Jump to content

Recommended Posts

Hi and welcome to Malwarebytes.

In the future, please post all logs directly into your reply instead of attaching them unless otherwise indicated. With that said, please update MBAM, run a Quick Scan, and post its log.

Next, run DDS again and post DDS.txt directly in your reply.

09:49:29 (null) MESSAGE Scheduled update executed successfully

09:50:19 Wayne-Rhonda MESSAGE Protection started successfully

09:50:23 Wayne-Rhonda MESSAGE IP Protection started successfully

09:50:45 Wayne-Rhonda MESSAGE IP Protection stopped

09:50:46 Wayne-Rhonda MESSAGE Database updated successfully

09:50:46 Wayne-Rhonda MESSAGE IP Protection started successfully

11:39:43 Wayne-Rhonda IP-BLOCK 221.192.199.49 (Type: outgoing, Port: 137)

11:39:43 Wayne-Rhonda IP-BLOCK 221.192.199.49 (Type: outgoing, Port: 137)

11:39:43 Wayne-Rhonda IP-BLOCK 221.192.199.49 (Type: outgoing, Port: 137)

11:39:43 Wayne-Rhonda IP-BLOCK 221.192.199.49 (Type: outgoing, Port: 137)

13:22:57 Wayne-Rhonda IP-BLOCK 221.192.199.49 (Type: outgoing, Port: 137)

13:22:58 Wayne-Rhonda IP-BLOCK 221.192.199.49 (Type: outgoing, Port: 137)

13:22:58 Wayne-Rhonda IP-BLOCK 221.192.199.49 (Type: outgoing, Port: 137)

13:22:58 Wayne-Rhonda IP-BLOCK 221.192.199.49 (Type: outgoing, Port: 137)

DS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Wayne-Rhonda at 14:33:40 on 2011-10-17

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12279.10134 [GMT -7:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\mcafee.com\agent\mcagent.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\SysWOW64\Ctxfihlp.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe

C:\Windows\SysWOW64\CTXFISPI.EXE

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_ActiveX.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111012155818.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Facetheme: {de4e75d3-60aa-4f02-a0e4-c8a40576574c} - C:\Program Files (x86)\Object\bho_project.dll

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

uRun: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup

uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup

dRunOnce: [CTAutoUpdate] "C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe" /RunFromInstaller

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{F49114D8-41C8-4635-AAA3-DDA000FC615C} : DhcpNameServer = 75.75.75.75 75.75.76.76

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

BHO-X64: StartNow Toolbar Helper - No File

C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO-X64: RoboForm BHO - No File

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111012155818.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Facetheme: {de4e75d3-60aa-4f02-a0e4-c8a40576574c} - C:\Program Files (x86)\Object\bho_project.dll

BHO-X64: BHO Project - No File

TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [CTxfiHlp] CTXFIHLP.EXE

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup

IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-9-5 64952]

R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-7-13 150920]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-15 13336]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-2 366664]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-9-15 199008]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-9-15 208272]

R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]

R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-28 2255464]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-10-12 1153368]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-9-15 1692480]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496]

R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2011-7-27 267488]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]

R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]

R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\system32\drivers\ha20x22k.sys --> C:\Windows\system32\drivers\ha20x22k.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 0223521318461630mcinstcleanup;McAfee Application Installer Cleanup (0223521318461630);C:\Windows\TEMP\022352~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\Windows\TEMP\022352~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-9-26 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-9-26 79360]

S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2011-9-26 79360]

S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]

S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]

S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]

S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]

S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-9-15 224704]

S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\FA53.tmp --> C:\Windows\system32\FA53.tmp [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 netvsc;netvsc;C:\Windows\system32\DRIVERS\netvsc60.sys --> C:\Windows\system32\DRIVERS\netvsc60.sys [?]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\system32\drivers\Synth3dVsc.sys --> C:\Windows\system32\drivers\Synth3dVsc.sys [?]

S3 SynthVid;SynthVid;C:\Windows\system32\DRIVERS\VMBusVideoM.sys --> C:\Windows\system32\DRIVERS\VMBusVideoM.sys [?]

S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]

S3 ThreatFire;ThreatFire;C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service --> C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2011-10-13 02:43:26 -------- d-----w- C:\Windows\SysWow64\Dell

2011-10-12 21:43:26 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2011-10-12 21:43:26 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2011-10-12 21:35:17 -------- d-----w- C:\Program Files (x86)\Object

2011-10-12 21:35:16 -------- d-----w- C:\Program Files (x86)\Shop to Win 22

2011-10-12 21:35:15 -------- d-----w- C:\Program Files (x86)\Shop To Win

2011-10-12 21:35:11 -------- d-----w- C:\Program Files (x86)\StartNow Toolbar

2011-10-11 19:54:43 3138048 ----a-w- C:\Windows\System32\win32k.sys

2011-10-11 19:54:36 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

2011-10-11 19:54:36 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2011-10-11 19:54:35 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2011-10-11 19:54:35 108032 ----a-w- C:\Windows\System32\psisrndr.ax

2011-10-11 19:54:34 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-10-11 19:54:34 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2011-10-11 19:54:33 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-10-11 19:54:33 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-10-09 18:15:57 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{24F259D6-DD9F-41E6-974C-26BE46E746EE}

2011-10-09 18:15:48 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{A74FF26D-8035-4461-BCDF-17D0F31E5D12}

2011-10-09 18:15:29 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{034D76F2-0E09-41D9-B481-A8794C1B7861}

2011-10-09 17:55:54 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{86888F14-9455-46E1-A2FB-ABBE69670F0F}

2011-10-09 17:55:44 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{05B017AA-6B7F-4D6A-BB54-47C804DBE620}

2011-10-09 17:53:35 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{7980FCD3-F7AC-4E77-B996-9312C74CB92B}

2011-10-09 17:53:25 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{57DD774A-4273-465C-B398-A70297368803}

2011-10-09 17:52:21 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{6658FA9C-222F-4F19-A63E-FF4AD11821E2}

2011-10-09 17:52:11 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{8F40CBDE-1ED8-4166-B729-08430D2F9C1F}

2011-10-09 17:44:52 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Windows Live

2011-10-09 17:44:37 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{A0D45EBC-B685-4DEB-AD55-0DD11F777630}

2011-10-08 18:01:55 -------- d-----w- C:\Program Files (x86)\MSECache

2011-10-06 01:46:26 465264 ----a-w- C:\Program Files (x86)\Common Files\AppFramework.dll

2011-10-06 01:46:26 402800 ----a-w- C:\Program Files (x86)\Common Files\facebook.dll

2011-10-06 01:46:26 332144 ----a-w- C:\Program Files (x86)\Common Files\MediaOrganizer.dll

2011-10-06 01:46:26 33136 ----a-w- C:\Program Files (x86)\Common Files\FlickrProvider.dll

2011-10-06 01:46:26 130416 ----a-w- C:\Program Files (x86)\Common Files\PluginCommon.dll

2011-10-05 03:33:41 6144 ------w- C:\Windows\System32\FA53.tmp

2011-10-05 03:33:20 6144 ------w- C:\Windows\System32\A86C.tmp

2011-10-05 03:33:07 -------- d-----w- C:\Program Files (x86)\Sophos

2011-10-03 21:40:35 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll

2011-10-03 17:26:38 -------- d-----w- C:\Users\Wayne-Rhonda\My Backup Files

2011-10-03 16:25:14 -------- d-----w- C:\Program Files (x86)\Dell Touch Software Suite

2011-10-03 16:25:14 -------- d-----w- C:\FIND_EULA_PATH

2011-10-03 04:17:49 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\PCTools

2011-10-03 03:49:54 -------- d-----w- C:\ProgramData\PC Tools

2011-10-02 19:43:16 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Adobe

2011-09-28 21:01:39 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation

2011-09-28 20:57:43 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab

2011-09-28 20:54:27 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Microsoft Games

2011-09-28 16:19:39 -------- d-----w- C:\Users\Wayne-Rhonda\.rainlendar2

2011-09-28 16:19:26 -------- d-----w- C:\Program Files (x86)\Rainlendar2

2011-09-28 03:30:01 8 --sh--r- C:\ProgramData\AC859C82A4.sys

2011-09-28 03:30:01 8 --sh--r- C:\ProgramData\4CB328A682.sys

2011-09-28 03:30:01 8 --sh--r- C:\ProgramData\4C5B74840F.sys

2011-09-28 03:30:00 8 --sh--r- C:\ProgramData\DED7A8BC10.sys

2011-09-28 03:30:00 8 --sh--r- C:\ProgramData\07B2980D97.sys

2011-09-28 03:22:52 8 --sh--r- C:\ProgramData\F351B99706.sys

2011-09-28 03:22:52 8 --sh--r- C:\ProgramData\C019B48D0E.sys

2011-09-28 03:22:52 8 --sh--r- C:\ProgramData\313F27D68B.sys

2011-09-28 03:22:51 8456 --sha-w- C:\ProgramData\KGyGaAvL.sys

2011-09-27 21:35:29 -------- d-----w- C:\Program Files (x86)\Siber Systems

2011-09-27 21:06:17 -------- d-----w- C:\ProgramData\eSellerate

2011-09-27 21:05:56 -------- d-----w- C:\Program Files (x86)\SmartSound Software

2011-09-27 21:05:55 -------- d-----w- C:\ProgramData\SmartSound Software Inc

2011-09-27 21:05:38 -------- d--h--w- C:\Windows\msdownld.tmp

2011-09-27 21:05:38 -------- d-----w- C:\Windows\RegisteredPackages

2011-09-27 21:05:34 -------- d-----w- C:\ProgramData\InterVideo

2011-09-27 21:05:31 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll

2011-09-27 21:05:31 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\IScript.dll

2011-09-27 21:05:31 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll

2011-09-27 21:05:30 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll

2011-09-27 21:05:30 212992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll

2011-09-27 21:03:11 -------- d-----w- C:\Program Files (x86)\Windows Media Components

2011-09-27 21:02:52 -------- d-----w- C:\Program Files (x86)\Common Files\Ulead Systems

2011-09-27 21:01:18 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe

2011-09-27 20:57:57 143360 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2011-09-27 20:57:57 143360 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2011-09-27 20:57:57 143360 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2011-09-27 20:57:57 143360 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2011-09-27 20:57:57 143360 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2011-09-27 20:57:57 143360 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2011-09-27 20:57:57 143360 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2011-09-27 20:57:02 -------- d-----w- C:\ProgramData\Corel

2011-09-27 20:57:02 -------- d-----w- C:\Program Files (x86)\Common Files\Protexis

2011-09-27 20:55:36 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Corel

2011-09-27 20:54:07 -------- d-----w- C:\Program Files (x86)\Corel

2011-09-27 20:54:07 -------- d-----w- C:\Program Files (x86)\Common Files\Corel

2011-09-27 20:39:59 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Malwarebytes

2011-09-27 20:39:54 -------- d-----w- C:\ProgramData\Malwarebytes

2011-09-27 20:39:51 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-09-27 20:39:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-09-27 20:10:18 -------- d-----w- C:\Program Files\CCleaner

2011-09-27 17:00:22 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\PCDr

2011-09-27 17:00:02 -------- d-----w- C:\ProgramData\PCDr

2011-09-27 15:23:18 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2011-09-27 15:13:45 -------- d-----w- C:\Program Files (x86)\Common Files\AnswerWorks 5.0

2011-09-27 15:13:43 4199768 ----a-w- C:\Windows\SysWow64\cdintf400.dll

2011-09-27 15:13:21 -------- d-----w- C:\Program Files (x86)\Common Files\Intuit

2011-09-27 15:13:19 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Intuit

2011-09-27 15:13:19 -------- d-----w- C:\Program Files (x86)\Quicken

2011-09-27 15:12:55 -------- d-----w- C:\ProgramData\Intuit

2011-09-27 01:37:28 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Cyberlink

2011-09-27 01:03:12 -------- d-----w- C:\ProgramData\Creative Labs

2011-09-27 01:02:33 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys

2011-09-27 01:02:32 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-09-27 00:59:55 53248 ------w- C:\Windows\Ctregrun.exe

2011-09-27 00:59:16 61440 ------w- C:\Windows\SysWow64\CTChkAud.dll

2011-09-27 00:59:16 183296 ------w- C:\Windows\System32\CTOPT352.dll

2011-09-27 00:59:16 166912 ------w- C:\Windows\SysWow64\CTOPT352.dll

2011-09-27 00:59:15 49664 ------w- C:\Windows\System32\CTChkAud.dll

2011-09-27 00:59:15 42496 ------w- C:\Windows\System32\AddCat.exe

2011-09-27 00:41:30 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Roxio Log Files

2011-09-27 00:40:49 -------- d-----w- C:\Windows\System32\appmgmt

2011-09-27 00:34:31 -------- d-----w- C:\Program Files (x86)\Common Files\Creative Labs Shared

2011-09-27 00:24:29 -------- d-----w- C:\Windows\SysWow64\Wat

2011-09-27 00:24:29 -------- d-----w- C:\Windows\System32\Wat

2011-09-27 00:23:29 -------- d-----w- C:\Program Files (x86)\OpenAL

2011-09-27 00:19:36 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Thunderbird

2011-09-26 23:08:06 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-09-26 23:07:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-09-26 23:07:51 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-09-26 22:29:07 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation

2011-09-26 20:25:31 -------- d-----w- C:\Netgear

2011-09-26 20:23:03 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Macrovision

2011-09-26 19:19:32 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Diagnostics

2011-09-26 19:15:09 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Nero_AG

2011-09-26 18:45:16 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Dell

2011-09-26 18:45:11 -------- d-sh--w- C:\System Recovery

2011-09-26 18:44:26 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Fingertapps

2011-09-26 18:44:25 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Dell

2011-09-26 18:44:13 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Dell Touch Zone

2011-09-26 18:44:03 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Intel Corporation

2011-09-26 18:43:26 -------- d-----r- C:\Users\Wayne-Rhonda\Virtual Machines

2011-09-26 18:43:06 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\VirtualStore

.

==================== Find3M ====================

.

