Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Zeroaccess.b


  • This topic is locked This topic is locked
31 replies to this topic

#1 Plans

Plans

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 23 April 2012 - 11:15 PM

I have Nortons Internet Security on my new PC. I ran a virus scan and Nortons reported I have a Trojan that must be manually removed. The Trojan is Trojan.zeroaccess.b, The PC has Windows 7 installed and is a 64 bit. The computer will not start windows in normal mode. I must tell it to restore upon startup. I am not sure how to remove this due to it affecting the system files. I do not want to harm my computer any worse than it already is. Please advise on the proper procedure for removing this.

Edited by Plans, 23 April 2012 - 11:44 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:10 AM

Posted 24 April 2012 - 12:26 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Plans

Plans
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 24 April 2012 - 07:45 AM

Scan result of Farbar Recovery Scan Tool Version: 22-04-2012
Ran by SYSTEM at 24-04-2012 08:25:14
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-11-01] (IDT, Inc.)
HKLM\...\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe [37888 2011-11-01] (Hewlett-Packard )
HKLM\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-10-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc)
HKLM-x32\...\Run: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe" [46368 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe" [29984 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" [376 2012-04-24] ()
HKLM-x32\...\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN [2621440 2010-06-10] (Brother Industries, Ltd.)
HKU\Desktop Office\...\Run: [Akamai NetSession Interface] "C:\Users\Desktop Office\AppData\Local\Akamai\netsession_win.exe" [3331872 2012-03-13] (Akamai Technologies, Inc)
HKU\Desktop Office\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)
Tcpip\Parameters: [DhcpNameServer] 166.102.165.11 166.102.165.13
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253088 2012-04-23] (Adobe Systems Incorporated)
2 AMD_RAIDXpert; "C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe" -s [128904 2011-05-13] (AMD)
2 Autodesk Content Service; "C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe" [18656 2011-02-02] ()
2 BBUpdate; "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [249648 2011-07-20] (Microsoft Corporation)
3 BrYNSvc; "C:\Program Files (x86)\Browny02\BrYNSvc.exe" [245760 2010-01-25] (Brother Industries, Ltd.)
2 CalendarSynchService; "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe" [16384 2011-08-16] (Hewlett-Packard)
2 Cardex; C:\Windows\System32\pdlnsx25.dll [6656 2009-07-13] (Oak Technology Inc.)
3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [206072 2010-10-12] (WildTangent, Inc.)
2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [86072 2011-09-09] (Hewlett-Packard Company)
2 HPAuto; "C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe" [682040 2011-02-16] (Hewlett-Packard)
2 HPClientSvc; "C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe" [346168 2010-10-11] (Hewlett-Packard Company)
2 mi-raysat_3dsmax2012_64; "C:\Program Files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe" [86016 2011-02-22] ()
4 msvsmon90; "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe" /service msvsmon90 [4737024 2008-07-29] (Microsoft Corporation)
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\diMaster.dll" /prefetch:1 [303544 2011-08-11] (Symantec Corporation)
2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService [1128952 2011-08-12] (PDF Complete Inc)
2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
2 btwdins; c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [x]

========================== Drivers (Whitelisted) =============

0 ahcix64s; C:\Windows\System32\Drivers\ahcix64s.sys [280656 2011-08-16] (Advanced Micro Devices, Inc)
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120413.001_6a1\BHDrvx64.sys [1160824 2012-04-12] (Symantec Corporation)
1 ccSet_NIS; C:\Windows\System32\drivers\NISx64\1301000.01C\ccSetx64.sys [167048 2011-08-08] (Symantec Corporation)
3 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-04-24] (Symantec Corporation)
3 EraserUtilDrv11122; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys [138360 2012-04-24] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-03-29] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120423.001_6bb\IDSvia64.sys [488568 2012-04-23] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120423.033\ENG64.SYS [117880 2012-04-24] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120423.033\EX64.SYS [2048632 2012-04-24] (Symantec Corporation)
1 SRTSP; C:\Windows\System32\drivers\NISx64\1301000.01C\SRTSP64.SYS [729720 2011-08-02] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\drivers\NISx64\1301000.01C\SRTSPX64.SYS [37496 2011-08-02] (Symantec Corporation)
3 StillCam; C:\Windows\System32\DRIVERS\serscan.sys [12288 2009-07-13] (Microsoft Corporation)
0 SymDS; C:\Windows\System32\drivers\NISx64\1301000.01C\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NISx64\1301000.01C\SYMEFA64.SYS [1084536 2011-07-28] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-12-23] (Symantec Corporation)
1 SymIRON; C:\Windows\System32\drivers\NISx64\1301000.01C\Ironx64.SYS [189560 2011-07-25] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\drivers\NISx64\1301000.01C\SYMNETS.SYS [401016 2011-07-25] (Symantec Corporation)
3 tihub3; C:\Windows\System32\Drivers\tihub3.sys [136000 2011-09-27] (Texas Instruments Incorporated)
3 tixhci; C:\Windows\System32\Drivers\tixhci.sys [409408 2011-09-27] (Texas Instruments Incorporated)
3 TsUsbGD; C:\Windows\System32\Drivers\TsUsbGD.sys [31232 2010-11-20] (Microsoft Corporation)

========================== NetSvcs (Whitelisted) ===========
NETSVC: Cardex

============ One Month Created Files and Folders ==============

2012-04-24 08:24 - 2012-04-24 04:01 - 0000000 ____D C:\FRST
2012-04-24 04:06 - 2012-04-24 04:07 - 1388505 ____A C:\Users\Eric.DesktopOffice\Downloads\FRST64.exe
2012-04-24 04:06 - 2012-04-05 12:04 - 1388505 ____A C:\Users\Eric.DesktopOffice\Downloads\FRST64 (1).exe
2012-04-24 03:58 - 2012-04-23 23:33 - 0016463 ____A C:\1020.log
2012-04-24 03:58 - 2010-11-20 19:24 - 0192512 ____A C:\Windows\System32\ZLhp1020.DLL
2012-04-24 03:58 - 2010-11-20 19:24 - 0128820 ____A C:\Windows\System32\hp1020.img
2012-04-24 03:58 - 2010-05-13 21:52 - 0501760 ____A C:\Windows\System32\ZSHP1020.EXE
2012-04-24 03:58 - 2010-05-13 19:48 - 0245248 ____A () C:\Windows\System32\zshp1020s.dll
2012-04-24 03:58 - 2010-04-15 03:04 - 0010632 ____A C:\Windows\System32\ZSHP1020.CHM
2012-04-24 02:42 - 2010-11-20 19:24 - 0001435 ____A C:\Windows\SysWOW64\logFile.xml
2012-04-23 20:13 - 2012-04-23 20:13 - 8766112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-23 19:57 - 2012-04-06 05:32 - 0000328 ____A C:\Windows\Tasks\HPCeeScheduleForEric.job
2012-04-23 19:56 - 2011-11-01 00:12 - 0000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2012-04-23 19:50 - 2012-02-27 23:34 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-23 19:50 - 2012-02-27 22:56 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-23 19:50 - 2012-02-27 22:48 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-23 19:50 - 2012-02-27 22:45 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-23 19:50 - 2012-02-27 22:42 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-23 19:50 - 2012-02-27 17:52 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-23 19:50 - 2012-02-27 17:18 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-23 19:50 - 2012-02-27 17:09 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-23 19:50 - 2012-02-27 17:06 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-23 19:50 - 2012-02-27 17:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-23 19:50 - 2011-12-23 17:20 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-23 19:50 - 2011-12-23 17:20 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-23 19:50 - 2011-12-23 17:15 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-23 19:50 - 2011-12-23 17:15 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-23 19:50 - 2011-12-23 17:15 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-23 19:50 - 2011-12-23 17:15 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-23 19:50 - 2011-12-23 17:15 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-23 19:50 - 2011-12-23 17:15 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-23 19:50 - 2011-12-23 17:15 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-23 19:50 - 2011-12-23 17:15 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-23 19:50 - 2010-11-20 19:24 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-23 19:50 - 2010-11-20 19:23 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-23 19:50 - 2009-07-13 17:41 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-23 19:50 - 2009-07-13 17:41 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-23 19:50 - 2009-07-13 17:38 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-23 19:50 - 2009-07-13 17:16 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-04-23 19:50 - 2009-07-13 17:16 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-23 19:50 - 2009-07-13 17:16 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-23 19:50 - 2009-07-13 17:14 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-23 19:48 - 2009-07-13 17:47 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-23 19:48 - 2009-07-13 17:41 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-23 19:48 - 2009-07-13 17:38 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-23 19:48 - 2009-07-13 17:33 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-23 19:48 - 2009-07-13 17:16 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-23 19:48 - 2009-07-13 17:14 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-04-23 19:48 - 2009-07-13 17:11 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-04-23 16:18 - 2012-04-23 23:34 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Roaming\AVG
2012-04-23 16:06 - 2012-04-23 16:19 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Roaming\AVG2012
2012-04-23 16:03 - 2012-04-23 23:34 - 0000000 ____D C:\Users\All Users\AVG2012
2012-04-23 16:03 - 2012-04-23 23:34 - 0000000 ____D C:\ProgramData\AVG2012
2012-04-23 16:03 - 2012-03-21 12:52 - 0000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-04-23 16:03 - 2011-10-24 12:40 - 0000000 ____D C:\Windows\System32\Drivers\AVG
2012-04-23 16:03 - - 0000000 ___HD C:\$AVG
2012-04-23 16:02 - 2012-04-23 23:33 - 0000000 ____D C:\Program Files (x86)\AVG
2012-04-23 15:49 - 2012-04-23 23:34 - 0000000 ____D C:\Users\All Users\MFAData
2012-04-23 15:49 - 2012-04-23 23:34 - 0000000 ____D C:\ProgramData\MFAData
2012-04-23 15:14 - 2012-04-05 12:04 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Local\RemEngine
2012-04-23 14:16 - 2012-04-23 14:15 - 0002655 ____A C:\Users\Eric.DesktopOffice\Desktop\Microsoft Word.lnk
2012-04-23 14:15 - 2012-04-23 14:15 - 0002673 ____A C:\Users\Eric.DesktopOffice\Desktop\Microsoft Outlook.lnk
2012-04-23 14:15 - 2012-04-05 12:04 - 0002657 ____A C:\Users\Eric.DesktopOffice\Desktop\Microsoft Excel.lnk
2012-04-23 13:33 - 2012-04-23 19:54 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Roaming\HpUpdate
2012-04-23 13:33 - 2012-04-23 15:14 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Roaming\HP Support Assistant
2012-04-06 06:34 - 2012-04-23 23:34 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Roaming\Microsoft Web Folders
2012-04-06 06:22 - 2012-04-06 06:22 - 0000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2012-04-06 06:22 - 2012-04-06 06:22 - 0000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2012-04-06 06:22 - 2009-07-13 21:08 - 0000000 ____D C:\Users\Default\Documents\Visual Studio 2008
2012-04-06 06:22 - 2009-07-13 21:08 - 0000000 ____D C:\Users\Default User\Documents\Visual Studio 2008
2012-04-06 05:45 - 2012-04-24 04:06 - 13588888 ____A (Microsoft Corporation) C:\Users\Eric.DesktopOffice\Downloads\O2kSp3.exe
2012-04-06 05:39 - 2012-04-23 15:14 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Local\SoftGrid Client
2012-04-06 05:39 - 2012-04-06 06:34 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Roaming\SoftGrid Client
2012-04-06 05:34 - 2012-04-05 12:05 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Roaming\Autodesk
2012-04-06 05:32 - 2012-04-24 04:06 - 0000000 ____A C:\Windows\setuperr.log
2012-04-06 05:32 - 2012-04-23 23:35 - 0001130 ____A C:\Windows\setupact.log
2012-04-06 05:31 - 2012-04-23 23:35 - 0001902 ____A C:\Windows\PFRO.log
2012-04-06 05:29 - 2012-03-22 23:39 - 13588888 ____A (Microsoft Corporation) C:\Users\Desktop Office\Downloads\O2kSp3.exe
2012-04-06 05:05 - 2012-04-23 23:34 - 0000000 ____D C:\Program Files (x86)\Snapshot Viewer
2012-04-06 05:05 - 2012-04-23 18:02 - 0000000 ____D C:\Users\All Users\SBT
2012-04-06 05:05 - 2012-04-23 18:02 - 0000000 ____D C:\ProgramData\SBT
2012-04-06 05:03 - 2009-07-13 17:39 - 0000376 ____A C:\Windows\ODBC.INI
2012-04-06 05:02 - 2009-07-13 20:54 - 0001996 ____A C:\Users\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
2012-04-06 05:01 - 2012-04-23 23:34 - 0000000 ____D C:\Users\Desktop Office\AppData\Roaming\Microsoft Web Folders
2012-04-06 05:01 - 2009-07-13 18:34 - 0000000 ____D C:\Windows\Msagent
2012-04-06 04:45 - 2012-03-21 12:52 - 0000000 ____D C:\Users\Desktop Office\AppData\Local\ArchVision,_Inc
2012-04-06 04:30 - 2012-03-29 13:39 - 0000000 ____D C:\Users\Desktop Office\AppData\Roaming\okino
2012-04-06 04:24 - 2012-04-23 23:34 - 0000000 ____D C:\Users\Desktop Office\AppData\Local\SoftGrid Client
2012-04-06 04:24 - 2012-04-06 04:36 - 0000000 ____D C:\Users\Desktop Office\AppData\Roaming\SoftGrid Client
2012-04-06 04:23 - 2012-04-23 23:34 - 0000000 ____D C:\Users\Desktop Office\AppData\Roaming\TP
2012-04-05 12:20 - 2012-04-23 23:34 - 0000000 ____D C:\Users\Eric.DesktopOffice\hpremote
2012-04-05 12:15 - 2012-04-23 23:37 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Local\Hewlett-Packard_Company
2012-04-05 12:15 - 2012-04-06 05:46 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Roaming\hewlett-packard
2012-04-05 12:15 - - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Roaming\Adobe
2012-04-05 12:11 - 2012-04-23 23:38 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Roaming\Google
2012-04-05 12:11 - 2012-04-06 05:34 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Local\Google
2012-04-05 12:10 - 2009-07-13 17:39 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-05 12:06 - 2012-04-05 12:05 - 0139544 ____A C:\Users\Eric.DesktopOffice\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-05 12:05 - 2012-04-05 12:15 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Roaming\ATI
2012-04-05 12:05 - 2012-04-05 12:05 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Local\Broadcom
2012-04-05 12:05 - 2012-04-05 12:03 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Local\ATI
2012-04-05 12:05 - - 0000000 ____D C:\Users\Eric.DesktopOffice\Documents\Bluetooth Exchange Folder
