BWC Posted October 12, 2011 ID:485041 Share Posted October 12, 2011 I've run all the files mentioned and it appears as nothing was detected. However, I'm still receiving messages that Malware is blocking attempts to contact malicious websites as well as being attacked from outside. The "ark file is zero bytes and therefor not uploaded.defogger_disable.logprotection-log-2011-10-12.txt Link to post Share on other sites More sharing options...
Staff screen317 Posted October 14, 2011 Staff ID:485904 Share Posted October 14, 2011 Hi and welcome to Malwarebytes. In the future, please post all logs directly into your reply instead of attaching them unless otherwise indicated. With that said, please update MBAM, run a Quick Scan, and post its log. Next, run DDS again and post DDS.txt directly in your reply. Link to post Share on other sites More sharing options...
BWC Posted October 17, 2011 Author ID:486610 Share Posted October 17, 2011 Hi and welcome to Malwarebytes.In the future, please post all logs directly into your reply instead of attaching them unless otherwise indicated. With that said, please update MBAM, run a Quick Scan, and post its log.Next, run DDS again and post DDS.txt directly in your reply.09:49:29 (null) MESSAGE Scheduled update executed successfully09:50:19 Wayne-Rhonda MESSAGE Protection started successfully09:50:23 Wayne-Rhonda MESSAGE IP Protection started successfully09:50:45 Wayne-Rhonda MESSAGE IP Protection stopped09:50:46 Wayne-Rhonda MESSAGE Database updated successfully09:50:46 Wayne-Rhonda MESSAGE IP Protection started successfully11:39:43 Wayne-Rhonda IP-BLOCK 221.192.199.49 (Type: outgoing, Port: 137)11:39:43 Wayne-Rhonda IP-BLOCK 221.192.199.49 (Type: outgoing, Port: 137)11:39:43 Wayne-Rhonda IP-BLOCK 221.192.199.49 (Type: outgoing, Port: 137)11:39:43 Wayne-Rhonda IP-BLOCK 221.192.199.49 (Type: outgoing, Port: 137)13:22:57 Wayne-Rhonda IP-BLOCK 221.192.199.49 (Type: outgoing, Port: 137)13:22:58 Wayne-Rhonda IP-BLOCK 221.192.199.49 (Type: outgoing, Port: 137)13:22:58 Wayne-Rhonda IP-BLOCK 221.192.199.49 (Type: outgoing, Port: 137)13:22:58 Wayne-Rhonda IP-BLOCK 221.192.199.49 (Type: outgoing, Port: 137)DS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421Run by Wayne-Rhonda at 14:33:40 on 2011-10-17Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12279.10134 [GMT -7:00].AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Windows\system32\mfevtps.exeC:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exec:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exeC:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exeC:\Windows\system32\WUDFHost.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedc:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exeC:\Program Files (x86)\Rainlendar2\Rainlendar2.exeC:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exeC:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXEC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files\mcafee.com\agent\mcagent.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Windows\SysWOW64\Ctxfihlp.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exeC:\Windows\SysWOW64\CTXFISPI.EXEC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\system32\DllHost.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exeC:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_ActiveX.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit=userinit.exeBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dllBHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dllBHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllBHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111012155818.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO: Facetheme: {de4e75d3-60aa-4f02-a0e4-c8a40576574c} - C:\Program Files (x86)\Object\bho_project.dllTB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllTB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dlluRun: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exeuRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exeuRun: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startupuRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exemRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeymRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [CTxfiHlp] CTXFIHLP.EXEmRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttraymRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startupdRunOnce: [CTAutoUpdate] "C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe" /RunFromInstallermPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htmlIE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlIE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlIE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlIE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlIE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlIE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dllDPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cabDPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CABDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CABDPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cabDPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cabDPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cabTCP: DhcpNameServer = 75.75.75.75 75.75.76.76TCP: Interfaces\{F49114D8-41C8-4635-AAA3-DDA000FC615C} : DhcpNameServer = 75.75.75.75 75.75.76.76Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dllBHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dllBHO-X64: