014\Desktop\your_name.exe
AV: AVG Anti-Virus Business Edition *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Business Edition *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\3002.abs
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
.
.
2012-08-02 02:28 . 2012-08-02 02:28 -------- d-----w- c:\users\mburns\AppData\Local\temp
2012-08-02 02:28 . 2012-08-02 02:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-02 02:28 . 2012-08-02 02:28 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-08-01 05:49 . 2012-08-01 05:50 -------- d-----w- C:\FRST
2012-07-29 16:00 . 2012-07-29 16:00 -------- d-----w- c:\users\Class2014\AppData\Roaming\Malwarebytes
2012-07-29 16:00 . 2012-07-29 16:00 -------- d-----w- c:\programdata\Malwarebytes
2012-07-29 16:00 . 2012-07-29 16:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-29 16:00 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-15 19:49 . 2012-07-15 19:49 -------- d-----w- c:\users\Administrator\AppData\Local\AirMouse
2012-07-14 19:50 . 2012-07-14 19:50 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-14 19:33 . 2012-07-14 19:33 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 04:22 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 11:12 . 2012-07-11 11:15 -------- d-----w- C:\8ca979b7f09b658e9dc76c61d1
2012-07-11 11:10 . 2012-06-06 05:50 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 11:10 . 2012-06-06 05:50 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 11:10 . 2012-06-06 05:09 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 11:10 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-07 19:10 . 2012-07-07 19:10 -------- d-----w- c:\program files (x86)\EAGLE-6.2.0
2012-07-07 19:10 . 2012-07-07 19:10 -------- d-----w- c:\users\Class2014\AppData\Roaming\CadSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 02:04 . 2010-12-09 14:31 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-08-02 02:04 . 2010-08-05 20:04 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2012-08-02 01:35 . 2010-12-09 14:31 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2012-08-01 02:26 . 2010-08-05 17:45 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2012-07-31 01:29 . 2010-08-05 20:04 13160 ----a-w- c:\windows\SysWow64\Upgrd.exe
2012-07-31 01:29 . 2010-08-05 20:04 58288 ------w- c:\windows\SysWow64\rpcnet.exe
2012-07-14 19:33 . 2012-01-05 02:45 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 11:13 . 2010-07-08 17:42 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-24 17:09 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-24 17:10 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-24 17:10 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-24 17:10 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-24 17:09 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-24 17:10 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-24 17:09 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-24 17:09 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-24 17:09 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-04 10:52 . 2012-06-14 00:13 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:08 . 2012-06-14 00:13 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08 . 2012-06-14 00:13 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-29_17.23.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-01 02:56 . 2012-08-01 02:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
- 2012-07-14 19:58 . 2012-07-29 00:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-07-14 19:58 . 2012-07-31 03:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-08-01 02:56 . 2012-08-01 02:56 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012073120120801\index.dat
+ 2012-08-01 02:56 . 2012-08-01 02:56 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012072320120730\index.dat
+ 2012-07-14 19:49 . 2012-08-02 02:04 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-07-08 17:31 . 2012-08-02 01:21 69610 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-02 02:07 44682 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-16 20:55 . 2012-08-02 02:07 24490 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1273285964-1369492898-2689800442-1000_UserData.bin
+ 2012-08-01 02:56 . 2012-08-01 02:56 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{72619510-DB84-11E1-B5E5-A9D11B1356CE}.dat
+ 2012-08-01 02:56 . 2012-08-01 02:56 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{72619511-DB84-11E1-B5E5-A9D11B1356CE}.dat
- 2010-07-07 21:21 . 2012-07-29 16:11 3245 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2010-07-07 21:21 . 2012-08-02 01:26 3245 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-07-29 16:12 . 2012-07-29 16:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-02 01:36 . 2012-08-02 02:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-02 01:36 . 2012-08-02 02:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-29 16:12 . 2012-07-29 16:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-08-16 20:52 . 2012-08-02 02:04 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-08-16 20:52 . 2012-07-29 16:14 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-08-01 02:57 . 2012-08-01 02:56 360448 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
+ 2009-07-14 04:54 . 2012-08-02 02:13 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 02:36 . 2012-08-02 02:12 763312 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-29 16:21 763312 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-29 16:21 156836 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-08-02 02:12 156836 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-07-29 16:11 430472 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-02 01:26 430472 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-08-02 02:13 6848512 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-07-16 02:04 . 2012-08-02 01:26 2357236 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2009-07-14 04:54 . 2012-08-02 02:13 10633216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:34 . 2012-07-29 16:28 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-07-31 00:54 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-08-24 05:04 . 2012-08-02 01:26 35007536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1273285964-1369492898-2689800442-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-11-04 111640]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
"AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2012-01-26 2077536]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Air Mouse.lnk - c:\program files (x86)\Air Mouse\Air Mouse\Air Mouse.exe [2010-12-27 1044648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2010-12-02 87336]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 cpuz130;cpuz130;c:\users\CLASS2~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-04-28 1431888]
R3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [2008-12-05 25224]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-21 113120]
R3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2009-04-01 30800]
R3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2009-06-17 11856]
R3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [2009-04-01 26704]
R3 ni488lock;NI-488.2 Locking Service;c:\windows\system32\drivers\ni488lock.sys [2009-01-29 18504]
R3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [2009-01-02 11864]
R3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [2009-05-29 11848]
R3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [2009-06-17 11848]
R3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [2009-06-17 11856]
R3 nidwgk;nidwgk;c:\windows\system32\drivers\nidwgkl.sys [2009-05-27 11872]
R3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [2009-05-29 11848]
R3 niemrkw;niemrkw;c:\windows\system32\DRIVERS\niemrkw.sys [2009-05-29 11336]
R3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [2009-05-29 11848]
R3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [2009-01-06 11864]
R3 nigplk;nigplk;c:\windows\system32\drivers\nigplkl.sys [2009-06-17 12152]
R3 nihsdrk;nihsdrk;c:\windows\system32\drivers\nihsdrkl.sys [2009-04-08 11864]
R3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [2008-12-29 11904]
R3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [2009-06-17 11880]
R3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [2009-03-30 11872]
R3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2009-05-27 12928]
R3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2009-05-27 12920]
R3 nipsdk;nipsdk;c:\windows\system32\drivers\nipsdkl.sys [2009-06-11 11904]
R3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2008-06-25 22104]
R3 niRFSA2k;niRFSA2k;c:\windows\system32\drivers\niRFSA2kl.sys [2009-06-01 11840]
R3 niRFSGk;niRFSGk;c:\windows\system32\drivers\niRFSGkl.sys [2009-04-28 11840]
R3 NiRioRpc;National Instruments RIO Server;c:\windows\SysWOW64\NiRioRpc.exe [2009-06-22 28744]
R3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [2009-01-05 11888]
R3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [2009-02-06 11864]
R3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [2009-03-30 11856]
R3 nisldk;nisldk;c:\windows\system32\drivers\nisldkl.sys [2009-06-18 11856]
R3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [2009-01-05 11888]
R3 nisrcdk;nisrcdk;c:\windows\system32\drivers\nisrcdkl.sys [2009-06-26 11864]
R3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [2009-05-29 11848]
R3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [2009-01-02 11824]
R3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [2009-01-02 11872]
R3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [2008-07-28 11848]
R3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [2009-01-02 11872]
R3 nitnr2k;nitnr2k;c:\windows\system32\drivers\nitnr2kl.sys [2009-04-10 11840]
R3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [2009-05-29 11880]
R3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [2009-03-05 11896]
R3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2009-06-21 11872]
R3 niwdk;niwdk; [x]
R3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [2009-05-29 11848]
R3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [2009-05-29 11848]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2011-09-03 19936]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2011-09-03 13280]
R3 Remote Solver for Flow Simulation 2010;Remote Solver for Flow Simulation 2010;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2010-10-07 94472]
R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-05-25 43032]
R3 usb6xxxk;usb6xxxk;c:\windows\system32\drivers\usb6xxxkl.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-18 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-08 1255736]
R3 X6va003;X6va003;c:\users\CLASS2~1\AppData\Local\Temp\003302D.tmp [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 AvgRkx64;avgrkx64.sys;c:\windows\System32\Drivers\avgrkx64.sys [2010-07-19 56008]
S0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [2008-08-22 16472]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-28 834544]
S1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\system32\Drivers\avgldx64.sys [2010-07-22 269904]
S1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\system32\Drivers\avgmfx64.sys [2011-09-12 35664]
S1 AvgTdiA;AVG Network Redirector x64;c:\windows\system32\Drivers\avgtdia.sys [2011-05-05 317520]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe [2009-03-03 89600]
S2 avg9wd;AVG WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2010-07-22 308136]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 30520]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-05-04 25824]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\SysWOW64\nipalsm.exe [2008-08-22 12696]
S2 nidevldu;NI Device Loader;c:\windows\SysWOW64\nipalsm.exe [2008-08-22 12696]
S2 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2009-03-05 131704]
S2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2009-06-04 193648]
S2 nipxirmk;NI PXI Resource Manager;c:\windows\system32\drivers\nipxirmkl.sys [2009-06-04 11856]
S2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2009-06-21 11872]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-12-08 6810728]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-18 2045232]
S3 ALSysIO;ALSysIO;c:\users\CLASS2~1\AppData\Local\Temp\ALSysIO64.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-09-24 283824]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-05-31 7689216]
S3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2008-06-13 11872]
S3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [2008-11-24 11872]
S3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [2008-12-29 11872]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-05-10 174184]
S3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismcx64.sys [2009-07-20 59008]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 16:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1273285964-1369492898-2689800442-1000Core.job
- c:\users\Class2014\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-24 04:07]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1273285964-1369492898-2689800442-1000UA.job
- c:\users\Class2014\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-24 04:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-11-18 487424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1875048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\avgrssta.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.stevens.edu/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130
FF - ProfilePath - c:\users\Class2014\AppData\Roaming\Mozilla\Firefox\Profiles\gadqgzz4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.stevens.edu
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc285E1.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\CLASS2~1\AppData\Local\Temp\003302D.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{593DDEC6-7468-4CDD-90E1-42DADAA222E9}"=hex:51,66,7a,6c,4c,1d,38,12,a8,dd,2e,
5d,5a,3a,b3,09,ef,f7,01,9a,df,fc,66,fd
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a3,e0,81,37,91,6f,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-01 22:34:11
ComboFix-quarantined-files.txt 2012-08-02 02:34
ComboFix2.txt 2012-07-29 17:30
ComboFix3.txt 2012-07-16 02:38
.
Pre-Run: 234,116,300,800 bytes free
Post-Run: 233,847,635,968 bytes free
.