2012-04-05 12:04 - 2012-04-23 23:34 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Local\PDFC
2012-04-05 12:04 - 2012-04-23 16:06 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Roaming\ControlCenter4
2012-04-05 12:04 - - 0000174 ___SH C:\Users\Eric.DesktopOffice\Start Menu\Programs\Startup\desktop.ini
2012-04-05 12:04 - - 0000174 ___SH C:\Users\Eric.DesktopOffice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-04-05 12:03 - 2012-04-24 04:08 - 0000000 __SHD C:\Users\Eric.DesktopOffice\AppData\Local\Temporary Internet Files
2012-04-05 12:03 - 2012-04-23 23:38 - 0000000 __SHD C:\Users\Eric.DesktopOffice\AppData\Local\History
2012-04-05 12:03 - 2012-04-23 23:38 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\LocalLow
2012-04-05 12:03 - 2012-04-23 23:34 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Roaming\Media Center Programs
2012-04-05 12:03 - 2012-04-23 23:34 - 0000000 ____D C:\users\Eric.DesktopOffice
2012-04-05 12:03 - 2012-04-23 14:36 - 0000020 ___SH C:\Users\Eric.DesktopOffice\ntuser.ini
2012-04-05 12:03 - 2012-04-23 13:28 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Local\Hewlett-Packard
2012-04-05 12:03 - 2012-04-05 12:04 - 0000000 __SHD C:\Users\Eric.DesktopOffice\PrintHood
2012-04-05 12:03 - 2012-04-05 12:04 - 0000000 __SHD C:\Users\Eric.DesktopOffice\My Documents
2012-04-05 12:03 - 2012-04-05 12:04 - 0000000 __SHD C:\Users\Eric.DesktopOffice\Documents\My Music
2012-04-05 12:03 - 2012-04-05 12:03 - 0000000 __SHD C:\Users\Eric.DesktopOffice\Templates
2012-04-05 12:03 - 2012-04-05 12:03 - 0000000 __SHD C:\Users\Eric.DesktopOffice\Start Menu
2012-04-05 12:03 - 2012-04-05 12:03 - 0000000 __SHD C:\Users\Eric.DesktopOffice\NetHood
2012-04-05 12:03 - 2012-04-05 12:03 - 0000000 __SHD C:\Users\Eric.DesktopOffice\Documents\My Videos
2012-04-05 12:03 - 2012-04-05 12:03 - 0000000 __SHD C:\Users\Eric.DesktopOffice\Documents\My Pictures
2012-04-05 12:03 - 2012-04-05 12:03 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Roaming\Macromedia
2012-04-05 12:03 - 2012-04-05 12:03 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Local\VirtualStore
2012-04-05 12:03 - 2012-04-05 12:03 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Local\TouchSmartData
2012-04-05 11:06 - 2009-07-13 21:08 - 0000000 ____D C:\Eric
2012-04-05 10:34 - 2012-04-05 10:37 - 0000000 ____D C:\Users\Eric\AppData\Roaming\Google
2012-04-05 10:34 - 2012-04-05 10:27 - 0000000 ____D C:\Users\Eric\AppData\Local\Google
2012-04-05 10:34 - - 0000000 ____D C:\Users\Eric\AppData\Roaming\Adobe
2012-04-05 10:29 - - 0000000 ____D C:\Users\Eric\Documents\3dsMaxDesign
2012-04-05 10:28 - 2012-04-05 10:26 - 0000000 ____D C:\Users\Eric\AppData\Local\cache
2012-04-05 10:27 - 2012-04-05 10:29 - 0000000 ____D C:\Users\Eric\Documents\Autodesk
2012-04-05 10:27 - 2012-04-05 10:28 - 0094296 ____A C:\Users\Eric\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-05 10:27 - 2012-04-05 10:26 - 0000000 ____D C:\Users\Eric\AppData\Roaming\Autodesk
2012-04-05 10:27 - 2012-04-05 10:26 - 0000000 ____D C:\Users\Eric\AppData\Local\Autodesk
2012-04-05 10:26 - 2012-04-05 10:37 - 0000000 ____D C:\Users\Eric\AppData\Local\Broadcom
2012-04-05 10:26 - 2012-04-05 10:34 - 0000000 ____D C:\Users\Eric\AppData\Roaming\ATI
2012-04-05 10:26 - 2012-04-05 10:27 - 0000000 ____D C:\Users\Eric\Documents\Bluetooth Exchange Folder
2012-04-05 10:26 - 2012-04-05 10:24 - 0000000 ____D C:\Users\Eric\AppData\Local\ATI
2012-04-05 10:25 - 2012-04-23 23:34 - 0000000 ____D C:\Users\Eric\AppData\Local\PDFC
2012-04-05 10:25 - 2012-04-05 10:24 - 0000000 ____D C:\Users\Eric\AppData\Local\VirtualStore
2012-04-05 10:24 - 2012-04-23 23:34 - 0000000 ____D C:\Users\Eric\AppData\LocalLow
2012-04-05 10:24 - 2012-04-05 15:43 - 0000000 __SHD C:\Users\Eric\PrintHood
2012-04-05 10:24 - 2012-04-05 15:43 - 0000000 __SHD C:\Users\Eric\My Documents
2012-04-05 10:24 - 2012-04-05 15:43 - 0000000 __SHD C:\Users\Eric\AppData\Local\Temporary Internet Files
2012-04-05 10:24 - 2012-04-05 10:35 - 0000000 ____D C:\Users\Eric\AppData\Local\Hewlett-Packard
2012-04-05 10:24 - 2012-04-05 10:26 - 0000000 __SHD C:\Users\Eric\Documents\My Music
2012-04-05 10:24 - 2012-04-05 10:25 - 0000000 ____D C:\Users\Eric\AppData\Roaming\Macromedia
2012-04-05 10:24 - 2012-04-05 10:24 - 0000000 __SHD C:\Users\Eric\Templates
2012-04-05 10:24 - 2012-04-05 10:24 - 0000000 __SHD C:\Users\Eric\Start Menu
2012-04-05 10:24 - 2012-04-05 10:24 - 0000000 __SHD C:\Users\Eric\NetHood
2012-04-05 10:24 - 2012-04-05 10:24 - 0000000 __SHD C:\Users\Eric\Documents\My Videos
2012-04-05 10:24 - 2012-04-05 10:24 - 0000000 __SHD C:\Users\Eric\Documents\My Pictures
2012-04-05 10:24 - 2012-04-05 10:24 - 0000000 ____D C:\Users\Eric\AppData\Local\TouchSmartData
2012-04-05 10:24 - 2011-12-23 17:51 - 0000000 ____D C:\Users\Eric\AppData\Roaming\Media Center Programs
2012-04-05 10:24 - 2011-12-23 17:37 - 0000000 __SHD C:\Users\Eric\AppData\Local\History
2012-04-05 10:24 - 2009-07-13 20:54 - 0000000 ____D C:\users\Eric
2012-04-05 10:07 - 2012-03-29 19:55 - 0000000 ____D C:\Users\All Users\Recovery
2012-04-05 10:07 - 2012-03-29 19:55 - 0000000 ____D C:\ProgramData\Recovery
2012-04-04 17:12 - 2009-07-13 21:08 - 0000000 ____D C:\Users\All Users\ArchVision
2012-04-04 17:12 - 2009-07-13 21:08 - 0000000 ____D C:\ProgramData\ArchVision
2012-04-04 17:11 - - 0000000 ____D C:\Users\All Users\Allegorithmic
2012-04-04 17:11 - - 0000000 ____D C:\ProgramData\Allegorithmic
2012-03-30 20:55 - 2012-04-23 23:34 - 0000000 ____D C:\Program Files\NuGraf64
2012-03-30 20:55 - 2011-12-23 17:15 - 0085504 ____A (Blue Sky Software Corporation.) C:\Windows\SysWOW64\HTMLWH.DLL
2012-03-30 20:55 - 2010-11-20 19:24 - 1044480 ____A (eHelp Corporation.) C:\Windows\SysWOW64\ROBOEX32.DLL
2012-03-30 20:55 - 2010-05-26 11:41 - 0048128 ____A (Microsoft Corporation) C:\Windows\System32\d3dxof.dll
2012-03-30 20:55 - 2010-05-13 19:48 - 0089088 ____A C:\Windows\System32\zlib.dll
2012-03-30 20:55 - 2009-07-13 18:36 - 0049152 ____A (Blue Sky Software Corporation.) C:\Windows\SysWOW64\INETWH32.DLL
2012-03-30 20:52 - 2012-03-30 20:46 - 0000000 ____D C:\Program Files\Bionatics
2012-03-30 20:52 - 2012-03-29 20:53 - 0000000 ____D C:\Users\All Users\Bionatics
2012-03-30 20:52 - 2012-03-29 20:53 - 0000000 ____D C:\ProgramData\Bionatics
2012-03-30 20:52 - - 0000000 ____D C:\Users\Public\Documents\Bionatics
2012-03-30 20:48 - 2012-04-23 23:34 - 0000000 ____D C:\Users\Desktop Office\AppData\Local\Allegorithmic
2012-03-30 20:48 - 2012-04-23 23:33 - 0000000 ____D C:\Program Files (x86)\ArchVision
2012-03-30 20:48 - 2012-04-23 23:33 - 0000000 ____D C:\Program Files (x86)\Allegorithmic
2012-03-30 20:48 - 2012-03-30 05:41 - 0001986 ____A C:\Users\Public\Desktop\Dashboard.lnk
2012-03-30 20:48 - - 0002147 ____A C:\Users\Public\Desktop\ArchVision Content Manager.lnk
2012-03-30 20:48 - - 0000000 ____D C:\Program Files\ArchVision
2012-03-30 20:46 - 2012-04-23 23:34 - 0000948 ____A C:\Users\Desktop Office\Desktop\LMTOOLS Utility.lnk
2012-03-30 20:46 - 2012-04-23 23:34 - 0000000 ____D C:\Program Files\Autodesk Network License Manager
2012-03-30 20:46 - 2011-02-11 11:24 - 0000000 ____D C:\Revit SDK 2012
2012-03-30 20:29 - 2012-04-23 23:34 - 0000000 ____D C:\Users\Desktop Office\Documents\Autodesk Showcase 2012
2012-03-30 20:08 - 2011-12-23 17:34 - 0002071 ____A C:\Users\Public\Desktop\Inventor Fusion 2012.lnk
2012-03-30 20:07 - 2012-03-30 19:33 - 0001950 ____A C:\Users\Public\Desktop\SketchBook Designer 2012.lnk
2012-03-30 20:03 - 2012-03-30 19:41 - 0002185 ____A C:\Users\Public\Desktop\Autodesk Design Review 2012.lnk
2012-03-30 19:59 - 2012-03-30 20:48 - 0002269 ____A C:\Users\Public\Desktop\AutoCAD 2012 - English.lnk
2012-03-30 19:59 - 2012-03-30 19:56 - 0002519 ____A C:\Users\Public\Desktop\AutoCAD Structural Detailing 2012 - English.lnk
2012-03-30 19:56 - 2012-03-30 19:56 - 0002328 ____A C:\Users\Public\Desktop\AutoCAD MEP 2012 (US Imperial).lnk
2012-03-30 19:56 - 2012-03-30 19:56 - 0002324 ____A C:\Users\Public\Desktop\AutoCAD MEP 2012 (US Metric).lnk
2012-03-30 19:56 - 2012-03-30 19:49 - 0002318 ____A C:\Users\Public\Desktop\AutoCAD MEP 2012 (Global).lnk
2012-03-30 19:49 - 2012-03-30 19:49 - 0002441 ____A C:\Users\Public\Desktop\AutoCAD Architecture 2012 (US Metric).lnk
2012-03-30 19:49 - 2012-03-30 19:36 - 0002445 ____A C:\Users\Public\Desktop\AutoCAD Architecture 2012 (US Imperial).lnk
2012-03-30 19:47 - 2012-03-30 20:48 - 0000000 ____D C:\Users\Desktop Office\Documents\Autodesk
2012-03-30 19:44 - 2012-03-22 23:39 - 0000000 ____D C:\Users\Desktop Office\Documents\Inventor
2012-03-30 19:43 - 2012-03-30 20:03 - 0001852 ____A C:\Users\Public\Desktop\Autodesk Showcase 2012 (64-bit).lnk
2012-03-30 19:41 - 2012-03-30 19:59 - 0002025 ____A C:\Users\Public\Desktop\Autodesk 3ds Max Design 2012 64-bit - English.lnk
2012-03-30 19:41 - 2012-03-30 19:38 - 0000000 ____D C:\Users\Desktop Office\Documents\Inventor Server x64 Autodesk 3ds Max Design 2012 64-bit - English
2012-03-30 19:40 - - 0000000 ____D C:\Users\Desktop Office\Documents\3dsMaxDesign
2012-03-30 19:38 - 2012-03-30 19:44 - 0000000 ____D C:\Users\Desktop Office\Documents\Inventor Server x64 AutoCAD 2012 Language Pack - English
2012-03-30 19:36 - 2012-03-30 19:59 - 0002104 ____A C:\Users\Public\Desktop\AutoCAD 2012 - English.lnk
2012-03-30 19:35 - 2012-03-21 13:00 - 0000000 ____D C:\Users\Desktop Office\AppData\Local\Autodesk
2012-03-30 19:34 - 2012-04-23 23:33 - 0000000 ____D C:\Program Files (x86)\Autodesk
2012-03-30 19:33 - 2012-03-30 19:30 - 0002139 ____A C:\Users\Public\Desktop\Revit Structure 2012.lnk
2012-03-30 19:33 - 2012-03-30 19:30 - 0000000 ____D C:\Users\Desktop Office\Documents\Revit Structure 2012
2012-03-30 19:30 - 2012-03-30 19:26 - 0000000 ____D C:\Users\Desktop Office\Documents\Revit MEP 2012
2012-03-30 19:30 - 2012-03-30 19:25 - 0002097 ____A C:\Users\Public\Desktop\Revit MEP 2012.lnk
2012-03-30 19:26 - 2012-03-30 06:43 - 0000000 ____D C:\Users\Desktop Office\Documents\Revit Architecture 2012
2012-03-30 19:25 - 2011-12-23 17:57 - 0002160 ____A C:\Users\Public\Desktop\Revit Architecture 2012.lnk
2012-03-30 19:22 - 2012-04-23 23:34 - 0000000 ____D C:\Program Files\Autodesk
2012-03-30 19:22 - - 0000000 ____D C:\Program Files\Common Files\Autodesk Shared
2012-03-30 19:09 - 2012-03-21 13:00 - 0000000 ____D C:\Users\Desktop Office\AppData\Roaming\Autodesk
2012-03-30 19:09 - 2011-12-23 17:37 - 0000000 ____D C:\Users\All Users\Autodesk
2012-03-30 19:09 - 2011-12-23 17:37 - 0000000 ____D C:\ProgramData\Autodesk
2012-03-30 18:08 - 2012-04-24 03:58 - 0000000 ____D C:\Autodesk
2012-03-30 07:24 - 2012-03-21 12:52 - 0000000 ____D C:\Users\Desktop Office\BDS
2012-03-30 06:15 - 2009-07-13 20:54 - 0402399 ____A C:\Windows\WindowsUpdate.log
2012-03-30 05:43 - 2012-03-23 07:36 - 0000000 ____D C:\Users\Desktop Office\Documents\Registry Backup
2012-03-30 05:41 - 2012-04-23 23:34 - 0000000 ____D C:\Program Files\CCleaner
2012-03-30 05:41 - 2012-03-23 07:43 - 0000824 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-03-29 22:05 - - 0000982 ____A C:\Users\Desktop Office\Desktop\7-Zip File Manager.lnk
2012-03-29 22:02 - 2012-04-23 23:34 - 0000000 ____D C:\Users\All Users\Yahoo!
2012-03-29 22:02 - 2012-04-23 23:34 - 0000000 ____D C:\ProgramData\Yahoo!
2012-03-29 22:02 - 2012-03-29 22:02 - 0001944 ____A C:\Users\Desktop Office\Desktop\Free Music Downloads.lnk
2012-03-29 22:02 - 2012-03-29 22:02 - 0001934 ____A C:\Users\Desktop Office\Desktop\Free Games!!.lnk
2012-03-29 22:02 - 2012-03-29 19:00 - 0000000 ____D C:\Program Files (x86)\Free Offers from Freeze.com
2012-03-29 22:02 - 2012-03-22 23:39 - 0001944 ____A C:\Users\Desktop Office\Desktop\Free Dolphin Screensaver.lnk
2012-03-29 22:01 - 2012-04-23 23:34 - 0000000 ____D C:\Program Files (x86)\Yahoo!
2012-03-29 21:56 - 2012-03-30 20:08 - 0002503 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
2012-03-29 21:03 - - 0000000 ____D C:\Program Files (x86)\7-Zip
2012-03-29 20:53 - 2012-04-23 23:34 - 0000000 ____D C:\Users\Desktop Office\AppData\Roaming\Babylon
2012-03-29 20:53 - 2012-04-23 23:34 - 0000000 ____D C:\Users\Desktop Office\AppData\Local\Babylon
2012-03-29 20:53 - 2012-04-23 23:33 - 0000000 ____D C:\Program Files (x86)\Media Finder
2012-03-29 20:53 - 2012-04-23 16:37 - 0000000 ____D C:\Users\All Users\Babylon
2012-03-29 20:53 - 2012-04-23 16:37 - 0000000 ____D C:\ProgramData\Babylon
2012-03-29 20:53 - 2012-04-06 05:01 - 0000000 ____D C:\Users\Desktop Office\AppData\Roaming\Mozilla
2012-03-29 20:53 - 2010-11-20 23:16 - 0000000 ____D C:\Users\Desktop Office\AppData\Roaming\Media Finder
2012-03-29 20:23 - 2012-04-06 04:24 - 0000000 ____D C:\Users\Desktop Office\AppData\Roaming\vlc
2012-03-29 20:22 - 2012-04-23 23:33 - 0000000 ____D C:\Program Files (x86)\iLivid
2012-03-29 20:22 - 2012-04-06 07:11 - 0000000 ____D C:\Users\Desktop Office\AppData\Local\Ilivid Player
2012-03-29 19:55 - 2012-04-24 02:41 - 0000000 ____D C:\Users\All Users\Premium
2012-03-29 19:55 - 2012-04-24 02:41 - 0000000 ____D C:\ProgramData\Premium
2012-03-29 19:55 - 2009-07-13 21:08 - 0000000 ____D C:\Users\All Users\TheBflix
2012-03-29 19:55 - 2009-07-13 21:08 - 0000000 ____D C:\ProgramData\TheBflix
2012-03-29 19:54 - 2012-04-23 23:38 - 0000000 ____D C:\Users\All Users\InstallMate
2012-03-29 19:54 - 2012-04-23 23:38 - 0000000 ____D C:\ProgramData\InstallMate
2012-03-29 17:56 - 2009-07-13 20:54 - 0000000 ____D C:\Program Files (x86)\ExpressFiles
2012-03-29 13:39 - 2012-03-21 12:52 - 0000000 ____D C:\Users\Desktop Office\Documents\My PaperPort Documents
2012-03-29 13:05 - 2009-07-13 17:40 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-03-29 13:04 - 2012-04-24 04:07 - 0000000 ____D C:\Windows\system64
2012-03-29 09:16 - 2012-04-23 20:08 - 0306688 ____A (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2012-03-29 08:07 - 2012-03-29 20:53 - 0000000 ____D C:\Users\Desktop Office\AppData\Local\backburner
2012-03-29 08:06 - 2012-03-29 08:06 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{4df9bb76-74ff-11e1-b4c2-74de2b79cb7b}.TxR.blf
2012-03-29 05:39 - 2012-04-24 03:19 - 0000368 ____A C:\Windows\Tasks\HPCeeScheduleForDesktop Office.job
2012-03-29 05:38 - 2009-07-13 17:14 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-03-29 05:38 - - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-03-28 04:59 - 2012-04-23 23:34 - 0000000 ____D C:\Project
2012-03-28 04:46 - 2012-04-05 10:16 - 0000000 ____D C:\Users\Desktop Office\AppData\Local\CrashDumps
2012-03-26 08:20 - 2012-04-23 23:34 - 0000000 ____D C:\Users\Desktop Office\AppData\Roaming\Google
2012-03-26 08:09 - 2012-04-24 03:12 - 0000910 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-03-26 08:09 - 2012-04-24 02:41 - 0000914 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-03-26 08:09 - 2012-04-23 23:34 - 0000000 ____D C:\Users\All Users\Google
2012-03-26 08:09 - 2012-04-23 23:34 - 0000000 ____D C:\ProgramData\Google
2012-03-26 08:09 - 2012-04-23 23:34 - 0000000 ____D C:\Program Files\Google
2012-03-26 08:09 - 2012-03-30 20:23 - 0000000 ____D C:\Users\Desktop Office\AppData\Local\Google
2012-03-26 08:08 - 2012-03-29 22:02 - 0000000 ____D C:\Program Files (x86)\Google