StartNow Toolbar Helper - No FileC:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllBHO-X64: RoboForm BHO - No FileBHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111012155818.dllBHO-X64: scriptproxy - No FileBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO-X64: Facetheme: {de4e75d3-60aa-4f02-a0e4-c8a40576574c} - C:\Program Files (x86)\Object\bho_project.dllBHO-X64: BHO Project - No FileTB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllTB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dllmRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exemRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeymRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun-x64: [CTxfiHlp] CTXFIHLP.EXEmRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttraymRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startupIE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlIE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlIE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html.============= SERVICES / DRIVERS ===============.R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-9-5 64952]R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-7-13 150920]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-15 13336]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-2 366664]R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-9-15 199008]R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-9-15 208272]R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-28 2255464]R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-10-12 1153368]R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-9-15 1692480]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496]R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2011-7-27 267488]R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\system32\drivers\ha20x22k.sys --> C:\Windows\system32\drivers\ha20x22k.sys [?]R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]S2 0223521318461630mcinstcleanup;McAfee Application Installer Cleanup (0223521318461630);C:\Windows\TEMP\022352~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\Windows\TEMP\022352~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-9-26 79360]S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-9-26 79360]S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2011-9-26 79360]S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-9-15 224704]S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\FA53.tmp --> C:\Windows\system32\FA53.tmp [?]S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]S3 netvsc;netvsc;C:\Windows\system32\DRIVERS\netvsc60.sys --> C:\Windows\system32\DRIVERS\netvsc60.sys [?]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\system32\drivers\Synth3dVsc.sys --> C:\Windows\system32\drivers\Synth3dVsc.sys [?]S3 SynthVid;SynthVid;C:\Windows\system32\DRIVERS\VMBusVideoM.sys --> C:\Windows\system32\DRIVERS\VMBusVideoM.sys [?]S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]S3 ThreatFire;ThreatFire;C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service --> C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service [?]S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2011-10-13 02:43:26 -------- d-----w- C:\Windows\SysWow64\Dell2011-10-12 21:43:26 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy2011-10-12 21:43:26 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy2011-10-12 21:35:17 -------- d-----w- C:\Program Files (x86)\Object2011-10-12 21:35:16 -------- d-----w- C:\Program Files (x86)\Shop to Win 222011-10-12 21:35:15 -------- d-----w- C:\Program Files (x86)\Shop To Win2011-10-12 21:35:11 -------- d-----w- C:\Program Files (x86)\StartNow Toolbar2011-10-11 19:54:43 3138048 ----a-w- C:\Windows\System32\win32k.sys2011-10-11 19:54:36 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax2011-10-11 19:54:36 613888 ----a-w- C:\Windows\System32\psisdecd.dll2011-10-11 19:54:35 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll2011-10-11 19:54:35 108032 ----a-w- C:\Windows\System32\psisrndr.ax2011-10-11 19:54:34 331776 ----a-w- C:\Windows\System32\oleacc.dll2011-10-11 19:54:34 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll2011-10-11 19:54:33 861696 ----a-w- C:\Windows\System32\oleaut32.dll2011-10-11 19:54:33 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll2011-10-09 18:15:57 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{24F259D6-DD9F-41E6-974C-26BE46E746EE}2011-10-09 18:15:48 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{A74FF26D-8035-4461-BCDF-17D0F31E5D12}2011-10-09 18:15:29 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{034D76F2-0E09-41D9-B481-A8794C1B7861}2011-10-09 17:55:54 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{86888F14-9455-46E1-A2FB-ABBE69670F0F}2011-10-09 17:55:44 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{05B017AA-6B7F-4D6A-BB54-47C804DBE620}2011-10-09 17:53:35 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{7980FCD3-F7AC-4E77-B996-9312C74CB92B}2011-10-09 17:53:25 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{57DD774A-4273-465C-B398-A70297368803}2011-10-09 17:52:21 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{6658FA9C-222F-4F19-A63E-FF4AD11821E2}2011-10-09 17:52:11 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{8F40CBDE-1ED8-4166-B729-08430D2F9C1F}2011-10-09 17:44:52 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Windows