- - End Of File - - 45516CE6A168CDCEB79107392AD0C977
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
(1/2)

22:58:44.0954 6876 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
22:58:45.0234 6876 ============================================================
22:58:45.0234 6876 Current date / time: 2012/08/01 22:58:45.0234
22:58:45.0234 6876 SystemInfo:
22:58:45.0234 6876
22:58:45.0234 6876 OS Version: 6.1.7600 ServicePack: 0.0
22:58:45.0234 6876 Product type: Workstation
22:58:45.0235 6876 ComputerName: K563
22:58:45.0235 6876 UserName: mburns
22:58:45.0235 6876 Windows directory: C:\Windows
22:58:45.0235 6876 System windows directory: C:\Windows
22:58:45.0235 6876 Running under WOW64
22:58:45.0235 6876 Processor architecture: Intel x64
22:58:45.0235 6876 Number of processors: 8
22:58:45.0235 6876 Page size: 0x1000
22:58:45.0235 6876 Boot type: Normal boot
22:58:45.0235 6876 ============================================================
22:58:47.0281 6876 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:58:47.0295 6876 Drive \Device\Harddisk1\DR1 - Size: 0x3CA00000 (0.95 Gb), SectorSize: 0x200, Cylinders: 0x7B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:58:47.0299 6876 Drive \Device\Harddisk2\DR2 - Size: 0x15D50F65E00 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:59:07.0534 6876 ============================================================
22:59:07.0534 6876 \Device\Harddisk0\DR0:
22:59:07.0535 6876 MBR partitions:
22:59:07.0535 6876 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x20E000
22:59:07.0535 6876 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x20E800, BlocksNum 0x393A8000
22:59:07.0535 6876 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x395B6800, BlocksNum 0xDCF030
22:59:07.0535 6876 \Device\Harddisk1\DR1:
22:59:07.0536 6876 MBR partitions:
22:59:07.0536 6876 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x608, BlocksNum 0x1D09F8
22:59:07.0536 6876 \Device\Harddisk2\DR2:
22:59:07.0546 6876 MBR partitions:
22:59:07.0546 6876 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x70A65C4D
22:59:07.0546 6876 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x70A65C8C, BlocksNum 0x3E020AB5
22:59:07.0546 6876 ============================================================
22:59:07.0593 6876 C: <-> \Device\Harddisk0\DR0\Partition1
22:59:07.0608 6876 D: <-> \Device\Harddisk0\DR0\Partition2
22:59:07.0642 6876 I: <-> \Device\Harddisk2\DR2\Partition1
22:59:07.0677 6876 G: <-> \Device\Harddisk2\DR2\Partition0
22:59:07.0677 6876 ============================================================
22:59:07.0677 6876 Initialize success
22:59:07.0677 6876 ============================================================
22:59:13.0201 7280 ============================================================
22:59:13.0201 7280 Scan started
22:59:13.0201 7280 Mode: Manual;
22:59:13.0201 7280 ============================================================
22:59:15.0648 7280 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
22:59:15.0663 7280 1394ohci - ok
22:59:15.0686 7280 Accelerometer (3e2427d4966c7606097341e55ab4e105) C:\Windows\system32\DRIVERS\Accelerometer.sys
22:59:15.0690 7280 Accelerometer - ok
22:59:15.0736 7280 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
22:59:15.0743 7280 ACPI - ok
22:59:15.0764 7280 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
22:59:15.0805 7280 AcpiPmi - ok
22:59:15.0972 7280 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:59:16.0033 7280 AdobeARMservice - ok
22:59:16.0097 7280 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:59:16.0116 7280 adp94xx - ok
22:59:16.0161 7280 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:59:16.0179 7280 adpahci - ok
22:59:16.0200 7280 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:59:16.0213 7280 adpu320 - ok
22:59:16.0245 7280 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:59:16.0247 7280 AeLookupSvc - ok
22:59:16.0346 7280 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe
22:59:16.0399 7280 AESTFilters - ok
22:59:16.0481 7280 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
22:59:16.0497 7280 AFD - ok
22:59:16.0691 7280 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
22:59:16.0723 7280 AgereSoftModem - ok
22:59:16.0757 7280 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
22:59:16.0760 7280 agp440 - ok
22:59:16.0869 7280 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:59:16.0933 7280 ALG - ok
22:59:16.0946 7280 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
22:59:16.0961 7280 aliide - ok
22:59:17.0050 7280 ALSysIO - ok
22:59:17.0057 7280 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
22:59:17.0059 7280 amdide - ok
22:59:17.0078 7280 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:59:17.0082 7280 AmdK8 - ok
22:59:17.0198 7280 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:59:17.0246 7280 AmdPPM - ok
22:59:17.0271 7280 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
22:59:17.0281 7280 amdsata - ok
22:59:17.0300 7280 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:59:17.0316 7280 amdsbs - ok
22:59:17.0325 7280 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
22:59:17.0328 7280 amdxata - ok
22:59:17.0377 7280 AppHostSvc (03fbb7c5ea4ef153f10282614b9771cb) C:\Windows\system32\inetsrv\apphostsvc.dll
22:59:17.0405 7280 AppHostSvc - ok
22:59:17.0452 7280 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
22:59:17.0524 7280 AppID - ok
22:59:17.0549 7280 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:59:17.0554 7280 AppIDSvc - ok
22:59:17.0575 7280 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
22:59:17.0596 7280 Appinfo - ok
22:59:17.0680 7280 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:59:17.0700 7280 Apple Mobile Device - ok
22:59:17.0751 7280 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
22:59:17.0909 7280 AppMgmt - ok
22:59:17.0933 7280 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:59:17.0937 7280 arc - ok
22:59:17.0963 7280 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:59:17.0967 7280 arcsas - ok
22:59:18.0062 7280 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:59:18.0094 7280 aspnet_state - ok
22:59:18.0130 7280 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:59:18.0172 7280 AsyncMac - ok
22:59:18.0197 7280 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
22:59:18.0198 7280 atapi - ok
22:59:18.0257 7280 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
22:59:18.0340 7280 AudioEndpointBuilder - ok
22:59:18.0349 7280 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
22:59:18.0356 7280 AudioSrv - ok
22:59:18.0452 7280 avg9wd (c4d15594db5be042d3346ea58df87d89) C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
22:59:18.0466 7280 avg9wd - ok
22:59:18.0504 7280 AvgLdx64 (b447db072bf939db9e07bef2adf4ecbd) C:\Windows\system32\Drivers\avgldx64.sys
22:59:18.0561 7280 AvgLdx64 - ok
22:59:18.0589 7280 AvgMfx64 (0db5a749acd8e66091736f88c40207bd) C:\Windows\system32\Drivers\avgmfx64.sys
22:59:18.0593 7280 AvgMfx64 - ok
22:59:18.0618 7280 AvgRkx64 (5e7f0f9cbe0f7823371a4d51df29f7ff) C:\Windows\system32\Drivers\avgrkx64.sys
22:59:18.0622 7280 AvgRkx64 - ok
22:59:18.0676 7280 AvgTdiA (8aa68c0ba2b84fd7eb3e1f10bbfc825b) C:\Windows\system32\Drivers\avgtdia.sys
22:59:18.0693 7280 AvgTdiA - ok
22:59:18.0732 7280 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
22:59:18.0742 7280 AxInstSV - ok
22:59:18.0803 7280 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:59:18.0883 7280 b06bdrv - ok
22:59:18.0919 7280 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:59:18.0972 7280 b57nd60a - ok
22:59:19.0006 7280 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:59:19.0010 7280 BDESVC - ok
22:59:19.0027 7280 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:59:19.0031 7280 Beep - ok
22:59:19.0097 7280 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
22:59:19.0167 7280 BFE - ok
22:59:19.0247 7280 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
22:59:19.0276 7280 BITS - ok
22:59:19.0315 7280 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:59:19.0381 7280 blbdrive - ok
22:59:19.0498 7280 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:59:19.0543 7280 Bonjour Service - ok
22:59:19.0603 7280 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
22:59:19.0688 7280 bowser - ok
22:59:19.0719 7280 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:59:19.0723 7280 BrFiltLo - ok
22:59:19.0735 7280 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:59:19.0739 7280 BrFiltUp - ok
22:59:19.0775 7280 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
22:59:19.0835 7280 BridgeMP - ok
22:59:19.0876 7280 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
22:59:19.0928 7280 Browser - ok
22:59:19.0957 7280 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:59:20.0031 7280 Brserid - ok
22:59:20.0045 7280 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:59:20.0050 7280 BrSerWdm - ok
22:59:20.0056 7280 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:59:20.0102 7280 BrUsbMdm - ok
22:59:20.0133 7280 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:59:20.0164 7280 BrUsbSer - ok
22:59:20.0237 7280 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
22:59:20.0272 7280 BthEnum - ok
22:59:20.0332 7280 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:59:20.0337 7280 BTHMODEM - ok
22:59:20.0367 7280 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
22:59:20.0435 7280 BthPan - ok
22:59:20.0506 7280 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
22:59:20.0731 7280 BTHPORT - ok
22:59:20.0763 7280 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:59:20.0815 7280 bthserv - ok
22:59:20.0858 7280 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
22:59:20.0944 7280 BTHUSB - ok
22:59:20.0968 7280 catchme - ok
22:59:21.0008 7280 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:59:21.0084 7280 cdfs - ok
22:59:21.0137 7280 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
22:59:21.0153 7280 cdrom - ok
22:59:21.0191 7280 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
22:59:21.0230 7280 CertPropSvc - ok
22:59:21.0262 7280 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:59:21.0288 7280 circlass - ok
22:59:21.0340 7280 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:59:21.0358 7280 CLFS - ok
22:59:21.0420 7280 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:59:21.0439 7280 clr_optimization_v2.0.50727_32 - ok
22:59:21.0476 7280 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:59:21.0481 7280 clr_optimization_v2.0.50727_64 - ok
22:59:21.0542 7280 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:59:21.0551 7280 clr_optimization_v4.0.30319_32 - ok
22:59:21.0584 7280 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:59:21.0619 7280 clr_optimization_v4.0.30319_64 - ok
22:59:21.0648 7280 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:59:21.0683 7280 CmBatt - ok
22:59:21.0727 7280 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
22:59:21.0784 7280 cmdide - ok
22:59:21.0853 7280 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys
22:59:21.0876 7280 CNG - ok
22:59:21.0964 7280 Com4QLBEx (f9a79c5b27037821112c50a9c8fb367a) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
22:59:21.0979 7280 Com4QLBEx - ok
22:59:22.0001 7280 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:59:22.0004 7280 Compbatt - ok