============ 3 Months Modified Files and Folders =============

2012-04-24 08:25 - 2012-04-24 08:24 - 0000000 ____D C:\FRST
2012-04-24 04:15 - 2012-03-21 12:52 - 3581067264 __ASH C:\hiberfil.sys
2012-04-24 04:09 - 2012-03-30 06:15 - 0402399 ____A C:\Windows\WindowsUpdate.log
2012-04-24 04:07 - 2012-04-24 04:06 - 1388505 ____A C:\Users\Eric.DesktopOffice\Downloads\FRST64 (1).exe
2012-04-24 04:07 - 2009-07-13 21:13 - 0778606 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-24 04:06 - 2012-04-24 04:06 - 1388505 ____A C:\Users\Eric.DesktopOffice\Downloads\FRST64.exe
2012-04-24 04:06 - 2012-04-06 05:32 - 0001130 ____A C:\Windows\setupact.log
2012-04-24 04:01 - 2012-04-05 11:06 - 0000000 ____D C:\Eric
2012-04-24 04:01 - 2009-07-13 20:45 - 0024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-24 04:01 - 2009-07-13 20:45 - 0024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-24 03:59 - 2012-04-06 05:45 - 13588888 ____A (Microsoft Corporation) C:\Users\Eric.DesktopOffice\Downloads\O2kSp3.exe
2012-04-24 03:58 - 2012-04-24 03:58 - 0016463 ____A C:\1020.log
2012-04-24 03:58 - 2011-12-23 17:34 - 0000000 ____D C:\Program Files\hp
2012-04-24 03:19 - 2012-03-26 08:09 - 0000914 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-24 03:12 - 2012-03-29 05:38 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-24 02:42 - 2012-04-24 02:42 - 0001435 ____A C:\Windows\SysWOW64\logFile.xml
2012-04-24 02:41 - 2012-03-26 08:09 - 0000910 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-04-24 02:41 - 2011-12-23 17:54 - 0000000 ____D C:\Users\All Users\PDFC
2012-04-24 02:41 - 2011-12-23 17:54 - 0000000 ____D C:\ProgramData\PDFC
2012-04-24 02:40 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-23 23:39 - 2012-03-21 12:52 - 0000000 ____D C:\users\Desktop Office
2012-04-23 23:39 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-04-23 23:39 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-04-23 23:39 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Defender
2012-04-23 23:38 - 2012-04-05 12:15 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Local\Hewlett-Packard_Company
2012-04-23 23:38 - 2012-04-05 12:04 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Roaming\ControlCenter4
2012-04-23 23:38 - 2012-03-23 07:47 - 0000000 ____D C:\Users\Desktop Office\AppData\Roaming\ControlCenter4
2012-04-23 23:38 - 2011-12-23 17:57 - 0000000 ____D C:\Users\All Users\Norton
2012-04-23 23:38 - 2011-12-23 17:57 - 0000000 ____D C:\ProgramData\Norton
2012-04-23 23:38 - 2011-12-23 17:34 - 0000000 ____D C:\Users\All Users\Hewlett-Packard
2012-04-23 23:38 - 2011-12-23 17:34 - 0000000 ____D C:\ProgramData\Hewlett-Packard
2012-04-23 23:38 - 2010-11-20 23:16 - 0000000 ____D C:\Windows\ShellNew
2012-04-23 23:38 - 2009-07-13 19:20 - 0000000 __RSD C:\Windows\Media
2012-04-23 23:37 - 2012-04-06 05:05 - 0000000 ____D C:\Program Files (x86)\Snapshot Viewer
2012-04-23 23:37 - 2012-04-05 12:03 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Local\Hewlett-Packard
2012-04-23 23:37 - 2012-03-23 07:41 - 0000000 ____D C:\Program Files (x86)\ControlCenter4
2012-04-23 23:37 - 2012-03-23 07:41 - 0000000 ____D C:\Program Files (x86)\Browny02
2012-04-23 23:37 - 2012-03-23 07:41 - 0000000 ____D C:\Brother
2012-04-23 23:37 - 2012-03-23 07:40 - 0000000 ____D C:\Program Files (x86)\Brother
2012-04-23 23:37 - 2011-12-23 17:55 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-04-23 23:37 - 2011-12-23 17:36 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-04-23 23:37 - 2011-12-23 17:34 - 0000000 ____D C:\Program Files (x86)\Hewlett-Packard
2012-04-23 23:36 - 2012-04-23 16:03 - 0000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-04-23 23:36 - 2012-04-23 16:03 - 0000000 ____D C:\Windows\System32\Drivers\AVG
2012-04-23 23:36 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-04-23 23:35 - 2012-04-06 05:01 - 0000000 ____D C:\Windows\Msagent
2012-04-23 23:35 - 2011-12-23 17:57 - 0000000 ____D C:\Windows\System32\Drivers\NISx64
2012-04-23 23:35 - 2011-12-23 17:50 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2012-04-23 23:35 - 2011-12-23 17:50 - 0000000 ____D C:\Windows\System32\Macromed
2012-04-23 23:35 - 2010-11-20 23:06 - 0000000 ____D C:\Windows\SysWOW64\winrm
2012-04-23 23:35 - 2010-11-20 23:06 - 0000000 ____D C:\Windows\SysWOW64\WCN
2012-04-23 23:35 - 2010-11-20 23:06 - 0000000 ____D C:\Windows\SysWOW64\slmgr
2012-04-23 23:35 - 2010-11-20 23:06 - 0000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2012-04-23 23:35 - 2010-11-20 23:06 - 0000000 ____D C:\Windows\System32\winrm
2012-04-23 23:35 - 2010-11-20 23:06 - 0000000 ____D C:\Windows\System32\WCN
2012-04-23 23:35 - 2010-11-20 23:06 - 0000000 ____D C:\Windows\System32\slmgr
2012-04-23 23:35 - 2010-11-20 23:06 - 0000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2012-04-23 23:35 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2012-04-23 23:35 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WindowsPowerShell
2012-04-23 23:35 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WinBioPlugIns
2012-04-23 23:35 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Performance
2012-04-23 23:35 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\Setup
2012-04-23 23:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Web
2012-04-23 23:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Vss
2012-04-23 23:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\spp
2012-04-23 23:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Speech
2012-04-23 23:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\NetworkList
2012-04-23 23:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\MUI
2012-04-23 23:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Msdtc
2012-04-23 23:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-04-23 23:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\InstallShield
2012-04-23 23:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\IME
2012-04-23 23:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2012-04-23 23:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\com
2012-04-23 23:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-04-23 23:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spp
2012-04-23 23:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spool
2012-04-23 23:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Speech
2012-04-23 23:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\SMI
2012-04-23 23:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2012-04-23 23:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NetworkList
2012-04-23 23:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\MUI
2012-04-23 23:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Msdtc
2012-04-23 23:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2012-04-23 23:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\IME
2012-04-23 23:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism
2012-04-23 23:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\com
2012-04-23 23:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Speech
2012-04-23 23:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\servicing
2012-04-23 23:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\security
2012-04-23 23:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\schemas
2012-04-23 23:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Resources
2012-04-23 23:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-04-23 23:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-04-23 23:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PLA
2012-04-23 23:34 - 2012-04-06 05:39 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Roaming\SoftGrid Client
2012-04-23 23:34 - 2012-04-06 05:34 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Roaming\Autodesk
2012-04-23 23:34 - 2012-04-06 05:05 - 0000000 ____D C:\Users\All Users\SBT
2012-04-23 23:34 - 2012-04-06 05:05 - 0000000 ____D C:\ProgramData\SBT
2012-04-23 23:34 - 2012-04-06 04:45 - 0000000 ____D C:\Users\Desktop Office\AppData\Local\ArchVision,_Inc
2012-04-23 23:34 - 2012-04-06 04:24 - 0000000 ____D C:\Users\Desktop Office\AppData\Roaming\SoftGrid Client
2012-04-23 23:34 - 2012-04-05 12:03 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Roaming\Macromedia
2012-04-23 23:34 - 2012-04-05 12:03 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\LocalLow
2012-04-23 23:34 - 2012-04-05 10:24 - 0000000 ____D C:\users\Eric
2012-04-23 23:34 - 2012-04-04 17:12 - 0000000 ____D C:\Users\All Users\ArchVision
2012-04-23 23:34 - 2012-04-04 17:12 - 0000000 ____D C:\ProgramData\ArchVision
2012-04-23 23:34 - 2012-03-30 20:55 - 0000000 ____D C:\Program Files\NuGraf64
2012-04-23 23:34 - 2012-03-30 20:52 - 0000000 ____D C:\Users\Public\Documents\Bionatics
2012-04-23 23:34 - 2012-03-30 20:52 - 0000000 ____D C:\Program Files\Bionatics
2012-04-23 23:34 - 2012-03-30 20:48 - 0000000 ____D C:\Users\Desktop Office\AppData\Local\Allegorithmic
2012-04-23 23:34 - 2012-03-30 20:48 - 0000000 ____D C:\Program Files\ArchVision
2012-04-23 23:34 - 2012-03-30 20:46 - 0000000 ____D C:\Revit SDK 2012
2012-04-23 23:34 - 2012-03-30 19:47 - 0000000 ____D C:\Users\Desktop Office\Documents\Autodesk
2012-04-23 23:34 - 2012-03-30 19:35 - 0000000 ____D C:\Users\Desktop Office\AppData\Local\Autodesk
2012-04-23 23:34 - 2012-03-30 19:22 - 0000000 ____D C:\Program Files\Common Files\Autodesk Shared
2012-04-23 23:34 - 2012-03-30 19:22 - 0000000 ____D C:\Program Files\Autodesk
2012-04-23 23:34 - 2012-03-30 19:09 - 0000000 ____D C:\Users\Desktop Office\AppData\Roaming\Autodesk
2012-04-23 23:34 - 2012-03-30 19:09 - 0000000 ____D C:\Users\All Users\Autodesk
2012-04-23 23:34 - 2012-03-30 19:09 - 0000000 ____D C:\ProgramData\Autodesk
2012-04-23 23:34 - 2012-03-30 05:41 - 0000000 ____D C:\Program Files\CCleaner
2012-04-23 23:34 - 2012-03-26 08:09 - 0000000 ____D C:\Program Files\Google
2012-04-23 23:34 - 2012-03-23 07:52 - 0000000 ___RD C:\Users\Desktop Office\AppData\Roaming\Brother
2012-04-23 23:34 - 2012-03-23 07:46 - 0000000 ____D C:\Users\Desktop Office\AppData\Roaming\FLEXnet
2012-04-23 23:34 - 2012-03-23 07:39 - 0000000 ____D C:\Users\Desktop Office\Desktop\wlan_wiz
2012-04-23 23:34 - 2012-03-23 07:39 - 0000000 ____D C:\Users\Desktop Office\Desktop\install
2012-04-23 23:34 - 2012-03-23 07:38 - 0000000 ____D C:\Program Files\Nuance
2012-04-23 23:34 - 2012-03-23 07:37 - 0000000 ____D C:\Users\All Users\ScanSoft
2012-04-23 23:34 - 2012-03-23 07:37 - 0000000 ____D C:\ProgramData\ScanSoft
2012-04-23 23:34 - 2012-03-23 07:36 - 0000000 ____D C:\Users\All Users\Nuance
2012-04-23 23:34 - 2012-03-23 07:36 - 0000000 ____D C:\ProgramData\Nuance
2012-04-23 23:34 - 2012-03-23 07:36 - 0000000 ____D C:\Program Files (x86)\Nuance
2012-04-23 23:34 - 2012-03-23 07:35 - 0000000 ____D C:\Users\All Users\Brother
2012-04-23 23:34 - 2012-03-23 07:35 - 0000000 ____D C:\ProgramData\Brother
2012-04-23 23:34 - 2012-03-23 05:42 - 0000000 ____D C:\Users\All Users\FLEXnet
2012-04-23 23:34 - 2012-03-23 05:42 - 0000000 ____D C:\ProgramData\FLEXnet
2012-04-23 23:34 - 2012-03-23 04:56 - 0000000 ____D C:\Program Files\Common Files\Macrovision Shared
2012-04-23 23:34 - 2012-03-23 04:51 - 0000000 ____D C:\Program Files\Microsoft Visual Studio 9.0
2012-04-23 23:34 - 2012-03-23 04:49 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 9.0
2012-04-23 23:34 - 2012-03-21 13:10 - 0000000 ____D C:\Users\Desktop Office\AppData\Local\Akamai
2012-04-23 23:34 - 2012-03-21 12:53 - 0000000 ____D C:\Users\Desktop Office\AppData\Local\RemEngine
2012-04-23 23:34 - 2012-03-21 12:52 - 0000000 ____D C:\Users\Desktop Office\AppData\Roaming\Macromedia
2012-04-23 23:34 - 2012-03-21 12:52 - 0000000 ____D C:\Users\Desktop Office\AppData\LocalLow
2012-04-23 23:34 - 2012-03-21 12:52 - 0000000 ____D C:\Users\Desktop Office\AppData\Local\Hewlett-Packard_Company
2012-04-23 23:34 - 2012-03-21 12:52 - 0000000 ____D C:\Users\Desktop Office\AppData\Local\Hewlett-Packard
2012-04-23 23:34 - 2011-12-23 17:57 - 0000000 ____D C:\Program Files (x86)\NortonInstaller
2012-04-23 23:34 - 2011-12-23 17:57 - 0000000 ____D C:\Program Files (x86)\Norton Internet Security
2012-04-23 23:34 - 2011-12-23 17:56 - 0000000 ___RD C:\Program Files\Online Services
2012-04-23 23:34 - 2011-12-23 17:55 - 0000000 ____D C:\Program Files\Windows Live
2012-04-23 23:34 - 2011-12-23 17:55 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-04-23 23:34 - 2011-12-23 17:55 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-04-23 23:34 - 2011-12-23 17:54 - 0000000 ____D C:\Program Files (x86)\PDF Complete
2012-04-23 23:34 - 2011-12-23 17:52 - 0000000 ____D C:\Users\All Users\TouchSmartData
2012-04-23 23:34 - 2011-12-23 17:52 - 0000000 ____D C:\ProgramData\TouchSmartData
2012-04-23 23:34 - 2011-12-23 17:52 - 0000000 ____D C:\Program Files\WIDCOMM
2012-04-23 23:34 - 2011-12-23 17:51 - 0000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2012-04-23 23:34 - 2011-12-23 17:51 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2012-04-23 23:34 - 2011-12-23 17:51 - 0000000 ____D C:\Program Files (x86)\NewspaperDirect
2012-04-23 23:34 - 2011-12-23 17:45 - 0000000 ____D C:\Users\All Users\WildTangent
2012-04-23 23:34 - 2011-12-23 17:45 - 0000000 ____D C:\ProgramData\WildTangent
2012-04-23 23:34 - 2011-12-23 17:45 - 0000000 ____D C:\Program Files (x86)\WildTangent Games
2012-04-23 23:34 - 2011-12-23 17:42 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-04-23 23:34 - 2011-12-23 17:42 - 0000000 ___RD C:\Program Files (x86)\Online Services
2012-04-23 23:34 - 2011-12-23 17:42 - 0000000 ____D C:\Users\All Users\Skype
2012-04-23 23:34 - 2011-12-23 17:42 - 0000000 ____D C:\Users\All Users\CyberLink
2012-04-23 23:34 - 2011-12-23 17:42 - 0000000 ____D C:\ProgramData\Skype
2012-04-23 23:34 - 2011-12-23 17:42 - 0000000 ____D C:\ProgramData\CyberLink
2012-04-23 23:34 - 2011-12-23 17:42 - 0000000 ____D C:\Program Files (x86)\Symantec
2012-04-23 23:34 - 2011-12-23 17:41 - 0000000 ____D C:\Users\All Users\Uninstall
2012-04-23 23:34 - 2011-12-23 17:41 - 0000000 ____D C:\Users\All Users\Macrovision
2012-04-23 23:34 - 2011-12-23 17:41 - 0000000 ____D C:\ProgramData\Uninstall
2012-04-23 23:34 - 2011-12-23 17:41 - 0000000 ____D C:\ProgramData\Macrovision
2012-04-23 23:34 - 2011-12-23 17:41 - 0000000 ____D C:\Program Files (x86)\Microsoft WSE
2012-04-23 23:34 - 2011-12-23 17:36 - 0000000 ____D C:\Windows\Downloaded Installations
2012-04-23 23:34 - 2011-12-23 17:35 - 0000000 ____D C:\Program Files\ATI
2012-04-23 23:34 - 2011-12-23 17:34 - 0000000 ____D C:\Program Files\Hewlett-Packard
2012-04-23 23:34 - 2011-12-23 17:29 - 0000000 ____D C:\Program Files\IDT
2012-04-23 23:34 - 2011-12-23 17:07 - 0000000 __RHD C:\SYSTEM.SAV
2012-04-23 23:34 - 2011-02-11 08:32 - 0000000 ___AD C:\SWSETUP
2012-04-23 23:34 - 2010-11-20 23:17 - 0000000 ____D C:\Program Files\Windows Journal
2012-04-23 23:34 - 2010-11-20 23:16 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-04-23 23:34 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-04-23 23:34 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-04-23 23:34 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Reference Assemblies
2012-04-23 23:34 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\MSBuild
2012-04-23 23:34 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Microsoft Games
2012-04-23 23:34 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2012-04-23 23:34 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-04-23 23:34 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-04-23 23:34 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Reference Assemblies
2012-04-23 23:34 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\MSBuild
2012-04-23 23:34 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2012-04-23 23:34 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-04-23 23:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\IME
2012-04-23 23:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Help
2012-04-23 23:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Globalization
2012-04-23 23:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Branding
2012-04-23 23:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-04-23 23:34 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Windows NT
2012-04-23 23:34 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-04-23 23:34 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-04-23 23:34 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-04-23 23:34 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files (x86)\Windows NT
2012-04-23 23:33 - 2012-03-30 20:48 - 0000000 ____D C:\Program Files (x86)\ArchVision
2012-04-23 23:33 - 2012-03-30 19:34 - 0000000 ____D C:\Program Files (x86)\Autodesk
2012-04-23 23:33 - 2012-03-30 18:08 - 0000000 ____D C:\Autodesk
2012-04-23 23:33 - 2012-03-26 08:08 - 0000000 ____D C:\Program Files (x86)\Google
2012-04-23 23:33 - 2012-03-23 04:49 - 0000000 ____D C:\Program Files (x86)\Microsoft SDKs
2012-04-23 23:33 - 2011-12-23 18:02 - 0000000 __SHD C:\$RECYCLE.BIN
2012-04-23 23:33 - 2011-12-23 17:52 - 0000000 ____D C:\Program Files (x86)\K-NFB Reading Technology Inc
2012-04-23 23:33 - 2011-12-23 17:51 - 0000000 ____D C:\Program Files (x86)\Kobo
2012-04-23 23:33 - 2011-12-23 17:51 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-04-23 23:33 - 2011-12-23 17:45 - 0000000 ____D C:\Program Files (x86)\HP Games
2012-04-23 23:33 - 2011-12-23 17:41 - 0000000 ____D C:\Program Files (x86)\Cyberlink
2012-04-23 23:33 - 2011-12-23 17:40 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2012-04-23 23:33 - 2011-12-23 17:37 - 0000000 ____D C:\Program Files (x86)\Hp
2012-04-23 23:33 - 2011-12-23 17:36 - 0000000 ____D C:\Program Files (x86)\AMD APP
2012-04-23 23:33 - 2011-12-23 17:36 - 0000000 ____D C:\Program Files (x86)\AMD
2012-04-23 23:33 - 2011-12-23 17:35 - 0000000 ____D C:\Program Files (x86)\ATI Technologies
2012-04-23 23:33 - 2011-12-23 01:45 - 0000000 _RSHD C:\hp
2012-04-23 20:47 - 2012-04-23 19:57 - 0000328 ____A C:\Windows\Tasks\HPCeeScheduleForEric.job
2012-04-23 20:13 - 2012-04-23 20:13 - 8766112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-23 20:13 - 2012-03-29 05:38 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-23 20:13 - 2011-12-23 17:50 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-04-23 19:57 - 2012-04-05 12:03 - 0000000 ____D C:\users\Eric.DesktopOffice
2012-04-23 19:57 - 2012-03-22 05:18 - 0000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-04-23 19:56 - 2012-04-23 19:56 - 0000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2012-04-23 19:54 - 2012-04-23 13:33 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Roaming\HpUpdate
2012-04-23 19:54 - 2012-04-23 13:33 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Roaming\HP Support Assistant
2012-04-23 19:48 - 2012-04-05 12:10 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-23 19:47 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-04-23 19:42 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-23 18:02 - 2012-04-05 10:07 - 0000000 ____D C:\Users\All Users\Recovery
2012-04-23 18:02 - 2012-04-05 10:07 - 0000000 ____D C:\ProgramData\Recovery
2012-04-23 16:37 - 2012-04-23 16:03 - 0000000 ____D C:\Users\All Users\AVG2012
2012-04-23 16:37 - 2012-04-23 16:03 - 0000000 ____D C:\ProgramData\AVG2012
2012-04-23 16:19 - 2012-04-23 16:18 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Roaming\AVG
2012-04-23 16:17 - 2012-04-23 16:02 - 0000000 ____D C:\Program Files (x86)\AVG
2012-04-23 16:17 - 2012-04-23 15:49 - 0000000 ____D C:\Users\All Users\MFAData
2012-04-23 16:17 - 2012-04-23 15:49 - 0000000 ____D C:\ProgramData\MFAData
2012-04-23 16:06 - 2012-04-23 16:06 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Roaming\AVG2012
2012-04-23 16:03 - 2012-04-23 16:03 - 0000000 ___HD C:\$AVG
2012-04-23 15:14 - 2012-04-23 15:14 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Local\RemEngine
2012-04-23 15:14 - 2012-04-05 12:15 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Roaming\hewlett-packard
2012-04-23 14:16 - 2012-04-23 14:16 - 0002655 ____A C:\Users\Eric.DesktopOffice\Desktop\Microsoft Word.lnk
2012-04-23 14:15 - 2012-04-23 14:15 - 0002673 ____A C:\Users\Eric.DesktopOffice\Desktop\Microsoft Outlook.lnk
2012-04-23 14:15 - 2012-04-23 14:15 - 0002657 ____A C:\Users\Eric.DesktopOffice\Desktop\Microsoft Excel.lnk
2012-04-23 13:28 - 2012-04-05 12:11 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Local\Google
2012-04-06 06:42 - 2012-04-05 12:03 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Local\VirtualStore
2012-04-06 06:34 - 2012-04-06 06:34 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Roaming\Microsoft Web Folders
2012-04-06 06:22 - 2012-04-06 06:22 - 0000000 ____D C:\Users\Default\Documents\Visual Studio 2008
2012-04-06 06:22 - 2012-04-06 06:22 - 0000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2012-04-06 06:22 - 2012-04-06 06:22 - 0000000 ____D C:\Users\Default User\Documents\Visual Studio 2008
2012-04-06 06:22 - 2012-04-06 06:22 - 0000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2012-04-06 06:22 - 2012-03-23 04:49 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-04-06 06:22 - 2012-03-23 04:49 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-04-06 05:51 - 2012-04-06 05:31 - 0001902 ____A C:\Windows\PFRO.log
2012-04-06 05:46 - 2012-04-05 12:11 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Roaming\Google
2012-04-06 05:39 - 2012-04-06 05:39 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Local\SoftGrid Client
2012-04-06 05:39 - 2012-04-06 05:03 - 0000376 ____A C:\Windows\ODBC.INI
2012-04-06 05:34 - 2012-04-05 12:06 - 0139544 ____A C:\Users\Eric.DesktopOffice\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-06 05:32 - 2012-04-06 05:32 - 0000000 ____A C:\Windows\setuperr.log