2011-10-04 15:38:41 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-27 01:40:13 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll

2011-09-27 01:40:12 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2011-09-27 01:40:12 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2011-09-27 00:23:29 466520 ----a-w- C:\Windows\System32\wrap_oal.dll

2011-09-27 00:23:29 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2011-09-27 00:23:29 123480 ----a-w- C:\Windows\System32\OpenAL32.dll

2011-09-27 00:23:28 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2011-09-15 22:46:06 86528 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2011-09-15 21:24:48 521448 ----a-w- C:\Windows\System32\deployJava1.dll

2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll

2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll

2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-08-19 22:59:28 158832 ----a-w- C:\Windows\System32\mfevtps.exe

2011-08-15 17:00:06 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys

2011-08-15 17:00:06 75672 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys

2011-08-15 17:00:06 65128 ----a-w- C:\Windows\System32\drivers\cfwids.sys

2011-08-15 17:00:06 642824 ----a-w- C:\Windows\System32\drivers\mfehidk.sys

2011-08-15 17:00:06 481504 ----a-w- C:\Windows\System32\drivers\mfefirek.sys

2011-08-15 17:00:06 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys

2011-08-15 17:00:06 228752 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys

2011-08-15 17:00:06 158584 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys

2011-08-15 17:00:06 100904 ----a-w- C:\Windows\System32\drivers\mferkdet.sys

2011-08-03 10:31:54 311912 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

.

============= FINISH: 14:34:12.02 ===============

DS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Wayne-Rhonda at 14:33:40 on 2011-10-17

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12279.10134 [GMT -7:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\mcafee.com\agent\mcagent.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\SysWOW64\Ctxfihlp.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe

C:\Windows\SysWOW64\CTXFISPI.EXE

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_ActiveX.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111012155818.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Facetheme: {de4e75d3-60aa-4f02-a0e4-c8a40576574c} - C:\Program Files (x86)\Object\bho_project.dll

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

uRun: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup

uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup

dRunOnce: [CTAutoUpdate] "C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe" /RunFromInstaller

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{F49114D8-41C8-4635-AAA3-DDA000FC615C} : DhcpNameServer = 75.75.75.75 75.75.76.76

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

BHO-X64: StartNow Toolbar Helper - No File

C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO-X64: RoboForm BHO - No File

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111012155818.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Facetheme: {de4e75d3-60aa-4f02-a0e4-c8a40576574c} - C:\Program Files (x86)\Object\bho_project.dll

BHO-X64: BHO Project - No File

TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [CTxfiHlp] CTXFIHLP.EXE

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup

IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-9-5 64952]

R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-7-13 150920]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-15 13336]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-2 366664]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-9-15 199008]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-9-15 208272]

R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]

R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-28 2255464]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-10-12 1153368]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-9-15 1692480]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496]

R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2011-7-27 267488]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]

R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]

R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\system32\drivers\ha20x22k.sys --> C:\Windows\system32\drivers\ha20x22k.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 0223521318461630mcinstcleanup;McAfee Application Installer Cleanup (0223521318461630);C:\Windows\TEMP\022352~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\Windows\TEMP\022352~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-9-26 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-9-26 79360]

S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2011-9-26 79360]

S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]

S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]

S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]

S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]

S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-9-15 224704]

S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\FA53.tmp --> C:\Windows\system32\FA53.tmp [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 netvsc;netvsc;C:\Windows\system32\DRIVERS\netvsc60.sys --> C:\Windows\system32\DRIVERS\netvsc60.sys [?]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\system32\drivers\Synth3dVsc.sys --> C:\Windows\system32\drivers\Synth3dVsc.sys [?]

S3 SynthVid;SynthVid;C:\Windows\system32\DRIVERS\VMBusVideoM.sys --> C:\Windows\system32\DRIVERS\VMBusVideoM.sys [?]

S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]

S3 ThreatFire;ThreatFire;C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service --> C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2011-10-13 02:43:26 -------- d-----w- C:\Windows\SysWow64\Dell

2011-10-12 21:43:26 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2011-10-12 21:43:26 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2011-10-12 21:35:17 -------- d-----w- C:\Program Files (x86)\Object

2011-10-12 21:35:16 -------- d-----w- C:\Program Files (x86)\Shop to Win 22

2011-10-12 21:35:15 -------- d-----w- C:\Program Files (x86)\Shop To Win

2011-10-12 21:35:11 -------- d-----w- C:\Program Files (x86)\StartNow Toolbar

2011-10-11 19:54:43 3138048 ----a-w- C:\Windows\System32\win32k.sys

2011-10-11 19:54:36 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

2011-10-11 19:54:36 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2011-10-11 19:54:35 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2011-10-11 19:54:35 108032 ----a-w- C:\Windows\System32\psisrndr.ax

2011-10-11 19:54:34 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-10-11 19:54:34 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2011-10-11 19:54:33 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-10-11 19:54:33 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-10-09 18:15:57 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{24F259D6-DD9F-41E6-974C-26BE46E746EE}

2011-10-09 18:15:48 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{A74FF26D-8035-4461-BCDF-17D0F31E5D12}

2011-10-09 18:15:29 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{034D76F2-0E09-41D9-B481-A8794C1B7861}

2011-10-09 17:55:54 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{86888F14-9455-46E1-A2FB-ABBE69670F0F}

2011-10-09 17:55:44 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{05B017AA-6B7F-4D6A-BB54-47C804DBE620}

2011-10-09 17:53:35 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{7980FCD3-F7AC-4E77-B996-9312C74CB92B}

2011-10-09 17:53:25 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{57DD774A-4273-465C-B398-A70297368803}

2011-10-09 17:52:21 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{6658FA9C-222F-4F19-A63E-FF4AD11821E2}

2011-10-09 17:52:11 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{8F40CBDE-1ED8-4166-B729-08430D2F9C1F}

2011-10-09 17:44:52 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Windows Live

2011-10-09 17:44:37 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{A0D45EBC-B685-4DEB-AD55-0DD11F777630}

2011-10-08 18:01:55 -------- d-----w- C:\Program Files (x86)\MSECache

2011-10-06 01:46:26 465264 ----a-w- C:\Program Files (x86)\Common Files\AppFramework.dll

2011-10-06 01:46:26 402800 ----a-w- C:\Program Files (x86)\Common Files\facebook.dll

2011-10-06 01:46:26 332144 ----a-w- C:\Program Files (x86)\Common Files\MediaOrganizer.dll

2011-10-06 01:46:26 33136 ----a-w- C:\Program Files (x86)\Common Files\FlickrProvider.dll

2011-10-06 01:46:26 130416 ----a-w- C:\Program Files (x86)\Common Files\PluginCommon.dll

2011-10-05 03:33:41 6144 ------w- C:\Windows\System32\FA53.tmp

2011-10-05 03:33:20 6144 ------w- C:\Windows\System32\A86C.tmp

2011-10-05 03:33:07 -------- d-----w- C:\Program Files (x86)\Sophos

2011-10-03 21:40:35 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll

2011-10-03 17:26:38 -------- d-----w- C:\Users\Wayne-Rhonda\My Backup Files

2011-10-03 16:25:14 -------- d-----w- C:\Program Files (x86)\Dell Touch Software Suite

2011-10-03 16:25:14 -------- d-----w- C:\FIND_EULA_PATH

2011-10-03 04:17:49 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\PCTools

2011-10-03 03:49:54 -------- d-----w- C:\ProgramData\PC Tools

2011-10-02 19:43:16 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Adobe

2011-09-28 21:01:39 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation

2011-09-28 20:57:43 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab

2011-09-28 20:54:27 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Microsoft Games

2011-09-28 16:19:39 -------- d-----w- C:\Users\Wayne-Rhonda\.rainlendar2

2011-09-28 16:19:26 -------- d-----w- C:\Program Files (x86)\Rainlendar2

2011-09-28 03:30:01 8 --sh--r- C:\ProgramData\AC859C82A4.sys

2011-09-28 03:30:01 8 --sh--r- C:\ProgramData\4CB328A682.sys

2011-09-28 03:30:01 8 --sh--r- C:\ProgramData\4C5B74840F.sys

2011-09-28 03:30:00 8 --sh--r- C:\ProgramData\DED7A8BC10.sys

2011-09-28 03:30:00 8 --sh--r- C:\ProgramData\07B2980D97.sys

2011-09-28 03:22:52 8 --sh--r- C:\ProgramData\F351B99706.sys

2011-09-28 03:22:52 8 --sh--r- C:\ProgramData\C019B48D0E.sys

2011-09-28 03:22:52 8 --sh--r- C:\ProgramData\313F27D68B.sys

2011-09-28 03:22:51 8456 --sha-w- C:\ProgramData\KGyGaAvL.sys

2011-09-27 21:35:29 -------- d-----w- C:\Program Files (x86)\Siber Systems

2011-09-27 21:06:17 -------- d-----w- C:\ProgramData\eSellerate

2011-09-27 21:05:56 -------- d-----w- C:\Program Files (x86)\SmartSound Software

2011-09-27 21:05:55 -------- d-----w- C:\ProgramData\SmartSound Software Inc

2011-09-27 21:05:38 -------- d--h--w- C:\Windows\msdownld.tmp

2011-09-27 21:05:38 -------- d-----w- C:\Windows\RegisteredPackages

2011-09-27 21:05:34 -------- d-----w- C:\ProgramData\InterVideo

2011-09-27 21:05:31 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll

2011-09-27 21:05:31 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\IScript.dll

2011-09-27 21:05:31 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll

2011-09-27 21:05:30 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll

2011-09-27 21:05:30 212992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll

2011-09-27 21:03:11 -------- d-----w- C:\Program Files (x86)\Windows Media Components

2011-09-27 21:02:52 -------- d-----w- C:\Program Files (x86)\Common Files\Ulead Systems

2011-09-27 21:01:18 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe

2011-09-27 20:57:57 143360 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2011-09-27 20:57:57 143360 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2011-09-27 20:57:57 143360 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2011-09-27 20:57:57 143360 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2011-09-27 20:57:57 143360 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2011-09-27 20:57:57 143360 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2011-09-27 20:57:57 143360 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2011-09-27 20:57:02 -------- d-----w- C:\ProgramData\Corel

2011-09-27 20:57:02 -------- d-----w- C:\Program Files (x86)\Common Files\Protexis

2011-09-27 20:55:36 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Corel

2011-09-27 20:54:07 -------- d-----w- C:\Program Files (x86)\Corel

2011-09-27 20:54:07 -------- d-----w- C:\Program Files (x86)\Common Files\Corel

2011-09-27 20:39:59 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Malwarebytes

2011-09-27 20:39:54 -------- d-----w- C:\ProgramData\Malwarebytes

2011-09-27 20:39:51 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-09-27 20:39:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-09-27 20:10:18 -------- d-----w- C:\Program Files\CCleaner

2011-09-27 17:00:22 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\PCDr

2011-09-27 17:00:02 -------- d-----w- C:\ProgramData\PCDr

2011-09-27 15:23:18 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2011-09-27 15:13:45 -------- d-----w- C:\Program Files (x86)\Common Files\AnswerWorks 5.0

2011-09-27 15:13:43 4199768 ----a-w- C:\Windows\SysWow64\cdintf400.dll

2011-09-27 15:13:21 -------- d-----w- C:\Program Files (x86)\Common Files\Intuit

2011-09-27 15:13:19 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Intuit

2011-09-27 15:13:19 -------- d-----w- C:\Program Files (x86)\Quicken

2011-09-27 15:12:55 -------- d-----w- C:\ProgramData\Intuit

2011-09-27 01:37:28 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Cyberlink

2011-09-27 01:03:12 -------- d-----w- C:\ProgramData\Creative Labs

2011-09-27 01:02:33 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys

2011-09-27 01:02:32 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-09-27 00:59:55 53248 ------w- C:\Windows\Ctregrun.exe

2011-09-27 00:59:16 61440 ------w- C:\Windows\SysWow64\CTChkAud.dll

2011-09-27 00:59:16 183296 ------w- C:\Windows\System32\CTOPT352.dll

2011-09-27 00:59:16 166912 ------w- C:\Windows\SysWow64\CTOPT352.dll

2011-09-27 00:59:15 49664 ------w- C:\Windows\System32\CTChkAud.dll

2011-09-27 00:59:15 42496 ------w- C:\Windows\System32\AddCat.exe

2011-09-27 00:41:30 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Roxio Log Files

2011-09-27 00:40:49 -------- d-----w- C:\Windows\System32\appmgmt

2011-09-27 00:34:31 -------- d-----w- C:\Program Files (x86)\Common Files\Creative Labs Shared

2011-09-27 00:24:29 -------- d-----w- C:\Windows\SysWow64\Wat

2011-09-27 00:24:29 -------- d-----w- C:\Windows\System32\Wat

2011-09-27 00:23:29 -------- d-----w- C:\Program Files (x86)\OpenAL

2011-09-27 00:19:36 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Thunderbird

2011-09-26 23:08:06 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-09-26 23:07:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-09-26 23:07:51 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-09-26 22:29:07 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation

2011-09-26 20:25:31 -------- d-----w- C:\Netgear

2011-09-26 20:23:03 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Macrovision

2011-09-26 19:19:32 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Diagnostics

2011-09-26 19:15:09 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Nero_AG

2011-09-26 18:45:16 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Dell

2011-09-26 18:45:11 -------- d-sh--w- C:\System Recovery

2011-09-26 18:44:26 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Fingertapps

2011-09-26 18:44:25 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Dell

2011-09-26 18:44:13 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Dell Touch Zone

2011-09-26 18:44:03 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Intel Corporation

2011-09-26 18:43:26 -------- d-----r- C:\Users\Wayne-Rhonda\Virtual Machines

2011-09-26 18:43:06 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\VirtualStore

.

==================== Find3M ====================

.

2011-10-04 15:38:41 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-27 01:40:13 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll

2011-09-27 01:40:12 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2011-09-27 01:40:12 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2011-09-27 00:23:29 466520 ----a-w- C:\Windows\System32\wrap_oal.dll

2011-09-27 00:23:29 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2011-09-27 00:23:29 123480 ----a-w- C:\Windows\System32\OpenAL32.dll

2011-09-27 00:23:28 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2011-09-15 22:46:06 86528 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2011-09-15 21:24:48 521448 ----a-w- C:\Windows\System32\deployJava1.dll

2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll

2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll

2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-08-19 22:59:28 158832 ----a-w- C:\Windows\System32\mfevtps.exe

2011-08-15 17:00:06 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys

2011-08-15 17:00:06 75672 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys

2011-08-15 17:00:06 65128 ----a-w- C:\Windows\System32\drivers\cfwids.sys

2011-08-15 17:00:06 642824 ----a-w- C:\Windows\System32\drivers\mfehidk.sys

2011-08-15 17:00:06 481504 ----a-w- C:\Windows\System32\drivers\mfefirek.sys

2011-08-15 17:00:06 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys

2011-08-15 17:00:06 228752 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys

2011-08-15 17:00:06 158584 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys

2011-08-15 17:00:06 100904 ----a-w- C:\Windows\System32\drivers\mferkdet.sys

2011-08-03 10:31:54 311912 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

.