22:59:22.0036 7280 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:59:22.0072 7280 CompositeBus - ok
22:59:22.0100 7280 COMSysApp - ok
22:59:22.0207 7280 CoordinatorServiceHost (69b6ecd0c2c978a78fb01dd73c4d952b) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
22:59:22.0211 7280 CoordinatorServiceHost - ok
22:59:22.0262 7280 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
22:59:22.0297 7280 cpudrv64 - ok
22:59:22.0410 7280 cpuz130 - ok
22:59:22.0434 7280 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:59:22.0438 7280 crcdisk - ok
22:59:22.0496 7280 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
22:59:22.0527 7280 CryptSvc - ok
22:59:22.0577 7280 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
22:59:22.0671 7280 CSC - ok
22:59:22.0717 7280 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
22:59:22.0730 7280 CscService - ok
22:59:22.0770 7280 cvintdrv - ok
22:59:22.0837 7280 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
22:59:22.0859 7280 DcomLaunch - ok
22:59:22.0902 7280 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:59:22.0922 7280 defragsvc - ok
22:59:22.0966 7280 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
22:59:22.0977 7280 DfsC - ok
22:59:23.0018 7280 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
22:59:23.0036 7280 Dhcp - ok
22:59:23.0062 7280 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:59:23.0064 7280 discache - ok
22:59:23.0086 7280 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:59:23.0090 7280 Disk - ok
22:59:23.0138 7280 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
22:59:23.0187 7280 Dnscache - ok
22:59:23.0215 7280 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
22:59:23.0277 7280 dot3svc - ok
22:59:23.0313 7280 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
22:59:23.0370 7280 Dot4 - ok
22:59:23.0404 7280 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:59:23.0435 7280 Dot4Print - ok
22:59:23.0471 7280 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
22:59:23.0503 7280 dot4usb - ok
22:59:23.0539 7280 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
22:59:23.0553 7280 DPS - ok
22:59:23.0585 7280 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:59:23.0628 7280 drmkaud - ok
22:59:23.0732 7280 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
22:59:23.0758 7280 DXGKrnl - ok
22:59:23.0814 7280 e1kexpress (52a482dc61f24b498c8268866b90bb44) C:\Windows\system32\DRIVERS\e1k62x64.sys
22:59:23.0844 7280 e1kexpress - ok
22:59:23.0875 7280 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:59:23.0927 7280 EapHost - ok
22:59:24.0129 7280 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:59:24.0289 7280 ebdrv - ok
22:59:24.0397 7280 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
22:59:24.0414 7280 EFS - ok
22:59:24.0509 7280 ehRecvr (3d69fae60ede442e004611a4ee4db44c) C:\Windows\ehome\ehRecvr.exe
22:59:24.0571 7280 ehRecvr - ok
22:59:24.0615 7280 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:59:24.0707 7280 ehSched - ok
22:59:24.0823 7280 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:59:24.0845 7280 elxstor - ok
22:59:24.0865 7280 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
22:59:24.0917 7280 ErrDev - ok
22:59:25.0003 7280 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:59:25.0070 7280 EventSystem - ok
22:59:25.0105 7280 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:59:25.0120 7280 exfat - ok
22:59:25.0142 7280 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:59:25.0160 7280 fastfat - ok
22:59:25.0223 7280 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
22:59:25.0302 7280 Fax - ok
22:59:25.0316 7280 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:59:25.0347 7280 fdc - ok
22:59:25.0378 7280 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:59:25.0410 7280 fdPHost - ok
22:59:25.0439 7280 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:59:25.0467 7280 FDResPub - ok
22:59:25.0497 7280 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:59:25.0501 7280 FileInfo - ok
22:59:25.0508 7280 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:59:25.0795 7280 Filetrace - ok
22:59:26.0027 7280 FLEXnet Licensing Service (73081cf28f0ae20a52ca4f67cee6e6b0) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:59:26.0138 7280 FLEXnet Licensing Service - ok
22:59:26.0470 7280 FLEXnet Licensing Service 64 (5cee6cd43ae5844c49300ea0b1e557ee) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
22:59:26.0509 7280 FLEXnet Licensing Service 64 - ok
22:59:26.0594 7280 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:59:26.0624 7280 flpydisk - ok
22:59:26.0669 7280 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
22:59:26.0682 7280 FltMgr - ok
22:59:26.0784 7280 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
22:59:26.0860 7280 FontCache - ok
22:59:26.0920 7280 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:59:26.0924 7280 FontCache3.0.0.0 - ok
22:59:26.0948 7280 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:59:26.0952 7280 FsDepends - ok
22:59:26.0985 7280 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
22:59:26.0988 7280 Fs_Rec - ok
22:59:27.0047 7280 FTDIBUS (fa169871d8fadcc6539c4e8726610286) C:\Windows\system32\drivers\ftdibus.sys
22:59:27.0051 7280 FTDIBUS - ok
22:59:27.0065 7280 FTSER2K (24237091348d1efb5635a1cf9649e311) C:\Windows\system32\drivers\ftser2k.sys
22:59:27.0069 7280 FTSER2K - ok
22:59:27.0108 7280 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:59:27.0123 7280 fvevol - ok
22:59:27.0145 7280 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:59:27.0148 7280 gagp30kx - ok
22:59:27.0185 7280 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:59:27.0188 7280 GEARAspiWDM - ok
22:59:27.0246 7280 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
22:59:27.0324 7280 gpsvc - ok
22:59:27.0337 7280 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:59:27.0411 7280 hcw85cir - ok
22:59:27.0465 7280 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
22:59:27.0485 7280 HdAudAddService - ok
22:59:27.0503 7280 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:59:27.0514 7280 HDAudBus - ok
22:59:27.0547 7280 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
22:59:27.0551 7280 HECIx64 - ok
22:59:27.0560 7280 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:59:27.0605 7280 HidBatt - ok
22:59:27.0641 7280 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:59:27.0702 7280 HidBth - ok
22:59:27.0725 7280 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:59:27.0807 7280 HidIr - ok
22:59:27.0827 7280 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
22:59:27.0831 7280 hidserv - ok
22:59:27.0850 7280 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
22:59:27.0932 7280 HidUsb - ok
22:59:27.0967 7280 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
22:59:27.0986 7280 hkmsvc - ok
22:59:28.0016 7280 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
22:59:28.0094 7280 HomeGroupListener - ok
22:59:28.0127 7280 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
22:59:28.0217 7280 HomeGroupProvider - ok
22:59:28.0287 7280 HP Wireless Assistant Service (9abd12fce4a62905731c286bb1d66789) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
22:59:28.0299 7280 HP Wireless Assistant Service - ok
22:59:28.0323 7280 hpdskflt (ccbe758967cc0f53f5ba3b271653c4e6) C:\Windows\system32\DRIVERS\hpdskflt.sys
22:59:28.0327 7280 hpdskflt - ok
22:59:28.0441 7280 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
22:59:28.0514 7280 hpqcxs08 - ok
22:59:28.0545 7280 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
22:59:28.0589 7280 hpqddsvc - ok
22:59:28.0629 7280 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
22:59:28.0646 7280 HpqKbFiltr - ok
22:59:28.0698 7280 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
22:59:28.0712 7280 hpqwmiex - ok
22:59:28.0741 7280 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
22:59:28.0745 7280 HpSAMD - ok
22:59:28.0770 7280 hpsrv (e2223a37896a76861d7f79fd81a2a193) C:\Windows\system32\Hpservice.exe
22:59:28.0774 7280 hpsrv - ok
22:59:28.0843 7280 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
22:59:28.0885 7280 HTTP - ok
22:59:28.0900 7280 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
22:59:28.0901 7280 hwpolicy - ok
22:59:28.0944 7280 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
22:59:28.0955 7280 i8042prt - ok
22:59:28.0998 7280 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
22:59:29.0038 7280 iaStorV - ok
22:59:29.0132 7280 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:59:29.0191 7280 idsvc - ok
22:59:29.0308 7280 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:59:29.0311 7280 iirsp - ok
22:59:29.0403 7280 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
22:59:29.0478 7280 IKEEXT - ok
22:59:29.0504 7280 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
22:59:29.0507 7280 intelide - ok
22:59:29.0530 7280 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:59:29.0558 7280 intelppm - ok
22:59:29.0614 7280 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:59:29.0647 7280 IPBusEnum - ok
22:59:29.0681 7280 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:59:29.0708 7280 IpFilterDriver - ok
22:59:29.0787 7280 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
22:59:29.0857 7280 iphlpsvc - ok
22:59:29.0872 7280 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:59:29.0876 7280 IPMIDRV - ok
22:59:29.0922 7280 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:59:29.0953 7280 IPNAT - ok
22:59:30.0109 7280 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
22:59:30.0144 7280 iPod Service - ok
22:59:30.0180 7280 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:59:30.0184 7280 IRENUM - ok
22:59:30.0197 7280 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
22:59:30.0200 7280 isapnp - ok
22:59:30.0227 7280 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
22:59:30.0243 7280 iScsiPrt - ok
22:59:30.0260 7280 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:59:30.0264 7280 kbdclass - ok
22:59:30.0293 7280 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
22:59:30.0339 7280 kbdhid - ok
22:59:30.0403 7280 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:59:30.0405 7280 KeyIso - ok
22:59:30.0454 7280 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys
22:59:30.0459 7280 KSecDD - ok
22:59:30.0479 7280 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys
22:59:30.0491 7280 KSecPkg - ok
22:59:30.0508 7280 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:59:30.0531 7280 ksthunk - ok
22:59:30.0588 7280 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:59:30.0649 7280 KtmRm - ok
22:59:30.0704 7280 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
22:59:30.0785 7280 LanmanServer - ok
22:59:30.0825 7280 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
22:59:30.0902 7280 LanmanWorkstation - ok
22:59:30.0990 7280 LightScribeService (83d8be94e1cbcbe2ea8372db1a95a159) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
22:59:31.0126 7280 LightScribeService - ok
22:59:31.0268 7280 LkCitadelServer (20cdb07017497c94a0bad253c4bafcbc) C:\Windows\SysWOW64\lkcitdl.exe
22:59:31.0357 7280 LkCitadelServer - ok
22:59:31.0533 7280 lkClassAds (c373079f8d6a3543faadb96c874cf06b) C:\Windows\SysWOW64\lkads.exe
22:59:31.0568 7280 lkClassAds - ok
22:59:31.0578 7280 lkTimeSync (ed1c2f1b9b7dedee5c6287211ac4422e) C:\Windows\SysWOW64\lktsrv.exe