2012-04-06 05:32 - 2012-03-29 05:39 - 0000368 ____A C:\Windows\Tasks\HPCeeScheduleForDesktop Office.job
2012-04-06 05:32 - 2009-07-13 20:45 - 0474648 ____A C:\Windows\System32\FNTCACHE.DAT
2012-04-06 05:29 - 2012-04-06 05:29 - 13588888 ____A (Microsoft Corporation) C:\Users\Desktop Office\Downloads\O2kSp3.exe
2012-04-06 05:05 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\system
2012-04-06 05:02 - 2012-04-06 05:02 - 0001996 ____A C:\Users\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
2012-04-06 05:01 - 2012-04-06 05:01 - 0000000 ____D C:\Users\Desktop Office\AppData\Roaming\Microsoft Web Folders
2012-04-06 04:38 - 2012-03-22 05:11 - 0000000 ____D C:\Users\Desktop Office\AppData\Roaming\HpUpdate
2012-04-06 04:38 - 2012-03-22 05:11 - 0000000 ____D C:\Users\Desktop Office\AppData\Roaming\HP Support Assistant
2012-04-06 04:36 - 2012-04-06 04:30 - 0000000 ____D C:\Users\Desktop Office\AppData\Roaming\okino
2012-04-06 04:24 - 2012-04-06 04:24 - 0000000 ____D C:\Users\Desktop Office\AppData\Local\SoftGrid Client
2012-04-06 04:24 - 2012-04-06 04:23 - 0000000 ____D C:\Users\Desktop Office\AppData\Roaming\TP
2012-04-06 04:23 - 2011-02-11 09:15 - 0795700 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-04-05 18:14 - 2012-03-23 05:43 - 0000000 ____D C:\Users\All Users\boost_interprocess
2012-04-05 18:14 - 2012-03-23 05:43 - 0000000 ____D C:\ProgramData\boost_interprocess
2012-04-05 15:20 - 2012-03-30 20:48 - 0000000 ____D C:\Program Files (x86)\Allegorithmic
2012-04-05 12:20 - 2012-04-05 12:20 - 0000000 ____D C:\Users\Eric.DesktopOffice\hpremote
2012-04-05 12:15 - 2012-04-05 12:15 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Roaming\Adobe
2012-04-05 12:05 - 2012-04-05 12:05 - 0000000 ____D C:\Users\Eric.DesktopOffice\Documents\Bluetooth Exchange Folder
2012-04-05 12:05 - 2012-04-05 12:05 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Roaming\ATI
2012-04-05 12:05 - 2012-04-05 12:05 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Local\Broadcom
2012-04-05 12:05 - 2012-04-05 12:05 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Local\ATI
2012-04-05 12:04 - 2012-04-05 12:04 - 0000174 ___SH C:\Users\Eric.DesktopOffice\Start Menu\Programs\Startup\desktop.ini
2012-04-05 12:04 - 2012-04-05 12:04 - 0000174 ___SH C:\Users\Eric.DesktopOffice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-04-05 12:04 - 2012-04-05 12:04 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Local\PDFC
2012-04-05 12:03 - 2012-04-05 12:03 - 0000020 ___SH C:\Users\Eric.DesktopOffice\ntuser.ini
2012-04-05 12:03 - 2012-04-05 12:03 - 0000000 __SHD C:\Users\Eric.DesktopOffice\Templates
2012-04-05 12:03 - 2012-04-05 12:03 - 0000000 __SHD C:\Users\Eric.DesktopOffice\Start Menu
2012-04-05 12:03 - 2012-04-05 12:03 - 0000000 __SHD C:\Users\Eric.DesktopOffice\PrintHood
2012-04-05 12:03 - 2012-04-05 12:03 - 0000000 __SHD C:\Users\Eric.DesktopOffice\NetHood
2012-04-05 12:03 - 2012-04-05 12:03 - 0000000 __SHD C:\Users\Eric.DesktopOffice\My Documents
2012-04-05 12:03 - 2012-04-05 12:03 - 0000000 __SHD C:\Users\Eric.DesktopOffice\Documents\My Videos
2012-04-05 12:03 - 2012-04-05 12:03 - 0000000 __SHD C:\Users\Eric.DesktopOffice\Documents\My Pictures
2012-04-05 12:03 - 2012-04-05 12:03 - 0000000 __SHD C:\Users\Eric.DesktopOffice\Documents\My Music
2012-04-05 12:03 - 2012-04-05 12:03 - 0000000 __SHD C:\Users\Eric.DesktopOffice\AppData\Local\Temporary Internet Files
2012-04-05 12:03 - 2012-04-05 12:03 - 0000000 __SHD C:\Users\Eric.DesktopOffice\AppData\Local\History
2012-04-05 12:03 - 2012-04-05 12:03 - 0000000 ____D C:\Users\Eric.DesktopOffice\AppData\Local\TouchSmartData
2012-04-05 10:37 - 2012-04-05 10:27 - 0000000 ____D C:\Users\Eric\AppData\Roaming\Autodesk
2012-04-05 10:37 - 2012-04-05 10:27 - 0000000 ____D C:\Users\Eric\AppData\Local\Autodesk
2012-04-05 10:35 - 2012-04-05 10:34 - 0000000 ____D C:\Users\Eric\AppData\Local\Google
2012-04-05 10:34 - 2012-04-05 10:34 - 0000000 ____D C:\Users\Eric\AppData\Roaming\Google
2012-04-05 10:34 - 2012-04-05 10:34 - 0000000 ____D C:\Users\Eric\AppData\Roaming\Adobe
2012-04-05 10:29 - 2012-04-05 10:29 - 0000000 ____D C:\Users\Eric\Documents\3dsMaxDesign
2012-04-05 10:28 - 2012-04-05 10:28 - 0000000 ____D C:\Users\Eric\AppData\Local\cache
2012-04-05 10:27 - 2012-04-05 10:27 - 0094296 ____A C:\Users\Eric\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-05 10:27 - 2012-04-05 10:27 - 0000000 ____D C:\Users\Eric\Documents\Autodesk
2012-04-05 10:26 - 2012-04-05 10:26 - 0000000 ____D C:\Users\Eric\Documents\Bluetooth Exchange Folder
2012-04-05 10:26 - 2012-04-05 10:26 - 0000000 ____D C:\Users\Eric\AppData\Roaming\ATI
2012-04-05 10:26 - 2012-04-05 10:26 - 0000000 ____D C:\Users\Eric\AppData\Local\Broadcom
2012-04-05 10:26 - 2012-04-05 10:26 - 0000000 ____D C:\Users\Eric\AppData\Local\ATI
2012-04-05 10:25 - 2012-04-05 10:25 - 0000000 ____D C:\Users\Eric\AppData\Local\VirtualStore
2012-04-05 10:25 - 2012-04-05 10:25 - 0000000 ____D C:\Users\Eric\AppData\Local\PDFC
2012-04-05 10:25 - 2012-04-05 10:24 - 0000000 ____D C:\Users\Eric\AppData\LocalLow
2012-04-05 10:24 - 2012-04-05 10:24 - 0000000 __SHD C:\Users\Eric\Templates
2012-04-05 10:24 - 2012-04-05 10:24 - 0000000 __SHD C:\Users\Eric\Start Menu
2012-04-05 10:24 - 2012-04-05 10:24 - 0000000 __SHD C:\Users\Eric\PrintHood
2012-04-05 10:24 - 2012-04-05 10:24 - 0000000 __SHD C:\Users\Eric\NetHood
2012-04-05 10:24 - 2012-04-05 10:24 - 0000000 __SHD C:\Users\Eric\My Documents
2012-04-05 10:24 - 2012-04-05 10:24 - 0000000 __SHD C:\Users\Eric\Documents\My Videos
2012-04-05 10:24 - 2012-04-05 10:24 - 0000000 __SHD C:\Users\Eric\Documents\My Pictures
2012-04-05 10:24 - 2012-04-05 10:24 - 0000000 __SHD C:\Users\Eric\Documents\My Music
2012-04-05 10:24 - 2012-04-05 10:24 - 0000000 __SHD C:\Users\Eric\AppData\Local\Temporary Internet Files
2012-04-05 10:24 - 2012-04-05 10:24 - 0000000 __SHD C:\Users\Eric\AppData\Local\History
2012-04-05 10:24 - 2012-04-05 10:24 - 0000000 ____D C:\Users\Eric\AppData\Local\TouchSmartData
2012-04-05 10:16 - 2012-03-23 06:23 - 0000000 ____D C:\Users\Desktop Office\AppData\Local\cache
2012-04-04 17:11 - 2012-04-04 17:11 - 0000000 ____D C:\Users\All Users\Allegorithmic
2012-04-04 17:11 - 2012-04-04 17:11 - 0000000 ____D C:\ProgramData\Allegorithmic
2012-03-30 20:52 - 2012-03-30 20:52 - 0000000 ____D C:\Users\All Users\Bionatics
2012-03-30 20:52 - 2012-03-30 20:52 - 0000000 ____D C:\ProgramData\Bionatics
2012-03-30 20:48 - 2012-03-30 20:48 - 0002147 ____A C:\Users\Public\Desktop\ArchVision Content Manager.lnk
2012-03-30 20:48 - 2012-03-30 20:48 - 0001986 ____A C:\Users\Public\Desktop\Dashboard.lnk
2012-03-30 20:48 - 2012-03-30 19:40 - 0000000 ____D C:\Users\Desktop Office\Documents\3dsMaxDesign
2012-03-30 20:46 - 2012-03-30 20:46 - 0000948 ____A C:\Users\Desktop Office\Desktop\LMTOOLS Utility.lnk
2012-03-30 20:46 - 2012-03-30 20:46 - 0000000 ____D C:\Program Files\Autodesk Network License Manager
2012-03-30 20:30 - 2012-03-30 20:29 - 0000000 ____D C:\Users\Desktop Office\Documents\Autodesk Showcase 2012
2012-03-30 20:23 - 2012-03-21 13:00 - 0094296 ____A C:\Users\Desktop Office\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-30 20:13 - 2012-03-28 04:46 - 0000000 ____D C:\Users\Desktop Office\AppData\Local\CrashDumps
2012-03-30 20:08 - 2012-03-30 20:08 - 0002071 ____A C:\Users\Public\Desktop\Inventor Fusion 2012.lnk
2012-03-30 20:07 - 2012-03-30 20:07 - 0001950 ____A C:\Users\Public\Desktop\SketchBook Designer 2012.lnk
2012-03-30 20:03 - 2012-03-30 20:03 - 0002185 ____A C:\Users\Public\Desktop\Autodesk Design Review 2012.lnk
2012-03-30 19:59 - 2012-03-30 19:59 - 0002519 ____A C:\Users\Public\Desktop\AutoCAD Structural Detailing 2012 - English.lnk
2012-03-30 19:59 - 2012-03-30 19:59 - 0002269 ____A C:\Users\Public\Desktop\AutoCAD 2012 - English.lnk
2012-03-30 19:56 - 2012-03-30 19:56 - 0002328 ____A C:\Users\Public\Desktop\AutoCAD MEP 2012 (US Imperial).lnk
2012-03-30 19:56 - 2012-03-30 19:56 - 0002324 ____A C:\Users\Public\Desktop\AutoCAD MEP 2012 (US Metric).lnk
2012-03-30 19:56 - 2012-03-30 19:56 - 0002318 ____A C:\Users\Public\Desktop\AutoCAD MEP 2012 (Global).lnk
2012-03-30 19:49 - 2012-03-30 19:49 - 0002445 ____A C:\Users\Public\Desktop\AutoCAD Architecture 2012 (US Imperial).lnk
2012-03-30 19:49 - 2012-03-30 19:49 - 0002441 ____A C:\Users\Public\Desktop\AutoCAD Architecture 2012 (US Metric).lnk
2012-03-30 19:49 - 2012-03-23 05:19 - 0000013 ____A C:\Windows\System32\AecArchXKey.txt
2012-03-30 19:44 - 2012-03-30 19:44 - 0000000 ____D C:\Users\Desktop Office\Documents\Inventor
2012-03-30 19:43 - 2012-03-30 19:43 - 0001852 ____A C:\Users\Public\Desktop\Autodesk Showcase 2012 (64-bit).lnk
2012-03-30 19:41 - 2012-03-30 19:41 - 0002025 ____A C:\Users\Public\Desktop\Autodesk 3ds Max Design 2012 64-bit - English.lnk
2012-03-30 19:41 - 2012-03-30 19:41 - 0000000 ____D C:\Users\Desktop Office\Documents\Inventor Server x64 Autodesk 3ds Max Design 2012 64-bit - English
2012-03-30 19:39 - 2009-07-13 18:34 - 0017605 ____A C:\Windows\System32\Drivers\etc\services
2012-03-30 19:38 - 2012-03-30 19:38 - 0000000 ____D C:\Users\Desktop Office\Documents\Inventor Server x64 AutoCAD 2012 Language Pack - English
2012-03-30 19:36 - 2012-03-30 19:36 - 0002104 ____A C:\Users\Public\Desktop\AutoCAD 2012 - English.lnk
2012-03-30 19:33 - 2012-03-30 19:33 - 0002139 ____A C:\Users\Public\Desktop\Revit Structure 2012.lnk
2012-03-30 19:33 - 2012-03-30 19:33 - 0000000 ____D C:\Users\Desktop Office\Documents\Revit Structure 2012
2012-03-30 19:30 - 2012-03-30 19:30 - 0002097 ____A C:\Users\Public\Desktop\Revit MEP 2012.lnk
2012-03-30 19:30 - 2012-03-30 19:30 - 0000000 ____D C:\Users\Desktop Office\Documents\Revit MEP 2012
2012-03-30 19:26 - 2012-03-30 19:26 - 0000000 ____D C:\Users\Desktop Office\Documents\Revit Architecture 2012
2012-03-30 19:25 - 2012-03-30 19:25 - 0002160 ____A C:\Users\Public\Desktop\Revit Architecture 2012.lnk
2012-03-30 13:20 - 2012-03-30 07:24 - 0000000 ____D C:\Users\Desktop Office\BDS
2012-03-30 06:43 - 2012-03-30 05:43 - 0000000 ____D C:\Users\Desktop Office\Documents\Registry Backup
2012-03-30 05:44 - 2011-02-11 09:00 - 0000000 ____D C:\Windows\Panther
2012-03-30 05:41 - 2012-03-30 05:41 - 0000824 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-03-30 05:33 - 2012-03-29 22:02 - 0000000 ____D C:\Users\All Users\Yahoo!
2012-03-30 05:33 - 2012-03-29 22:02 - 0000000 ____D C:\ProgramData\Yahoo!
2012-03-30 05:33 - 2012-03-29 22:01 - 0000000 ____D C:\Program Files (x86)\Yahoo!
2012-03-30 03:18 - 2009-07-13 21:08 - 0010890 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-03-30 02:38 - 2012-03-29 13:05 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-03-29 22:05 - 2012-03-29 22:05 - 0000982 ____A C:\Users\Desktop Office\Desktop\7-Zip File Manager.lnk
2012-03-29 22:02 - 2012-03-29 22:02 - 0001944 ____A C:\Users\Desktop Office\Desktop\Free Music Downloads.lnk
2012-03-29 22:02 - 2012-03-29 22:02 - 0001944 ____A C:\Users\Desktop Office\Desktop\Free Dolphin Screensaver.lnk
2012-03-29 22:02 - 2012-03-29 22:02 - 0001934 ____A C:\Users\Desktop Office\Desktop\Free Games!!.lnk
2012-03-29 22:02 - 2012-03-29 22:02 - 0000000 ____D C:\Program Files (x86)\Free Offers from Freeze.com
2012-03-29 22:02 - 2012-03-29 21:03 - 0000000 ____D C:\Program Files (x86)\7-Zip
2012-03-29 22:02 - 2012-03-26 08:09 - 0000000 ____D C:\Users\Desktop Office\AppData\Local\Google
2012-03-29 21:56 - 2012-03-29 21:56 - 0002503 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
2012-03-29 21:50 - 2012-03-29 20:53 - 0000000 ____D C:\Program Files (x86)\Media Finder
2012-03-29 21:50 - 2012-03-29 20:22 - 0000000 ____D C:\Program Files (x86)\iLivid
2012-03-29 21:49 - 2012-03-29 20:53 - 0000000 ____D C:\Users\Desktop Office\AppData\Roaming\Media Finder
2012-03-29 21:49 - 2012-03-29 20:23 - 0000000 ____D C:\Users\Desktop Office\AppData\Roaming\vlc
2012-03-29 21:49 - 2012-03-29 19:55 - 0000000 ____D C:\Users\All Users\TheBflix
2012-03-29 21:49 - 2012-03-29 19:55 - 0000000 ____D C:\ProgramData\TheBflix
2012-03-29 21:05 - 2012-03-21 12:56 - 0000000 ____D C:\Users\Desktop Office\AppData\Local\VirtualStore
2012-03-29 20:53 - 2012-03-29 20:53 - 0000000 ____D C:\Users\Desktop Office\AppData\Roaming\Mozilla
2012-03-29 20:53 - 2012-03-29 20:53 - 0000000 ____D C:\Users\Desktop Office\AppData\Roaming\Babylon
2012-03-29 20:53 - 2012-03-29 20:53 - 0000000 ____D C:\Users\Desktop Office\AppData\Local\Babylon
2012-03-29 20:53 - 2012-03-29 20:53 - 0000000 ____D C:\Users\All Users\Babylon
2012-03-29 20:53 - 2012-03-29 20:53 - 0000000 ____D C:\ProgramData\Babylon
2012-03-29 20:22 - 2012-03-29 20:22 - 0000000 ____D C:\Users\Desktop Office\AppData\Local\Ilivid Player
2012-03-29 19:55 - 2012-03-29 19:55 - 0000000 ____D C:\Users\All Users\Premium
2012-03-29 19:55 - 2012-03-29 19:55 - 0000000 ____D C:\ProgramData\Premium
2012-03-29 19:55 - 2012-03-29 19:54 - 0000000 ____D C:\Users\All Users\InstallMate
2012-03-29 19:55 - 2012-03-29 19:54 - 0000000 ____D C:\ProgramData\InstallMate
2012-03-29 19:00 - 2012-03-29 17:56 - 0000000 ____D C:\Program Files (x86)\ExpressFiles
2012-03-29 13:39 - 2012-03-29 13:39 - 0000000 ____D C:\Users\Desktop Office\Documents\My PaperPort Documents
2012-03-29 13:39 - 2012-03-23 07:37 - 0000000 ____D C:\Users\Desktop Office\AppData\Roaming\Nuance
2012-03-29 13:04 - 2012-03-29 13:04 - 0000000 ____D C:\Windows\system64
2012-03-29 08:07 - 2012-03-29 08:07 - 0000000 ____D C:\Users\Desktop Office\AppData\Local\backburner
2012-03-29 08:06 - 2012-03-29 08:06 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{4df9bb76-74ff-11e1-b4c2-74de2b79cb7b}.TxR.blf
2012-03-28 05:04 - 2012-03-28 04:59 - 0000000 ____D C:\Project
2012-03-26 08:20 - 2012-03-26 08:20 - 0000000 ____D C:\Users\Desktop Office\AppData\Roaming\Google
2012-03-26 08:20 - 2012-03-26 08:09 - 0000000 ____D C:\Users\All Users\Google
2012-03-26 08:20 - 2012-03-26 08:09 - 0000000 ____D C:\ProgramData\Google
2012-03-23 07:55 - 2012-03-23 07:42 - 0005897 ____A C:\Windows\BRPARAM.INI
2012-03-23 07:43 - 2012-03-23 07:43 - 0002146 ____A C:\Users\Public\Desktop\Brother Creative Center.lnk
2012-03-23 07:43 - 2012-03-23 07:43 - 0000261 ____A C:\Windows\Brpfx04a.ini
2012-03-23 07:43 - 2012-03-23 07:43 - 0000094 ____A C:\Windows\brpcfx.ini
2012-03-23 07:41 - 2012-03-23 07:41 - 0000000 ____D C:\Users\Public\Documents\BrFaxRx
2012-03-23 07:41 - 2012-03-23 07:40 - 0000066 ____A C:\Windows\Brfaxrx.ini
2012-03-23 07:36 - 2012-03-23 07:36 - 0000000 ____D C:\Users\Desktop Office\Documents\MyWebPages
2012-03-23 07:36 - 2012-03-22 23:14 - 0000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-03-23 05:07 - 2012-03-23 05:07 - 0000153 ____A C:\Users\All Users\Microsoft.SqlServer.Compact.351.32.bc
2012-03-23 05:07 - 2012-03-23 05:07 - 0000153 ____A C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2012-03-23 04:51 - 2012-03-23 04:51 - 0000000 ____D C:\Users\Desktop Office\AppData\Local\Microsoft Help
2012-03-22 23:39 - 2012-03-21 12:56 - 0000174 ___SH C:\Users\Desktop Office\Start Menu\Programs\Startup\desktop.ini
2012-03-22 23:39 - 2012-03-21 12:56 - 0000174 ___SH C:\Users\Desktop Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-03-22 15:54 - 2012-03-22 15:54 - 0000000 ____D C:\Users\Desktop Office\AppData\Roaming\WinBatch
2012-03-22 05:40 - 2012-03-22 05:40 - 0000000 ____D C:\Users\Desktop Office\hpremote
2012-03-22 05:40 - 2012-03-21 12:55 - 0000000 ____D C:\Users\Desktop Office\AppData\Roaming\Hewlett-Packard
2012-03-21 13:57 - 2009-07-13 21:01 - 0108227 ____A C:\Windows\SysWOW64\license.rtf
2012-03-21 13:57 - 2009-07-13 21:01 - 0108227 ____A C:\Windows\System32\license.rtf
2012-03-21 13:10 - 2012-03-21 13:10 - 0000000 ____D C:\Users\Desktop Office\New folder
2012-03-21 13:01 - 2012-03-21 13:01 - 0000000 ____D C:\Users\Desktop Office\AppData\Roaming\Adobe
2012-03-21 13:00 - 2012-03-21 13:00 - 0000000 ____D C:\Users\Desktop Office\AppData\Roaming\ATI
2012-03-21 13:00 - 2012-03-21 13:00 - 0000000 ____D C:\Users\Desktop Office\AppData\Local\ATI
2012-03-21 12:59 - 2012-03-21 12:59 - 0000000 ____D C:\Users\Desktop Office\Documents\Bluetooth Exchange Folder
2012-03-21 12:59 - 2012-03-21 12:59 - 0000000 ____D C:\Users\Desktop Office\AppData\Local\Broadcom
2012-03-21 12:58 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\restore
2012-03-21 12:56 - 2012-03-21 12:56 - 0000000 ____D C:\Users\Desktop Office\AppData\Local\PDFC
2012-03-21 12:52 - 2012-03-21 12:52 - 0000020 __ASH C:\Users\Desktop Office\ntuser.ini
2012-03-21 12:52 - 2012-03-21 12:52 - 0000000 __SHD C:\Users\Desktop Office\Templates
2012-03-21 12:52 - 2012-03-21 12:52 - 0000000 __SHD C:\Users\Desktop Office\Start Menu
2012-03-21 12:52 - 2012-03-21 12:52 - 0000000 __SHD C:\Users\Desktop Office\PrintHood
2012-03-21 12:52 - 2012-03-21 12:52 - 0000000 __SHD C:\Users\Desktop Office\NetHood
2012-03-21 12:52 - 2012-03-21 12:52 - 0000000 __SHD C:\Users\Desktop Office\My Documents
2012-03-21 12:52 - 2012-03-21 12:52 - 0000000 __SHD C:\Users\Desktop Office\Documents\My Videos
2012-03-21 12:52 - 2012-03-21 12:52 - 0000000 __SHD C:\Users\Desktop Office\Documents\My Pictures
2012-03-21 12:52 - 2012-03-21 12:52 - 0000000 __SHD C:\Users\Desktop Office\Documents\My Music
2012-03-21 12:52 - 2012-03-21 12:52 - 0000000 __SHD C:\Users\Desktop Office\AppData\Local\Temporary Internet Files
2012-03-21 12:52 - 2012-03-21 12:52 - 0000000 __SHD C:\Users\Desktop Office\AppData\Local\History
2012-03-21 12:52 - 2012-03-21 12:52 - 0000000 ____D C:\Users\Desktop Office\AppData\Local\TouchSmartData
2012-03-21 12:52 - 2011-12-23 19:38 - 0000000 _RASH C:\Windows\SysWOW64\Drivers\103C_HP_cPC_h8-1214_Y53316J_0U_QMXX209_E12NA1MRW603_4A_I2AC8_SGigabyte_V1.2_BAng 713_T111229_W73-1_L409_M10015_J1500_7AMD_8F12_93.30_#111223_N10EC8168;14E44357_Z_G1002677B_Ohp DVD RW AD-7250H5 SCSI CdRom Device.MRK
2012-03-21 12:52 - 2011-12-23 19:38 - 0000000 _RASH C:\Windows\System32\Drivers\103C_HP_cPC_h8-1214_Y53316J_0U_QMXX209_E12NA1MRW603_4A_I2AC8_SGigabyte_V1.2_BAng 713_T111229_W73-1_L409_M10015_J1500_7AMD_8F12_93.30_#111223_N10EC8168;14E44357_Z_G1002677B_Ohp DVD RW AD-7250H5 SCSI CdRom Device.MRK
2012-03-21 12:51 - 2012-03-21 12:51 - 0000000 ____D C:\Program Files (x86)\Microsoft Mathematics
2012-03-05 22:53 - 2012-04-23 19:50 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-05 21:59 - 2012-04-23 19:50 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-05 21:59 - 2012-04-23 19:50 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-02-29 22:46 - 2012-04-23 19:48 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 22:38 - 2012-04-23 19:48 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 22:33 - 2012-04-23 19:48 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 22:28 - 2012-04-23 19:48 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 21:37 - 2012-04-23 19:48 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 21:33 - 2012-04-23 19:48 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 21:29 - 2012-04-23 19:48 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-27 23:34 - 2012-04-23 19:50 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 23:02 - 2012-04-23 19:50 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 22:56 - 2012-04-23 19:50 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 22:50 - 2012-04-23 19:50 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 22:49 - 2012-04-23 19:50 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 22:48 - 2012-04-23 19:50 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 22:48 - 2012-04-23 19:50 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 22:47 - 2012-04-23 19:50 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 22:45 - 2012-04-23 19:50 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 22:43 - 2012-04-23 19:50 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 22:43 - 2012-04-23 19:50 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 22:42 - 2012-04-23 19:50 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 22:39 - 2012-04-23 19:50 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 17:52 - 2012-04-23 19:50 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 17:27 - 2012-04-23 19:50 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 17:18 - 2012-04-23 19:50 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-27 17:12 - 2012-04-23 19:50 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 17:11 - 2012-04-23 19:50 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-27 17:11 - 2012-04-23 19:50 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 17:09 - 2012-04-23 19:50 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 17:08 - 2012-04-23 19:50 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 17:06 - 2012-04-23 19:50 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-27 17:04 - 2012-04-23 19:50 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 17:03 - 2012-04-23 19:50 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 17:03 - 2012-04-23 19:50 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 16:59 - 2012-04-23 19:50 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-23 05:18 - 2010-11-20 19:27 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-16 22:38 - 2012-03-21 12:53 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-03-21 12:53 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-03-21 12:53 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-03-21 12:53 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-09 22:36 - 2012-03-22 08:37 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:38 - 2012-03-22 08:37 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-02 20:34 - 2012-03-22 06:24 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2011-12-23 17:17] - [2011-12-23 17:17] - 0296320 ____A (Microsoft Corporation) DF8126BD41180351A093A3AD2FC8903B