Live2011-10-09 17:44:37 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{A0D45EBC-B685-4DEB-AD55-0DD11F777630}2011-10-08 18:01:55 -------- d-----w- C:\Program Files (x86)\MSECache2011-10-06 01:46:26 465264 ----a-w- C:\Program Files (x86)\Common Files\AppFramework.dll2011-10-06 01:46:26 402800 ----a-w- C:\Program Files (x86)\Common Files\facebook.dll2011-10-06 01:46:26 332144 ----a-w- C:\Program Files (x86)\Common Files\MediaOrganizer.dll2011-10-06 01:46:26 33136 ----a-w- C:\Program Files (x86)\Common Files\FlickrProvider.dll2011-10-06 01:46:26 130416 ----a-w- C:\Program Files (x86)\Common Files\PluginCommon.dll2011-10-05 03:33:41 6144 ------w- C:\Windows\System32\FA53.tmp2011-10-05 03:33:20 6144 ------w- C:\Windows\System32\A86C.tmp2011-10-05 03:33:07 -------- d-----w- C:\Program Files (x86)\Sophos2011-10-03 21:40:35 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll2011-10-03 17:26:38 -------- d-----w- C:\Users\Wayne-Rhonda\My Backup Files2011-10-03 16:25:14 -------- d-----w- C:\Program Files (x86)\Dell Touch Software Suite2011-10-03 16:25:14 -------- d-----w- C:\FIND_EULA_PATH2011-10-03 04:17:49 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\PCTools2011-10-03 03:49:54 -------- d-----w- C:\ProgramData\PC Tools2011-10-02 19:43:16 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Adobe2011-09-28 21:01:39 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation2011-09-28 20:57:43 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab2011-09-28 20:54:27 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Microsoft Games2011-09-28 16:19:39 -------- d-----w- C:\Users\Wayne-Rhonda\.rainlendar22011-09-28 16:19:26 -------- d-----w- C:\Program Files (x86)\Rainlendar22011-09-28 03:30:01 8 --sh--r- C:\ProgramData\AC859C82A4.sys2011-09-28 03:30:01 8 --sh--r- C:\ProgramData\4CB328A682.sys2011-09-28 03:30:01 8 --sh--r- C:\ProgramData\4C5B74840F.sys2011-09-28 03:30:00 8 --sh--r- C:\ProgramData\DED7A8BC10.sys2011-09-28 03:30:00 8 --sh--r- C:\ProgramData\07B2980D97.sys2011-09-28 03:22:52 8 --sh--r- C:\ProgramData\F351B99706.sys2011-09-28 03:22:52 8 --sh--r- C:\ProgramData\C019B48D0E.sys2011-09-28 03:22:52 8 --sh--r- C:\ProgramData\313F27D68B.sys2011-09-28 03:22:51 8456 --sha-w- C:\ProgramData\KGyGaAvL.sys2011-09-27 21:35:29 -------- d-----w- C:\Program Files (x86)\Siber Systems2011-09-27 21:06:17 -------- d-----w- C:\ProgramData\eSellerate2011-09-27 21:05:56 -------- d-----w- C:\Program Files (x86)\SmartSound Software2011-09-27 21:05:55 -------- d-----w- C:\ProgramData\SmartSound Software Inc2011-09-27 21:05:38 -------- d--h--w- C:\Windows\msdownld.tmp2011-09-27 21:05:38 -------- d-----w- C:\Windows\RegisteredPackages2011-09-27 21:05:34 -------- d-----w- C:\ProgramData\InterVideo2011-09-27 21:05:31 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll2011-09-27 21:05:31 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\IScript.dll2011-09-27 21:05:31 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll2011-09-27 21:05:30 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll2011-09-27 21:05:30 212992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll2011-09-27 21:03:11 -------- d-----w- C:\Program Files (x86)\Windows Media Components2011-09-27 21:02:52 -------- d-----w- C:\Program Files (x86)\Common Files\Ulead Systems2011-09-27 21:01:18 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe2011-09-27 20:57:57 143360 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll2011-09-27 20:57:57 143360 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll2011-09-27 20:57:57 143360 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll2011-09-27 20:57:57 143360 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll2011-09-27 20:57:57 143360 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll2011-09-27 20:57:57 143360 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll2011-09-27 20:57:57 143360 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll2011-09-27 20:57:02 -------- d-----w- C:\ProgramData\Corel2011-09-27 20:57:02 -------- d-----w- C:\Program Files (x86)\Common Files\Protexis2011-09-27 20:55:36 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Corel2011-09-27 20:54:07 -------- d-----w- C:\Program Files (x86)\Corel2011-09-27 20:54:07 -------- d-----w- C:\Program Files (x86)\Common Files\Corel2011-09-27 20:39:59 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Malwarebytes2011-09-27 20:39:54 -------- d-----w- C:\ProgramData\Malwarebytes2011-09-27 20:39:51 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys2011-09-27 20:39:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2011-09-27 20:10:18 -------- d-----w- C:\Program Files\CCleaner2011-09-27 17:00:22 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\PCDr2011-09-27 17:00:02 -------- d-----w- C:\ProgramData\PCDr2011-09-27 15:23:18 -------- d-----w- C:\Program Files (x86)\MSXML 4.02011-09-27 15:13:45 -------- d-----w- C:\Program Files (x86)\Common Files\AnswerWorks 5.02011-09-27 15:13:43 4199768 ----a-w- C:\Windows\SysWow64\cdintf400.dll2011-09-27 15:13:21 -------- d-----w- C:\Program Files (x86)\Common Files\Intuit2011-09-27 15:13:19 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Intuit2011-09-27 15:13:19 -------- d-----w- C:\Program Files (x86)\Quicken2011-09-27 15:12:55 -------- d-----w- C:\ProgramData\Intuit2011-09-27 01:37:28 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Cyberlink2011-09-27 01:03:12 -------- d-----w- C:\ProgramData\Creative Labs2011-09-27 