22:59:31.0606 7280 lkTimeSync - ok
22:59:31.0715 7280 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:59:31.0793 7280 lltdio - ok
22:59:31.0837 7280 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:59:31.0917 7280 lltdsvc - ok
22:59:31.0936 7280 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:59:31.0942 7280 lmhosts - ok
22:59:32.0033 7280 LMS (17a9c5ffa241aaab275ee5cacef77686) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:59:32.0050 7280 LMS - ok
22:59:32.0068 7280 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:59:32.0073 7280 LSI_FC - ok
22:59:32.0095 7280 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:59:32.0099 7280 LSI_SAS - ok
22:59:32.0112 7280 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:59:32.0117 7280 LSI_SAS2 - ok
22:59:32.0138 7280 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:59:32.0149 7280 LSI_SCSI - ok
22:59:32.0166 7280 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:59:32.0227 7280 luafv - ok
22:59:32.0259 7280 lvalarmk (69eee440421dcd5e019aaaaf82c52f7c) C:\Windows\system32\drivers\lvalarmk.sys
22:59:32.0279 7280 lvalarmk - ok
22:59:32.0368 7280 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
22:59:32.0372 7280 MBAMProtector - ok
22:59:32.0478 7280 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:59:32.0503 7280 MBAMService - ok
22:59:32.0625 7280 mchInjDrv - ok
22:59:32.0662 7280 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
22:59:32.0731 7280 Mcx2Svc - ok
22:59:32.0761 7280 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:59:32.0765 7280 megasas - ok
22:59:32.0803 7280 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:59:32.0819 7280 MegaSR - ok
22:59:32.0907 7280 MemeoBackgroundService (780d96f551833e0dcfe0a33b02b774e8) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
22:59:32.0911 7280 MemeoBackgroundService - ok
22:59:33.0081 7280 Microsoft SharePoint Workspace Audit Service - ok
22:59:33.0113 7280 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:59:33.0118 7280 MMCSS - ok
22:59:33.0140 7280 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:59:33.0145 7280 Modem - ok
22:59:33.0172 7280 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:59:33.0177 7280 monitor - ok
22:59:33.0205 7280 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:59:33.0209 7280 mouclass - ok
22:59:33.0226 7280 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:59:33.0255 7280 mouhid - ok
22:59:33.0301 7280 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
22:59:33.0304 7280 mountmgr - ok
22:59:33.0405 7280 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:59:33.0415 7280 MozillaMaintenance - ok
22:59:33.0443 7280 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
22:59:33.0459 7280 mpio - ok
22:59:33.0473 7280 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:59:33.0478 7280 mpsdrv - ok
22:59:33.0571 7280 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
22:59:33.0643 7280 MpsSvc - ok
22:59:33.0666 7280 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
22:59:33.0680 7280 MRxDAV - ok
22:59:33.0776 7280 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:59:33.0908 7280 mrxsmb - ok
22:59:33.0982 7280 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:59:34.0042 7280 mrxsmb10 - ok
22:59:34.0061 7280 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:59:34.0115 7280 mrxsmb20 - ok
22:59:34.0147 7280 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
22:59:34.0151 7280 msahci - ok
22:59:34.0171 7280 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
22:59:34.0186 7280 msdsm - ok
22:59:34.0206 7280 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:59:34.0274 7280 MSDTC - ok
22:59:34.0295 7280 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:59:34.0300 7280 Msfs - ok
22:59:34.0311 7280 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:59:34.0315 7280 mshidkmdf - ok
22:59:34.0325 7280 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
22:59:34.0329 7280 msisadrv - ok
22:59:34.0374 7280 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:59:34.0465 7280 MSiSCSI - ok
22:59:34.0469 7280 msiserver - ok
22:59:34.0496 7280 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:59:34.0520 7280 MSKSSRV - ok
22:59:34.0545 7280 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:59:34.0570 7280 MSPCLOCK - ok
22:59:34.0575 7280 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:59:34.0581 7280 MSPQM - ok
22:59:34.0646 7280 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
22:59:34.0661 7280 MsRPC - ok
22:59:34.0672 7280 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
22:59:34.0675 7280 mssmbios - ok
22:59:34.0738 7280 MSSQL$SQLEXPRESS - ok
22:59:34.0783 7280 MSSQLServerADHelper100 (7a2a8c975356858eb38466a6b1592e8d) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
22:59:34.0808 7280 MSSQLServerADHelper100 - ok
22:59:34.0841 7280 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:59:34.0876 7280 MSTEE - ok
22:59:34.0908 7280 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:59:34.0912 7280 MTConfig - ok
22:59:34.0924 7280 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:59:34.0928 7280 Mup - ok
22:59:35.0020 7280 mxssvr (a3ba8a14490fdbf106939c37a125e82c) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
22:59:35.0022 7280 mxssvr - ok
22:59:35.0077 7280 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
22:59:35.0215 7280 napagent - ok
22:59:35.0246 7280 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:59:35.0261 7280 NativeWifiP - ok
22:59:35.0321 7280 NAUpdate (e4534bccdd1ea7a7a256bb9d6688a5fc) C:\Program Files (x86)\Nero\Update\NASvc.exe
22:59:35.0349 7280 NAUpdate - ok
22:59:35.0439 7280 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
22:59:35.0478 7280 NDIS - ok
22:59:35.0510 7280 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:59:35.0548 7280 NdisCap - ok
22:59:35.0577 7280 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:59:35.0581 7280 NdisTapi - ok
22:59:35.0595 7280 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
22:59:35.0658 7280 Ndisuio - ok
22:59:35.0682 7280 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:59:35.0805 7280 NdisWan - ok
22:59:35.0831 7280 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
22:59:35.0983 7280 NDProxy - ok
22:59:36.0040 7280 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
22:59:36.0109 7280 Net Driver HPZ12 - ok
22:59:36.0128 7280 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:59:36.0164 7280 NetBIOS - ok
22:59:36.0207 7280 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
22:59:36.0222 7280 NetBT - ok
22:59:36.0260 7280 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

(1/2)
 
(2/2)

22:59:36.0262 7280 Netlogon - ok
22:59:36.0303 7280 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:59:36.0322 7280 Netman - ok
22:59:36.0394 7280 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:59:36.0404 7280 NetMsmqActivator - ok
22:59:36.0420 7280 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:59:36.0422 7280 NetPipeActivator - ok
22:59:36.0470 7280 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:59:36.0499 7280 netprofm - ok
22:59:36.0509 7280 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:59:36.0511 7280 NetTcpActivator - ok
22:59:36.0515 7280 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:59:36.0517 7280 NetTcpPortSharing - ok
22:59:37.0002 7280 NETw5s64 (18555f48844c2861d9dce8f2b7223ae5) C:\Windows\system32\DRIVERS\NETw5s64.sys
22:59:37.0214 7280 NETw5s64 - ok
22:59:37.0334 7280 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:59:37.0338 7280 nfrd960 - ok
22:59:37.0359 7280 ni1006k (51845465fa15703ca34ea48e3d288809) C:\Windows\system32\drivers\ni1006k.sys
22:59:37.0363 7280 ni1006k - ok
22:59:37.0372 7280 ni1045k (672b25e5c3db5dd356749a0386747155) C:\Windows\system32\drivers\ni1045kl.sys
22:59:37.0375 7280 ni1045k - ok
22:59:37.0389 7280 ni1065k (a7a0621af90d1bff14f46e1e1e378097) C:\Windows\system32\drivers\ni1065k.sys
22:59:37.0393 7280 ni1065k - ok
22:59:37.0458 7280 ni488enumsvc (a3ba8a14490fdbf106939c37a125e82c) C:\Windows\SysWOW64\nipalsm.exe
22:59:37.0461 7280 ni488enumsvc - ok
22:59:37.0485 7280 ni488lock (05999946f51152ac304ee6dbb819ab3e) C:\Windows\system32\drivers\ni488lock.sys
22:59:37.0506 7280 ni488lock - ok
22:59:37.0539 7280 nicdrk (a7645dbdfed0f17a5efeb75f1bb04af1) C:\Windows\system32\drivers\nicdrkl.sys
22:59:37.0564 7280 nicdrk - ok
22:59:37.0602 7280 nicsrk (1605d0ce0d1d9082847e2fa60d4506f6) C:\Windows\system32\drivers\nicsrkl.sys
22:59:37.0604 7280 nicsrk - ok
22:59:37.0608 7280 nidevldu (a3ba8a14490fdbf106939c37a125e82c) C:\Windows\SysWOW64\nipalsm.exe
22:59:37.0611 7280 nidevldu - ok
22:59:37.0641 7280 nidimk (c2a493c8eecf09cb8f30ce0704ea367f) C:\Windows\system32\drivers\nidimkl.sys
22:59:37.0665 7280 nidimk - ok
22:59:37.0687 7280 nidmxfk (cdffa9027c52da25b0ce1843396713a9) C:\Windows\system32\drivers\nidmxfkl.sys
22:59:37.0753 7280 nidmxfk - ok
22:59:38.0065 7280 NIDomainService (a36307747e7bb2dc015f9fe4350a4a08) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
22:59:38.0082 7280 NIDomainService - ok
22:59:38.0103 7280 nidsark (5cada6df2a227257d9cd4aee2f696a83) C:\Windows\system32\drivers\nidsarkl.sys
22:59:38.0143 7280 nidsark - ok
22:59:38.0179 7280 nidwgk (e1344a6bab4cf5a9d8b2dc73d1625dbf) C:\Windows\system32\drivers\nidwgkl.sys
22:59:38.0182 7280 nidwgk - ok
22:59:38.0212 7280 niemrk (3a9260a907d69436373571fc009dc10f) C:\Windows\system32\drivers\niemrkl.sys
22:59:38.0217 7280 niemrk - ok
22:59:38.0261 7280 niemrkw (1c628f4b305a12394ec46ce4301eee8b) C:\Windows\system32\DRIVERS\niemrkw.sys
22:59:38.0265 7280 niemrkw - ok
22:59:38.0274 7280 niesrk (df9a2dd7b71b40fc08e904dfdccbc383) C:\Windows\system32\drivers\niesrkl.sys
22:59:38.0295 7280 niesrk - ok
22:59:38.0334 7280 nifslk (aea68c1234051673150bcbe6ef00f45b) C:\Windows\system32\drivers\nifslkl.sys
22:59:38.0338 7280 nifslk - ok
22:59:38.0343 7280 nigplk (787101e5ec8db16f2b09cbc8a0e61bc7) C:\Windows\system32\drivers\nigplkl.sys
22:59:38.0346 7280 nigplk - ok
22:59:38.0352 7280 nihsdrk (076fa360fa6c71b0063ea1fce84afc81) C:\Windows\system32\drivers\nihsdrkl.sys
22:59:38.0354 7280 nihsdrk - ok
22:59:38.0475 7280 NILM License Manager (b17093b9a2c5f874975c732c1a8ba771) C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe
22:59:38.0761 7280 NILM License Manager - ok
22:59:38.0836 7280 niLXIDiscovery (7f54ec83b7c3c47ad7a04887749414a1) C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
22:59:38.0846 7280 niLXIDiscovery - ok
22:59:38.0857 7280 nimdbgk (6203ab84b0b9d604f8f94e2c9e752ae5) C:\Windows\system32\drivers\nimdbgkl.sys
22:59:38.0860 7280 nimdbgk - ok
22:59:38.0901 7280 nimDNSResponder (15fc75d9bcff0d19a4365737c9bee3ac) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
22:59:38.0957 7280 nimDNSResponder - ok
22:59:38.0982 7280 nimru2k (86f67e441bcd216bcd1d289e07c59767) C:\Windows\system32\drivers\nimru2kl.sys
22:59:38.0987 7280 nimru2k - ok
22:59:38.0999 7280 nimsdrk (15e836bea87eb7ace4347d48b057680a) C:\Windows\system32\drivers\nimsdrkl.sys
22:59:39.0003 7280 nimsdrk - ok
22:59:39.0035 7280 nimstsk (88652f2b3e8adecb3a1656c1e70885a1) C:\Windows\system32\drivers\nimstskl.sys
22:59:39.0039 7280 nimstsk - ok
22:59:39.0055 7280 nimxdfk (029a01307f7720d70b2049de39a7726b) C:\Windows\system32\drivers\nimxdfkl.sys
22:59:39.0059 7280 nimxdfk - ok