============= FINISH: 14:34:12.02 ===============

Link to post
Share on other sites

  • 2 weeks later...

Hi,

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

When attempting to reply with the listed log's included in the reply the program responded "too large, try again." Therefor, I have attached the log's even though that's not the desired method. Also, after running a quick scan the listed "pup" infection was discovered by Maleware. That is the first time that file was found and it was deleted. Also, it seems to be associated with Google Chrome and I do not have that program on this computer.

THANKS for all your help!

dds.txt

ComboFix.txt

mbam-log-2011-10-31 (11-19-00).txt

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the extended delay.

Use multiple posts if necessary to post future logs instead of attaching them.

Update MBAM, run a Quick Scan, and post its log.

Grab a fresh copy of ComboFix, run it, and post its log.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Post a fresh DDS log.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

MBAM

09:11:32 Wayne-Rhonda MESSAGE Protection started successfully

09:11:36 Wayne-Rhonda MESSAGE IP Protection started successfully

09:12:38 Wayne-Rhonda MESSAGE Scheduled update executed successfully

09:13:00 Wayne-Rhonda MESSAGE IP Protection stopped

09:13:01 Wayne-Rhonda MESSAGE Database updated successfully

09:13:02 Wayne-Rhonda MESSAGE IP Protection started successfully

09:24:05 Wayne-Rhonda MESSAGE Protection started successfully

09:24:09 Wayne-Rhonda MESSAGE IP Protection started successfully

10:56:37 Wayne-Rhonda MESSAGE IP Protection stopped

10:56:38 Wayne-Rhonda MESSAGE Database updated successfully

10:56:39 Wayne-Rhonda MESSAGE IP Protection started successfully

11:29:45 Wayne-Rhonda MESSAGE Protection started successfully

11:29:49 Wayne-Rhonda MESSAGE IP Protection started successfully

ComboFix 11-11-07.03 - Wayne-Rhonda 11/07/2011 11:16:19.2.8 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12279.10244 [GMT -8:00]

Running from: c:\users\Wayne-Rhonda\Downloads\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2011-10-07 to 2011-11-07 )))))))))))))))))))))))))))))))

.

.

2011-11-07 19:20 . 2011-11-07 19:20 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2011-11-07 19:20 . 2011-11-07 19:20 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-06 20:52 . 2011-11-06 20:52 -------- d-----w- c:\users\Wayne-Rhonda\AppData\Local\Google

2011-11-01 20:15 . 2011-11-01 20:15 -------- d-----w- c:\users\Wayne-Rhonda\AppData\Local\Apple Computer

2011-10-31 23:32 . 2011-10-31 23:32 -------- d-----w- c:\program files (x86)\Microsoft ActiveSync

2011-10-31 23:29 . 2011-10-31 23:29 -------- d-----r- C:\MSOCache

2011-10-27 01:25 . 2011-10-27 01:25 -------- d-----w- c:\users\Wayne-Rhonda\AppData\Roaming\NVIDIA

2011-10-27 01:25 . 2011-10-27 01:25 -------- d-----w- c:\users\Wayne-Rhonda\AppData\Roaming\Sony Corporation

2011-10-27 01:02 . 2011-10-27 01:02 -------- d-----w- c:\program files (x86)\Sony

2011-10-27 01:02 . 2011-10-27 01:02 -------- d-----w- c:\programdata\Sony Corporation

2011-10-26 23:12 . 2011-10-26 23:12 -------- d-----w- c:\program files (x86)\Siber Systems

2011-10-26 22:26 . 2011-10-26 22:26 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-10-15 07:54 . 2011-10-15 07:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2011-10-13 02:43 . 2011-10-13 02:43 -------- d-----w- c:\windows\SysWow64\Dell

2011-10-12 21:43 . 2011-11-01 21:36 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-10-12 21:43 . 2011-10-12 21:45 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2011-10-12 21:35 . 2011-10-12 21:35 -------- d-----w- c:\program files (x86)\Shop to Win 22

2011-10-11 23:29 . 2011-10-11 23:30 -------- d-----w- c:\program files\Common Files\Adobe

2011-10-11 19:54 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys

2011-10-11 19:54 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-11 19:54 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax

2011-10-11 19:54 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-11 19:54 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll

2011-10-11 19:54 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll

2011-10-11 19:54 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll

2011-10-11 19:54 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-11 19:54 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-10-09 17:44 . 2011-10-28 17:59 -------- d-----w- c:\users\Wayne-Rhonda\AppData\Local\Windows Live

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-01 19:34 . 2011-09-28 03:22 8456 --sha-w- c:\programdata\KGyGaAvL.sys

2011-10-18 16:48 . 2011-09-15 21:19 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-15 08:53 . 2011-09-28 21:00 1533248 ----a-w- c:\windows\system32\nvdispco64.dll

2011-10-15 08:53 . 2011-09-28 21:00 1454400 ----a-w- c:\windows\system32\nvgenco64.dll

2011-10-15 08:53 . 2011-09-15 22:49 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll

2011-10-15 08:53 . 2011-09-15 22:49 7041856 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2011-10-15 08:53 . 2011-09-15 22:49 13205312 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2011-10-15 08:53 . 2011-09-15 22:49 2808128 ----a-w- c:\windows\system32\nvapi64.dll

2011-10-15 08:53 . 2011-04-04 05:15 137536 ----a-w- c:\windows\system32\nvshext.dll

2011-10-15 08:53 . 2011-04-04 03:15 222528 ----a-w- c:\windows\system32\nvmctray.dll

2011-10-15 08:53 . 2011-04-04 03:15 1640768 ----a-w- c:\windows\system32\nvvsvc.exe

2011-10-15 08:53 . 2011-04-04 03:15 837952 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll

2011-10-15 08:53 . 2011-04-04 03:14 10406208 ----a-w- c:\windows\system32\nvcpl.dll

2011-10-15 08:53 . 2011-04-04 03:14 5067584 ----a-w- c:\windows\system32\nvsvc64.dll

2011-10-03 12:06 . 2011-09-15 21:24 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-09-28 03:30 . 2011-09-28 03:30 8 --sh--r- c:\programdata\AC859C82A4.sys

2011-09-28 03:30 . 2011-09-28 03:30 8 --sh--r- c:\programdata\4CB328A682.sys

2011-09-28 03:30 . 2011-09-28 03:30 8 --sh--r- c:\programdata\4C5B74840F.sys

2011-09-28 03:30 . 2011-09-28 03:30 8 --sh--r- c:\programdata\DED7A8BC10.sys

2011-09-28 03:30 . 2011-09-28 03:30 8 --sh--r- c:\programdata\07B2980D97.sys

2011-09-28 03:22 . 2011-09-28 03:22 8 --sh--r- c:\programdata\F351B99706.sys

2011-09-28 03:22 . 2011-09-28 03:22 8 --sh--r- c:\programdata\C019B48D0E.sys

2011-09-28 03:22 . 2011-09-28 03:22 8 --sh--r- c:\programdata\313F27D68B.sys

2011-09-27 01:40 . 2011-09-15 21:34 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll

2011-09-27 01:40 . 2011-09-15 21:34 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll

2011-09-27 01:40 . 2011-09-15 21:34 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll

2011-09-27 00:23 . 2011-09-15 23:10 466520 ----a-w- c:\windows\system32\wrap_oal.dll

2011-09-27 00:23 . 2011-09-15 23:10 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2011-09-27 00:23 . 2011-09-15 23:10 123480 ----a-w- c:\windows\system32\OpenAL32.dll

2011-09-27 00:23 . 2011-09-15 23:10 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2011-09-27 00:07 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-09-15 23:04 . 2011-09-15 23:04 360832 ----a-w- c:\windows\system32\drivers\vpcvmm.sys

2011-09-15 23:04 . 2011-09-15 23:04 936448 ----a-w- c:\windows\system32\vmsal.exe

2011-09-15 23:04 . 2011-09-15 23:04 793600 ----a-w- c:\windows\SysWow64\vmsal.exe

2011-09-15 23:04 . 2011-09-15 23:04 59392 ----a-w- c:\windows\system32\drivers\vpcnfltr.sys

2011-09-15 23:04 . 2011-09-15 23:04 562176 ----a-w- c:\windows\system32\VMCPropertyHandler.dll

2011-09-15 23:04 . 2011-09-15 23:04 4514816 ----a-w- c:\windows\system32\vpc.exe

2011-09-15 23:04 . 2011-09-15 23:04 2264064 ----a-w- c:\windows\system32\VPCWizard.exe

2011-09-15 23:04 . 2011-09-15 23:04 1369600 ----a-w- c:\windows\system32\VPCSettings.exe

2011-09-15 23:04 . 2011-09-15 23:04 1210368 ----a-w- c:\windows\system32\VMWindow.exe

2011-09-15 23:04 . 2011-09-15 23:04 95232 ----a-w- c:\windows\system32\drivers\vpcusb.sys

2011-09-15 23:04 . 2011-09-15 23:04 194944 ----a-w- c:\windows\system32\drivers\vpchbus.sys

2011-09-15 23:04 . 2011-09-15 23:04 15872 ----a-w- c:\windows\system32\vpchbuspipe.dll

2011-09-15 23:04 . 2011-09-15 23:04 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-09-15 23:04 . 2011-09-15 23:04 31232 ----a-w- c:\windows\SysWow64\prevhost.exe

2011-09-15 23:04 . 2011-09-15 23:04 31232 ----a-w- c:\windows\system32\prevhost.exe

2011-09-15 23:04 . 2011-09-15 23:04 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2011-09-15 23:04 . 2011-09-15 23:04 976896 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-15 23:04 . 2011-09-15 23:04 902656 ----a-w- c:\windows\system32\d2d1.dll

2011-09-15 23:04 . 2011-09-15 23:04 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll

2011-09-15 23:04 . 2011-09-15 23:04 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2011-09-15 23:04 . 2011-09-15 23:04 70656 ----a-w- c:\windows\SysWow64\fontsub.dll

2011-09-15 23:04 . 2011-09-15 23:04 499200 ----a-w- c:\windows\system32\drivers\afd.sys

2011-09-15 23:04 . 2011-09-15 23:04 46080 ----a-w- c:\windows\system32\atmlib.dll

2011-09-15 23:04 . 2011-09-15 23:04 367616 ----a-w- c:\windows\system32\atmfd.dll

2011-09-15 23:04 . 2011-09-15 23:04 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2011-09-15 23:04 . 2011-09-15 23:04 294912 ----a-w- c:\windows\SysWow64\atmfd.dll

2011-09-15 23:04 . 2011-09-15 23:04 2871808 ----a-w- c:\windows\explorer.exe

2011-09-15 23:04 . 2011-09-15 23:04 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-09-15 23:04 . 2011-09-15 23:04 2616320 ----a-w- c:\windows\SysWow64\explorer.exe

2011-09-15 23:04 . 2011-09-15 23:04 197120 ----a-w- c:\windows\system32\d3d10_1.dll

2011-09-15 23:04 . 2011-09-15 23:04 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2011-09-15 23:04 . 2011-09-15 23:04 1544192 ----a-w- c:\windows\system32\DWrite.dll

2011-09-15 23:04 . 2011-09-15 23:04 1395712 ----a-w- c:\windows\system32\mfc42.dll

2011-09-15 23:04 . 2011-09-15 23:04 1359872 ----a-w- c:\windows\system32\mfc42u.dll

2011-09-15 23:04 . 2011-09-15 23:04 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll

2011-09-15 23:04 . 2011-09-15 23:04 1139200 ----a-w- c:\windows\system32\FntCache.dll

2011-09-15 23:04 . 2011-09-15 23:04 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll

2011-09-15 23:04 . 2011-09-15 23:04 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll

2011-09-15 23:04 . 2011-09-15 23:04 100864 ----a-w- c:\windows\system32\fontsub.dll

2011-09-15 23:04 . 2011-09-15 23:04 961024 ----a-w- c:\windows\system32\CPFilters.dll

2011-09-15 23:04 . 2011-09-15 23:04 850944 ----a-w- c:\windows\SysWow64\sbe.dll

2011-09-15 23:04 . 2011-09-15 23:04 723968 ----a-w- c:\windows\system32\EncDec.dll

2011-09-15 23:04 . 2011-09-15 23:04 715776 ----a-w- c:\windows\system32\kerberos.dll

2011-09-15 23:04 . 2011-09-15 23:04 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll

2011-09-15 23:04 . 2011-09-15 23:04 542208 ----a-w- c:\windows\SysWow64\kerberos.dll

2011-09-15 23:04 . 2011-09-15 23:04 534528 ----a-w- c:\windows\SysWow64\EncDec.dll

2011-09-15 23:04 . 2011-09-15 23:04 259072 ----a-w- c:\windows\system32\mpg2splt.ax

2011-09-15 23:04 . 2011-09-15 23:04 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax

2011-09-15 23:04 . 2011-09-15 23:04 1118720 ----a-w- c:\windows\system32\sbe.dll

2011-09-15 23:04 . 2011-09-15 23:04 99328 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-09-15 23:04 . 2011-09-15 23:04 96768 ----a-w- c:\windows\system32\fsutil.exe

2011-09-15 23:04 . 2011-09-15 23:04 7936 ----a-w- c:\windows\system32\drivers\usbd.sys

2011-09-15 23:04 . 2011-09-15 23:04 74240 ----a-w- c:\windows\SysWow64\fsutil.exe

2011-09-15 23:04 . 2011-09-15 23:04 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-09-15 23:04 . 2011-09-15 23:04 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys

2011-09-15 23:04 . 2011-09-15 23:04 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2011-09-15 23:04 . 2011-09-15 23:04 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-09-15 23:04 . 2011-09-15 23:04 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-09-15 23:04 . 2011-09-15 23:04 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-09-15 23:04 . 2011-09-15 23:04 30208 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-09-15 23:04 . 2011-09-15 23:04 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe

2011-09-15 23:04 . 2011-09-15 23:04 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys

2011-09-15 23:04 . 2011-09-15 23:04 267776 ----a-w- c:\windows\system32\FXSCOVER.exe

2011-09-15 23:04 . 2011-09-15 23:04 2565632 ----a-w- c:\windows\system32\esent.dll

2011-09-15 23:04 . 2011-09-15 23:04 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2011-09-15 23:04 . 2011-09-15 23:04 189824 ----a-w- c:\windows\system32\drivers\storport.sys

2011-09-15 23:04 . 2011-09-15 23:04 183296 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-09-15 23:04 . 2011-09-15 23:04 1699328 ----a-w- c:\windows\SysWow64\esent.dll

2011-09-15 23:04 . 2011-09-15 23:04 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-10-31_18.02.38 )))))))))))))))))))))))))))))))))))))))))

.