01:02:33 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys2011-09-27 01:02:32 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys2011-09-27 00:59:55 53248 ------w- C:\Windows\Ctregrun.exe2011-09-27 00:59:16 61440 ------w- C:\Windows\SysWow64\CTChkAud.dll2011-09-27 00:59:16 183296 ------w- C:\Windows\System32\CTOPT352.dll2011-09-27 00:59:16 166912 ------w- C:\Windows\SysWow64\CTOPT352.dll2011-09-27 00:59:15 49664 ------w- C:\Windows\System32\CTChkAud.dll2011-09-27 00:59:15 42496 ------w- C:\Windows\System32\AddCat.exe2011-09-27 00:41:30 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Roxio Log Files2011-09-27 00:40:49 -------- d-----w- C:\Windows\System32\appmgmt2011-09-27 00:34:31 -------- d-----w- C:\Program Files (x86)\Common Files\Creative Labs Shared2011-09-27 00:24:29 -------- d-----w- C:\Windows\SysWow64\Wat2011-09-27 00:24:29 -------- d-----w- C:\Windows\System32\Wat2011-09-27 00:23:29 -------- d-----w- C:\Program Files (x86)\OpenAL2011-09-27 00:19:36 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Thunderbird2011-09-26 23:08:06 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys2011-09-26 23:07:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2011-09-26 23:07:51 2048 ----a-w- C:\Windows\System32\tzres.dll2011-09-26 22:29:07 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation2011-09-26 20:25:31 -------- d-----w- C:\Netgear2011-09-26 20:23:03 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Macrovision2011-09-26 19:19:32 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Diagnostics2011-09-26 19:15:09 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Nero_AG2011-09-26 18:45:16 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Dell2011-09-26 18:45:11 -------- d-sh--w- C:\System Recovery2011-09-26 18:44:26 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Fingertapps2011-09-26 18:44:25 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Dell2011-09-26 18:44:13 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Dell Touch Zone2011-09-26 18:44:03 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Intel Corporation2011-09-26 18:43:26 -------- d-----r- C:\Users\Wayne-Rhonda\Virtual Machines2011-09-26 18:43:06 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\VirtualStore.==================== Find3M ====================.2011-10-04 15:38:41 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2011-09-27 01:40:13 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll2011-09-27 01:40:12 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll2011-09-27 01:40:12 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll2011-09-27 00:23:29 466520 ----a-w- C:\Windows\System32\wrap_oal.dll2011-09-27 00:23:29 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll2011-09-27 00:23:29 123480 ----a-w- C:\Windows\System32\OpenAL32.dll2011-09-27 00:23:28 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll2011-09-15 22:46:06 86528 ----a-w- C:\Windows\SysWow64\iesysprep.dll2011-09-15 21:24:48 521448 ----a-w- C:\Windows\System32\deployJava1.dll2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2011-08-19 22:59:28 158832 ----a-w- C:\Windows\System32\mfevtps.exe2011-08-15 17:00:06 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys2011-08-15 17:00:06 75672 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys2011-08-15 17:00:06 65128 ----a-w- C:\Windows\System32\drivers\cfwids.sys2011-08-15 17:00:06 642824 ----a-w- C:\Windows\System32\drivers\mfehidk.sys2011-08-15 17:00:06 481504 ----a-w- C:\Windows\System32\drivers\mfefirek.sys2011-08-15 17:00:06 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys2011-08-15 17:00:06 228752 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys2011-08-15 17:00:06 158584 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys2011-08-15 17:00:06 100904 ----a-w- C:\Windows\System32\drivers\mferkdet.sys2011-08-03 10:31:54 311912 ----a-w- C:\Windows\SysWow64\nvStreaming.exe.============= FINISH: 14:34:12.02 ===============DS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421Run by Wayne-Rhonda at 14:33:40 on 2011-10-17Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12279.10134 [GMT -7:00].AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Windows\system32\mfevtps.exeC:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exec:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exeC:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exeC:\Windows\system32\WUDFHost.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedc:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exeC:\Program Files (x86)\Rainlendar2\Rainlendar2.exeC:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exeC:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXEC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files\mcafee.com\agent\mcagent.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Windows\SysWOW64\Ctxfihlp.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exeC:\Windows\SysWOW64\CTXFISPI.EXEC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\system32\DllHost.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exeC:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_ActiveX.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit=userinit.exeBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dllBHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dllBHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllBHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111012155818.