22:59:39.0064 7280 nimxpk (62df79df34ba53b6f0618a4a4bc7f9f9) C:\Windows\system32\drivers\nimxpkl.sys
22:59:39.0067 7280 nimxpk - ok
22:59:39.0096 7280 ninshsdk (ce7eb2c8390e5e2cd2cad67b056d90e2) C:\Windows\system32\drivers\ninshsdkl.sys
22:59:39.0100 7280 ninshsdk - ok
22:59:39.0128 7280 niorbk (ca6882d4a8fbd313d2b4694154f1182b) C:\Windows\system32\drivers\niorbkl.sys
22:59:39.0132 7280 niorbk - ok
22:59:39.0158 7280 nipalfwedl (7dd219978f0f981a16a088fae1f21f29) C:\Windows\system32\drivers\nipalfwedl.sys
22:59:39.0161 7280 nipalfwedl - ok
22:59:39.0228 7280 NIPALK (b418de3b430ac5ccfe518228829fbb44) C:\Windows\system32\drivers\nipalk.sys
22:59:39.0263 7280 NIPALK - ok
22:59:39.0269 7280 nipalusbedl (f6dcfa9e0e20d21680e4a4638078aa6f) C:\Windows\system32\drivers\nipalusbedl.sys
22:59:39.0272 7280 nipalusbedl - ok
22:59:39.0290 7280 nipbcfk (a2cc7e62a620361cf0b7d953ebe83c62) C:\Windows\system32\drivers\nipbcfk.sys
22:59:39.0294 7280 nipbcfk - ok
22:59:39.0323 7280 nipsdk (477b1ef2be6d8b8fee64234153d91f00) C:\Windows\system32\drivers\nipsdkl.sys
22:59:39.0327 7280 nipsdk - ok
22:59:39.0339 7280 nipxigpk (9b4669e0113c2cd0a09ebb999b5a0068) C:\Windows\system32\drivers\nipxigpk.sys
22:59:39.0369 7280 nipxigpk - ok
22:59:39.0375 7280 nipxirmk (0838d54ed6683a45826f9228a0670b7b) C:\Windows\system32\drivers\nipxirmkl.sys
22:59:39.0378 7280 nipxirmk - ok
22:59:39.0464 7280 nipxirmu (a3ba8a14490fdbf106939c37a125e82c) C:\Windows\SysWOW64\nipalsm.exe
22:59:39.0466 7280 nipxirmu - ok
22:59:39.0495 7280 niRFSA2k (7ed8a1814e6086d429c60e9adf52d275) C:\Windows\system32\drivers\niRFSA2kl.sys
22:59:39.0499 7280 niRFSA2k - ok
22:59:39.0529 7280 niRFSGk (bc9a60c6ac96fa5a61f0289575c850a4) C:\Windows\system32\drivers\niRFSGkl.sys
22:59:39.0534 7280 niRFSGk - ok
22:59:39.0552 7280 NiRioRpc (683b0312a761c9a2a6803bb14c0d1760) C:\Windows\SysWOW64\NiRioRpc.exe
22:59:39.0557 7280 NiRioRpc - ok
22:59:39.0592 7280 niscdk (5525c4bcb5b066fdec5531bf02b87968) C:\Windows\system32\drivers\niscdkl.sys
22:59:39.0596 7280 niscdk - ok
22:59:39.0626 7280 nisdigk (be00ad79fa67dae3a397966557f9d99a) C:\Windows\system32\drivers\nisdigkl.sys
22:59:39.0630 7280 nisdigk - ok
22:59:39.0649 7280 nisftk (41dc2d01dfabdf80b6fc808ee0c5ac35) C:\Windows\system32\drivers\nisftkl.sys
22:59:39.0652 7280 nisftk - ok
22:59:39.0668 7280 nisldk (afde79dda568ee72006a5e6df43db3bd) C:\Windows\system32\drivers\nisldkl.sys
22:59:39.0672 7280 nisldk - ok
22:59:39.0691 7280 nispdk (62036ecc1e0212f2605507b8a1eea14f) C:\Windows\system32\drivers\nispdkl.sys
22:59:39.0694 7280 nispdk - ok
22:59:39.0706 7280 nisrcdk (eec01e7536af1d63802837da14024709) C:\Windows\system32\drivers\nisrcdkl.sys
22:59:39.0729 7280 nisrcdk - ok
22:59:39.0747 7280 nissrk (e1203aeaf565e8dae91427a33f8ffd8d) C:\Windows\system32\drivers\nissrkl.sys
22:59:39.0752 7280 nissrk - ok
22:59:39.0761 7280 nistc2k (a7ed8a3e7769722416a7ab3a1795f2d6) C:\Windows\system32\drivers\nistc2kl.sys
22:59:39.0764 7280 nistc2k - ok
22:59:39.0791 7280 nistcrk (f952a3a8c813a4abadc9765c37a15e3d) C:\Windows\system32\drivers\nistcrkl.sys
22:59:39.0796 7280 nistcrk - ok
22:59:39.0800 7280 niSvcLoc - ok
22:59:39.0821 7280 niswdk (ccfdcb30ab10451bc8b0582e1bf85dec) C:\Windows\system32\drivers\niswdkl.sys
22:59:39.0825 7280 niswdk - ok
22:59:39.0948 7280 NITaggerService (e559ce29cd58cd6b58f3654c24d7a812) C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
22:59:39.0974 7280 NITaggerService - ok
22:59:39.0980 7280 nitiork (768b7046ad0d7227a431e4977e8b1671) C:\Windows\system32\drivers\nitiorkl.sys
22:59:39.0983 7280 nitiork - ok
22:59:39.0999 7280 nitnr2k (81990b8ae13bb426fd82aae96888f8ca) C:\Windows\system32\drivers\nitnr2kl.sys
22:59:40.0002 7280 nitnr2k - ok
22:59:40.0022 7280 niufurk (2316ea872cdab9b8b9de0cfe0212d5b9) C:\Windows\system32\drivers\niufurkl.sys
22:59:40.0041 7280 niufurk - ok
22:59:40.0077 7280 NiViFWK (3f53966676f2b542286d0a1803d6215a) C:\Windows\system32\drivers\NiViFWKl.sys
22:59:40.0081 7280 NiViFWK - ok
22:59:40.0107 7280 NiViPciK (8cc607d58c517437e05183d000aa0841) C:\Windows\system32\drivers\NiViPciKl.sys
22:59:40.0111 7280 NiViPciK - ok
22:59:40.0121 7280 NiViPxiK (58277050d1141becd10f27ffc7438108) C:\Windows\system32\drivers\NiViPxiKl.sys
22:59:40.0125 7280 NiViPxiK - ok
22:59:40.0130 7280 niwdk - ok
22:59:40.0153 7280 niwfrk (240ce2156ccc67576a6189afbb78d1f3) C:\Windows\system32\drivers\niwfrkl.sys
22:59:40.0157 7280 niwfrk - ok
22:59:40.0175 7280 nixsrk (65a6d7625140bc630d3f8a6da1ad9f25) C:\Windows\system32\drivers\nixsrkl.sys
22:59:40.0179 7280 nixsrk - ok
22:59:40.0226 7280 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
22:59:40.0244 7280 NlaSvc - ok
22:59:40.0268 7280 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:59:40.0322 7280 Npfs - ok
22:59:40.0339 7280 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:59:40.0365 7280 nsi - ok
22:59:40.0397 7280 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:59:40.0398 7280 nsiproxy - ok
22:59:40.0513 7280 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
22:59:40.0559 7280 Ntfs - ok
22:59:40.0989 7280 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:59:40.0992 7280 Null - ok
22:59:41.0019 7280 nusb3hub (785298579b5f9b4032152dfbb992fdb6) C:\Windows\system32\DRIVERS\nusb3hub.sys
22:59:41.0024 7280 nusb3hub - ok
22:59:41.0129 7280 nusb3xhc (df2750481b4964814467c974f2b0eef1) C:\Windows\system32\DRIVERS\nusb3xhc.sys
22:59:41.0138 7280 nusb3xhc - ok
22:59:41.0182 7280 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
22:59:41.0197 7280 NVHDA - ok
22:59:41.0618 7280 NVIDIA Performance Driver Service (53a7e1dea2e7fa22fd4f0c28c078f5a0) C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
22:59:41.0755 7280 NVIDIA Performance Driver Service - ok
22:59:42.0639 7280 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:59:42.0895 7280 nvlddmkm - ok
22:59:42.0972 7280 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
22:59:42.0987 7280 nvraid - ok
22:59:43.0006 7280 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
22:59:43.0021 7280 nvstor - ok
22:59:43.0068 7280 nvsvc (43bc8151893ae6afe42e149d663c2221) C:\Windows\system32\nvvsvc.exe
22:59:43.0083 7280 nvsvc - ok
22:59:43.0112 7280 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
22:59:43.0122 7280 nv_agp - ok
22:59:43.0171 7280 NWADI (17bcf5df3c54dcf2af2e164eb84a0169) C:\Windows\system32\DRIVERS\NWADIenum.sys
22:59:43.0217 7280 NWADI - ok
22:59:43.0276 7280 NWUSBModem (a3fadcf96abf4803e7a946cd48641ac3) C:\Windows\system32\DRIVERS\nwusbmdm.sys
22:59:43.0290 7280 NWUSBModem - ok
22:59:43.0317 7280 NWUSBPort (a3fadcf96abf4803e7a946cd48641ac3) C:\Windows\system32\DRIVERS\nwusbser.sys
22:59:43.0380 7280 NWUSBPort - ok
22:59:43.0409 7280 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
22:59:43.0414 7280 ohci1394 - ok
22:59:43.0507 7280 OpcEnum (eae6208900e2986f66f68b30aef86e4d) C:\Windows\SysWOW64\OpcEnum.exe
22:59:43.0589 7280 OpcEnum - ok
22:59:43.0653 7280 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:59:43.0663 7280 ose - ok
22:59:44.0043 7280 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:59:44.0168 7280 osppsvc - ok
22:59:44.0293 7280 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:59:44.0362 7280 p2pimsvc - ok
22:59:44.0411 7280 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:59:44.0458 7280 p2psvc - ok
22:59:44.0516 7280 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:59:44.0578 7280 Parport - ok
22:59:44.0629 7280 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
22:59:44.0660 7280 partmgr - ok
22:59:44.0687 7280 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:59:44.0761 7280 PcaSvc - ok
22:59:44.0784 7280 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
22:59:44.0799 7280 pci - ok
22:59:44.0818 7280 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
22:59:44.0822 7280 pciide - ok
22:59:44.0848 7280 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:59:44.0879 7280 pcmcia - ok
22:59:44.0898 7280 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:59:44.0903 7280 pcw - ok
22:59:44.0953 7280 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:59:45.0045 7280 PEAUTH - ok
22:59:45.0142 7280 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
22:59:45.0177 7280 PeerDistSvc - ok
22:59:45.0259 7280 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:59:45.0265 7280 PerfHost - ok
22:59:45.0348 7280 Pharos Systems ComTaskMaster (35045ca2ab16a08330450fc0c1bc5c54) C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
22:59:45.0460 7280 Pharos Systems ComTaskMaster - ok
22:59:45.0734 7280 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
22:59:45.0784 7280 pla - ok
22:59:45.0845 7280 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
22:59:45.0878 7280 PlugPlay - ok
22:59:45.0904 7280 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
22:59:45.0973 7280 Pml Driver HPZ12 - ok
22:59:45.0987 7280 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:59:45.0992 7280 PNRPAutoReg - ok
22:59:46.0027 7280 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:59:46.0032 7280 PNRPsvc - ok
22:59:46.0080 7280 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
22:59:46.0108 7280 PolicyAgent - ok
22:59:46.0139 7280 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:59:46.0204 7280 Power - ok
22:59:46.0266 7280 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
22:59:46.0276 7280 PptpMiniport - ok
22:59:46.0292 7280 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:59:46.0297 7280 Processor - ok
22:59:46.0323 7280 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
22:59:46.0380 7280 ProfSvc - ok
22:59:46.0417 7280 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:59:46.0419 7280 ProtectedStorage - ok
22:59:46.0445 7280 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
22:59:46.0453 7280 Psched - ok
22:59:46.0482 7280 pwdrvio (595a22c4cce855e72d475835f3df2d53) C:\Windows\system32\pwdrvio.sys
22:59:46.0528 7280 pwdrvio - ok
22:59:46.0612 7280 pwdspio (70eb529f6fedac79d0a8e3bb79999277) C:\Windows\system32\pwdspio.sys
22:59:46.0634 7280 pwdspio - ok
22:59:46.0746 7280 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:59:46.0789 7280 ql2300 - ok
22:59:46.0928 7280 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:59:46.0936 7280 ql40xx - ok
22:59:46.0977 7280 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:59:46.0992 7280 QWAVE - ok
22:59:47.0007 7280 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:59:47.0012 7280 QWAVEdrv - ok
22:59:47.0027 7280 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:59:47.0032 7280 RasAcd - ok
22:59:47.0056 7280 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:59:47.0061 7280 RasAgileVpn - ok
22:59:47.0079 7280 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:59:47.0131 7280 RasAuto - ok
22:59:47.0168 7280 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:59:47.0226 7280 Rasl2tp - ok
22:59:47.0270 7280 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
22:59:47.0347 7280 RasMan - ok
22:59:47.0367 7280 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:59:47.0427 7280 RasPppoe - ok
22:59:47.0452 7280 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:59:47.0554 7280 RasSstp - ok
22:59:47.0586 7280 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
22:59:47.0605 7280 rdbss - ok
22:59:47.0622 7280 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:59:47.0662 7280 rdpbus - ok