+ 1999-11-25 01:40 . 1999-11-25 01:40 40960 c:\windows\SysWOW64\VBAME.DLL

+ 1998-03-25 04:54 . 1998-03-25 04:54 15872 c:\windows\SysWOW64\SCP32.DLL

+ 1998-06-18 02:08 . 1998-06-18 02:08 53248 c:\windows\SysWOW64\MFC42ENU.DLL

+ 2007-03-23 02:17 . 2007-03-23 02:17 35440 c:\windows\SysWOW64\FM20ENU.DLL

- 2009-07-14 04:54 . 2011-10-31 16:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2011-11-07 17:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2011-10-31 16:31 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-11-07 17:24 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-11-07 17:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2011-10-31 16:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-11-21 03:09 . 2011-11-07 17:23 42740 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-11-07 17:23 40076 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-10-31 23:32 . 2007-04-09 20:23 46472 c:\windows\system32\spool\drivers\x64\mdiui.dll

- 2011-09-26 18:41 . 2011-10-31 17:09 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-09-26 18:41 . 2011-11-07 17:38 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-09-26 18:41 . 2011-10-31 17:09 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-09-26 18:41 . 2011-11-07 17:38 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-11-07 17:38 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2011-10-31 17:09 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:46 . 2011-11-03 16:13 89872 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2011-05-24 23:27 . 2011-05-24 23:27 60928 c:\windows\Installer\12424fa.msp

+ 2011-10-31 23:32 . 2011-11-01 19:24 23040 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\unbndico.exe

+ 2011-10-31 23:32 . 2011-11-01 19:24 61440 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\pubs.exe

+ 2011-10-31 23:32 . 2011-11-01 19:24 27136 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2011-10-31 23:32 . 2011-11-01 19:24 11264 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2011-10-31 23:32 . 2011-11-01 19:24 86016 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\inficon.exe

+ 2011-10-31 23:32 . 2011-11-01 19:24 12288 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 1999-12-10 04:21 . 1999-12-10 04:21 32768 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\XLCALL32.DLL

+ 2011-10-31 23:32 . 2011-10-31 23:32 64088 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\VBIDEPIA.DLL

+ 2003-07-15 05:53 . 2003-07-15 05:53 11848 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL.EXE

+ 2003-07-15 05:57 . 2003-07-15 05:57 58944 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL

+ 2003-07-15 05:57 . 2003-07-15 05:57 40512 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL

+ 2003-05-09 04:54 . 2003-05-09 04:54 77824 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL

+ 2003-07-15 10:14 . 2003-07-15 10:14 27192 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\OISCTRL.DLL

+ 2003-07-15 05:56 . 2003-07-15 05:56 13888 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL

+ 2003-07-15 05:57 . 2003-07-15 05:57 56888 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\NAME.DLL

+ 1998-08-09 18:07 . 1998-08-09 18:07 94208 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSSTKPRP.DLL

+ 2003-07-15 05:52 . 2003-07-15 05:52 41528 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSSH.DLL

+ 2003-06-19 00:31 . 2003-06-19 00:31 16384 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL

+ 2003-07-15 05:45 . 2003-07-15 05:45 39488 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL

+ 2003-07-15 05:45 . 2003-07-15 05:45 55360 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE

+ 2003-07-15 05:46 . 2003-07-15 05:46 42040 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL

+ 2003-07-15 05:52 . 2003-07-15 05:52 35896 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSOSV.DLL

+ 2003-07-15 05:52 . 2003-07-15 05:52 28224 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL

+ 2003-07-15 05:52 . 2003-07-15 05:52 55360 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE

+ 2003-07-15 05:52 . 2003-07-15 05:52 67128 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSOHEV.DLL

+ 2003-07-15 05:44 . 2003-07-15 05:44 25144 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSOEURO.DLL

+ 2003-07-15 05:52 . 2003-07-15 05:52 27704 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSODCW.DLL

+ 2003-07-15 05:52 . 2003-07-15 05:52 17464 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSMH.DLL

+ 2003-07-15 05:51 . 2003-07-15 05:51 87104 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSENCODE.DLL

+ 2003-06-19 00:31 . 2003-06-19 00:31 35328 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MDIUI.DLL

+ 2003-06-19 00:31 . 2003-06-19 00:31 18944 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MDIPPR.DLL

+ 2003-06-19 00:31 . 2003-06-19 00:31 17920 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MDIMON.DLL

+ 2003-07-15 05:57 . 2003-07-15 05:57 87096 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\IEAWSDC.DLL

+ 2003-07-15 05:53 . 2003-07-15 05:53 34880 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\DWTRIG20.EXE

+ 2003-07-15 05:52 . 2003-07-15 05:52 39992 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\DWDCW20.DLL

+ 2003-07-15 05:57 . 2003-07-15 05:57 98360 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\DSSM.EXE

+ 2003-07-15 05:56 . 2003-07-15 05:56 14904 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\DSITF.DLL

+ 2003-07-15 10:18 . 2003-07-15 10:18 14400 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\DFUIPRXY.DLL

+ 2003-07-15 10:18 . 2003-07-15 10:18 47160 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\DFUICOM.EXE

+ 2003-07-15 05:53 . 2003-07-15 05:53 94768 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\AW.DLL

+ 2003-07-15 05:57 . 2003-07-15 05:57 38968 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL

+ 2011-10-31 23:32 . 2011-10-31 23:32 16384 c:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll

+ 2011-10-31 23:36 . 2011-10-31 23:36 66936 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll

+ 2011-09-27 00:08 . 2011-11-07 17:23 7074 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3288449280-1958838829-573916818-1000_UserData.bin

+ 2011-11-07 19:21 . 2011-11-07 19:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-10-31 18:01 . 2011-10-31 18:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-11-07 19:21 . 2011-11-07 19:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-10-31 18:01 . 2011-10-31 18:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-10-31 23:32 . 2011-11-01 19:24 4096 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2011-10-31 23:32 . 2011-10-31 23:32 4096 c:\windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll

+ 2000-04-04 00:52 . 2000-04-04 00:52 151552 c:\windows\SysWOW64\RDOCURS.DLL

+ 2000-05-24 05:45 . 2000-05-24 05:45 118784 c:\windows\SysWOW64\MSSTDFMT.DLL

+ 2000-05-11 20:06 . 2000-05-11 20:06 397312 c:\windows\SysWOW64\MSRDO20.DLL

+ 2011-10-31 23:32 . 2007-04-09 20:24 758664 c:\windows\system32\spool\drivers\x64\mdigraph.dll

- 2009-07-14 02:36 . 2011-10-30 06:35 661680 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-11-07 17:26 661680 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2011-10-30 06:35 121598 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2011-11-07 17:26 121598 c:\windows\system32\perfc009.dat

+ 2009-07-14 04:45 . 2011-11-01 16:51 318256 c:\windows\system32\FNTCACHE.DAT

+ 2011-09-26 23:51 . 2011-11-07 04:26 840584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2009-07-14 05:01 . 2011-11-07 19:20 270544 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-09-26 23:51 . 2011-11-01 04:02 540808 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3288449280-1958838829-573916818-1000-12288.dat

+ 2009-09-09 22:40 . 2009-09-09 22:40 632320 c:\windows\Installer\89637b.msp

+ 2008-07-28 21:59 . 2008-07-28 21:59 180736 c:\windows\Installer\89620d.msp

+ 2010-11-12 18:08 . 2010-11-12 18:08 889344 c:\windows\Installer\8961f2.msp

+ 2011-10-31 23:32 . 2011-11-01 19:24 409600 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2011-10-31 23:32 . 2011-11-01 19:24 286720 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2011-10-31 23:32 . 2011-11-01 19:24 249856 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\pptico.exe

+ 2011-10-31 23:32 . 2011-11-01 19:24 794624 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2011-10-31 23:32 . 2011-11-01 19:24 135168 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2011-10-31 23:32 . 2011-11-01 19:24 593920 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2007-05-10 21:35 . 2007-05-10 21:35 120160 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.8173\MSCONV97.DLL

+ 2007-04-19 21:01 . 2007-04-19 21:01 238424 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.8173\MSCDM.DLL

+ 2007-04-19 21:09 . 2007-04-19 21:09 167256 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.8173\IETAG.DLL

+ 2003-07-15 10:14 . 2003-07-15 10:14 242240 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL

+ 2003-07-15 10:14 . 2003-07-15 10:14 828472 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\OISAPP.DLL

+ 2003-07-15 10:14 . 2003-07-15 10:14 283696 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\OIS.EXE

+ 2011-10-31 23:32 . 2011-10-31 23:32 223800 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\OFFICE.DLL

+ 2003-07-15 06:00 . 2003-07-15 06:00 145984 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL

+ 1998-06-17 18:52 . 1998-06-17 18:52 401462 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSVCP60.DLL

+ 2003-07-24 05:40 . 2003-07-24 05:40 482872 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSTORES.DLL

+ 2003-07-15 05:56 . 2003-07-15 05:56 124984 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSTORE.EXE

+ 2003-07-15 06:02 . 2003-07-15 06:02 627256 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSTORDB.EXE

+ 2003-06-19 23:05 . 2003-06-19 23:05 364648 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE

+ 2003-07-15 10:18 . 2003-07-15 10:18 376888 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSORUN.DLL

+ 2003-07-24 05:35 . 2003-07-24 05:35 127032 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSOCFU.DLL

+ 2003-07-15 10:14 . 2003-07-15 10:14 106552 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSOCF.DLL

+ 2003-07-15 05:57 . 2003-07-15 05:57 120888 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL

+ 2002-04-10 03:14 . 2002-04-10 03:14 187560 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSMDUN80.DLL

+ 2002-12-18 02:08 . 2002-12-18 02:08 359600 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSDMENG.DLL

+ 2003-07-15 05:51 . 2003-07-15 05:51 116288 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSCONV97.DLL

+ 2003-07-15 05:58 . 2003-07-15 05:58 230968 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSCDM.DLL

+ 2003-06-19 00:31 . 2003-06-19 00:31 443904 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MDIVWCTL.DLL

+ 2003-06-19 00:31 . 2003-06-19 00:31 252928 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL

+ 2003-06-19 00:31 . 2003-06-19 00:31 758784 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MDIGRAPH.DLL

+ 2003-07-15 05:53 . 2003-07-15 05:53 161336 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\IETAG.DLL

+ 2003-07-26 02:14 . 2003-07-26 02:14 799288 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\FPWEC.DLL

+ 2003-07-15 05:40 . 2003-07-15 05:40 165944 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\FPLACE.DLL

+ 2003-07-15 05:40 . 2003-07-15 05:40 179768 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL

+ 2003-07-15 06:36 . 2003-07-15 06:36 186424 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\FPDTC.DLL

+ 2003-07-15 10:14 . 2003-07-15 10:14 350264 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\CDLMSO.DLL

+ 2003-07-15 10:18 . 2003-07-15 10:18 141360 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\ATP.DLL

+ 2011-01-14 14:10 . 2011-01-14 14:10 155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL

+ 2011-01-14 14:10 . 2011-01-14 14:10 140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL

+ 2011-10-31 23:36 . 2011-10-31 23:36 226656 c:\windows\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL

+ 2011-10-31 23:32 . 2011-10-31 23:32 229376 c:\windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL

+ 2011-10-31 23:32 . 2011-10-31 23:32 110592 c:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll

+ 2009-08-05 02:52 . 2009-08-05 02:52 1193832 c:\windows\SysWOW64\FM20.DLL

+ 2010-08-05 17:57 . 2010-08-05 17:57 4066304 c:\windows\Installer\896405.msp

+ 2009-10-17 01:07 . 2009-10-17 01:07 6115328 c:\windows\Installer\8963ea.msp

+ 2010-10-22 22:45 . 2010-10-22 22:45 8444928 c:\windows\Installer\8963ce.msp

+ 2011-07-26 15:17 . 2011-07-26 15:17 6824960 c:\windows\Installer\896397.msp

+ 2009-08-20 12:02 . 2009-08-20 12:02 5204992 c:\windows\Installer\89635e.msp

+ 2010-06-12 00:55 . 2010-06-12 00:55 1827328 c:\windows\Installer\896341.msp

+ 2009-07-01 20:21 . 2009-07-01 20:21 8891904 c:\windows\Installer\896319.msp

+ 2010-08-24 00:09 . 2010-08-24 00:09 7673344 c:\windows\Installer\8962f1.msp

+ 2008-01-14 23:53 . 2008-01-14 23:53 5213696 c:\windows\Installer\8962d5.msp

+ 2011-01-15 16:46 . 2011-01-15 16:46 2049536 c:\windows\Installer\8962bb.msi

+ 2011-05-18 01:28 . 2011-05-18 01:28 6862848 c:\windows\Installer\8962b4.msp

+ 2011-04-29 20:04 . 2011-04-29 20:04 5053440 c:\windows\Installer\896298.msp

+ 2009-12-17 05:58 . 2009-12-17 05:58 5382144 c:\windows\Installer\89627d.msp

+ 2008-10-25 16:15 . 2008-10-25 16:15 6227456 c:\windows\Installer\896260.msp

+ 2009-09-29 16:08 . 2009-09-29 16:08 6747648 c:\windows\Installer\896245.msp

+ 2011-05-23 21:15 . 2011-05-23 21:15 3617792 c:\windows\Installer\896229.msp

+ 2010-08-26 00:06 . 2010-08-26 00:06 6479360 c:\windows\Installer\8961d2.msp

+ 2010-10-02 04:53 . 2010-10-02 04:53 4147712 c:\windows\Installer\8961b6.msp

+ 2010-03-30 19:34 . 2010-03-30 19:34 3826688 c:\windows\Installer\89619b.msp

+ 2011-07-21 19:34 . 2011-07-21 19:34 3456000 c:\windows\Installer\1b4295.msp

+ 2005-10-26 21:59 . 2005-10-26 21:59 2883072 c:\windows\Installer\1242516.msp

+ 2011-09-20 22:36 . 2011-09-20 22:36 5521408 c:\windows\Installer\12424df.msp

+ 2011-10-31 23:29 . 2011-10-31 23:29 5923328 c:\windows\Installer\124241e.msi

+ 2007-05-10 00:19 . 2007-05-10 00:19 2585936 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.8173\VBE6.DLL