========================= Memory info ======================

Percentage of memory in use: 12%
Total physical RAM: 10014.9 MB
Available physical RAM: 8785.08 MB
Total Pagefile: 10013.1 MB
Available Pagefile: 8768.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:1380.02 GB) (Free:1266.39 GB) NTFS
2 Drive e: (HP_RECOVERY) (Fixed) (Total:16.86 GB) (Free:2.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: (CADREUSB) (Removable) (Total:0.24 GB) (Free:0.24 GB) FAT
9 Drive x: (Boot) (Fixed) (Total:0.12 GB) (Free:0.12 GB) NTFS
10 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 1396 GB 0 B
Disk 1 Online 247 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 1380 GB 101 MB
Partition 3 Primary 16 GB 1380 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 1380 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E HP_RECOVERY NTFS Partition 16 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 247 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 04
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G CADREUSB FAT Removable 247 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-03-30 01:20

======================= End Of Log ==========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:10 AM

Posted 24 April 2012 - 08:08 AM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ==> ZeroAccess
2 Cardex; C:\Windows\System32\pdlnsx25.dll [6656 2009-07-13] (Oak Technology Inc.)
C:\Windows\System32\pdlnsx25.dll 
NETSVC: Cardex

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Plans

Plans
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 24 April 2012 - 11:05 AM

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 22-04-2012
Ran by SYSTEM at 2012-04-24 11:52:40 R:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
Cardex service deleted successfully.
C:\Windows\System32\pdlnsx25.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs Cardex Deleted successfully.

==== End of Fixlog ====





I have Shut Down and Restarted the PC several times. The issue appears to be fixed, I have not had to restore since running the scan tool. Is it now safe to run a scan with my Virus protection?

Edited by Plans, 24 April 2012 - 11:38 AM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:10 AM

Posted 24 April 2012 - 01:13 PM

Hello

no don't run anything yet - let me do my thing first.

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Plans

Plans
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 24 April 2012 - 02:23 PM

Below is the log from ComboFix.
So far this has been a seamless process. I have not encountered any problems. Your instructions and work have been impeccable.
After running ComboFix, I did receive the "Illegal operation" error when I tried to open Internet Explorer.
I restarted as instructed and everything seems to be in working order.
I have opened most of the software I work with and have not recieved any errors.





ComboFix 12-04-24.02 - Eric 04/24/2012 14:48:03.1.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.10015.8142 [GMT -4:00]
Running from: c:\users\Eric.DesktopOffice\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\boost_interprocess\20120405160016.860398
c:\programdata\boost_interprocess\20120405160016.860398\Nobu64AgentService
c:\programdata\boost_interprocess\20120405160016.860398\Nobu64TrayIcon
c:\programdata\TheBflix
c:\programdata\TheBflix\background.html
c:\programdata\TheBflix\joifgdlkhokekeaenpkaehbnjhncglbh.crx
.
.
((((((((((((((((((((((((( Files Created from 2012-03-24 to 2012-04-24 )))))))))))))))))))))))))))))))
.
.
2012-04-24 18:26 . 2010-05-14 03:48 65024 ----a-w- c:\windows\system32\Spool\prtprocs\x64\PPhp1020.DLL
2012-04-24 18:26 . 2010-05-14 03:48 192512 ----a-w- c:\windows\system32\ZLhp1020.DLL
2012-04-24 18:26 . 2010-05-14 03:48 501760 ----a-w- c:\windows\system32\ZSHP1020.EXE
2012-04-24 18:26 . 2010-05-14 05:52 245248 ----a-w- c:\windows\system32\zshp1020s.dll
2012-04-24 18:23 . 2006-01-28 16:00 143360 ----a-r- c:\windows\apptune1020.exe
2012-04-24 18:23 . 2006-01-28 16:00 86016 ----a-r- c:\windows\SysWow64\ZSPOOL.DLL
2012-04-24 18:23 . 2006-01-28 16:00 28672 ----a-r- c:\windows\SysWow64\zlm.dll
2012-04-24 18:23 . 2006-01-28 16:00 28672 ----a-r- c:\windows\SysWow64\IMF32.DLL
2012-04-24 18:23 . 2006-01-28 16:00 24576 ----a-r- c:\windows\SysWow64\ZTAG32.DLL
2012-04-24 18:23 . 2006-01-28 16:00 102400 ----a-r- c:\windows\SysWow64\ZLhp1020.dll
2012-04-24 18:23 . 2012-04-24 18:23 -------- d--h--w- c:\program files (x86)\Zenographics
2012-04-24 18:23 . 2006-01-28 16:00 442368 ----a-r- c:\windows\SysWow64\zshp1020.exe
2012-04-24 18:23 . 2006-01-28 16:00 106496 ----a-r- c:\windows\SysWow64\vshp1020.dll
2012-04-24 17:54 . 2012-04-24 17:54 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-04-24 16:24 . 2012-04-24 16:26 -------- d-----w- C:\FRST
2012-04-24 16:06 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-24 16:06 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-24 16:06 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-24 16:06 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-24 16:06 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-24 16:06 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-24 16:06 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-24 13:13 . 2012-04-24 13:13 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-24 00:03 . 2012-04-24 00:03 -------- d--h--w- c:\programdata\Common Files
2012-04-24 00:03 . 2012-04-24 07:36 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-04-24 00:03 . 2012-04-24 07:36 -------- d-----w- c:\windows\system32\drivers\AVG
2012-04-24 00:03 . 2012-04-24 00:37 -------- d-----w- c:\programdata\AVG2012
2012-04-24 00:03 . 2012-04-24 00:03 -------- d-----w- C:\$AVG
2012-04-24 00:02 . 2012-04-24 00:17 -------- d-----w- c:\program files (x86)\AVG
2012-04-23 23:49 . 2012-04-24 00:17 -------- d-----w- c:\programdata\MFAData
2012-04-06 14:22 . 2012-04-06 14:22 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-04-06 13:05 . 2012-04-24 07:34 -------- d-----w- c:\programdata\SBT
2012-04-06 13:05 . 2012-04-24 07:37 -------- d-----w- c:\program files (x86)\Snapshot Viewer
2012-04-06 13:01 . 2012-04-24 07:35 -------- d-----w- c:\windows\Msagent
2012-04-06 13:01 . 2012-04-06 13:01 -------- d-----w- c:\users\Desktop Office\AppData\Roaming\Microsoft Web Folders
2012-04-06 12:45 . 2012-04-24 07:34 -------- d-----w- c:\users\Desktop Office\AppData\Local\ArchVision,_Inc
2012-04-06 12:30 . 2012-04-06 12:36 -------- d-----w- c:\users\Desktop Office\AppData\Roaming\okino
2012-04-06 12:24 . 2012-04-24 07:34 -------- d-----w- c:\users\Desktop Office\AppData\Roaming\SoftGrid Client
2012-04-06 12:24 . 2012-04-06 12:24 -------- d-----w- c:\users\Desktop Office\AppData\Local\SoftGrid Client
2012-04-06 12:23 . 2012-04-06 12:24 -------- d-----w- c:\users\Desktop Office\AppData\Roaming\TP
2012-04-05 19:06 . 2012-04-05 20:30 -------- d-----w- C:\Eric
2012-04-05 18:24 . 2012-04-24 07:34 -------- d-----w- c:\users\Eric
2012-04-05 18:07 . 2012-04-24 16:47 -------- d-----w- c:\programdata\Recovery
2012-04-05 01:12 . 2012-04-24 07:34 -------- d-----w- c:\programdata\ArchVision
2012-04-05 01:11 . 2012-04-05 01:11 -------- d-----w- c:\programdata\Allegorithmic
2012-03-31 04:55 . 2010-04-15 11:04 85504 ----a-w- c:\windows\SysWow64\HTMLWH.DLL
2012-03-31 04:55 . 2010-04-15 11:04 49152 ----a-w- c:\windows\SysWow64\INETWH32.DLL
2012-03-31 04:55 . 2010-04-15 11:04 1044480 ----a-w- c:\windows\SysWow64\ROBOEX32.DLL
2012-03-31 04:55 . 2010-04-15 11:04 89088 ----a-w- c:\windows\system32\zlib.dll
2012-03-31 04:55 . 2010-04-15 11:04 48128 ----a-w- c:\windows\system32\d3dxof.dll
2012-03-31 04:55 . 2012-04-24 07:34 -------- d-----w- c:\program files\NuGraf64
2012-03-31 04:52 . 2012-04-24 07:34 -------- d-----w- c:\program files\Bionatics
2012-03-31 04:52 . 2012-03-31 04:52 -------- d-----w- c:\programdata\Bionatics
2012-03-31 04:51 . 2001-09-05 08:18 225280 ------w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-03-31 04:51 . 2001-09-05 08:14 176128 ------w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-03-31 04:51 . 2001-09-05 08:13 32768 ------w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-03-31 04:51 . 2001-09-05 08:18 77824 ------w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-03-31 04:51 . 2002-07-25 12:07 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-03-31 04:48 . 2012-04-24 07:34 -------- d-----w- c:\program files\ArchVision
2012-03-31 04:48 . 2012-04-24 07:33 -------- d-----w- c:\program files (x86)\ArchVision
2012-03-31 04:48 . 2012-04-24 07:34 -------- d-----w- c:\users\Desktop Office\AppData\Local\Allegorithmic
2012-03-31 04:48 . 2012-04-05 23:20 -------- d-----w- c:\program files (x86)\Allegorithmic
2012-03-31 04:46 . 2012-04-24 07:34 -------- d-----w- C:\Revit SDK 2012
2012-03-31 04:46 . 2012-03-31 04:46 -------- d-----w- c:\program files\Autodesk Network License Manager
2012-03-31 03:35 . 2012-04-24 07:34 -------- d-----w- c:\users\Desktop Office\AppData\Local\Autodesk
2012-03-31 03:34 . 2012-04-24 07:33 -------- d-----w- c:\program files (x86)\Autodesk
2012-03-31 03:22 . 2012-04-24 07:34 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2012-03-31 03:22 . 2012-04-24 07:33 -------- d-----w- c:\program files (x86)\Common Files\Autodesk Shared
2012-03-31 03:22 . 2012-04-24 07:34 -------- d-----w- c:\program files\Autodesk
2012-03-31 03:09 . 2012-04-24 07:34 -------- d-----w- c:\users\Desktop Office\AppData\Roaming\Autodesk
2012-03-31 03:09 . 2012-04-24 07:34 -------- d-----w- c:\programdata\Autodesk
2012-03-31 02:08 . 2012-04-24 07:33 -------- d-----w- C:\Autodesk
2012-03-30 15:24 . 2012-03-30 21:20 -------- d-----w- c:\users\Desktop Office\BDS
2012-03-30 13:41 . 2012-04-24 07:34 -------- d-----w- c:\program files\CCleaner
2012-03-30 06:33 . 2012-04-24 07:33 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-03-30 06:02 . 2012-03-30 06:02 18944 ----a-r- c:\users\Desktop Office\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2012-03-30 06:02 . 2012-03-30 06:02 -------- d-----w- c:\program files (x86)\Free Offers from Freeze.com
2012-03-30 06:02 . 2012-03-30 13:33 -------- d-----w- c:\programdata\Yahoo!
2012-03-30 06:01 . 2012-03-30 13:33 -------- d-----w- c:\program files (x86)\Yahoo!
2012-03-30 05:03 . 2012-03-30 06:02 -------- d-----w- c:\program files (x86)\7-Zip
2012-03-30 04:53 . 2012-03-30 05:49 -------- d-----w- c:\users\Desktop Office\AppData\Roaming\Media Finder
2012-03-30 04:53 . 2012-03-30 05:50 -------- d-----w- c:\program files (x86)\Media Finder
2012-03-30 04:53 . 2012-03-30 04:53 -------- d-----w- c:\users\Desktop Office\AppData\Roaming\Babylon
2012-03-30 04:53 . 2012-03-30 04:53 -------- d-----w- c:\users\Desktop Office\AppData\Local\Babylon
2012-03-30 04:53 . 2012-03-30 04:53 -------- d-----w- c:\programdata\Babylon
2012-03-30 04:23 . 2012-03-30 05:49 -------- d-----w- c:\users\Desktop Office\AppData\Roaming\vlc
2012-03-30 04:22 . 2012-03-30 04:22 -------- d-----w- c:\users\Desktop Office\AppData\Local\Ilivid Player
2012-03-30 04:22 . 2012-03-30 05:50 -------- d-----w- c:\program files (x86)\iLivid
2012-03-30 03:55 . 2012-03-30 03:55 -------- d-----w- c:\programdata\Premium
2012-03-30 03:54 . 2012-03-30 03:55 -------- d-----w- c:\programdata\InstallMate
2012-03-30 01:56 . 2012-03-30 03:00 -------- d-----w- c:\program files (x86)\ExpressFiles
2012-03-29 21:05 . 2012-03-30 10:38 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-29 21:04 . 2012-03-29 21:04 -------- d-----we c:\windows\system64
2012-03-29 17:16 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe
2012-03-29 16:07 . 2012-03-29 16:07 -------- d-----w- c:\users\Desktop Office\AppData\Local\backburner
2012-03-29 13:38 . 2012-04-24 13:13 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-28 12:59 . 2012-03-28 13:04 -------- d-----w- C:\Project
2012-03-28 12:46 . 2012-03-31 04:13 -------- d-----w- c:\users\Desktop Office\AppData\Local\CrashDumps
2012-03-27 18:29 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5363944A-3942-41A9-9D08-0037FC3FEFA9}\mpengine.dll
2012-03-26 16:09 . 2012-04-24 07:34 -------- d-----w- c:\program files\Google
2012-03-26 16:09 . 2012-03-30 06:02 -------- d-----w- c:\users\Desktop Office\AppData\Local\Google
2012-03-26 16:08 . 2012-04-24 07:33 -------- d-----w- c:\program files (x86)\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-24 13:13 . 2011-12-24 01:50 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-21 20:52 . 2011-03-29 02:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-23 13:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-21 20:53 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-21 20:53 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-21 20:53 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-21 20:53 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-22 16:37 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-22 16:37 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-22 14:24 3145728 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-24 343168]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-08-12 658424]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]
"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"OrderReminder"="c:\program files (x86)\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-3-25 1137952]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-26 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 253088]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-08-01 195320]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 EraserUtilDrv11122;EraserUtilDrv11122;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys [2012-04-24 138360]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-03-30 138360]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-03-23 1431888]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-26 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120413.001_70b\BHDrvx64.sys [2012-04-13 1160824]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120423.001\IDSvia64.sys [2012-04-23 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-11-01 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2011-05-13 128904]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-20 249648]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-08-16 16384]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max Design 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [2011-08-10 138760]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-08-12 1128952]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-09 144672]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys [x]
S3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 13:13]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-26 16:09]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-26 16:09]
.
2012-04-06 c:\windows\Tasks\HPCeeScheduleForDesktop Office.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
2012-04-24 c:\windows\Tasks\HPCeeScheduleForEric.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-11-01 1424896]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2011-11-01 37888]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 166.102.165.11 166.102.165.13
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
.
**************************************************************************
.
Completion time: 2012-04-24 15:00:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-24 19:00
.
Pre-Run: 1,354,910,416,896 bytes free
Post-Run: 1,355,494,801,408 bytes free
.
- - End Of File - - 25A51CCE1532465F870DA267E29F55D0

#8 Plans

Plans
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 24 April 2012 - 08:09 PM

Thank you for your help with this.
I have a couple questions?
Can I remove ComboFix and Is the computer clean of the virus now?

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:10 AM

Posted 24 April 2012 - 08:56 PM

Greetings

Can I remove ComboFix and Is the computer clean of the virus now?