22:59:47.0699 7280 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:59:47.0700 7280 RDPCDD - ok
22:59:47.0793 7280 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
22:59:47.0820 7280 RDPDR - ok
22:59:47.0857 7280 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:59:47.0858 7280 RDPENCDD - ok
22:59:47.0879 7280 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:59:47.0880 7280 RDPREFMP - ok
22:59:47.0926 7280 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
22:59:48.0006 7280 RDPWD - ok
22:59:48.0031 7280 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
22:59:48.0040 7280 rdyboost - ok
22:59:48.0163 7280 Remote Solver for Flow Simulation 2010 (d0b8e82dd29d8bfd964063894038a883) C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe
22:59:48.0228 7280 Remote Solver for Flow Simulation 2010 - ok
22:59:48.0263 7280 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:59:48.0316 7280 RemoteAccess - ok
22:59:48.0362 7280 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:59:48.0428 7280 RemoteRegistry - ok
22:59:48.0462 7280 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
22:59:48.0519 7280 RFCOMM - ok
22:59:48.0547 7280 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
22:59:48.0552 7280 rimmptsk - ok
22:59:48.0570 7280 rimsptsk (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
22:59:48.0575 7280 rimsptsk - ok
22:59:48.0593 7280 rismcx64 (d018844dc53d8428410a2feeeee9373e) C:\Windows\system32\DRIVERS\rismcx64.sys
22:59:48.0598 7280 rismcx64 - ok
22:59:48.0612 7280 rismxdp (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
22:59:48.0618 7280 rismxdp - ok
22:59:48.0632 7280 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:59:48.0685 7280 RpcEptMapper - ok
22:59:48.0708 7280 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:59:48.0714 7280 RpcLocator - ok
22:59:48.0806 7280 rpcnet (6684437f3628ef237c354f77d33426d1) C:\Windows\SysWOW64\rpcnet.exe
22:59:48.0893 7280 rpcnet - ok
22:59:48.0951 7280 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
22:59:48.0958 7280 RpcSs - ok
22:59:49.0026 7280 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
22:59:49.0062 7280 RsFx0103 - ok
22:59:49.0090 7280 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:59:49.0095 7280 rspndr - ok
22:59:49.0114 7280 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
22:59:49.0118 7280 s3cap - ok
22:59:49.0206 7280 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:59:49.0207 7280 SamSs - ok
22:59:49.0227 7280 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
22:59:49.0237 7280 sbp2port - ok
22:59:49.0274 7280 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:59:49.0290 7280 SCardSvr - ok
22:59:49.0306 7280 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
22:59:49.0332 7280 scfilter - ok
22:59:49.0435 7280 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
22:59:49.0540 7280 Schedule - ok
22:59:49.0572 7280 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
22:59:49.0574 7280 SCPolicySvc - ok
22:59:49.0607 7280 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\DRIVERS\sdbus.sys
22:59:49.0624 7280 sdbus - ok
22:59:49.0655 7280 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
22:59:49.0672 7280 SDRSVC - ok
22:59:49.0792 7280 SeagateDashboardService (16b44d246835eac156f8daf0aa4f530c) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
22:59:49.0794 7280 SeagateDashboardService - ok
22:59:49.0832 7280 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:59:49.0837 7280 secdrv - ok
22:59:49.0853 7280 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
22:59:49.0859 7280 seclogon - ok
22:59:49.0879 7280 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
22:59:49.0905 7280 SENS - ok
22:59:49.0937 7280 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:59:49.0943 7280 SensrSvc - ok
22:59:49.0954 7280 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:59:49.0989 7280 Serenum - ok
22:59:50.0022 7280 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:59:50.0091 7280 Serial - ok
22:59:50.0107 7280 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:59:50.0136 7280 sermouse - ok
22:59:50.0199 7280 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
22:59:50.0209 7280 SessionEnv - ok
22:59:50.0227 7280 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
22:59:50.0232 7280 sffdisk - ok
22:59:50.0259 7280 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:59:50.0263 7280 sffp_mmc - ok
22:59:50.0287 7280 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
22:59:50.0322 7280 sffp_sd - ok
22:59:50.0370 7280 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:59:50.0375 7280 sfloppy - ok
22:59:50.0451 7280 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:59:50.0468 7280 SharedAccess - ok
22:59:50.0502 7280 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
22:59:50.0522 7280 ShellHWDetection - ok
22:59:50.0542 7280 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:59:50.0546 7280 SiSRaid2 - ok
22:59:50.0560 7280 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:59:50.0564 7280 SiSRaid4 - ok
22:59:50.0583 7280 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:59:50.0651 7280 Smb - ok
22:59:50.0738 7280 SMSIVZAM5X64 (b5d3c24e4ea8e6d4850e83dad8c510d4) C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS
22:59:50.0743 7280 SMSIVZAM5X64 - ok
22:59:50.0786 7280 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:59:50.0839 7280 SNMPTRAP - ok
22:59:50.0995 7280 SNP2UVC (a676e7f5c305cbc3d3d0e4d718f23329) C:\Windows\system32\DRIVERS\snp2uvc.sys
22:59:51.0097 7280 SNP2UVC - ok
22:59:51.0164 7280 SolidWorks Licensing Service (4945020bc094c322571184a6e8056b3a) C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
22:59:51.0224 7280 SolidWorks Licensing Service - ok
22:59:51.0381 7280 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:59:51.0385 7280 spldr - ok
22:59:51.0438 7280 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
22:59:51.0507 7280 Spooler - ok
22:59:51.0802 7280 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
22:59:51.0889 7280 sppsvc - ok
22:59:51.0983 7280 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:59:51.0996 7280 sppuinotify - ok
22:59:52.0118 7280 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
22:59:52.0206 7280 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
22:59:52.0207 7280 sptd ( LockedFile.Multi.Generic ) - warning
22:59:52.0207 7280 sptd - detected LockedFile.Multi.Generic (1)
22:59:52.0329 7280 SQLAgent$SQLEXPRESS (12e6d95cde974b131defaa44bab8b056) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
22:59:52.0363 7280 SQLAgent$SQLEXPRESS - ok
22:59:52.0444 7280 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
22:59:52.0456 7280 SQLBrowser - ok
22:59:52.0488 7280 SQLWriter (6d65985945b03ca59b67d0b73702fc7b) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
22:59:52.0539 7280 SQLWriter - ok
22:59:52.0719 7280 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
22:59:52.0806 7280 srv - ok
22:59:52.0842 7280 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
22:59:52.0858 7280 srv2 - ok
22:59:52.0907 7280 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
22:59:52.0921 7280 srvnet - ok
22:59:52.0966 7280 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:59:52.0980 7280 SSDPSRV - ok
22:59:52.0997 7280 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:59:53.0009 7280 SstpSvc - ok
22:59:53.0118 7280 STacSV (21b53d0f289d6671489431ddff55045f) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\STacSV64.exe
22:59:53.0130 7280 STacSV - ok
22:59:53.0185 7280 Steam Client Service - ok
22:59:53.0204 7280 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:59:53.0208 7280 stexstor - ok
22:59:53.0253 7280 STHDA (97fdbc63c92e6dab900fd37656cca782) C:\Windows\system32\DRIVERS\stwrt64.sys
22:59:53.0277 7280 STHDA - ok
22:59:53.0342 7280 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
22:59:53.0366 7280 stisvc - ok
22:59:53.0396 7280 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
22:59:53.0400 7280 storflt - ok
22:59:53.0417 7280 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
22:59:53.0423 7280 StorSvc - ok
22:59:53.0440 7280 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
22:59:53.0444 7280 storvsc - ok
22:59:53.0455 7280 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
22:59:53.0459 7280 swenum - ok
22:59:53.0498 7280 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:59:53.0567 7280 swprv - ok
22:59:53.0615 7280 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
22:59:53.0631 7280 SynTP - ok
22:59:53.0770 7280 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
22:59:53.0867 7280 SysMain - ok
22:59:53.0970 7280 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
22:59:54.0023 7280 TabletInputService - ok
22:59:54.0061 7280 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
22:59:54.0120 7280 TapiSrv - ok
22:59:54.0136 7280 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:59:54.0142 7280 TBS - ok
22:59:54.0299 7280 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
22:59:54.0356 7280 Tcpip - ok
22:59:54.0569 7280 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
22:59:54.0588 7280 TCPIP6 - ok
22:59:54.0730 7280 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
22:59:54.0776 7280 tcpipreg - ok
22:59:54.0811 7280 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:59:54.0815 7280 TDPIPE - ok
22:59:54.0854 7280 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
22:59:54.0923 7280 TDTCP - ok
22:59:54.0957 7280 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
22:59:55.0010 7280 tdx - ok
22:59:55.0037 7280 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
22:59:55.0042 7280 TermDD - ok
22:59:55.0107 7280 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
22:59:55.0152 7280 TermService - ok
22:59:55.0173 7280 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:59:55.0179 7280 Themes - ok
22:59:55.0208 7280 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:59:55.0210 7280 THREADORDER - ok
22:59:55.0241 7280 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
22:59:55.0293 7280 TPM - ok
22:59:55.0327 7280 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:59:55.0386 7280 TrkWks - ok
22:59:55.0449 7280 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
22:59:55.0505 7280 TrustedInstaller - ok
22:59:55.0523 7280 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:59:55.0565 7280 tssecsrv - ok
22:59:55.0615 7280 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
22:59:55.0665 7280 tunnel - ok
22:59:55.0696 7280 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:59:55.0701 7280 uagp35 - ok
22:59:55.0737 7280 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
22:59:55.0752 7280 udfs - ok
22:59:55.0782 7280 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:59:55.0854 7280 UI0Detect - ok
22:59:55.0885 7280 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
22:59:55.0889 7280 uliagpkx - ok
22:59:55.0903 7280 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
22:59:55.0908 7280 umbus - ok
22:59:55.0927 7280 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:59:55.0932 7280 UmPass - ok
22:59:55.0964 7280 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
22:59:56.0021 7280 UmRdpService - ok
22:59:56.0237 7280 UNS (7953d636309b7f505c70667a7a2437cf) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:59:56.0297 7280 UNS - ok