+ 2007-05-10 20:45 . 2007-05-10 20:45 8069464 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.8173\OWC11.DLL

+ 2007-04-19 21:09 . 2007-04-19 21:09 1061720 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.8173\OMFC.DLL

+ 2007-06-06 17:53 . 2007-06-06 17:53 1195888 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.8173\FM20.DLL

+ 2003-07-03 22:19 . 2003-07-03 22:19 2502656 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\VBE6.DLL

+ 2003-08-03 17:52 . 2003-08-03 17:52 2808376 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\STSLIST.DLL

+ 2003-08-01 22:09 . 2003-08-01 22:09 8086072 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\OWC11.DLL

+ 2003-07-15 06:05 . 2003-07-15 06:05 1054264 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\OMFC.DLL

+ 2003-06-19 00:31 . 2003-06-19 00:31 1033216 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSPCORE.DLL

+ 2003-07-11 09:15 . 2003-07-11 09:15 1292872 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSONSEXT.DLL

+ 2002-12-18 02:09 . 2002-12-18 02:09 2071752 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSOLAP80.DLL

+ 2002-12-18 02:08 . 2002-12-18 02:08 1383592 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSDMINE.DLL

+ 2003-07-15 06:11 . 2003-07-15 06:11 2139192 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\GRAPH.EXE

+ 2003-07-26 02:00 . 2003-07-26 02:00 1157696 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\FPSRVUTL.DLL

+ 2003-07-24 06:01 . 2003-07-24 06:01 1949240 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\FPCUTL.DLL

+ 2003-08-03 17:56 . 2003-08-03 17:56 1146184 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\FM20.DLL

+ 2011-01-14 14:10 . 2011-01-14 14:10 2395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL

+ 2011-01-14 14:10 . 2011-01-14 14:10 2180992 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKPOWERPOINT.DLL

+ 2011-01-14 14:10 . 2011-01-14 14:10 3443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL

+ 2011-09-26 23:51 . 2011-11-07 19:20 13693888 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3288449280-1958838829-573916818-1000-8192.dat

+ 2011-07-26 23:33 . 2011-07-26 23:33 10984448 c:\windows\Installer\8963b3.msp

+ 2010-06-12 00:52 . 2010-06-12 00:52 45542912 c:\windows\Installer\896342.msp

+ 2009-07-01 20:19 . 2009-07-01 20:19 10607104 c:\windows\Installer\89631a.msp

+ 2007-05-31 20:37 . 2007-05-31 20:37 12310368 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.8173\WINWORD.EXE

+ 2007-06-19 00:16 . 2007-06-19 00:16 12259160 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.8173\MSO.DLL

+ 2007-05-31 20:41 . 2007-05-31 20:41 10352472 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE

+ 2003-08-06 20:24 . 2003-08-06 20:24 12037688 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\WINWORD.EXE

+ 2003-08-08 07:23 . 2003-08-08 07:23 12172336 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSO.DLL

+ 2003-08-13 09:34 . 2003-08-13 09:34 10073144 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\EXCEL.EXE

+ 2007-07-27 16:03 . 2007-07-27 16:03 119977472 c:\windows\Installer\12424ca.msp

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Rainlendar2"="c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2011-08-12 2433024]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-10-26 107000]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]

"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-17 1674896]

"CTxfiHlp"="CTXFIHLP.EXE" [2010-07-07 24576]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 451144]

"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"CTAutoUpdate"="c:\program files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe" [2009-06-19 623416]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]

R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-07-13 150920]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366664]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-09-27 79360]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-09-27 79360]

R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2011-09-27 79360]

R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]

R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]

R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]

R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\FA53.tmp [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]

R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]

R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]

R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools Security\TFEngine\TFService.exe service [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-09-05 64952]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-08-19 208272]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]

S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]

S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]

S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]

S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]

S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3288449280-1958838829-573916818-1000Core.job

- c:\users\Wayne-Rhonda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-06 20:52]

.

2011-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3288449280-1958838829-573916818-1000UA.job

- c:\users\Wayne-Rhonda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-06 20:52]

.

2011-10-19 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]

.

2011-11-07 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]

.

.

--------- x86-64 -----------

.

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\FA53.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

.

**************************************************************************

.

Completion time: 2011-11-07 11:23:54 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-07 19:23

ComboFix2.txt 2011-10-31 18:04

.

Pre-Run: 914,422,521,856 bytes free

Post-Run: 914,013,147,136 bytes free

.

- - End Of File - - 23D88642366E5A2D281B813069693D54

Link to post
Share on other sites

Hi,

My apologies for the extended delay.

Use multiple posts if necessary to post future logs instead of attaching them.

Update MBAM, run a Quick Scan, and post its log.

Grab a fresh copy of ComboFix, run it, and post its log.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Post a fresh DDS log.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

11:37:47.0406 2752 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51

11:37:48.0155 2752 ============================================================

11:37:48.0155 2752 Current date / time: 2011/11/07 11:37:48.0155

11:37:48.0155 2752 SystemInfo:

11:37:48.0155 2752

11:37:48.0155 2752 OS Version: 6.1.7601 ServicePack: 1.0

11:37:48.0155 2752 Product type: Workstation

11:37:48.0155 2752 ComputerName: WAYNE-RHONDA-PC

11:37:48.0155 2752 UserName: Wayne-Rhonda

11:37:48.0155 2752 Windows directory: C:\Windows

11:37:48.0155 2752 System windows directory: C:\Windows

11:37:48.0155 2752 Running under WOW64

11:37:48.0155 2752 Processor architecture: Intel x64

11:37:48.0155 2752 Number of processors: 8

11:37:48.0155 2752 Page size: 0x1000

11:37:48.0155 2752 Boot type: Normal boot

11:37:48.0155 2752 ============================================================

11:37:49.0013 2752 Initialize success

11:38:03.0724 6700 ============================================================

11:38:03.0724 6700 Scan started

11:38:03.0724 6700 Mode: Manual;

11:38:03.0724 6700 ============================================================

11:38:04.0083 6700 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys

11:38:04.0083 6700 1394ohci - ok

11:38:04.0176 6700 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

11:38:04.0176 6700 ACPI - ok

11:38:04.0207 6700 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

11:38:04.0254 6700 AcpiPmi - ok

11:38:04.0301 6700 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

11:38:04.0317 6700 adp94xx - ok

11:38:04.0348 6700 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

11:38:04.0363 6700 adpahci - ok

11:38:04.0379 6700 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

11:38:04.0410 6700 adpu320 - ok

11:38:04.0473 6700 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

11:38:04.0473 6700 AFD - ok

11:38:04.0488 6700 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

11:38:04.0519 6700 agp440 - ok

11:38:04.0535 6700 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

11:38:04.0535 6700 aliide - ok

11:38:04.0551 6700 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

11:38:04.0551 6700 amdide - ok

11:38:04.0551 6700 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

11:38:04.0566 6700 AmdK8 - ok

11:38:04.0566 6700 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

11:38:04.0566 6700 AmdPPM - ok

11:38:04.0597 6700 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

11:38:04.0644 6700 amdsata - ok

11:38:04.0675 6700 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

11:38:04.0691 6700 amdsbs - ok

11:38:04.0707 6700 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

11:38:04.0707 6700 amdxata - ok

11:38:04.0738 6700 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

11:38:04.0785 6700 AppID - ok

11:38:04.0785 6700 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

11:38:04.0800 6700 arc - ok

11:38:04.0800 6700 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

11:38:04.0800 6700 arcsas - ok

11:38:04.0847 6700 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

11:38:04.0847 6700 AsyncMac - ok

11:38:04.0894 6700 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

11:38:04.0909 6700 atapi - ok

11:38:04.0972 6700 athr (195786ed7a26e1913a4f9799fdbc2c71) C:\Windows\system32\DRIVERS\athrx.sys

11:38:05.0034 6700 athr - ok

11:38:05.0081 6700 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

11:38:05.0097 6700 b06bdrv - ok

11:38:05.0112 6700 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

11:38:05.0128 6700 b57nd60a - ok

11:38:05.0159 6700 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

11:38:05.0159 6700 Beep - ok

11:38:05.0190 6700 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

11:38:05.0206 6700 blbdrive - ok

11:38:05.0221 6700 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

11:38:05.0237 6700 bowser - ok

11:38:05.0253 6700 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

11:38:05.0253 6700 BrFiltLo - ok

11:38:05.0268 6700 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

11:38:05.0268 6700 BrFiltUp - ok

11:38:05.0299 6700 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

11:38:05.0315 6700 Brserid - ok

11:38:05.0315 6700 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

11:38:05.0331 6700 BrSerWdm - ok

11:38:05.0346 6700 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

11:38:05.0346 6700 BrUsbMdm - ok

11:38:05.0346 6700 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

11:38:05.0346 6700 BrUsbSer - ok

11:38:05.0362 6700 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

11:38:05.0362 6700 BTHMODEM - ok

11:38:05.0362 6700 catchme - ok

11:38:05.0377 6700 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

11:38:05.0393 6700 cdfs - ok

11:38:05.0409 6700 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

11:38:05.0455 6700 cdrom - ok

11:38:05.0487 6700 cfwids (75f91554e5fa6e962b880405fecc97a1) C:\Windows\system32\drivers\cfwids.sys

11:38:05.0533 6700 cfwids - ok

11:38:05.0549 6700 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

11:38:05.0565 6700 circlass - ok

11:38:05.0596 6700 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

11:38:05.0596 6700 CLFS - ok

11:38:05.0643 6700 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

11:38:05.0643 6700 CmBatt - ok

11:38:05.0643 6700 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

11:38:05.0658 6700 cmdide - ok

11:38:05.0689 6700 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

11:38:05.0689 6700 CNG - ok

11:38:05.0689 6700 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

11:38:05.0689 6700 Compbatt - ok

11:38:05.0721 6700 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

11:38:05.0783 6700 CompositeBus - ok

11:38:05.0799 6700 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

11:38:05.0799 6700 crcdisk - ok

11:38:05.0892 6700 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

11:38:05.0939 6700 CSC - ok

11:38:05.0970 6700 CT20XUT (148c9c111291c41d6b2abfb6fbb43856) C:\Windows\system32\drivers\CT20XUT.SYS

11:38:06.0017 6700 CT20XUT - ok

11:38:06.0033 6700 CT20XUT.SYS (148c9c111291c41d6b2abfb6fbb43856) C:\Windows\System32\drivers\CT20XUT.SYS

11:38:06.0033 6700 CT20XUT.SYS - ok

11:38:06.0079 6700 ctac32k (397fbd4454e5b2fb77e55d1013df548c) C:\Windows\system32\drivers\ctac32k.sys

11:38:06.0142 6700 ctac32k - ok

11:38:06.0189 6700 ctaud2k (50a8cd4df066fe57d0c473a2645988cc) C:\Windows\system32\drivers\ctaud2k.sys

11:38:06.0235 6700 ctaud2k - ok

11:38:06.0282 6700 CTEXFIFX (6f9c3c6c78f5296f4bc7102fb0f7cb65) C:\Windows\system32\drivers\CTEXFIFX.SYS

11:38:06.0298 6700 CTEXFIFX - ok

11:38:06.0313 6700 CTEXFIFX.SYS (6f9c3c6c78f5296f4bc7102fb0f7cb65) C:\Windows\System32\drivers\CTEXFIFX.SYS

11:38:06.0329 6700 CTEXFIFX.SYS - ok

11:38:06.0329 6700 CTHWIUT (ae78ca7ee865a28ac841211db655acf3) C:\Windows\system32\drivers\CTHWIUT.SYS

11:38:06.0345 6700 CTHWIUT - ok

11:38:06.0360 6700 CTHWIUT.SYS (ae78ca7ee865a28ac841211db655acf3) C:\Windows\System32\drivers\CTHWIUT.SYS

11:38:06.0360 6700 CTHWIUT.SYS - ok

11:38:06.0376 6700 ctprxy2k (757776e207ca5e71e4a16bd1260ae1f2) C:\Windows\system32\drivers\ctprxy2k.sys

11:38:06.0391 6700 ctprxy2k - ok

11:38:06.0407 6700 ctsfm2k (9b111ee2f488a8d9c21a13ed4c777795) C:\Windows\system32\drivers\ctsfm2k.sys

11:38:06.0438 6700 ctsfm2k - ok

11:38:06.0469 6700 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

11:38:06.0485 6700 DfsC - ok

11:38:06.0501 6700 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

11:38:06.0501 6700 discache - ok

11:38:06.0532 6700 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

11:38:06.0532 6700 Disk - ok

11:38:06.0563 6700 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys

11:38:06.0610 6700 dmvsc - ok

11:38:06.0625 6700 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

11:38:06.0641 6700 drmkaud - ok

11:38:06.0672 6700 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

11:38:06.0719 6700 DXGKrnl - ok

11:38:06.0781 6700 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

11:38:06.0859 6700 ebdrv - ok

11:38:06.0875 6700 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

11:38:06.0906 6700 elxstor - ok

11:38:06.0922 6700 emupia (683dcaf0d4efc3f95a32e8924849202d) C:\Windows\system32\drivers\emupia2k.sys