I will remove it when we are done - we have killed the virus but now it is important to remove anything else I can find of it and during that proccess I will check to see if everything is up to date and even speed things up



I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Plans

Plans
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 24 April 2012 - 09:29 PM

22:26:03.0217 2780 TDSS rootkit removing tool 2.7.32.0 Apr 23 2012 19:12:34
22:26:03.0529 2780 ============================================================
22:26:03.0529 2780 Current date / time: 2012/04/24 22:26:03.0529
22:26:03.0529 2780 SystemInfo:
22:26:03.0529 2780
22:26:03.0529 2780 OS Version: 6.1.7601 ServicePack: 1.0
22:26:03.0529 2780 Product type: Workstation
22:26:03.0529 2780 ComputerName: DESKTOPOFFICE
22:26:03.0529 2780 UserName: Eric
22:26:03.0529 2780 Windows directory: C:\Windows
22:26:03.0529 2780 System windows directory: C:\Windows
22:26:03.0529 2780 Running under WOW64
22:26:03.0529 2780 Processor architecture: Intel x64
22:26:03.0529 2780 Number of processors: 6
22:26:03.0529 2780 Page size: 0x1000
22:26:03.0529 2780 Boot type: Normal boot
22:26:03.0529 2780 ============================================================
22:26:04.0028 2780 Drive \Device\Harddisk0\DR0 - Size: 0x15D3EF70000 (1396.98 Gb), SectorSize: 0x200, Cylinders: 0x2C85C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:26:04.0075 2780 Drive \Device\Harddisk5\DR5 - Size: 0xF780000 (0.24 Gb), SectorSize: 0x200, Cylinders: 0x1F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:26:04.0075 2780 ============================================================
22:26:04.0075 2780 \Device\Harddisk0\DR0:
22:26:04.0075 2780 MBR partitions:
22:26:04.0075 2780 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:26:04.0075 2780 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAC80C000
22:26:04.0075 2780 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAC83E800, BlocksNum 0x21B8800
22:26:04.0075 2780 \Device\Harddisk5\DR5:
22:26:04.0075 2780 MBR partitions:
22:26:04.0075 2780 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x4, StartLBA 0x20, BlocksNum 0x7BBE0
22:26:04.0075 2780 ============================================================
22:26:04.0106 2780 C: <-> \Device\Harddisk0\DR0\Partition1
22:26:04.0215 2780 D: <-> \Device\Harddisk0\DR0\Partition2
22:26:04.0215 2780 ============================================================
22:26:04.0215 2780 Initialize success
22:26:04.0215 2780 ============================================================
22:26:09.0171 5408 ============================================================
22:26:09.0171 5408 Scan started
22:26:09.0171 5408 Mode: Manual;
22:26:09.0171 5408 ============================================================
22:26:09.0686 5408 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:26:09.0686 5408 1394ohci - ok
22:26:09.0748 5408 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:26:09.0748 5408 ACPI - ok
22:26:09.0764 5408 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:26:09.0764 5408 AcpiPmi - ok
22:26:09.0904 5408 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:26:09.0904 5408 AdobeFlashPlayerUpdateSvc - ok
22:26:09.0951 5408 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
22:26:09.0967 5408 adp94xx - ok
22:26:09.0998 5408 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
22:26:10.0013 5408 adpahci - ok
22:26:10.0045 5408 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
22:26:10.0045 5408 adpu320 - ok
22:26:10.0060 5408 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:26:10.0060 5408 AeLookupSvc - ok
22:26:10.0107 5408 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
22:26:10.0107 5408 AESTFilters - ok
22:26:10.0169 5408 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
22:26:10.0185 5408 AFD - ok
22:26:10.0201 5408 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:26:10.0216 5408 agp440 - ok
22:26:10.0247 5408 ahcix64s (a31f4d7c3243341e06155d1ac09a7e98) C:\Windows\system32\drivers\ahcix64s.sys
22:26:10.0247 5408 ahcix64s - ok
22:26:10.0263 5408 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:26:10.0263 5408 ALG - ok
22:26:10.0279 5408 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:26:10.0279 5408 aliide - ok
22:26:10.0325 5408 AMD External Events Utility (a592ca3ec9a5af7f74d5169d556b976f) C:\Windows\system32\atiesrxx.exe
22:26:10.0325 5408 AMD External Events Utility - ok
22:26:10.0357 5408 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:26:10.0357 5408 amdide - ok
22:26:10.0372 5408 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
22:26:10.0372 5408 AmdK8 - ok
22:26:10.0825 5408 amdkmdag (1512ceedc3657082f396a0818528b5e8) C:\Windows\system32\DRIVERS\atikmdag.sys
22:26:10.0981 5408 amdkmdag - ok
22:26:11.0090 5408 amdkmdap (3d00276750e2d6f35228e12868cf1a46) C:\Windows\system32\DRIVERS\atikmpag.sys
22:26:11.0090 5408 amdkmdap - ok
22:26:11.0121 5408 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
22:26:11.0121 5408 AmdPPM - ok
22:26:11.0152 5408 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:26:11.0152 5408 amdsata - ok
22:26:11.0168 5408 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
22:26:11.0168 5408 amdsbs - ok
22:26:11.0199 5408 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:26:11.0199 5408 amdxata - ok
22:26:11.0293 5408 AMD_RAIDXpert (84f51bf343daa771c37892275236f56b) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
22:26:11.0293 5408 AMD_RAIDXpert - ok
22:26:11.0324 5408 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:26:11.0324 5408 AppID - ok
22:26:11.0355 5408 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:26:11.0355 5408 AppIDSvc - ok
22:26:11.0386 5408 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
22:26:11.0386 5408 Appinfo - ok
22:26:11.0449 5408 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
22:26:11.0449 5408 arc - ok
22:26:11.0495 5408 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
22:26:11.0495 5408 arcsas - ok
22:26:11.0573 5408 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:26:11.0573 5408 aspnet_state - ok
22:26:11.0605 5408 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:26:11.0605 5408 AsyncMac - ok
22:26:11.0636 5408 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:26:11.0636 5408 atapi - ok
22:26:11.0729 5408 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
22:26:11.0745 5408 AtiHDAudioService - ok
22:26:11.0776 5408 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:26:11.0792 5408 AudioEndpointBuilder - ok
22:26:11.0807 5408 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:26:11.0807 5408 AudioSrv - ok
22:26:11.0917 5408 Autodesk Content Service (1992c2a1867d95aa3a0802539358d162) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
22:26:11.0917 5408 Autodesk Content Service - ok
22:26:12.0010 5408 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
22:26:12.0010 5408 AxInstSV - ok
22:26:12.0057 5408 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
22:26:12.0057 5408 b06bdrv - ok
22:26:12.0104 5408 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:26:12.0104 5408 b57nd60a - ok
22:26:12.0197 5408 BBSvc (28a4012e68bc9597bcb9b26b51aac4b6) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
22:26:12.0197 5408 BBSvc - ok
22:26:12.0229 5408 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
22:26:12.0229 5408 BBUpdate - ok
22:26:12.0385 5408 BCM43XX (fde8c8dc07e75347e4c6b455a0964217) C:\Windows\system32\DRIVERS\bcmwl664.sys
22:26:12.0400 5408 BCM43XX - ok
22:26:12.0463 5408 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:26:12.0463 5408 BDESVC - ok
22:26:12.0494 5408 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:26:12.0494 5408 Beep - ok
22:26:12.0572 5408 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
22:26:12.0572 5408 BFE - ok
22:26:12.0775 5408 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120413.001_70b\BHDrvx64.sys
22:26:12.0790 5408 BHDrvx64 - ok
22:26:12.0884 5408 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
22:26:12.0899 5408 BITS - ok
22:26:12.0915 5408 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
22:26:12.0931 5408 blbdrive - ok
22:26:12.0993 5408 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:26:13.0009 5408 bowser - ok
22:26:13.0009 5408 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
22:26:13.0024 5408 BrFiltLo - ok
22:26:13.0040 5408 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
22:26:13.0040 5408 BrFiltUp - ok
22:26:13.0102 5408 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
22:26:13.0102 5408 BridgeMP - ok
22:26:13.0133 5408 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
22:26:13.0133 5408 Browser - ok
22:26:13.0165 5408 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:26:13.0165 5408 Brserid - ok
22:26:13.0180 5408 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:26:13.0180 5408 BrSerWdm - ok
22:26:13.0196 5408 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:26:13.0196 5408 BrUsbMdm - ok
22:26:13.0211 5408 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:26:13.0211 5408 BrUsbSer - ok
22:26:13.0305 5408 BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files (x86)\Browny02\BrYNSvc.exe
22:26:13.0321 5408 BrYNSvc - ok
22:26:13.0336 5408 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
22:26:13.0336 5408 BthEnum - ok
22:26:13.0367 5408 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
22:26:13.0367 5408 BTHMODEM - ok
22:26:13.0383 5408 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
22:26:13.0383 5408 BthPan - ok
22:26:13.0430 5408 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
22:26:13.0430 5408 BTHPORT - ok
22:26:13.0445 5408 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:26:13.0445 5408 bthserv - ok
22:26:13.0461 5408 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
22:26:13.0461 5408 BTHUSB - ok
22:26:13.0539 5408 BTWAMPFL (a0dfb69ade3444c78b17636fcf28e898) C:\Windows\system32\DRIVERS\btwampfl.sys
22:26:13.0539 5408 BTWAMPFL - ok
22:26:13.0555 5408 btwaudio (7cf028ce78696882b327ff13d2dfa534) C:\Windows\system32\drivers\btwaudio.sys
22:26:13.0555 5408 btwaudio - ok
22:26:13.0601 5408 btwavdt (3def2370e414b4e299673558ba171a51) C:\Windows\system32\DRIVERS\btwavdt.sys
22:26:13.0601 5408 btwavdt - ok
22:26:13.0679 5408 btwdins (1ad3a2baf31c4327dcbb2b0eca4a23bb) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
22:26:13.0679 5408 btwdins - ok
22:26:13.0711 5408 btwl2cap (346b4051b3d7ff70e8f027869b8eca6e) C:\Windows\system32\DRIVERS\btwl2cap.sys
22:26:13.0711 5408 btwl2cap - ok
22:26:13.0726 5408 btwrchid (9937e0e4dfc0030560a6dfe9d3a94b39) C:\Windows\system32\DRIVERS\btwrchid.sys
22:26:13.0726 5408 btwrchid - ok
22:26:13.0789 5408 CalendarSynchService (a3ad13ca2747953ddd4c9ae4fb925bec) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
22:26:13.0789 5408 CalendarSynchService - ok
22:26:13.0804 5408 catchme - ok
22:26:13.0867 5408 ccSet_NIS (a8ad33c9dd88c810cac00acc7f4329fb) C:\Windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys
22:26:13.0867 5408 ccSet_NIS - ok
22:26:13.0882 5408 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:26:13.0882 5408 cdfs - ok
22:26:13.0929 5408 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
22:26:13.0929 5408 cdrom - ok
22:26:14.0007 5408 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:26:14.0007 5408 CertPropSvc - ok
22:26:14.0023 5408 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
22:26:14.0023 5408 circlass - ok
22:26:14.0054 5408 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:26:14.0054 5408 CLFS - ok
22:26:14.0116 5408 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:26:14.0116 5408 clr_optimization_v2.0.50727_32 - ok
22:26:14.0163 5408 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:26:14.0163 5408 clr_optimization_v2.0.50727_64 - ok
22:26:14.0225 5408 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:26:14.0225 5408 clr_optimization_v4.0.30319_32 - ok
22:26:14.0257 5408 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:26:14.0257 5408 clr_optimization_v4.0.30319_64 - ok
22:26:14.0272 5408 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
22:26:14.0272 5408 CmBatt - ok
22:26:14.0319 5408 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:26:14.0319 5408 cmdide - ok
22:26:14.0428 5408 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
22:26:14.0444 5408 CNG - ok
22:26:14.0459 5408 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
22:26:14.0459 5408 Compbatt - ok
22:26:14.0506 5408 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:26:14.0506 5408 CompositeBus - ok
22:26:14.0522 5408 COMSysApp - ok
22:26:14.0537 5408 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
22:26:14.0537 5408 crcdisk - ok
22:26:14.0569 5408 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
22:26:14.0569 5408 CryptSvc - ok
22:26:14.0631 5408 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:26:14.0631 5408 DcomLaunch - ok
22:26:14.0678 5408 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:26:14.0678 5408 defragsvc - ok
22:26:14.0709 5408 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:26:14.0709 5408 DfsC - ok
22:26:14.0756 5408 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
22:26:14.0756 5408 Dhcp - ok
22:26:14.0771 5408 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:26:14.0771 5408 discache - ok
22:26:14.0803 5408 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
22:26:14.0803 5408 Disk - ok
22:26:14.0865 5408 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
22:26:14.0865 5408 Dnscache - ok
22:26:14.0881 5408 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
22:26:14.0881 5408 dot3svc - ok
22:26:14.0896 5408 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
22:26:14.0896 5408 DPS - ok
22:26:14.0927 5408 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:26:14.0927 5408 drmkaud - ok
22:26:14.0990 5408 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:26:14.0990 5408 DXGKrnl - ok
22:26:15.0021 5408 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:26:15.0021 5408 EapHost - ok
22:26:15.0177 5408 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
22:26:15.0224 5408 ebdrv - ok
22:26:15.0349 5408 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
22:26:15.0364 5408 eeCtrl - ok
22:26:15.0458 5408 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
22:26:15.0473 5408 EFS - ok
22:26:15.0536 5408 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:26:15.0536 5408 ehRecvr - ok
22:26:15.0567 5408 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:26:15.0567 5408 ehSched - ok
22:26:15.0629 5408 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
22:26:15.0629 5408 elxstor - ok
22:26:15.0692 5408 EraserUtilDrv11122 (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys
22:26:15.0692 5408 EraserUtilDrv11122 - ok
22:26:15.0723 5408 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:26:15.0739 5408 EraserUtilRebootDrv - ok
22:26:15.0739 5408 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:26:15.0754 5408 ErrDev - ok
22:26:15.0817 5408 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:26:15.0817 5408 EventSystem - ok
22:26:15.0879 5408 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:26:15.0879 5408 exfat - ok
22:26:15.0910 5408 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:26:15.0910 5408 fastfat - ok
22:26:15.0973 5408 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:26:15.0973 5408 Fax - ok
22:26:16.0019 5408 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
22:26:16.0019 5408 fdc - ok
22:26:16.0051 5408 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:26:16.0051 5408 fdPHost - ok
22:26:16.0066 5408 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:26:16.0066 5408 FDResPub - ok
22:26:16.0082 5408 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:26:16.0082 5408 FileInfo - ok
22:26:16.0097 5408 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:26:16.0097 5408 Filetrace - ok
22:26:16.0238 5408 FLEXnet Licensing Service 64 (5cee6cd43ae5844c49300ea0b1e557ee) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
22:26:16.0253 5408 FLEXnet Licensing Service 64 - ok
22:26:16.0363 5408 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
22:26:16.0363 5408 flpydisk - ok
22:26:16.0394 5408 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:26:16.0394 5408 FltMgr - ok
22:26:16.0472 5408 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
22:26:16.0487 5408 FontCache - ok
22:26:16.0534 5408 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:26:16.0534 5408 FontCache3.0.0.0 - ok
22:26:16.0550 5408 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:26:16.0550 5408 FsDepends - ok
22:26:16.0581 5408 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
22:26:16.0581 5408 Fs_Rec - ok
22:26:16.0628 5408 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:26:16.0628 5408 fvevol - ok
22:26:16.0659 5408 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
22:26:16.0659 5408 gagp30kx - ok
22:26:16.0706 5408 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
22:26:16.0706 5408 GamesAppService - ok
22:26:16.0753 5408 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
22:26:16.0768 5408 gpsvc - ok
22:26:16.0831 5408 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:26:16.0846 5408 gupdate - ok
22:26:16.0846 5408 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:26:16.0846 5408 gupdatem - ok
22:26:16.0877 5408 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:26:16.0877 5408 gusvc - ok
22:26:16.0893 5408 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:26:16.0893 5408 hcw85cir - ok
22:26:16.0924 5408 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:26:16.0924 5408 HdAudAddService - ok
22:26:16.0955 5408 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:26:16.0955 5408 HDAudBus - ok
22:26:16.0971 5408 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
22:26:16.0971 5408 HidBatt - ok
22:26:16.0987 5408 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
22:26:16.0987 5408 HidBth - ok
22:26:17.0002 5408 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
22:26:17.0018 5408 HidIr - ok
22:26:17.0033 5408 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
22:26:17.0033 5408 hidserv - ok
22:26:17.0065 5408 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:26:17.0065 5408 HidUsb - ok
22:26:17.0096 5408 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:26:17.0096 5408 hkmsvc - ok
22:26:17.0111 5408 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:26:17.0111 5408 HomeGroupListener - ok
22:26:17.0143 5408 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:26:17.0158 5408 HomeGroupProvider - ok
22:26:17.0221 5408 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
22:26:17.0221 5408 HP Support Assistant Service - ok
22:26:17.0299 5408 HPAuto (7b8c1b09c11e8db7c4480abd7d17e821) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
22:26:17.0314 5408 HPAuto - ok
22:26:17.0345 5408 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
22:26:17.0361 5408 HPClientSvc - ok
22:26:17.0377 5408 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
22:26:17.0377 5408 HPDrvMntSvc.exe - ok
22:26:17.0423 5408 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
22:26:17.0423 5408 hpqwmiex - ok
22:26:17.0564 5408 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:26:17.0564 5408 HpSAMD - ok
22:26:17.0611 5408 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:26:17.0626 5408 HTTP - ok
22:26:17.0642 5408 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:26:17.0642 5408 hwpolicy - ok
22:26:17.0673 5408 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:26:17.0673 5408 i8042prt - ok
22:26:17.0689 5408 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:26:17.0704 5408 iaStorV - ok
22:26:17.0798 5408 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:26:17.0813 5408 idsvc - ok
22:26:17.0954 5408 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120424.001\IDSvia64.sys
22:26:17.0954 5408 IDSVia64 - ok
22:26:18.0297 5408 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:26:18.0406 5408 igfx - ok
22:26:18.0531 5408 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
22:26:18.0531 5408 iirsp - ok
22:26:18.0578 5408 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
22:26:18.0578 5408 IKEEXT - ok
22:26:18.0609 5408 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:26:18.0609 5408 intelide - ok
22:26:18.0625 5408 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
22:26:18.0625 5408 intelppm - ok
22:26:18.0656 5408 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:26:18.0656 5408 IPBusEnum - ok
22:26:18.0671 5408 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:26:18.0671 5408 IpFilterDriver - ok
22:26:18.0703 5408 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
22:26:18.0703 5408 iphlpsvc - ok
22:26:18.0749 5408 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:26:18.0765 5408 IPMIDRV - ok
22:26:18.0827 5408 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:26:18.0827 5408 IPNAT - ok
22:26:18.0859 5408 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:26:18.0859 5408 IRENUM - ok
22:26:18.0890 5408 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:26:18.0890 5408 isapnp - ok
22:26:18.0921 5408 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:26:18.0921 5408 iScsiPrt - ok
22:26:18.0952 5408 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:26:18.0952 5408 kbdclass - ok
22:26:18.0983 5408 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
22:26:18.0983 5408 kbdhid - ok
22:26:19.0015 5408 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:26:19.0015 5408 KeyIso - ok
22:26:19.0030 5408 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
22:26:19.0046 5408 KSecDD - ok
22:26:19.0061 5408 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
22:26:19.0061 5408 KSecPkg - ok
22:26:19.0077 5408 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:26:19.0077 5408 ksthunk - ok
22:26:19.0108 5408 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:26:19.0108 5408 KtmRm - ok
22:26:19.0139 5408 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
22:26:19.0139 5408 LanmanServer - ok
22:26:19.0171 5408 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:26:19.0186 5408 LanmanWorkstation - ok
22:26:19.0202 5408 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:26:19.0202 5408 lltdio - ok
22:26:19.0233 5408 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:26:19.0249 5408 lltdsvc - ok
22:26:19.0249 5408 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:26:19.0264 5408 lmhosts - ok
22:26:19.0280 5408 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
22:26:19.0295 5408 LSI_FC - ok
22:26:19.0311 5408 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
22:26:19.0311 5408 LSI_SAS - ok
22:26:19.0342 5408 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
22:26:19.0342 5408 LSI_SAS2 - ok
22:26:19.0389 5408 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
22:26:19.0389 5408 LSI_SCSI - ok
22:26:19.0436 5408 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:26:19.0451 5408 luafv - ok
22:26:19.0467 5408 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:26:19.0467 5408 Mcx2Svc - ok
22:26:19.0514 5408 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
22:26:19.0514 5408 megasas - ok
22:26:19.0561 5408 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
22:26:19.0561 5408 MegaSR - ok
22:26:19.0670 5408 mi-raysat_3dsmax2012_64 (0af89452a8ce3928168f4e5b2208c68b) C:\Program Files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
22:26:19.0670 5408 mi-raysat_3dsmax2012_64 - ok
22:26:19.0685 5408 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:26:19.0701 5408 MMCSS - ok
22:26:19.0717 5408 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:26:19.0717 5408 Modem - ok
22:26:19.0763 5408 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:26:19.0763 5408 monitor - ok
22:26:19.0810 5408 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:26:19.0810 5408 mouclass - ok
22:26:19.0826 5408 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:26:19.0826 5408 mouhid - ok
22:26:19.0873 5408 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:26:19.0873 5408 mountmgr - ok
22:26:19.0888 5408 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:26:19.0888 5408 mpio - ok
22:26:19.0904 5408 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:26:19.0904 5408 mpsdrv - ok
22:26:19.0966 5408 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
22:26:19.0982 5408 MpsSvc - ok
22:26:19.0997 5408 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:26:19.0997 5408 MRxDAV - ok
22:26:20.0029 5408 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:26:20.0029 5408 mrxsmb - ok
22:26:20.0044 5408 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:26:20.0060 5408 mrxsmb10 - ok
22:26:20.0075 5408 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:26:20.0075 5408 mrxsmb20 - ok
22:26:20.0107 5408 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:26:20.0107 5408 msahci - ok
22:26:20.0138 5408 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:26:20.0138 5408 msdsm - ok
22:26:20.0153 5408 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:26:20.0169 5408 MSDTC - ok
22:26:20.0185 5408 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:26:20.0185 5408 Msfs - ok
22:26:20.0200 5408 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:26:20.0200 5408 mshidkmdf - ok