22:59:56.0472 7280 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:59:56.0531 7280 upnphost - ok
22:59:56.0564 7280 usb6xxxk - ok
22:59:56.0604 7280 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
22:59:56.0647 7280 USBAAPL64 - ok
22:59:56.0689 7280 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
22:59:56.0700 7280 usbccgp - ok
22:59:56.0727 7280 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
22:59:56.0737 7280 usbcir - ok
22:59:56.0752 7280 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
22:59:56.0823 7280 usbehci - ok
22:59:56.0869 7280 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
22:59:56.0886 7280 usbhub - ok
22:59:56.0897 7280 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
22:59:56.0932 7280 usbohci - ok
22:59:56.0963 7280 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:59:57.0008 7280 usbprint - ok
22:59:57.0040 7280 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:59:57.0051 7280 USBSTOR - ok
22:59:57.0061 7280 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
22:59:57.0065 7280 usbuhci - ok
22:59:57.0105 7280 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
22:59:57.0178 7280 usbvideo - ok
22:59:57.0288 7280 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:59:57.0293 7280 UxSms - ok
22:59:57.0324 7280 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:59:57.0326 7280 VaultSvc - ok
22:59:57.0496 7280 vcsFPService (bbe2b5036d2ff45458c747fb2513591d) C:\Windows\system32\vcsFPService.exe
22:59:57.0589 7280 vcsFPService - ok
22:59:57.0738 7280 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
22:59:57.0742 7280 vdrvroot - ok
22:59:57.0796 7280 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
22:59:57.0839 7280 vds - ok
22:59:57.0865 7280 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:59:57.0870 7280 vga - ok
22:59:57.0882 7280 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:59:57.0909 7280 VgaSave - ok
22:59:57.0960 7280 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
22:59:57.0974 7280 vhdmp - ok
22:59:57.0986 7280 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
22:59:57.0990 7280 viaide - ok
22:59:58.0027 7280 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
22:59:58.0042 7280 vmbus - ok
22:59:58.0053 7280 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
22:59:58.0101 7280 VMBusHID - ok
22:59:58.0144 7280 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
22:59:58.0149 7280 volmgr - ok
22:59:58.0182 7280 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
22:59:58.0198 7280 volmgrx - ok
22:59:58.0223 7280 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
22:59:58.0235 7280 volsnap - ok
22:59:58.0268 7280 vpcbus (abd9b4a7e2d0ae51a3b8df1af3152d61) C:\Windows\system32\DRIVERS\vpchbus.sys
22:59:58.0349 7280 vpcbus - ok
22:59:58.0379 7280 vpcnfltr (8acda395841538ce9713a67fe8b2a3eb) C:\Windows\system32\DRIVERS\vpcnfltr.sys
22:59:58.0384 7280 vpcnfltr - ok
22:59:58.0404 7280 vpcusb (31924e31bc315773e6d149b157db46d5) C:\Windows\system32\DRIVERS\vpcusb.sys
22:59:58.0464 7280 vpcusb - ok
22:59:58.0502 7280 vpcvmm (c5b651e52540e6f46da66574c74b4898) C:\Windows\system32\drivers\vpcvmm.sys
22:59:58.0519 7280 vpcvmm - ok
22:59:58.0559 7280 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:59:58.0577 7280 vsmraid - ok
22:59:58.0687 7280 VSPerfDrv100 (1928b9ca20f51bfbbad54d2c2c447b13) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
22:59:58.0731 7280 VSPerfDrv100 - ok
22:59:58.0854 7280 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
22:59:58.0920 7280 VSS - ok
22:59:59.0050 7280 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:59:59.0054 7280 vwifibus - ok
22:59:59.0067 7280 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:59:59.0072 7280 vwififlt - ok
22:59:59.0103 7280 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
22:59:59.0108 7280 vwifimp - ok
22:59:59.0157 7280 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:59:59.0199 7280 W32Time - ok
22:59:59.0268 7280 W3SVC (06d2b9bc146bb0f45f45ff7a296d50c4) C:\Windows\system32\inetsrv\iisw3adm.dll
22:59:59.0346 7280 W3SVC - ok
22:59:59.0358 7280 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:59:59.0364 7280 WacomPen - ok
22:59:59.0391 7280 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:59:59.0493 7280 WANARP - ok
22:59:59.0497 7280 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:59:59.0499 7280 Wanarpv6 - ok
22:59:59.0508 7280 WAS (06d2b9bc146bb0f45f45ff7a296d50c4) C:\Windows\system32\inetsrv\iisw3adm.dll
22:59:59.0512 7280 WAS - ok
22:59:59.0633 7280 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
22:59:59.0690 7280 WatAdminSvc - ok
22:59:59.0816 7280 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
22:59:59.0876 7280 wbengine - ok
23:00:00.0007 7280 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:00:00.0030 7280 WbioSrvc - ok
23:00:00.0084 7280 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
23:00:00.0102 7280 wcncsvc - ok
23:00:00.0122 7280 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:00:00.0128 7280 WcsPlugInService - ok
23:00:00.0165 7280 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:00:00.0169 7280 Wd - ok
23:00:00.0215 7280 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:00:00.0245 7280 Wdf01000 - ok
23:00:00.0282 7280 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:00:00.0334 7280 WdiServiceHost - ok
23:00:00.0338 7280 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:00:00.0341 7280 WdiSystemHost - ok
23:00:00.0382 7280 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
23:00:00.0446 7280 WebClient - ok
23:00:00.0478 7280 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:00:00.0494 7280 Wecsvc - ok
23:00:00.0514 7280 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:00:00.0715 7280 wercplsupport - ok
23:00:00.0846 7280 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:00:00.0900 7280 WerSvc - ok
23:00:00.0943 7280 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:00:00.0947 7280 WfpLwf - ok
23:00:00.0961 7280 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:00:00.0965 7280 WIMMount - ok
23:00:01.0013 7280 WinDefend - ok
23:00:01.0024 7280 WinHttpAutoProxySvc - ok
23:00:01.0092 7280 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:00:01.0164 7280 Winmgmt - ok
23:00:01.0317 7280 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
23:00:01.0371 7280 WinRM - ok
23:00:01.0516 7280 WinUSB (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
23:00:01.0543 7280 WinUSB - ok
23:00:01.0629 7280 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:00:01.0658 7280 Wlansvc - ok
23:00:01.0687 7280 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:00:01.0721 7280 WmiAcpi - ok
23:00:01.0803 7280 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:00:01.0867 7280 wmiApSrv - ok
23:00:01.0902 7280 WMPNetworkSvc - ok
23:00:01.0923 7280 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:00:01.0931 7280 WPCSvc - ok
23:00:01.0952 7280 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
23:00:02.0020 7280 WPDBusEnum - ok
23:00:02.0042 7280 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:00:02.0043 7280 ws2ifsl - ok
23:00:02.0073 7280 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
23:00:02.0085 7280 wscsvc - ok
23:00:02.0090 7280 WSearch - ok
23:00:02.0270 7280 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
23:00:02.0338 7280 wuauserv - ok
23:00:02.0441 7280 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
23:00:02.0452 7280 WudfPf - ok
23:00:02.0489 7280 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:00:02.0505 7280 WUDFRd - ok
23:00:02.0525 7280 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
23:00:02.0594 7280 wudfsvc - ok
23:00:02.0627 7280 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:00:02.0708 7280 WwanSvc - ok
23:00:02.0801 7280 X6va003 - ok
23:00:02.0875 7280 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:00:02.0957 7280 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
23:00:02.0958 7280 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
23:00:02.0966 7280 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR1
23:00:02.0976 7280 \Device\Harddisk1\DR1 - ok
23:00:02.0981 7280 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
23:00:02.0986 7280 \Device\Harddisk2\DR2 - ok
23:00:03.0023 7280 Boot (0x1200) (0712a72868e70c1ed528494aff497b5d) \Device\Harddisk0\DR0\Partition0
23:00:03.0027 7280 \Device\Harddisk0\DR0\Partition0 - ok
23:00:03.0036 7280 Boot (0x1200) (866a30999bb56dfc701508ea8a8dfbb1) \Device\Harddisk0\DR0\Partition1
23:00:03.0039 7280 \Device\Harddisk0\DR0\Partition1 - ok
23:00:03.0073 7280 Boot (0x1200) (069e2578102a4d6b06d8d1fdb3bad4b6) \Device\Harddisk0\DR0\Partition2
23:00:03.0076 7280 \Device\Harddisk0\DR0\Partition2 - ok
23:00:03.0081 7280 Boot (0x1200) (32dfeb0c7ba969f10477c14651111841) \Device\Harddisk1\DR1\Partition0
23:00:03.0083 7280 \Device\Harddisk1\DR1\Partition0 - ok
23:00:03.0088 7280 Boot (0x1200) (86455b6a0b95a60e2365cb5d817550d7) \Device\Harddisk2\DR2\Partition0
23:00:03.0091 7280 \Device\Harddisk2\DR2\Partition0 - ok
23:00:03.0096 7280 Boot (0x1200) (53a9ef232f178ee95663adda157ba93d) \Device\Harddisk2\DR2\Partition1
23:00:03.0100 7280 \Device\Harddisk2\DR2\Partition1 - ok
23:00:03.0100 7280 ============================================================
23:00:03.0100 7280 Scan finished
23:00:03.0100 7280 ============================================================
23:00:03.0118 3688 Detected object count: 2
23:00:03.0118 3688 Actual detected object count: 2
23:00:36.0227 3688 sptd ( LockedFile.Multi.Generic ) - skipped by user
23:00:36.0227 3688 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
23:00:37.0419 3688 \Device\Harddisk0\DR0\# - copied to quarantine
23:00:37.0419 3688 \Device\Harddisk0\DR0 - copied to quarantine
23:00:37.0563 3688 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
23:00:37.0570 3688 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
23:00:37.0588 3688 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
23:00:37.0597 3688 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
23:00:37.0630 3688 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
23:00:37.0647 3688 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
23:00:37.0649 3688 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
23:00:37.0650 3688 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
23:00:37.0653 3688 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
23:00:37.0656 3688 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
23:00:37.0661 3688 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
23:00:37.0687 3688 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
23:00:37.0690 3688 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
23:00:37.0692 3688 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
23:00:37.0728 3688 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
23:00:37.0731 3688 \Device\Harddisk0\DR0 - ok
23:00:37.0814 3688 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
23:00:50.0164 5292 Deinitialize success

(2/2)
 
ComboFix 12-07-31.03 - mburns 08/01/2012 23:38:32.5.8 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4029.2079 [GMT -4:00]
Running from: c:\users\Class2014\Desktop\your_name.exe
AV: AVG Anti-Virus Business Edition *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Business Edition *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\3002.abs
.