11:38:06.0953 6700 emupia - ok

11:38:06.0969 6700 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

11:38:06.0969 6700 ErrDev - ok

11:38:07.0000 6700 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

11:38:07.0015 6700 exfat - ok

11:38:07.0031 6700 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

11:38:07.0047 6700 fastfat - ok

11:38:07.0062 6700 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

11:38:07.0078 6700 fdc - ok

11:38:07.0093 6700 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

11:38:07.0093 6700 FileInfo - ok

11:38:07.0109 6700 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

11:38:07.0125 6700 Filetrace - ok

11:38:07.0140 6700 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

11:38:07.0140 6700 flpydisk - ok

11:38:07.0156 6700 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

11:38:07.0156 6700 FltMgr - ok

11:38:07.0171 6700 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

11:38:07.0171 6700 FsDepends - ok

11:38:07.0187 6700 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

11:38:07.0187 6700 Fs_Rec - ok

11:38:07.0203 6700 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

11:38:07.0218 6700 fvevol - ok

11:38:07.0218 6700 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

11:38:07.0234 6700 gagp30kx - ok

11:38:07.0312 6700 ha20x22k (076f366b87575adc7d152c7a34acb3dc) C:\Windows\system32\drivers\ha20x22k.sys

11:38:07.0343 6700 ha20x22k - ok

11:38:07.0405 6700 ha20x2k (4a7533eb52dc9d1847e7f78dee1ce322) C:\Windows\system32\drivers\ha20x2k.sys

11:38:07.0452 6700 ha20x2k - ok

11:38:07.0483 6700 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

11:38:07.0483 6700 hcw85cir - ok

11:38:07.0515 6700 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

11:38:07.0515 6700 HDAudBus - ok

11:38:07.0515 6700 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

11:38:07.0515 6700 HidBatt - ok

11:38:07.0530 6700 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

11:38:07.0530 6700 HidBth - ok

11:38:07.0546 6700 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

11:38:07.0561 6700 HidIr - ok

11:38:07.0577 6700 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

11:38:07.0608 6700 HidUsb - ok

11:38:07.0639 6700 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

11:38:07.0655 6700 HpSAMD - ok

11:38:07.0686 6700 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

11:38:07.0686 6700 HTTP - ok

11:38:07.0702 6700 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

11:38:07.0702 6700 hwpolicy - ok

11:38:07.0733 6700 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

11:38:07.0749 6700 i8042prt - ok

11:38:07.0780 6700 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys

11:38:07.0780 6700 iaStor - ok

11:38:07.0842 6700 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

11:38:07.0842 6700 iaStorV - ok

11:38:07.0842 6700 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

11:38:07.0858 6700 iirsp - ok

11:38:07.0873 6700 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

11:38:07.0873 6700 intelide - ok

11:38:07.0889 6700 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

11:38:07.0889 6700 intelppm - ok

11:38:07.0889 6700 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

11:38:07.0920 6700 IpFilterDriver - ok

11:38:07.0920 6700 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

11:38:07.0951 6700 IPMIDRV - ok

11:38:07.0951 6700 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

11:38:07.0967 6700 IPNAT - ok

11:38:07.0983 6700 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

11:38:07.0983 6700 IRENUM - ok

11:38:07.0983 6700 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

11:38:07.0998 6700 isapnp - ok

11:38:08.0029 6700 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

11:38:08.0076 6700 iScsiPrt - ok

11:38:08.0076 6700 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

11:38:08.0092 6700 kbdclass - ok

11:38:08.0092 6700 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

11:38:08.0123 6700 kbdhid - ok

11:38:08.0139 6700 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

11:38:08.0139 6700 KSecDD - ok

11:38:08.0154 6700 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

11:38:08.0154 6700 KSecPkg - ok

11:38:08.0170 6700 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

11:38:08.0185 6700 ksthunk - ok

11:38:08.0248 6700 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

11:38:08.0263 6700 lltdio - ok

11:38:08.0279 6700 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

11:38:08.0310 6700 LSI_FC - ok

11:38:08.0310 6700 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

11:38:08.0326 6700 LSI_SAS - ok

11:38:08.0326 6700 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

11:38:08.0326 6700 LSI_SAS2 - ok

11:38:08.0326 6700 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

11:38:08.0341 6700 LSI_SCSI - ok

11:38:08.0357 6700 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

11:38:08.0373 6700 luafv - ok

11:38:08.0419 6700 MBAMProtector (8537af53945f45565908729286ba6149) C:\Windows\system32\drivers\mbam.sys

11:38:08.0419 6700 MBAMProtector - ok

11:38:08.0482 6700 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

11:38:08.0497 6700 megasas - ok

11:38:08.0513 6700 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

11:38:08.0513 6700 MegaSR - ok

11:38:08.0560 6700 MEMSWEEP2 (f9ce67e9e0226079b59107b649851f96) C:\Windows\system32\FA53.tmp

11:38:08.0560 6700 MEMSWEEP2 - ok

11:38:08.0591 6700 mfeapfk (eac376dd77ec9e95d38108a27c261dca) C:\Windows\system32\drivers\mfeapfk.sys

11:38:08.0638 6700 mfeapfk - ok

11:38:08.0669 6700 mfeavfk (f55f50b11d635658f346db0457bb2b79) C:\Windows\system32\drivers\mfeavfk.sys

11:38:08.0716 6700 mfeavfk - ok

11:38:08.0731 6700 mfeavfk01 - ok

11:38:08.0778 6700 mfefirek (33b8e35c5839a83d6700aab3e464553b) C:\Windows\system32\drivers\mfefirek.sys

11:38:08.0825 6700 mfefirek - ok

11:38:08.0841 6700 mfehidk (ada8c105c8f9a61284c75157c170585b) C:\Windows\system32\drivers\mfehidk.sys

11:38:08.0856 6700 mfehidk - ok

11:38:08.0872 6700 mfenlfk (c52ee6d1e1e5a69c989acc478051964e) C:\Windows\system32\DRIVERS\mfenlfk.sys

11:38:08.0903 6700 mfenlfk - ok

11:38:08.0903 6700 mferkdet (b000720e19ef733f938a6269d630f5dd) C:\Windows\system32\drivers\mferkdet.sys

11:38:08.0965 6700 mferkdet - ok

11:38:08.0981 6700 mfewfpk (62717ab68b38efee54678b85e19b0538) C:\Windows\system32\drivers\mfewfpk.sys

11:38:08.0981 6700 mfewfpk - ok

11:38:08.0997 6700 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

11:38:09.0012 6700 Modem - ok

11:38:09.0090 6700 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

11:38:09.0090 6700 monitor - ok

11:38:09.0137 6700 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

11:38:09.0137 6700 mouclass - ok

11:38:09.0184 6700 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

11:38:09.0231 6700 mouhid - ok

11:38:09.0262 6700 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

11:38:09.0262 6700 mountmgr - ok

11:38:09.0293 6700 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

11:38:09.0340 6700 mpio - ok

11:38:09.0340 6700 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

11:38:09.0355 6700 mpsdrv - ok

11:38:09.0371 6700 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

11:38:09.0433 6700 MRxDAV - ok

11:38:09.0465 6700 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

11:38:09.0465 6700 mrxsmb - ok

11:38:09.0511 6700 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

11:38:09.0511 6700 mrxsmb10 - ok

11:38:09.0527 6700 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

11:38:09.0527 6700 mrxsmb20 - ok

11:38:09.0543 6700 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

11:38:09.0589 6700 msahci - ok

11:38:09.0605 6700 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

11:38:09.0636 6700 msdsm - ok

11:38:09.0652 6700 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

11:38:09.0667 6700 Msfs - ok

11:38:09.0683 6700 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

11:38:09.0683 6700 mshidkmdf - ok

11:38:09.0699 6700 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

11:38:09.0699 6700 msisadrv - ok

11:38:09.0730 6700 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

11:38:09.0745 6700 MSKSSRV - ok

11:38:09.0761 6700 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

11:38:09.0777 6700 MSPCLOCK - ok

11:38:09.0792 6700 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

11:38:09.0792 6700 MSPQM - ok

11:38:09.0808 6700 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

11:38:09.0823 6700 MsRPC - ok

11:38:09.0839 6700 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

11:38:09.0855 6700 mssmbios - ok

11:38:09.0855 6700 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

11:38:09.0855 6700 MSTEE - ok

11:38:09.0870 6700 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

11:38:09.0870 6700 MTConfig - ok

11:38:09.0886 6700 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

11:38:09.0886 6700 Mup - ok

11:38:09.0933 6700 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

11:38:09.0933 6700 NativeWifiP - ok

11:38:09.0995 6700 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys

11:38:10.0011 6700 NDIS - ok

11:38:10.0026 6700 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

11:38:10.0042 6700 NdisCap - ok

11:38:10.0057 6700 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

11:38:10.0073 6700 NdisTapi - ok

11:38:10.0089 6700 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

11:38:10.0120 6700 Ndisuio - ok

11:38:10.0135 6700 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

11:38:10.0167 6700 NdisWan - ok

11:38:10.0182 6700 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

11:38:10.0213 6700 NDProxy - ok

11:38:10.0213 6700 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

11:38:10.0229 6700 NetBIOS - ok

11:38:10.0245 6700 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

11:38:10.0260 6700 NetBT - ok

11:38:10.0338 6700 netvsc (73ce12b8bdd747b0063cb0a7ef44cea7) C:\Windows\system32\DRIVERS\netvsc60.sys

11:38:10.0401 6700 netvsc - ok

11:38:10.0416 6700 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

11:38:10.0416 6700 nfrd960 - ok

11:38:10.0447 6700 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

11:38:10.0447 6700 Npfs - ok

11:38:10.0447 6700 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

11:38:10.0447 6700 nsiproxy - ok

11:38:10.0525 6700 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

11:38:10.0541 6700 Ntfs - ok

11:38:10.0557 6700 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

11:38:10.0557 6700 Null - ok

11:38:10.0588 6700 nusb3hub (f5bc2345e8c89d4e90fafd23a2239935) C:\Windows\system32\DRIVERS\nusb3hub.sys

11:38:10.0635 6700 nusb3hub - ok

11:38:10.0666 6700 nusb3xhc (5d42578241bc2a9b4a64837077436d5f) C:\Windows\system32\DRIVERS\nusb3xhc.sys

11:38:10.0713 6700 nusb3xhc - ok

11:38:10.0759 6700 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys

11:38:10.0806 6700 NVHDA - ok

11:38:10.0993 6700 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys

11:38:11.0056 6700 nvlddmkm - ok

11:38:11.0087 6700 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

11:38:11.0118 6700 nvraid - ok

11:38:11.0149 6700 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

11:38:11.0212 6700 nvstor - ok

11:38:11.0243 6700 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

11:38:11.0259 6700 nv_agp - ok

11:38:11.0274 6700 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

11:38:11.0290 6700 ohci1394 - ok

11:38:11.0321 6700 ossrv (a29a80a1cf63d0dc27eefcaf27d34664) C:\Windows\system32\drivers\ctoss2k.sys

11:38:11.0368 6700 ossrv - ok

11:38:11.0399 6700 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

11:38:11.0399 6700 Parport - ok

11:38:11.0415 6700 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

11:38:11.0430 6700 partmgr - ok

11:38:11.0446 6700 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

11:38:11.0461 6700 pci - ok

11:38:11.0461 6700 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

11:38:11.0477 6700 pciide - ok

11:38:11.0493 6700 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

11:38:11.0508 6700 pcmcia - ok

11:38:11.0508 6700 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

11:38:11.0508 6700 pcw - ok

11:38:11.0539 6700 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

11:38:11.0571 6700 PEAUTH - ok

11:38:11.0649 6700 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

11:38:11.0695 6700 PptpMiniport - ok

11:38:11.0711 6700 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

11:38:11.0727 6700 Processor - ok

11:38:11.0742 6700 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

11:38:11.0742 6700 Psched - ok

11:38:11.0773 6700 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys

11:38:11.0773 6700 PxHlpa64 - ok

11:38:11.0836 6700 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

11:38:11.0867 6700 ql2300 - ok

11:38:11.0898 6700 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

11:38:11.0914 6700 ql40xx - ok

11:38:11.0914 6700 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

11:38:11.0929 6700 QWAVEdrv - ok

11:38:11.0945 6700 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

11:38:11.0945 6700 RasAcd - ok

11:38:11.0976 6700 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

11:38:11.0992 6700 RasAgileVpn - ok

11:38:11.0992 6700 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

11:38:12.0054 6700 Rasl2tp - ok

11:38:12.0070 6700 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

11:38:12.0085 6700 RasPppoe - ok

11:38:12.0117 6700 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

11:38:12.0132 6700 RasSstp - ok

11:38:12.0148 6700 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

11:38:12.0148 6700 rdbss - ok

11:38:12.0163 6700 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

11:38:12.0179 6700 rdpbus - ok

11:38:12.0179 6700 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

11:38:12.0179 6700 RDPCDD - ok

11:38:12.0210 6700 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

11:38:12.0257 6700 RDPDR - ok

11:38:12.0288 6700 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

11:38:12.0288 6700 RDPENCDD - ok

11:38:12.0304 6700 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

11:38:12.0304 6700 RDPREFMP - ok

11:38:12.0319 6700 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys

11:38:12.0382 6700 RdpVideoMiniport - ok

11:38:12.0397 6700 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

11:38:12.0444 6700 RDPWD - ok

11:38:12.0460 6700 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

11:38:12.0460 6700 rdyboost - ok

11:38:12.0491 6700 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

11:38:12.0507 6700 rspndr - ok

11:38:12.0522 6700 RSUSBSTOR (5aab4808e8ccae8c2ecda5b791260616) C:\Windows\system32\Drivers\RtsUStor.sys

11:38:12.0522 6700 RSUSBSTOR - ok

11:38:12.0553 6700 RTL8167 (777fc2c418465404e3d8a290dc247d24) C:\Windows\system32\DRIVERS\Rt64win7.sys