22:26:20.0231 5408 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:26:20.0231 5408 msisadrv - ok
22:26:20.0278 5408 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:26:20.0278 5408 MSiSCSI - ok
22:26:20.0294 5408 msiserver - ok
22:26:20.0325 5408 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:26:20.0325 5408 MSKSSRV - ok
22:26:20.0325 5408 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:26:20.0341 5408 MSPCLOCK - ok
22:26:20.0356 5408 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:26:20.0356 5408 MSPQM - ok
22:26:20.0387 5408 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:26:20.0403 5408 MsRPC - ok
22:26:20.0419 5408 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:26:20.0419 5408 mssmbios - ok
22:26:20.0434 5408 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:26:20.0434 5408 MSTEE - ok
22:26:20.0731 5408 msvsmon90 (cb4a082af58d1a0969f931816d5cfb05) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
22:26:20.0824 5408 msvsmon90 - ok
22:26:20.0933 5408 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
22:26:20.0933 5408 MTConfig - ok
22:26:20.0949 5408 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:26:20.0965 5408 Mup - ok
22:26:21.0011 5408 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:26:21.0027 5408 napagent - ok
22:26:21.0058 5408 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:26:21.0058 5408 NativeWifiP - ok
22:26:21.0230 5408 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120424.020\ENG64.SYS
22:26:21.0230 5408 NAVENG - ok
22:26:21.0339 5408 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120424.020\EX64.SYS
22:26:21.0370 5408 NAVEX15 - ok
22:26:21.0526 5408 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:26:21.0526 5408 NDIS - ok
22:26:21.0573 5408 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:26:21.0589 5408 NdisCap - ok
22:26:21.0620 5408 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:26:21.0620 5408 NdisTapi - ok
22:26:21.0651 5408 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:26:21.0651 5408 Ndisuio - ok
22:26:21.0667 5408 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:26:21.0667 5408 NdisWan - ok
22:26:21.0682 5408 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:26:21.0682 5408 NDProxy - ok
22:26:21.0698 5408 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:26:21.0698 5408 NetBIOS - ok
22:26:21.0713 5408 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:26:21.0713 5408 NetBT - ok
22:26:21.0745 5408 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:26:21.0745 5408 Netlogon - ok
22:26:21.0791 5408 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:26:21.0791 5408 Netman - ok
22:26:21.0869 5408 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:26:21.0869 5408 NetMsmqActivator - ok
22:26:21.0869 5408 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:26:21.0869 5408 NetPipeActivator - ok
22:26:21.0932 5408 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:26:21.0932 5408 netprofm - ok
22:26:21.0947 5408 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:26:21.0947 5408 NetTcpActivator - ok
22:26:21.0947 5408 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:26:21.0947 5408 NetTcpPortSharing - ok
22:26:21.0994 5408 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
22:26:21.0994 5408 nfrd960 - ok
22:26:22.0088 5408 NIS (e127420b7feb65c7f279eaac183bbc0e) C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
22:26:22.0103 5408 NIS - ok
22:26:22.0119 5408 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
22:26:22.0135 5408 NlaSvc - ok
22:26:22.0150 5408 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:26:22.0150 5408 Npfs - ok
22:26:22.0166 5408 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:26:22.0166 5408 nsi - ok
22:26:22.0181 5408 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:26:22.0181 5408 nsiproxy - ok
22:26:22.0275 5408 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:26:22.0306 5408 Ntfs - ok
22:26:22.0369 5408 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:26:22.0369 5408 Null - ok
22:26:22.0400 5408 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:26:22.0400 5408 nvraid - ok
22:26:22.0415 5408 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:26:22.0415 5408 nvstor - ok
22:26:22.0447 5408 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:26:22.0447 5408 nv_agp - ok
22:26:22.0462 5408 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:26:22.0478 5408 ohci1394 - ok
22:26:22.0493 5408 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:26:22.0509 5408 p2pimsvc - ok
22:26:22.0540 5408 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:26:22.0540 5408 p2psvc - ok
22:26:22.0571 5408 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
22:26:22.0587 5408 Parport - ok
22:26:22.0603 5408 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
22:26:22.0603 5408 partmgr - ok
22:26:22.0618 5408 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:26:22.0618 5408 PcaSvc - ok
22:26:22.0681 5408 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:26:22.0681 5408 pci - ok
22:26:22.0696 5408 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:26:22.0696 5408 pciide - ok
22:26:22.0727 5408 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
22:26:22.0727 5408 pcmcia - ok
22:26:22.0759 5408 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:26:22.0759 5408 pcw - ok
22:26:22.0805 5408 pdfcDispatcher - ok
22:26:22.0868 5408 PDFProFiltSrvPP (c1c3baf078be5a14384a4ba2d730817d) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
22:26:22.0868 5408 PDFProFiltSrvPP - ok
22:26:22.0915 5408 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:26:22.0915 5408 PEAUTH - ok
22:26:22.0993 5408 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:26:22.0993 5408 PerfHost - ok
22:26:23.0055 5408 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:26:23.0086 5408 pla - ok
22:26:23.0133 5408 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:26:23.0133 5408 PlugPlay - ok
22:26:23.0149 5408 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:26:23.0149 5408 PNRPAutoReg - ok
22:26:23.0164 5408 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:26:23.0164 5408 PNRPsvc - ok
22:26:23.0195 5408 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:26:23.0195 5408 PolicyAgent - ok
22:26:23.0227 5408 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:26:23.0227 5408 Power - ok
22:26:23.0289 5408 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:26:23.0289 5408 PptpMiniport - ok
22:26:23.0305 5408 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
22:26:23.0305 5408 Processor - ok
22:26:23.0336 5408 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
22:26:23.0336 5408 ProfSvc - ok
22:26:23.0367 5408 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:26:23.0367 5408 ProtectedStorage - ok
22:26:23.0429 5408 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:26:23.0445 5408 Psched - ok
22:26:23.0539 5408 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
22:26:23.0570 5408 ql2300 - ok
22:26:23.0648 5408 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
22:26:23.0648 5408 ql40xx - ok
22:26:23.0679 5408 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:26:23.0679 5408 QWAVE - ok
22:26:23.0695 5408 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:26:23.0695 5408 QWAVEdrv - ok
22:26:23.0710 5408 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:26:23.0726 5408 RasAcd - ok
22:26:23.0757 5408 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:26:23.0757 5408 RasAgileVpn - ok
22:26:23.0773 5408 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:26:23.0773 5408 RasAuto - ok
22:26:23.0788 5408 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:26:23.0804 5408 Rasl2tp - ok
22:26:23.0819 5408 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:26:23.0819 5408 RasMan - ok
22:26:23.0851 5408 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:26:23.0851 5408 RasPppoe - ok
22:26:23.0866 5408 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:26:23.0866 5408 RasSstp - ok
22:26:23.0897 5408 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:26:23.0897 5408 rdbss - ok
22:26:23.0913 5408 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
22:26:23.0913 5408 rdpbus - ok
22:26:23.0929 5408 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:26:23.0929 5408 RDPCDD - ok
22:26:23.0944 5408 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:26:23.0944 5408 RDPENCDD - ok
22:26:23.0960 5408 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:26:23.0960 5408 RDPREFMP - ok
22:26:23.0991 5408 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
22:26:23.0991 5408 RDPWD - ok
22:26:24.0022 5408 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:26:24.0022 5408 rdyboost - ok
22:26:24.0085 5408 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:26:24.0100 5408 RemoteAccess - ok
22:26:24.0116 5408 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:26:24.0116 5408 RemoteRegistry - ok
22:26:24.0147 5408 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
22:26:24.0147 5408 RFCOMM - ok
22:26:24.0163 5408 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:26:24.0178 5408 RpcEptMapper - ok
22:26:24.0194 5408 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:26:24.0194 5408 RpcLocator - ok
22:26:24.0225 5408 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:26:24.0225 5408 RpcSs - ok
22:26:24.0256 5408 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:26:24.0256 5408 rspndr - ok
22:26:24.0303 5408 RTL8167 (9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:26:24.0303 5408 RTL8167 - ok
22:26:24.0334 5408 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:26:24.0334 5408 SamSs - ok
22:26:24.0350 5408 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:26:24.0350 5408 sbp2port - ok
22:26:24.0365 5408 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:26:24.0365 5408 SCardSvr - ok
22:26:24.0381 5408 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:26:24.0381 5408 scfilter - ok
22:26:24.0428 5408 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:26:24.0428 5408 Schedule - ok
22:26:24.0443 5408 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:26:24.0459 5408 SCPolicySvc - ok
22:26:24.0475 5408 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:26:24.0475 5408 SDRSVC - ok
22:26:24.0506 5408 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:26:24.0506 5408 secdrv - ok
22:26:24.0537 5408 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:26:24.0537 5408 seclogon - ok
22:26:24.0553 5408 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
22:26:24.0568 5408 SENS - ok
22:26:24.0584 5408 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:26:24.0584 5408 SensrSvc - ok
22:26:24.0615 5408 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
22:26:24.0615 5408 Serenum - ok
22:26:24.0646 5408 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
22:26:24.0646 5408 Serial - ok
22:26:24.0677 5408 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
22:26:24.0677 5408 sermouse - ok
22:26:24.0709 5408 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:26:24.0709 5408 SessionEnv - ok
22:26:24.0724 5408 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:26:24.0724 5408 sffdisk - ok
22:26:24.0755 5408 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:26:24.0755 5408 sffp_mmc - ok
22:26:24.0755 5408 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:26:24.0755 5408 sffp_sd - ok
22:26:24.0771 5408 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
22:26:24.0771 5408 sfloppy - ok
22:26:24.0802 5408 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:26:24.0802 5408 SharedAccess - ok
22:26:24.0833 5408 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
22:26:24.0833 5408 ShellHWDetection - ok
22:26:24.0849 5408 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
22:26:24.0849 5408 SiSRaid2 - ok
22:26:24.0865 5408 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
22:26:24.0865 5408 SiSRaid4 - ok
22:26:24.0896 5408 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:26:24.0896 5408 Smb - ok
22:26:24.0958 5408 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:26:24.0958 5408 SNMPTRAP - ok
22:26:24.0974 5408 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:26:24.0974 5408 spldr - ok
22:26:25.0005 5408 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
22:26:25.0005 5408 Spooler - ok
22:26:25.0145 5408 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:26:25.0161 5408 sppsvc - ok
22:26:25.0239 5408 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:26:25.0255 5408 sppuinotify - ok
22:26:25.0333 5408 SRTSP (1321a6c3c92bbd3f3bbe1292cff8e91a) C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSP64.SYS
22:26:25.0348 5408 SRTSP - ok
22:26:25.0379 5408 SRTSPX (bd129c22c3b8c2e584227269dfa77b09) C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSPX64.SYS
22:26:25.0379 5408 SRTSPX - ok
22:26:25.0426 5408 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:26:25.0426 5408 srv - ok
22:26:25.0457 5408 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:26:25.0473 5408 srv2 - ok
22:26:25.0489 5408 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:26:25.0489 5408 srvnet - ok
22:26:25.0520 5408 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:26:25.0520 5408 SSDPSRV - ok
22:26:25.0535 5408 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:26:25.0551 5408 SstpSvc - ok
22:26:25.0598 5408 STacSV (d343109df7dafec3c75ac65446f5a1a9) C:\Program Files\IDT\WDM\STacSV64.exe
22:26:25.0598 5408 STacSV - ok
22:26:25.0629 5408 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
22:26:25.0629 5408 stexstor - ok
22:26:25.0660 5408 STHDA (8c490a03d0e44165d8bb48cea4787f47) C:\Windows\system32\DRIVERS\stwrt64.sys
22:26:25.0676 5408 STHDA - ok
22:26:25.0707 5408 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
22:26:25.0707 5408 StillCam - ok
22:26:25.0738 5408 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:26:25.0754 5408 stisvc - ok
22:26:25.0769 5408 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:26:25.0769 5408 swenum - ok
22:26:25.0816 5408 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:26:25.0816 5408 swprv - ok
22:26:25.0863 5408 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS
22:26:25.0879 5408 SymDS - ok
22:26:25.0941 5408 SymEFA (fe29b18bf86ffcd55d8733c9b01e5042) C:\Windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS
22:26:25.0972 5408 SymEFA - ok
22:26:25.0988 5408 SymEvent (36b77f5c9e21f88a8c8ec67ad5415819) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
22:26:25.0988 5408 SymEvent - ok
22:26:26.0019 5408 SymIRON (dd70da422460fded831d211df151d560) C:\Windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS
22:26:26.0019 5408 SymIRON - ok
22:26:26.0050 5408 SymNetS (bce4eb2eef05e388959b46fd21388c2d) C:\Windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS
22:26:26.0050 5408 SymNetS - ok
22:26:26.0144 5408 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
22:26:26.0191 5408 SysMain - ok
22:26:26.0269 5408 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:26:26.0269 5408 TabletInputService - ok
22:26:26.0300 5408 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:26:26.0315 5408 TapiSrv - ok
22:26:26.0331 5408 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:26:26.0331 5408 TBS - ok
22:26:26.0487 5408 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
22:26:26.0534 5408 Tcpip - ok
22:26:26.0674 5408 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
22:26:26.0690 5408 TCPIP6 - ok
22:26:26.0752 5408 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:26:26.0752 5408 tcpipreg - ok
22:26:26.0768 5408 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:26:26.0768 5408 TDPIPE - ok
22:26:26.0799 5408 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
22:26:26.0815 5408 TDTCP - ok
22:26:26.0830 5408 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:26:26.0830 5408 tdx - ok
22:26:26.0861 5408 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:26:26.0861 5408 TermDD - ok
22:26:26.0908 5408 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
22:26:26.0924 5408 TermService - ok
22:26:26.0939 5408 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:26:26.0939 5408 Themes - ok
22:26:26.0971 5408 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:26:26.0971 5408 THREADORDER - ok
22:26:26.0986 5408 tihub3 (da632fae7b5629032b2c24e1be29168b) C:\Windows\system32\drivers\tihub3.sys
22:26:26.0986 5408 tihub3 - ok
22:26:27.0017 5408 tixhci (e2083499bd967396b3449c56ec8cfa70) C:\Windows\system32\drivers\tixhci.sys
22:26:27.0033 5408 tixhci - ok
22:26:27.0049 5408 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:26:27.0049 5408 TrkWks - ok
22:26:27.0111 5408 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:26:27.0111 5408 TrustedInstaller - ok
22:26:27.0127 5408 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:26:27.0127 5408 tssecsrv - ok
22:26:27.0142 5408 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:26:27.0158 5408 TsUsbFlt - ok
22:26:27.0173 5408 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
22:26:27.0173 5408 TsUsbGD - ok
22:26:27.0205 5408 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:26:27.0205 5408 tunnel - ok
22:26:27.0220 5408 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
22:26:27.0220 5408 uagp35 - ok
22:26:27.0251 5408 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:26:27.0251 5408 udfs - ok
22:26:27.0267 5408 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:26:27.0267 5408 UI0Detect - ok
22:26:27.0298 5408 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:26:27.0298 5408 uliagpkx - ok
22:26:27.0314 5408 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
22:26:27.0314 5408 umbus - ok
22:26:27.0345 5408 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
22:26:27.0345 5408 UmPass - ok
22:26:27.0376 5408 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:26:27.0376 5408 upnphost - ok
22:26:27.0392 5408 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:26:27.0392 5408 usbccgp - ok
22:26:27.0407 5408 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:26:27.0407 5408 usbcir - ok
22:26:27.0439 5408 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
22:26:27.0439 5408 usbehci - ok
22:26:27.0454 5408 usbfilter (573d192e268f0c5b486b7e96f661e538) C:\Windows\system32\drivers\usbfilter.sys
22:26:27.0454 5408 usbfilter - ok
22:26:27.0485 5408 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
22:26:27.0501 5408 usbhub - ok
22:26:27.0517 5408 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
22:26:27.0517 5408 usbohci - ok
22:26:27.0548 5408 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:26:27.0563 5408 usbprint - ok
22:26:27.0579 5408 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:26:27.0579 5408 USBSTOR - ok
22:26:27.0595 5408 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:26:27.0595 5408 usbuhci - ok
22:26:27.0626 5408 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:26:27.0626 5408 UxSms - ok
22:26:27.0657 5408 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:26:27.0657 5408 VaultSvc - ok
22:26:27.0673 5408 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:26:27.0673 5408 vdrvroot - ok
22:26:27.0719 5408 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
22:26:27.0735 5408 vds - ok
22:26:27.0751 5408 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:26:27.0751 5408 vga - ok
22:26:27.0766 5408 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:26:27.0766 5408 VgaSave - ok
22:26:27.0797 5408 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:26:27.0813 5408 vhdmp - ok
22:26:27.0844 5408 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:26:27.0844 5408 viaide - ok
22:26:27.0860 5408 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:26:27.0860 5408 volmgr - ok
22:26:27.0891 5408 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:26:27.0891 5408 volmgrx - ok
22:26:27.0922 5408 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys
22:26:27.0922 5408 volsnap - ok
22:26:27.0953 5408 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
22:26:27.0953 5408 vsmraid - ok
22:26:28.0016 5408 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:26:28.0063 5408 VSS - ok
22:26:28.0141 5408 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:26:28.0141 5408 vwifibus - ok
22:26:28.0156 5408 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:26:28.0156 5408 vwififlt - ok
22:26:28.0187 5408 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:26:28.0203 5408 W32Time - ok
22:26:28.0250 5408 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
22:26:28.0250 5408 WacomPen - ok
22:26:28.0312 5408 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:26:28.0312 5408 WANARP - ok
22:26:28.0328 5408 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:26:28.0328 5408 Wanarpv6 - ok
22:26:28.0421 5408 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
22:26:28.0453 5408 WatAdminSvc - ok
22:26:28.0546 5408 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
22:26:28.0593 5408 wbengine - ok
22:26:28.0640 5408 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:26:28.0640 5408 WbioSrvc - ok
22:26:28.0655 5408 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:26:28.0671 5408 wcncsvc - ok
22:26:28.0671 5408 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:26:28.0671 5408 WcsPlugInService - ok
22:26:28.0702 5408 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
22:26:28.0702 5408 Wd - ok
22:26:28.0749 5408 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:26:28.0765 5408 Wdf01000 - ok
22:26:28.0780 5408 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:26:28.0780 5408 WdiServiceHost - ok
22:26:28.0780 5408 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:26:28.0796 5408 WdiSystemHost - ok
22:26:28.0811 5408 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
22:26:28.0811 5408 WebClient - ok
22:26:28.0827 5408 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:26:28.0843 5408 Wecsvc - ok
22:26:28.0858 5408 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:26:28.0858 5408 wercplsupport - ok
22:26:28.0889 5408 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:26:28.0889 5408 WerSvc - ok
22:26:28.0921 5408 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:26:28.0921 5408 WfpLwf - ok
22:26:28.0936 5408 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:26:28.0936 5408 WIMMount - ok
22:26:28.0983 5408 WinDefend - ok
22:26:28.0999 5408 WinHttpAutoProxySvc - ok
22:26:29.0061 5408 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:26:29.0061 5408 Winmgmt - ok
22:26:29.0186 5408 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
22:26:29.0233 5408 WinRM - ok
22:26:29.0373 5408 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:26:29.0389 5408 Wlansvc - ok
22:26:29.0435 5408 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:26:29.0435 5408 wlcrasvc - ok
22:26:29.0560 5408 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:26:29.0623 5408 wlidsvc - ok
22:26:29.0701 5408 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:26:29.0716 5408 WmiAcpi - ok
22:26:29.0747 5408 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:26:29.0747 5408 wmiApSrv - ok
22:26:29.0763 5408 WMPNetworkSvc - ok
22:26:29.0779 5408 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:26:29.0779 5408 WPCSvc - ok
22:26:29.0810 5408 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:26:29.0810 5408 WPDBusEnum - ok
22:26:29.0825 5408 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:26:29.0825 5408 ws2ifsl - ok
22:26:29.0841 5408 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
22:26:29.0841 5408 wscsvc - ok
22:26:29.0888 5408 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
22:26:29.0888 5408 WSDPrintDevice - ok
22:26:29.0888 5408 WSearch - ok
22:26:30.0028 5408 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
22:26:30.0091 5408 wuauserv - ok
22:26:30.0200 5408 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:26:30.0200 5408 WudfPf - ok
22:26:30.0231 5408 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:26:30.0231 5408 WUDFRd - ok
22:26:30.0247 5408 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:26:30.0262 5408 wudfsvc - ok
22:26:30.0278 5408 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:26:30.0293 5408 WwanSvc - ok
22:26:30.0325 5408 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:26:30.0387 5408 \Device\Harddisk0\DR0 - ok
22:26:30.0403 5408 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR5
22:26:30.0403 5408 \Device\Harddisk5\DR5 - ok
22:26:30.0418 5408 Boot (0x1200) (24ef6e178864a1013250a741b12e54a9) \Device\Harddisk0\DR0\Partition0
22:26:30.0418 5408 \Device\Harddisk0\DR0\Partition0 - ok
22:26:30.0434 5408 Boot (0x1200) (e2b326b4e33a33d73d652525158211d7) \Device\Harddisk0\DR0\Partition1
22:26:30.0434 5408 \Device\Harddisk0\DR0\Partition1 - ok
22:26:30.0465 5408 Boot (0x1200) (a54d12a64b8b7f04c7840bf7b4f2f6bd) \Device\Harddisk0\DR0\Partition2
22:26:30.0481 5408 \Device\Harddisk0\DR0\Partition2 - ok
22:26:30.0481 5408 Boot (0x1200) (e94dc21c3b6024402c7df2c8033a6721) \Device\Harddisk5\DR5\Partition0
22:26:30.0481 5408 \Device\Harddisk5\DR5\Partition0 - ok
22:26:30.0481 5408 ============================================================
22:26:30.0481 5408 Scan finished
22:26:30.0481 5408 ============================================================
22:26:30.0496 5608 Detected object count: 0
22:26:30.0496 5608 Actual detected object count: 0