.
((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
.
.
2012-08-02 03:50 . 2012-08-02 03:50 -------- d-----w- c:\users\mburns\AppData\Local\temp
2012-08-02 03:50 . 2012-08-02 03:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-02 03:50 . 2012-08-02 03:50 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-07-29 16:00 . 2012-07-29 16:00 -------- d-----w- c:\users\Class2014\AppData\Roaming\Malwarebytes
2012-07-29 16:00 . 2012-07-29 16:00 -------- d-----w- c:\programdata\Malwarebytes
2012-07-29 16:00 . 2012-07-29 16:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-29 16:00 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-15 19:49 . 2012-07-15 19:49 -------- d-----w- c:\users\Administrator\AppData\Local\AirMouse
2012-07-14 19:50 . 2012-07-14 19:50 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-14 19:33 . 2012-07-14 19:33 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 04:22 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 11:12 . 2012-07-11 11:15 -------- d-----w- C:\8ca979b7f09b658e9dc76c61d1
2012-07-11 11:10 . 2012-06-06 05:50 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 11:10 . 2012-06-06 05:50 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 11:10 . 2012-06-06 05:09 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 11:10 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-07 19:10 . 2012-07-07 19:10 -------- d-----w- c:\program files (x86)\EAGLE-6.2.0
2012-07-07 19:10 . 2012-07-07 19:10 -------- d-----w- c:\users\Class2014\AppData\Roaming\CadSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 03:03 . 2010-12-09 14:31 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-08-02 03:03 . 2010-08-05 20:04 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2012-08-02 01:35 . 2010-12-09 14:31 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2012-08-01 02:26 . 2010-08-05 17:45 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2012-07-31 01:29 . 2010-08-05 20:04 13160 ----a-w- c:\windows\SysWow64\Upgrd.exe
2012-07-31 01:29 . 2010-08-05 20:04 58288 ------w- c:\windows\SysWow64\rpcnet.exe
2012-07-14 19:33 . 2012-01-05 02:45 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 11:13 . 2010-07-08 17:42 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-24 17:09 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-24 17:10 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-24 17:10 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-24 17:10 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-24 17:09 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-24 17:10 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-24 17:09 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-24 17:09 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-24 17:09 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-04 10:52 . 2012-06-14 00:13 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:08 . 2012-06-14 00:13 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08 . 2012-06-14 00:13 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-29_17.23.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-01 02:56 . 2012-08-01 02:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
- 2012-07-14 19:58 . 2012-07-29 00:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-07-14 19:58 . 2012-08-02 02:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-08-01 02:56 . 2012-08-01 02:56 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012073120120801\index.dat
+ 2012-08-01 02:56 . 2012-08-01 02:56 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012072320120730\index.dat
+ 2012-07-14 19:49 . 2012-08-02 02:30 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-07-08 17:31 . 2012-08-02 03:06 69750 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-02 03:06 44690 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-16 20:55 . 2012-08-02 03:06 24644 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1273285964-1369492898-2689800442-1000_UserData.bin
+ 2012-08-01 02:56 . 2012-08-01 02:56 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{72619510-DB84-11E1-B5E5-A9D11B1356CE}.dat
+ 2012-08-01 02:56 . 2012-08-01 02:56 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{72619511-DB84-11E1-B5E5-A9D11B1356CE}.dat
- 2010-07-07 21:21 . 2012-07-29 16:11 3245 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2010-07-07 21:21 . 2012-08-02 03:01 3245 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-07-29 16:12 . 2012-07-29 16:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-02 03:02 . 2012-08-02 03:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-02 03:02 . 2012-08-02 03:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-29 16:12 . 2012-07-29 16:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-08-16 20:52 . 2012-08-02 02:30 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-08-16 20:52 . 2012-07-29 16:14 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-08-01 02:57 . 2012-08-01 02:56 360448 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
+ 2009-07-14 04:54 . 2012-08-02 02:13 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 02:36 . 2012-08-02 03:11 763312 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-29 16:21 763312 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-29 16:21 156836 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-08-02 03:11 156836 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-07-29 16:11 430472 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-02 03:01 430472 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-08-02 02:13 6848512 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-07-16 02:04 . 2012-08-02 03:01 2357236 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2009-07-14 04:54 . 2012-08-02 02:13 10633216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:34 . 2012-07-29 16:28 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-08-02 03:18 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-08-24 05:04 . 2012-08-02 03:01 35007536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1273285964-1369492898-2689800442-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-11-04 111640]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
"AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2012-01-26 2077536]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Air Mouse.lnk - c:\program files (x86)\Air Mouse\Air Mouse\Air Mouse.exe [2010-12-27 1044648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2010-12-02 87336]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 cpuz130;cpuz130;c:\users\CLASS2~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-04-28 1431888]
R3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [2008-12-05 25224]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-21 113120]
R3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2009-04-01 30800]
R3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2009-06-17 11856]
R3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [2009-04-01 26704]
R3 ni488lock;NI-488.2 Locking Service;c:\windows\system32\drivers\ni488lock.sys [2009-01-29 18504]
R3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [2009-01-02 11864]
R3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [2009-05-29 11848]
R3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [2009-06-17 11848]
R3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [2009-06-17 11856]
R3 nidwgk;nidwgk;c:\windows\system32\drivers\nidwgkl.sys [2009-05-27 11872]
R3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [2009-05-29 11848]
R3 niemrkw;niemrkw;c:\windows\system32\DRIVERS\niemrkw.sys [2009-05-29 11336]
R3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [2009-05-29 11848]
R3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [2009-01-06 11864]
R3 nigplk;nigplk;c:\windows\system32\drivers\nigplkl.sys [2009-06-17 12152]
R3 nihsdrk;nihsdrk;c:\windows\system32\drivers\nihsdrkl.sys [2009-04-08 11864]
R3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [2008-12-29 11904]
R3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [2009-06-17 11880]
R3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [2009-03-30 11872]
R3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2009-05-27 12928]
R3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2009-05-27 12920]
R3 nipsdk;nipsdk;c:\windows\system32\drivers\nipsdkl.sys [2009-06-11 11904]
R3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2008-06-25 22104]
R3 niRFSA2k;niRFSA2k;c:\windows\system32\drivers\niRFSA2kl.sys [2009-06-01 11840]
R3 niRFSGk;niRFSGk;c:\windows\system32\drivers\niRFSGkl.sys [2009-04-28 11840]
R3 NiRioRpc;National Instruments RIO Server;c:\windows\SysWOW64\NiRioRpc.exe [2009-06-22 28744]
R3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [2009-01-05 11888]
R3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [2009-02-06 11864]
R3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [2009-03-30 11856]
R3 nisldk;nisldk;c:\windows\system32\drivers\nisldkl.sys [2009-06-18 11856]
R3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [2009-01-05 11888]
R3 nisrcdk;nisrcdk;c:\windows\system32\drivers\nisrcdkl.sys [2009-06-26 11864]
R3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [2009-05-29 11848]
R3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [2009-01-02 11824]
R3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [2009-01-02 11872]
R3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [2008-07-28 11848]
R3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [2009-01-02 11872]
R3 nitnr2k;nitnr2k;c:\windows\system32\drivers\nitnr2kl.sys [2009-04-10 11840]
R3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [2009-05-29 11880]
R3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [2009-03-05 11896]
R3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2009-06-21 11872]
R3 niwdk;niwdk; [x]
R3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [2009-05-29 11848]
R3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [2009-05-29 11848]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2011-09-03 19936]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2011-09-03 13280]
R3 Remote Solver for Flow Simulation 2010;Remote Solver for Flow Simulation 2010;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2010-10-07 94472]
R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-05-25 43032]
R3 usb6xxxk;usb6xxxk;c:\windows\system32\drivers\usb6xxxkl.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-18 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-08 1255736]
R3 X6va003;X6va003;c:\users\CLASS2~1\AppData\Local\Temp\003302D.tmp [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 AvgRkx64;avgrkx64.sys;c:\windows\System32\Drivers\avgrkx64.sys [2010-07-19 56008]
S0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [2008-08-22 16472]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-28 834544]
S1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\system32\Drivers\avgldx64.sys [2010-07-22 269904]
S1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\system32\Drivers\avgmfx64.sys [2011-09-12 35664]
S1 AvgTdiA;AVG Network Redirector x64;c:\windows\system32\Drivers\avgtdia.sys [2011-05-05 317520]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe [2009-03-03 89600]
S2 avg9wd;AVG WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2010-07-22 308136]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 30520]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-05-04 25824]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\SysWOW64\nipalsm.exe [2008-08-22 12696]
S2 nidevldu;NI Device Loader;c:\windows\SysWOW64\nipalsm.exe [2008-08-22 12696]
S2 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2009-03-05 131704]
S2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2009-06-04 193648]
S2 nipxirmk;NI PXI Resource Manager;c:\windows\system32\drivers\nipxirmkl.sys [2009-06-04 11856]
S2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2009-06-21 11872]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-12-08 6810728]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-18 2045232]
S3 ALSysIO;ALSysIO;c:\users\CLASS2~1\AppData\Local\Temp\ALSysIO64.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-09-24 283824]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-05-31 7689216]
S3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2008-06-13 11872]
S3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [2008-11-24 11872]
S3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [2008-12-29 11872]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-05-10 174184]
S3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismcx64.sys [2009-07-20 59008]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ALSYSIO
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 16:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1273285964-1369492898-2689800442-1000Core.job
- c:\users\Class2014\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-24 04:07]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1273285964-1369492898-2689800442-1000UA.job
- c:\users\Class2014\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-24 04:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-11-18 487424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1875048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\avgrssta.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.stevens.edu/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130
FF - ProfilePath - c:\users\Class2014\AppData\Roaming\Mozilla\Firefox\Profiles\gadqgzz4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.stevens.edu
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc28CA5.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\CLASS2~1\AppData\Local\Temp\003302D.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{593DDEC6-7468-4CDD-90E1-42DADAA222E9}"=hex:51,66,7a,6c,4c,1d,38,12,a8,dd,2e,
5d,5a,3a,b3,09,ef,f7,01,9a,df,fc,66,fd
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a3,e0,81,37,91,6f,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-01 23:55:59
ComboFix-quarantined-files.txt 2012-08-02 03:55
ComboFix2.txt 2012-08-02 02:34
ComboFix3.txt 2012-07-29 17:30
ComboFix4.txt 2012-07-16 02:38
.
Pre-Run: 233,644,838,912 bytes free
Post-Run: 233,547,771,904 bytes free
.
- - End Of File - - F0367DD98ACDA3B0E77148F9927082D0
 
Good :)

How is computer doing?

================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
You must log in or register to reply here.

Similar threads

M
Virus warning popup
Replies
1
Views
531
Mark Fuller
M
dcovalencia
Solved Downloaded a .exe file from a copy of a website
Replies
23
Views
3K
Broni
Broni
midian182
Ad for a cheap BMW was used as Trojan horse in Russian cyberattack on Ukrainian diplomats
Replies
1
Views
332
Jaabaaar
Jaabaaar

Latest posts

Back