11:38:12.0616 6700 RTL8167 - ok

11:38:12.0631 6700 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

11:38:12.0678 6700 s3cap - ok

11:38:12.0694 6700 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

11:38:12.0756 6700 sbp2port - ok

11:38:12.0772 6700 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

11:38:12.0819 6700 scfilter - ok

11:38:12.0834 6700 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

11:38:12.0834 6700 secdrv - ok

11:38:12.0850 6700 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

11:38:12.0850 6700 Serenum - ok

11:38:12.0865 6700 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

11:38:12.0865 6700 Serial - ok

11:38:12.0881 6700 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

11:38:12.0881 6700 sermouse - ok

11:38:12.0897 6700 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

11:38:12.0897 6700 sffdisk - ok

11:38:12.0897 6700 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

11:38:12.0897 6700 sffp_mmc - ok

11:38:12.0912 6700 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

11:38:12.0959 6700 sffp_sd - ok

11:38:12.0959 6700 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

11:38:12.0959 6700 sfloppy - ok

11:38:12.0959 6700 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

11:38:12.0975 6700 SiSRaid2 - ok

11:38:12.0975 6700 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

11:38:12.0990 6700 SiSRaid4 - ok

11:38:12.0990 6700 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

11:38:12.0990 6700 Smb - ok

11:38:13.0021 6700 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

11:38:13.0021 6700 spldr - ok

11:38:13.0037 6700 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

11:38:13.0053 6700 srv - ok

11:38:13.0068 6700 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

11:38:13.0068 6700 srv2 - ok

11:38:13.0099 6700 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

11:38:13.0115 6700 srvnet - ok

11:38:13.0146 6700 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

11:38:13.0162 6700 stexstor - ok

11:38:13.0193 6700 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

11:38:13.0255 6700 storvsc - ok

11:38:13.0271 6700 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

11:38:13.0271 6700 swenum - ok

11:38:13.0287 6700 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\Synth3dVsc.sys

11:38:13.0318 6700 Synth3dVsc - ok

11:38:13.0333 6700 SynthVid (4cdd7df58730d23ba9cb5829a6e2ecea) C:\Windows\system32\DRIVERS\VMBusVideoM.sys

11:38:13.0365 6700 SynthVid - ok

11:38:13.0427 6700 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys

11:38:13.0458 6700 Tcpip - ok

11:38:13.0474 6700 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys

11:38:13.0474 6700 TCPIP6 - ok

11:38:13.0489 6700 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

11:38:13.0521 6700 tcpipreg - ok

11:38:13.0552 6700 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

11:38:13.0567 6700 TDPIPE - ok

11:38:13.0583 6700 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

11:38:13.0583 6700 TDTCP - ok

11:38:13.0599 6700 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

11:38:13.0645 6700 tdx - ok

11:38:13.0661 6700 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys

11:38:13.0677 6700 TermDD - ok

11:38:13.0677 6700 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys

11:38:13.0708 6700 terminpt - ok

11:38:13.0723 6700 TfFsMon - ok

11:38:13.0723 6700 TfNetMon - ok

11:38:13.0739 6700 TFSysMon - ok

11:38:13.0786 6700 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

11:38:13.0833 6700 tssecsrv - ok

11:38:13.0833 6700 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

11:38:13.0864 6700 TsUsbFlt - ok

11:38:13.0864 6700 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

11:38:13.0879 6700 TsUsbGD - ok

11:38:13.0895 6700 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys

11:38:13.0926 6700 tsusbhub - ok

11:38:13.0942 6700 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

11:38:14.0004 6700 tunnel - ok

11:38:14.0004 6700 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

11:38:14.0004 6700 uagp35 - ok

11:38:14.0020 6700 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

11:38:14.0051 6700 udfs - ok

11:38:14.0067 6700 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

11:38:14.0067 6700 uliagpkx - ok

11:38:14.0082 6700 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

11:38:14.0145 6700 umbus - ok

11:38:14.0176 6700 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

11:38:14.0176 6700 UmPass - ok

11:38:14.0223 6700 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys

11:38:14.0269 6700 usbccgp - ok

11:38:14.0316 6700 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

11:38:14.0332 6700 usbcir - ok

11:38:14.0332 6700 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

11:38:14.0379 6700 usbehci - ok

11:38:14.0394 6700 usbhub (8b892002d7b79312821169a14317ab86) C:\Windows\system32\DRIVERS\usbhub.sys

11:38:14.0425 6700 usbhub - ok

11:38:14.0441 6700 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

11:38:14.0488 6700 usbohci - ok

11:38:14.0503 6700 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

11:38:14.0519 6700 usbprint - ok

11:38:14.0550 6700 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

11:38:14.0550 6700 usbscan - ok

11:38:14.0566 6700 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

11:38:14.0566 6700 USBSTOR - ok

11:38:14.0581 6700 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys

11:38:14.0628 6700 usbuhci - ok

11:38:14.0644 6700 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

11:38:14.0644 6700 vdrvroot - ok

11:38:14.0659 6700 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

11:38:14.0675 6700 vga - ok

11:38:14.0691 6700 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

11:38:14.0706 6700 VgaSave - ok

11:38:14.0706 6700 VGPU - ok

11:38:14.0722 6700 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

11:38:14.0784 6700 vhdmp - ok

11:38:14.0784 6700 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

11:38:14.0784 6700 viaide - ok

11:38:14.0800 6700 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

11:38:14.0847 6700 VMBusHID - ok

11:38:14.0862 6700 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

11:38:14.0862 6700 volmgr - ok

11:38:14.0878 6700 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

11:38:14.0878 6700 volmgrx - ok

11:38:14.0925 6700 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

11:38:14.0925 6700 volsnap - ok

11:38:14.0971 6700 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys

11:38:15.0018 6700 vpcbus - ok

11:38:15.0049 6700 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys

11:38:15.0081 6700 vpcnfltr - ok

11:38:15.0096 6700 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys

11:38:15.0143 6700 vpcusb - ok

11:38:15.0174 6700 vpcvmm (30d4243726a15a14f5c5e45898d14394) C:\Windows\system32\drivers\vpcvmm.sys

11:38:15.0174 6700 vpcvmm - ok

11:38:15.0205 6700 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

11:38:15.0221 6700 vsmraid - ok

11:38:15.0221 6700 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

11:38:15.0237 6700 vwifibus - ok

11:38:15.0252 6700 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

11:38:15.0268 6700 vwififlt - ok

11:38:15.0268 6700 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

11:38:15.0268 6700 vwifimp - ok

11:38:15.0299 6700 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

11:38:15.0315 6700 WacomPen - ok

11:38:15.0330 6700 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

11:38:15.0377 6700 WANARP - ok

11:38:15.0393 6700 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

11:38:15.0393 6700 Wanarpv6 - ok

11:38:15.0424 6700 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

11:38:15.0424 6700 Wd - ok

11:38:15.0439 6700 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

11:38:15.0455 6700 Wdf01000 - ok

11:38:15.0502 6700 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

11:38:15.0502 6700 WfpLwf - ok

11:38:15.0549 6700 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys

11:38:15.0595 6700 WimFltr - ok

11:38:15.0627 6700 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

11:38:15.0627 6700 WIMMount - ok

11:38:15.0642 6700 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

11:38:15.0642 6700 WmiAcpi - ok

11:38:15.0673 6700 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

11:38:15.0673 6700 ws2ifsl - ok

11:38:15.0689 6700 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

11:38:15.0751 6700 WudfPf - ok

11:38:15.0767 6700 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

11:38:15.0814 6700 WUDFRd - ok

11:38:15.0829 6700 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0

11:38:15.0845 6700 \Device\Harddisk0\DR0 - ok

11:38:16.0313 6700 MBR (0x1B8) (e5d1bf267a130bc345536d79674242ab) \Device\Harddisk1\DR1

11:38:16.0313 6700 \Device\Harddisk1\DR1 - ok

11:38:16.0329 6700 Boot (0x1200) (3d7b652948ad9d3e1330b6b0d1f51d10) \Device\Harddisk0\DR0\Partition0

11:38:16.0329 6700 \Device\Harddisk0\DR0\Partition0 - ok

11:38:16.0344 6700 Boot (0x1200) (e3cdc4e2ff10d3c86952a37535384566) \Device\Harddisk0\DR0\Partition1

11:38:16.0344 6700 \Device\Harddisk0\DR0\Partition1 - ok

11:38:16.0344 6700 Boot (0x1200) (e56b3b353bf85821533af04cd4bf2598) \Device\Harddisk1\DR1\Partition0

11:38:16.0344 6700 \Device\Harddisk1\DR1\Partition0 - ok

11:38:16.0344 6700 ============================================================

11:38:16.0344 6700 Scan finished

11:38:16.0344 6700 ============================================================

11:38:16.0360 3552 Detected object count: 0

11:38:16.0360 3552 Actual detected object count: 0

11:39:06.0309 2940 Deinitialize success

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Wayne-Rhonda at 11:39:22 on 2011-11-07

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12279.10138 [GMT -8:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\mcafee.com\agent\mcagent.exe

C:\Windows\SysWOW64\Ctxfihlp.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Windows\SysWOW64\CTXFISPI.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111012155818.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

uRun: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

dRunOnce: [CTAutoUpdate] "C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe" /RunFromInstaller

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{F49114D8-41C8-4635-AAA3-DDA000FC615C} : DhcpNameServer = 75.75.75.75 75.75.76.76

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO-X64: RoboForm BHO - No File

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111012155818.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [CTxfiHlp] CTXFIHLP.EXE

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-9-5 64952]

R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-7-13 150920]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-15 13336]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-2 366664]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-9-15 199008]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-9-15 208272]

R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]

R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-28 2253120]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-10-12 1153368]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-9-15 1692480]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]

R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]

R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\system32\drivers\ha20x22k.sys --> C:\Windows\system32\drivers\ha20x22k.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-9-26 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-9-26 79360]

S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2011-9-26 79360]

S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]

S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]

S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]

S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]

S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-9-15 224704]

S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\FA53.tmp --> C:\Windows\system32\FA53.tmp [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 netvsc;netvsc;C:\Windows\system32\DRIVERS\netvsc60.sys --> C:\Windows\system32\DRIVERS\netvsc60.sys [?]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\system32\drivers\Synth3dVsc.sys --> C:\Windows\system32\drivers\Synth3dVsc.sys [?]

S3 SynthVid;SynthVid;C:\Windows\system32\DRIVERS\VMBusVideoM.sys --> C:\Windows\system32\DRIVERS\VMBusVideoM.sys [?]

S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]

S3 ThreatFire;ThreatFire;C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service --> C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2011-11-07 19:21:45 -------- d-----w- C:\$RECYCLE.BIN

2011-11-06 20:52:10 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Google

2011-11-01 20:15:53 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Apple Computer

2011-10-31 23:32:33 -------- d-----w- C:\Program Files (x86)\Microsoft ActiveSync

2011-10-31 17:55:54 98816 ----a-w- C:\Windows\sed.exe

2011-10-31 17:55:54 518144 ----a-w- C:\Windows\SWREG.exe

2011-10-31 17:55:54 256000 ----a-w- C:\Windows\PEV.exe

2011-10-31 17:55:54 208896 ----a-w- C:\Windows\MBR.exe

2011-10-29 17:39:03 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{D24E7CBA-803D-40A7-B6BB-519A7107B982}

2011-10-27 01:25:24 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\NVIDIA

2011-10-27 01:02:11 -------- d-----w- C:\Program Files (x86)\Sony

2011-10-27 01:02:08 -------- d-----w- C:\ProgramData\Sony Corporation

2011-10-26 23:12:12 -------- d-----w- C:\Program Files (x86)\Siber Systems

2011-10-22 02:40:32 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{DB629B4D-AD6C-491F-8447-327CB7022FE8}

2011-10-22 02:36:12 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{E6AAD9E7-258C-4A81-84D8-742D21C58E98}

2011-10-22 02:35:48 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{E12B7A88-9E68-4875-B52A-A0C5A186A2D7}

2011-10-22 02:35:27 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{48DF0CCF-582E-4130-B20D-C758282691FA}

2011-10-22 02:29:29 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{34C42238-0FA8-4AAF-907F-C0F85E2E1F3A}

2011-10-22 02:29:19 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{6EE0BBD7-44A9-4532-A522-F1BBC1B769C4}

2011-10-15 07:54:52 321856 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2011-10-13 02:43:26 -------- d-----w- C:\Windows\SysWow64\Dell

2011-10-12 21:43:26 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2011-10-12 21:43:26 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2011-10-12 21:35:16 -------- d-----w- C:\Program Files (x86)\Shop to Win 22

2011-10-11 19:54:43 3138048 ----a-w- C:\Windows\System32\win32k.sys

2011-10-11 19:54:36 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

2011-10-11 19:54:36 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2011-10-11 19:54:35 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2011-10-11 19:54:35 108032 ----a-w- C:\Windows\System32\psisrndr.ax

2011-10-11 19:54:34 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-10-11 19:54:34 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2011-10-11 19:54:33 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-10-11 19:54:33 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-10-09 18:15:57 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{24F259D6-DD9F-41E6-974C-26BE46E746EE}

2011-10-09 18:15:48 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{A74FF26D-8035-4461-BCDF-17D0F31E5D12}

2011-10-09 18:15:29 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{034D76F2-0E09-41D9-B481-A8794C1B7861}

2011-10-09 17:55:54 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{86888F14-9455-46E1-A2FB-ABBE69670F0F}

2011-10-09 17:55:44 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{05B017AA-6B7F-4D6A-BB54-47C804DBE620}

2011-10-09 17:53:35 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{7980FCD3-F7AC-4E77-B996-9312C74CB92B}

2011-10-09 17:53:25 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{57DD774A-4273-465C-B398-A70297368803}

2011-10-09 17:52:21 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{6658FA9C-222F-4F19-A63E-FF4AD11821E2}

2011-10-09 17:52:11 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{8F40CBDE-1ED8-4166-B729-08430D2F9C1F}

2011-10-09 17:44:52 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Windows Live

2011-10-09 17:44:37 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{A0D45EBC-B685-4DEB-AD55-0DD11F777630}

.

==================== Find3M ====================

.