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:10 AM

Posted 24 April 2012 - 09:34 PM

That looks very good!! let me have the ASWMBR report next and lets see if it finds something


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Plans

Plans
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 24 April 2012 - 09:39 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-24 22:31:08
-----------------------------
22:31:08.441 OS Version: Windows x64 6.1.7601 Service Pack 1
22:31:08.441 Number of processors: 6 586 0x102
22:31:08.441 ComputerName: DESKTOPOFFICE UserName: Eric
22:31:13.236 Initialize success
22:31:28.350 AVAST engine download error: 0
22:31:49.847 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006b
22:31:49.847 Disk 0 Vendor: Seagate HP16____ Size: 1430511MB BusType: 8
22:31:49.862 Disk 0 MBR read successfully
22:31:49.862 Disk 0 MBR scan
22:31:49.862 Disk 0 Windows 7 default MBR code
22:31:49.878 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:31:49.878 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1413144 MB offset 206848
22:31:49.909 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17265 MB offset 2894325760
22:31:49.956 Disk 0 scanning C:\Windows\system32\drivers
22:31:57.101 Service scanning
22:32:09.768 Modules scanning
22:32:09.768 Disk 0 trace - called modules:
22:32:09.799 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll ahcix64s.sys
22:32:09.799 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a1c5790]
22:32:09.815 3 CLASSPNP.SYS[fffff88001b9343f] -> nt!IofCallDriver -> \Device\0000006b[0xfffffa80094009c0]
22:32:09.815 Scan finished successfully
22:32:45.741 Disk 0 MBR has been saved successfully to "C:\Users\Eric.DesktopOffice\Desktop\MBR.dat"
22:32:45.757 The log file has been saved successfully to "C:\Users\Eric.DesktopOffice\Desktop\aswMBR.txt"

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:10 AM

Posted 24 April 2012 - 09:57 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\users\Desktop Office\AppData\Roaming\Babylon
c:\users\Desktop Office\AppData\Local\Babylon
c:\programdata\Babylon
c:\users\Desktop Office\AppData\Roaming\vlc
c:\users\Desktop Office\AppData\Local\Ilivid Player
c:\program files (x86)\iLivid
c:\programdata\Premium
c:\programdata\InstallMate

File::
c:\windows\system32\dds_trash_log.cmd

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Plans

Plans
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 24 April 2012 - 10:31 PM

The computer seamed to restart faster.
Software is opening faster as well.
All programs appear to be opening and operational.


ComboFix 12-04-24.02 - Eric 04/24/2012 23:06:14.2.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.10015.7742 [GMT -4:00]
Running from: c:\users\Eric.DesktopOffice\Desktop\ComboFix.exe
Command switches used :: c:\users\Eric.DesktopOffice\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\dds_trash_log.cmd"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\dds_trash_log.cmd
c:\windows\SysWow64\regobj.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-25 to 2012-04-25 )))))))))))))))))))))))))))))))
.
.
2012-04-25 03:12 . 2012-04-25 03:12 -------- d-----w- c:\users\Desktop Office\AppData\Local\temp
2012-04-25 03:12 . 2012-04-25 03:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-24 18:26 . 2010-05-14 03:48 65024 ----a-w- c:\windows\system32\Spool\prtprocs\x64\PPhp1020.DLL
2012-04-24 18:26 . 2010-05-14 03:48 192512 ----a-w- c:\windows\system32\ZLhp1020.DLL
2012-04-24 18:26 . 2010-05-14 03:48 501760 ----a-w- c:\windows\system32\ZSHP1020.EXE
2012-04-24 18:26 . 2010-05-14 05:52 245248 ----a-w- c:\windows\system32\zshp1020s.dll
2012-04-24 18:23 . 2006-01-28 16:00 143360 ----a-r- c:\windows\apptune1020.exe
2012-04-24 18:23 . 2006-01-28 16:00 86016 ----a-r- c:\windows\SysWow64\ZSPOOL.DLL
2012-04-24 18:23 . 2006-01-28 16:00 28672 ----a-r- c:\windows\SysWow64\zlm.dll
2012-04-24 18:23 . 2006-01-28 16:00 28672 ----a-r- c:\windows\SysWow64\IMF32.DLL
2012-04-24 18:23 . 2006-01-28 16:00 24576 ----a-r- c:\windows\SysWow64\ZTAG32.DLL
2012-04-24 18:23 . 2006-01-28 16:00 102400 ----a-r- c:\windows\SysWow64\ZLhp1020.dll
2012-04-24 18:23 . 2012-04-24 18:23 -------- d--h--w- c:\program files (x86)\Zenographics
2012-04-24 18:23 . 2006-01-28 16:00 442368 ----a-r- c:\windows\SysWow64\zshp1020.exe
2012-04-24 18:23 . 2006-01-28 16:00 106496 ----a-r- c:\windows\SysWow64\vshp1020.dll
2012-04-24 17:54 . 2012-04-24 17:54 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-04-24 16:24 . 2012-04-24 16:26 -------- d-----w- C:\FRST
2012-04-24 16:06 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-24 16:06 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-24 16:06 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-24 16:06 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-24 16:06 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-24 16:06 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-24 16:06 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-24 13:13 . 2012-04-24 13:13 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-24 00:03 . 2012-04-24 00:03 -------- d--h--w- c:\programdata\Common Files
2012-04-24 00:03 . 2012-04-24 07:36 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-04-24 00:03 . 2012-04-24 07:36 -------- d-----w- c:\windows\system32\drivers\AVG
2012-04-24 00:03 . 2012-04-24 00:37 -------- d-----w- c:\programdata\AVG2012
2012-04-24 00:03 . 2012-04-24 00:03 -------- d-----w- C:\$AVG
2012-04-24 00:02 . 2012-04-24 00:17 -------- d-----w- c:\program files (x86)\AVG
2012-04-23 23:49 . 2012-04-24 00:17 -------- d-----w- c:\programdata\MFAData
2012-04-06 14:22 . 2012-04-06 14:22 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-04-06 13:05 . 2012-04-24 07:34 -------- d-----w- c:\programdata\SBT
2012-04-06 13:05 . 2012-04-24 07:37 -------- d-----w- c:\program files (x86)\Snapshot Viewer
2012-04-06 13:01 . 2012-04-24 07:35 -------- d-----w- c:\windows\Msagent
2012-04-06 13:01 . 2012-04-06 13:01 -------- d-----w- c:\users\Desktop Office\AppData\Roaming\Microsoft Web Folders
2012-04-06 12:45 . 2012-04-24 07:34 -------- d-----w- c:\users\Desktop Office\AppData\Local\ArchVision,_Inc
2012-04-06 12:30 . 2012-04-06 12:36 -------- d-----w- c:\users\Desktop Office\AppData\Roaming\okino
2012-04-06 12:24 . 2012-04-24 07:34 -------- d-----w- c:\users\Desktop Office\AppData\Roaming\SoftGrid Client
2012-04-06 12:24 . 2012-04-06 12:24 -------- d-----w- c:\users\Desktop Office\AppData\Local\SoftGrid Client
2012-04-06 12:23 . 2012-04-06 12:24 -------- d-----w- c:\users\Desktop Office\AppData\Roaming\TP
2012-04-05 19:06 . 2012-04-05 20:30 -------- d-----w- C:\Eric
2012-04-05 18:24 . 2012-04-24 07:34 -------- d-----w- c:\users\Eric
2012-04-05 18:07 . 2012-04-24 16:47 -------- d-----w- c:\programdata\Recovery
2012-04-05 01:12 . 2012-04-24 07:34 -------- d-----w- c:\programdata\ArchVision
2012-04-05 01:11 . 2012-04-05 01:11 -------- d-----w- c:\programdata\Allegorithmic
2012-03-31 04:55 . 2010-04-15 11:04 85504 ----a-w- c:\windows\SysWow64\HTMLWH.DLL
2012-03-31 04:55 . 2010-04-15 11:04 49152 ----a-w- c:\windows\SysWow64\INETWH32.DLL
2012-03-31 04:55 . 2010-04-15 11:04 1044480 ----a-w- c:\windows\SysWow64\ROBOEX32.DLL
2012-03-31 04:55 . 2010-04-15 11:04 89088 ----a-w- c:\windows\system32\zlib.dll
2012-03-31 04:55 . 2010-04-15 11:04 48128 ----a-w- c:\windows\system32\d3dxof.dll
2012-03-31 04:55 . 2012-04-24 07:34 -------- d-----w- c:\program files\NuGraf64
2012-03-31 04:52 . 2012-04-24 07:34 -------- d-----w- c:\program files\Bionatics
2012-03-31 04:52 . 2012-03-31 04:52 -------- d-----w- c:\programdata\Bionatics
2012-03-31 04:51 . 2001-09-05 08:18 225280 ------w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-03-31 04:51 . 2001-09-05 08:14 176128 ------w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-03-31 04:51 . 2001-09-05 08:13 32768 ------w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-03-31 04:51 . 2001-09-05 08:18 77824 ------w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-03-31 04:51 . 2002-07-25 12:07 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-03-31 04:48 . 2012-04-24 07:34 -------- d-----w- c:\program files\ArchVision
2012-03-31 04:48 . 2012-04-24 07:33 -------- d-----w- c:\program files (x86)\ArchVision
2012-03-31 04:48 . 2012-04-24 07:34 -------- d-----w- c:\users\Desktop Office\AppData\Local\Allegorithmic
2012-03-31 04:48 . 2012-04-05 23:20 -------- d-----w- c:\program files (x86)\Allegorithmic
2012-03-31 04:46 . 2012-04-24 07:34 -------- d-----w- C:\Revit SDK 2012
2012-03-31 04:46 . 2012-03-31 04:46 -------- d-----w- c:\program files\Autodesk Network License Manager
2012-03-31 03:35 . 2012-04-24 07:34 -------- d-----w- c:\users\Desktop Office\AppData\Local\Autodesk
2012-03-31 03:34 . 2012-04-24 07:33 -------- d-----w- c:\program files (x86)\Autodesk
2012-03-31 03:22 . 2012-04-24 07:34 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2012-03-31 03:22 . 2012-04-24 07:33 -------- d-----w- c:\program files (x86)\Common Files\Autodesk Shared
2012-03-31 03:22 . 2012-04-24 07:34 -------- d-----w- c:\program files\Autodesk
2012-03-31 03:09 . 2012-04-24 07:34 -------- d-----w- c:\users\Desktop Office\AppData\Roaming\Autodesk
2012-03-31 03:09 . 2012-04-24 07:34 -------- d-----w- c:\programdata\Autodesk
2012-03-31 02:08 . 2012-04-24 07:33 -------- d-----w- C:\Autodesk
2012-03-30 15:24 . 2012-03-30 21:20 -------- d-----w- c:\users\Desktop Office\BDS
2012-03-30 13:41 . 2012-04-24 07:34 -------- d-----w- c:\program files\CCleaner
2012-03-30 06:33 . 2012-04-24 07:33 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-03-30 06:02 . 2012-03-30 06:02 18944 ----a-r- c:\users\Desktop Office\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2012-03-30 06:02 . 2012-03-30 06:02 -------- d-----w- c:\program files (x86)\Free Offers from Freeze.com
2012-03-30 06:02 . 2012-03-30 13:33 -------- d-----w- c:\programdata\Yahoo!
2012-03-30 06:01 . 2012-03-30 13:33 -------- d-----w- c:\program files (x86)\Yahoo!
2012-03-30 05:03 . 2012-03-30 06:02 -------- d-----w- c:\program files (x86)\7-Zip
2012-03-30 04:53 . 2012-03-30 05:49 -------- d-----w- c:\users\Desktop Office\AppData\Roaming\Media Finder
2012-03-30 04:53 . 2012-03-30 05:50 -------- d-----w- c:\program files (x86)\Media Finder
2012-03-30 04:53 . 2012-03-30 04:53 -------- d-----w- c:\users\Desktop Office\AppData\Roaming\Babylon
2012-03-30 04:53 . 2012-03-30 04:53 -------- d-----w- c:\users\Desktop Office\AppData\Local\Babylon
2012-03-30 04:53 . 2012-03-30 04:53 -------- d-----w- c:\programdata\Babylon
2012-03-30 04:23 . 2012-03-30 05:49 -------- d-----w- c:\users\Desktop Office\AppData\Roaming\vlc
2012-03-30 04:22 . 2012-03-30 04:22 -------- d-----w- c:\users\Desktop Office\AppData\Local\Ilivid Player
2012-03-30 04:22 . 2012-03-30 05:50 -------- d-----w- c:\program files (x86)\iLivid
2012-03-30 03:55 . 2012-03-30 03:55 -------- d-----w- c:\programdata\Premium
2012-03-30 03:54 . 2012-03-30 03:55 -------- d-----w- c:\programdata\InstallMate
2012-03-30 01:56 . 2012-03-30 03:00 -------- d-----w- c:\program files (x86)\ExpressFiles
2012-03-29 21:04 . 2012-03-29 21:04 -------- d-----we c:\windows\system64
2012-03-29 17:16 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe
2012-03-29 16:07 . 2012-03-29 16:07 -------- d-----w- c:\users\Desktop Office\AppData\Local\backburner
2012-03-29 13:38 . 2012-04-24 13:13 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-28 12:59 . 2012-03-28 13:04 -------- d-----w- C:\Project
2012-03-28 12:46 . 2012-03-31 04:13 -------- d-----w- c:\users\Desktop Office\AppData\Local\CrashDumps
2012-03-27 18:29 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5363944A-3942-41A9-9D08-0037FC3FEFA9}\mpengine.dll
2012-03-26 16:09 . 2012-04-24 07:34 -------- d-----w- c:\program files\Google
2012-03-26 16:09 . 2012-03-30 06:02 -------- d-----w- c:\users\Desktop Office\AppData\Local\Google
2012-03-26 16:08 . 2012-04-24 07:33 -------- d-----w- c:\program files (x86)\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-24 13:13 . 2011-12-24 01:50 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-21 20:52 . 2011-03-29 02:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-23 13:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-21 20:53 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-21 20:53 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-21 20:53 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-21 20:53 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-22 16:37 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-22 16:37 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-22 14:24 3145728 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-24_18.56.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-04-25 01:01 44600 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-25 01:01 36482 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-12-24 03:38 . 2012-04-24 13:13 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-24 03:38 . 2012-04-25 03:14 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-24 03:38 . 2012-04-25 03:14 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-24 03:38 . 2012-04-24 13:13 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-24 13:13 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-25 03:14 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-04-25 01:01 44600 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-25 01:01 36482 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-12-24 03:38 . 2012-04-24 13:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-24 03:38 . 2012-04-25 00:58 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-24 03:38 . 2012-04-25 00:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-24 03:38 . 2012-04-24 13:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-24 13:13 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-25 00:58 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-06 13:02 . 2012-04-24 19:16 69120 c:\windows\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\xlicons.exe
- 2012-04-06 13:02 . 2012-04-06 13:39 69120 c:\windows\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\xlicons.exe
- 2012-04-06 13:02 . 2012-04-06 13:39 35328 c:\windows\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\wordicon.exe
+ 2012-04-06 13:02 . 2012-04-24 19:16 35328 c:\windows\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\wordicon.exe
- 2012-04-06 13:02 . 2012-04-06 13:39 30208 c:\windows\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\pptico.exe
+ 2012-04-06 13:02 . 2012-04-24 19:16 30208 c:\windows\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\pptico.exe
- 2012-04-06 13:02 . 2012-04-06 13:39 11264 c:\windows\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\PEicons.exe
+ 2012-04-06 13:02 . 2012-04-24 19:16 11264 c:\windows\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\PEicons.exe
- 2012-04-06 13:02 . 2012-04-06 13:39 28160 c:\windows\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\misc.exe
+ 2012-04-06 13:02 . 2012-04-24 19:16 28160 c:\windows\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\misc.exe
- 2012-04-06 13:02 . 2012-04-06 13:39 73216 c:\windows\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\fpicon.exe
+ 2012-04-06 13:02 . 2012-04-24 19:16 73216 c:\windows\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\fpicon.exe
- 2012-04-06 13:02 . 2012-04-06 13:39 22528 c:\windows\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\bindico.exe
+ 2012-04-06 13:02 . 2012-04-24 19:16 22528 c:\windows\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\bindico.exe
+ 2012-04-06 13:34 . 2012-04-25 01:01 5230 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2819673735-1330441478-2832295235-1001_UserData.bin
+ 2012-04-06 13:34 . 2012-04-25 01:01 5230 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2819673735-1330441478-2832295235-1001_UserData.bin
- 2012-04-24 18:56 . 2012-04-24 18:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-25 03:14 . 2012-04-25 03:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-24 18:56 . 2012-04-24 18:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-25 03:14 . 2012-04-25 03:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-04-25 02:23 659968 c:\windows\system64\perfh009.dat
- 2009-07-14 02:36 . 2012-04-24 18:42 659968 c:\windows\system64\perfh009.dat
- 2009-07-14 02:36 . 2012-04-24 18:42 120896 c:\windows\system64\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-25 02:23 120896 c:\windows\system64\perfc009.dat
- 2009-07-14 02:36 . 2012-04-24 18:42 659968 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-25 02:23 659968 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-24 18:42 120896 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-25 02:23 120896 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-04-25 03:12 425044 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-24 18:54 425044 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-31 04:02 . 2012-04-24 19:18 460288 c:\windows\Installer\{5783F2D7-A030-0409-1102-0060B0CE6BBA}\Acad162_icon.exe
- 2012-03-31 04:02 . 2012-03-31 04:02 460288 c:\windows\Installer\{5783F2D7-A030-0409-1102-0060B0CE6BBA}\Acad162_icon.exe
- 2012-03-31 03:59 . 2012-03-31 03:59 460288 c:\windows\Installer\{5783F2D7-A030-0409-0102-0060B0CE6BBA}\Acad162_icon.exe
+ 2012-03-31 03:59 . 2012-04-24 19:18 460288 c:\windows\Installer\{5783F2D7-A030-0409-0102-0060B0CE6BBA}\Acad162_icon.exe
+ 2012-04-06 13:02 . 2012-04-24 19:16 104960 c:\windows\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\outicon.exe
- 2012-04-06 13:02 . 2012-04-06 13:39 104960 c:\windows\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\outicon.exe
- 2012-04-06 13:02 . 2012-04-06 13:39 155136 c:\windows\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\accicons.exe
+ 2012-04-06 13:02 . 2012-04-24 19:16 155136 c:\windows\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\accicons.exe
+ 2011-12-24 02:04 . 2012-04-25 03:12 2998736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-12-24 02:04 . 2012-04-24 18:54 2998736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-04-05 19:07 . 2012-04-25 03:12 2397884 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2819673735-1330441478-2832295235-1001-8192.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-24 343168]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-08-12 658424]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]
"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"OrderReminder"="c:\program files (x86)\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-3-25 1137952]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-26 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 253088]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-08-01 195320]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 EraserUtilDrv11122;EraserUtilDrv11122;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys [2012-04-25 138360]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-03-30 138360]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-03-23 1431888]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-26 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120413.001_70b\BHDrvx64.sys [2012-04-13 1160824]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120424.001\IDSvia64.sys [2012-04-23 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-11-01 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2011-05-13 128904]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-20 249648]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-08-16 16384]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max Design 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [2011-08-10 138760]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-08-12 1128952]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-09 144672]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys [x]
S3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 13:13]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-26 16:09]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-26 16:09]
.
2012-04-06 c:\windows\Tasks\HPCeeScheduleForDesktop Office.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
2012-04-24 c:\windows\Tasks\HPCeeScheduleForEric.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-11-01 1424896]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2011-11-01 37888]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 166.102.165.11 166.102.165.13
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
.
**************************************************************************
.
Completion time: 2012-04-24 23:18:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-25 03:18
ComboFix2.txt 2012-04-24 19:00

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:10 AM

Posted 24 April 2012 - 10:45 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users