2011-11-01 19:34:46 8456 --sha-w- C:\ProgramData\KGyGaAvL.sys

2011-10-18 16:48:35 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-03 12:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-09-28 03:30:01 8 --sh--r- C:\ProgramData\AC859C82A4.sys

2011-09-28 03:30:01 8 --sh--r- C:\ProgramData\4CB328A682.sys

2011-09-28 03:30:01 8 --sh--r- C:\ProgramData\4C5B74840F.sys

2011-09-28 03:30:00 8 --sh--r- C:\ProgramData\DED7A8BC10.sys

2011-09-28 03:30:00 8 --sh--r- C:\ProgramData\07B2980D97.sys

2011-09-28 03:22:52 8 --sh--r- C:\ProgramData\F351B99706.sys

2011-09-28 03:22:52 8 --sh--r- C:\ProgramData\C019B48D0E.sys

2011-09-28 03:22:52 8 --sh--r- C:\ProgramData\313F27D68B.sys

2011-09-27 01:40:13 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll

2011-09-27 01:40:12 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2011-09-27 01:40:12 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2011-09-27 00:23:29 466520 ----a-w- C:\Windows\System32\wrap_oal.dll

2011-09-27 00:23:29 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2011-09-27 00:23:29 123480 ----a-w- C:\Windows\System32\OpenAL32.dll

2011-09-27 00:23:28 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2011-09-15 22:46:06 86528 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2011-09-15 21:24:48 521448 ----a-w- C:\Windows\System32\deployJava1.dll

2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll

2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll

2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-09-01 00:00:34 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-08-24 01:42:54 332144 ----a-w- C:\Program Files (x86)\Common Files\MediaOrganizer.dll

2011-08-24 01:35:38 33136 ----a-w- C:\Program Files (x86)\Common Files\FlickrProvider.dll

2011-08-24 01:35:14 402800 ----a-w- C:\Program Files (x86)\Common Files\facebook.dll

2011-08-24 01:35:14 130416 ----a-w- C:\Program Files (x86)\Common Files\PluginCommon.dll

2011-08-24 01:34:26 465264 ----a-w- C:\Program Files (x86)\Common Files\AppFramework.dll

2011-08-19 22:59:28 158832 ----a-w- C:\Windows\System32\mfevtps.exe

2011-08-15 17:00:06 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys

2011-08-15 17:00:06 75672 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys

2011-08-15 17:00:06 65128 ----a-w- C:\Windows\System32\drivers\cfwids.sys

2011-08-15 17:00:06 642824 ----a-w- C:\Windows\System32\drivers\mfehidk.sys

2011-08-15 17:00:06 481504 ----a-w- C:\Windows\System32\drivers\mfefirek.sys

2011-08-15 17:00:06 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys

2011-08-15 17:00:06 228752 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys

2011-08-15 17:00:06 158584 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys

2011-08-15 17:00:06 100904 ----a-w- C:\Windows\System32\drivers\mferkdet.sys

.

============= FINISH: 11:39:51.02 ===============

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToOLbar32.dll.vir a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe.vir a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined

C:\Users\Wayne-Rhonda\Downloads\Spybot+Search+&+Destroy.exe MSIL/Solimba.A application deleted - quarantined

E:\AAA\powersuite.exe Win32/RegistryBooster application deleted - quarantined

E:\WAYNE\Backup Set 2010-02-26 194151\Backup Files 2010-02-26 194151\Backup files 22.zip Win32/RegistryBooster application deleted - quarantined

E:\WAYNE-RHONDA-PC\Backup Set 2011-09-14 171824\Backup Files 2011-09-14 171824\Backup files 57.zip Win32/RegistryBooster application deleted - quarantined

Link to post
Share on other sites

OK, I believe I've run all the programs you wanted. The MBAM log does not reflect an "attempt to contact a malicious site" that appeared just before I ran the Quick Scan.

The ESET program found several problems that have been deleted. I may not have posted the file you wanted. Let me know and I'll re-run the program.

After ESET found the problem it did I'm cautiously optimistic that the problem has been fixed!

Once again, thanks for your help!!!

Link to post
Share on other sites

So much for cautious optimism. Below you'll find the latest MBAM log file reflecting the attempt at contacting a malicious website.

09:26:03 (null) MESSAGE Scheduled update executed successfully

09:28:54 Wayne-Rhonda MESSAGE Protection started successfully

09:28:58 Wayne-Rhonda MESSAGE IP Protection started successfully

09:29:22 Wayne-Rhonda MESSAGE IP Protection stopped

09:29:23 Wayne-Rhonda MESSAGE Database updated successfully

09:29:23 Wayne-Rhonda MESSAGE IP Protection started successfully

14:52:01 Wayne-Rhonda IP-BLOCK 222.189.238.115 (Type: outgoing, Port: 137)

14:52:01 Wayne-Rhonda IP-BLOCK 222.189.238.115 (Type: outgoing, Port: 137)

14:52:01 Wayne-Rhonda IP-BLOCK 222.189.238.115 (Type: outgoing, Port: 137)

14:52:01 Wayne-Rhonda IP-BLOCK 222.189.238.115 (Type: outgoing, Port: 137)

Link to post
Share on other sites

Yes, the attempts continue. Below is one of the latest MBAM log's showing four different IP site's that contact has been blocked.

07:59:23 Wayne-Rhonda MESSAGE Protection started successfully

07:59:27 Wayne-Rhonda MESSAGE IP Protection started successfully

08:00:30 Wayne-Rhonda MESSAGE Scheduled update executed successfully

08:00:52 Wayne-Rhonda MESSAGE IP Protection stopped

08:00:54 Wayne-Rhonda MESSAGE Database updated successfully

08:00:54 Wayne-Rhonda MESSAGE IP Protection started successfully

08:09:41 Wayne-Rhonda IP-BLOCK 218.10.17.251 (Type: outgoing, Port: 137)

08:09:41 Wayne-Rhonda IP-BLOCK 218.10.17.251 (Type: outgoing, Port: 137)

08:09:41 Wayne-Rhonda IP-BLOCK 218.10.17.251 (Type: outgoing, Port: 137)

08:09:41 Wayne-Rhonda IP-BLOCK 218.10.17.251 (Type: outgoing, Port: 137)

10:36:04 Wayne-Rhonda IP-BLOCK 219.146.3.10 (Type: outgoing, Port: 137)

10:36:05 Wayne-Rhonda IP-BLOCK 219.146.3.10 (Type: outgoing, Port: 137)

10:36:13 Wayne-Rhonda IP-BLOCK 219.146.3.10 (Type: outgoing, Port: 137)

10:36:13 Wayne-Rhonda IP-BLOCK 219.146.3.10 (Type: outgoing, Port: 137)

12:39:13 Wayne-Rhonda IP-BLOCK 222.189.238.115 (Type: outgoing, Port: 137)

12:39:13 Wayne-Rhonda IP-BLOCK 222.189.238.115 (Type: outgoing, Port: 137)

12:39:21 Wayne-Rhonda IP-BLOCK 222.189.238.115 (Type: outgoing, Port: 137)

12:39:21 Wayne-Rhonda IP-BLOCK 222.189.238.115 (Type: outgoing, Port: 137)

16:55:14 Wayne-Rhonda IP-BLOCK 61.147.116.73 (Type: outgoing, Port: 137)

16:55:14 Wayne-Rhonda IP-BLOCK 61.147.116.73 (Type: outgoing, Port: 137)

16:55:14 Wayne-Rhonda IP-BLOCK 61.147.116.73 (Type: outgoing, Port: 137)

16:55:14 Wayne-Rhonda IP-BLOCK 61.147.116.73 (Type: outgoing, Port: 137)

Any suggestions???

Link to post
Share on other sites

According to McAfee that port (137) is closed. It comes up unchecked when viewing port status which means it's closed. Now I'm even more confused!

Also, I've added another MBAM log showing a new port as having a problem.

00:37:51 Wayne-Rhonda IP-BLOCK 122.224.5.73 (Type: outgoing, Port: 137)

00:37:51 Wayne-Rhonda IP-BLOCK 122.224.5.73 (Type: outgoing, Port: 137)

00:37:51 Wayne-Rhonda IP-BLOCK 122.224.5.73 (Type: outgoing, Port: 137)

00:37:51 Wayne-Rhonda IP-BLOCK 122.224.5.73 (Type: outgoing, Port: 137)

10:19:37 Wayne-Rhonda MESSAGE Protection started successfully

10:19:40 Wayne-Rhonda MESSAGE IP Protection started successfully

10:20:43 Wayne-Rhonda MESSAGE Scheduled update executed successfully

10:21:06 Wayne-Rhonda MESSAGE IP Protection stopped

10:21:07 Wayne-Rhonda MESSAGE Database updated successfully

10:21:08 Wayne-Rhonda MESSAGE IP Protection started successfully

11:44:14 Wayne-Rhonda IP-BLOCK 122.227.135.92 (Type: outgoing, Port: 137)

11:44:15 Wayne-Rhonda IP-BLOCK 122.227.135.92 (Type: outgoing, Port: 137)

11:44:15 Wayne-Rhonda IP-BLOCK 122.227.135.92 (Type: outgoing, Port: 137)

11:44:15 Wayne-Rhonda IP-BLOCK 122.227.135.92 (Type: outgoing, Port: 137)

14:39:03 Wayne-Rhonda IP-BLOCK 222.189.238.115 (Type: outgoing, Port: 137)

14:39:03 Wayne-Rhonda IP-BLOCK 222.189.238.115 (Type: outgoing, Port: 137)

14:39:03 Wayne-Rhonda IP-BLOCK 222.189.238.115 (Type: outgoing, Port: 137)

14:39:03 Wayne-Rhonda IP-BLOCK 222.189.238.115 (Type: outgoing, Port: 137)

20:33:06 Wayne-Rhonda IP-BLOCK 91.197.129.127 (Type: outgoing, Port: 52788, Process: iexplore.exe)

20:33:06 Wayne-Rhonda IP-BLOCK 91.197.129.127 (Type: outgoing, Port: 52787, Process: iexplore.exe)

20:33:06 Wayne-Rhonda IP-BLOCK 91.197.129.127 (Type: outgoing, Port: 52789, Process: iexplore.exe)

20:33:06 Wayne-Rhonda IP-BLOCK 91.197.129.127 (Type: outgoing, Port: 52790, Process: iexplore.exe)

Also, I've used a site called "Shields Up" that also checks port status. It shows that all port's are in stealth mode except 554, Real Time Stream Control Protocol. I don't know if that provides any useful information for you or not.

Have a GREAT Thanksgiving!

Link to post
Share on other sites

  • Staff

Hi,

Click Start --> Run, and type in msconfig.exe

Click the Startup tab, then click Disable all...

Check anything MBAM related.

Click OK.

Restart your computer and use it normally for a bit, and let me know if the problem persists. If not, that means one or more of your items running on startup are to blame. If the problem still persists, we will attempt other avenues of troubleshooting.

Let me know how it goes.

-screen317

Link to post
Share on other sites

I thought that would do it but unfortunately it still persists. Latest MBAM log is below.

05:07:58 Wayne-Rhonda IP-BLOCK 218.10.16.113 (Type: outgoing, Port: 137)

05:07:58 Wayne-Rhonda IP-BLOCK 218.10.16.113 (Type: outgoing, Port: 137)

05:08:06 Wayne-Rhonda IP-BLOCK 218.10.16.113 (Type: outgoing, Port: 137)

05:08:06 Wayne-Rhonda IP-BLOCK 218.10.16.113 (Type: outgoing, Port: 137)

07:27:11 Wayne-Rhonda MESSAGE Scheduled update executed successfully

07:27:33 Wayne-Rhonda MESSAGE IP Protection stopped

07:27:35 Wayne-Rhonda MESSAGE Database updated successfully

07:27:35 Wayne-Rhonda MESSAGE IP Protection started successfully

13:13:51 Wayne-Rhonda IP-BLOCK 218.10.16.113 (Type: outgoing, Port: 137)

13:13:52 Wayne-Rhonda IP-BLOCK 218.10.16.113 (Type: outgoing, Port: 137)

13:14:00 Wayne-Rhonda IP-BLOCK 218.10.16.113 (Type: outgoing, Port: 137)

13:14:00 Wayne-Rhonda IP-BLOCK 218.10.16.113 (Type: outgoing, Port: 137)

13:56:01 Wayne-Rhonda IP-BLOCK 222.189.238.115 (Type: outgoing, Port: 137)

13:56:01 Wayne-Rhonda IP-BLOCK 222.189.238.115 (Type: outgoing, Port: 137)

13:56:01 Wayne-Rhonda IP-BLOCK 222.189.238.115 (Type: outgoing, Port: 137)

13:56:01 Wayne-Rhonda IP-BLOCK 222.189.238.115 (Type: outgoing, Port: 137)

Link to post
Share on other sites

  • Staff

Okay, let's step back and see if we missed any malware.

Update MBAM, run a Quick Scan, and post its log.

Grab fresh copies of ComboFix and TDSSKiller, run them, and post their logs. Post a fresh DDS log.

Read all these directions before proceeding.

When you have the .ISO file downloaded, you need to create a bootable disk or flash drive with it, using a clean PC to do that. The .ISO file is a disk image. It should NOT be burned as a regular file. You need a program like BurnAware Free or ImgBurn that can burn an .ISO image. I think a CD is best as there is no way anything can write on it after it is made, but the USB may be more convenient and easier.

Be sure to read these:

Download Kaspersky Rescue Disk 10

How to record Kaspersky Rescue Disk 10 to an USB device and boot my computer from it?

How to record Kaspersky Rescue Disk 10 to a CD/DVD and boot my computer from the disk?

Summarizing:

  • Go to a clean PC.
  • Download the .iso image file.
  • Create a CD (or flash drive if you prefer).
  • At the infected PC: put the disk in the drive and reboot.

Follow the directions here, but you will find some differences.

Familiarize yourself with How to create a report file in Kaspersky Rescue Disk 10?

Print the following directions:

Boot from Kaspersky Rescue Disk 10:

Restart your computer and put the disk in the drive while booting.

Press any key. A loading wizard will start (you will see the menu to select the required language). If you do not press any key in 10 seconds, the computer boots from hard drive automatically.

Select the required interface language using the arrow-keys on your keyboard.

Press the Enter key on the keyboard.

In the start up wizard window that opens, select the Kaspersky Rescue Disk. Graphic Mode

Click Enter.

Click 'A' to accept the agreement.

Select operating system from dropdown menu (select Windows whatever)

Select Objects to scan: check Disk boot sectors, Hidden startup objects, C:

Click My Update Center and update if any available

Back to other tab and click Start Object Scan.

(It took 3 hours to scan my 47G)

When scan has completed save a report:

On the upper part of the Kaspersky Rescue Disk window, click on the Report link.

On the bottom right hand corner of the Protection status - Kaspersky Rescue Disk window, click on the Detailed Report button.

On the upper right hand corner of the Detailed report window, click on the Save button.

After clicking Detailed Report and 'SAVE', a browse window opens.

Double-click on the \

Click 'disks'.

All your drives will be shown and you can easily double-click C and save the report to
C:\KasperskyRescueDisk10.txt
.

Click on the Save button.

The report has been saved to the file.

Remove the disk from the drive (or disconnect USB) and reboot normally.

Link to post
Share on other sites

  • 2 weeks later...
  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.