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO: Facetheme: {de4e75d3-60aa-4f02-a0e4-c8a40576574c} - C:\Program Files (x86)\Object\bho_project.dllTB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllTB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dlluRun: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exeuRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exeuRun: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startupuRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exemRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeymRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [CTxfiHlp] CTXFIHLP.EXEmRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttraymRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startupdRunOnce: [CTAutoUpdate] "C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe" /RunFromInstallermPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htmlIE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlIE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlIE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlIE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlIE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlIE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dllDPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cabDPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CABDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CABDPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cabDPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cabDPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cabTCP: DhcpNameServer = 75.75.75.75 75.75.76.76TCP: Interfaces\{F49114D8-41C8-4635-AAA3-DDA000FC615C} : DhcpNameServer = 75.75.75.75 75.75.76.76Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dllBHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dllBHO-X64: StartNow Toolbar Helper - No FileC:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllBHO-X64: RoboForm BHO - No FileBHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111012155818.dllBHO-X64: scriptproxy - No FileBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO-X64: Facetheme: {de4e75d3-60aa-4f02-a0e4-c8a40576574c} - C:\Program Files (x86)\Object\bho_project.dllBHO-X64: BHO Project - No FileTB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllTB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dllmRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exemRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeymRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun-x64: [CTxfiHlp] CTXFIHLP.EXEmRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttraymRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startupIE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlIE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlIE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html.============= SERVICES / DRIVERS ===============.R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-9-5 64952]R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-7-13 150920]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-15 13336]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-2 366664]R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-9-15 199008]R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-9-15 208272]R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-28 2255464]R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-10-12 1153368]R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-9-15 1692480]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496]R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2011-7-27 267488]R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\system32\drivers\ha20x22k.sys --> C:\Windows\system32\drivers\ha20x22k.sys [?]R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]S2 0223521318461630mcinstcleanup;McAfee Application Installer Cleanup (0223521318461630);C:\Windows\TEMP\022352~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\Windows\TEMP\022352~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-9-26 79360]S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-9-26 79360]S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2011-9-26 79360]S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-9-15 224704]S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\FA53.tmp --> C:\Windows\system32\FA53.tmp [?]S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]S3 netvsc;netvsc;C:\Windows\system32\DRIVERS\netvsc60.sys --> C:\Windows\system32\DRIVERS\netvsc60.sys [?]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\system32\drivers\Synth3dVsc.sys --> C:\Windows\system32\drivers\Synth3dVsc.sys [?]S3 SynthVid;SynthVid;C:\Windows\system32\DRIVERS\VMBusVideoM.sys --> C:\Windows\system32\DRIVERS\VMBusVideoM.sys [?]S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]S3 ThreatFire;ThreatFire;C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service --> C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service [?]S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2011-10-13 02:43:26 -------- d-----w- C:\Windows\SysWow64\Dell2011-10-12 21:43:26 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy2011-10-12 21:43:26 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy2011-10-12 21:35:17 -------- d-----w- C:\Program Files (x86)\Object2011-10-12 21:35:16 -------- d-----w- C:\Program Files (x86)\Shop to Win 222011-10-12 21:35:15 -------- d-----w- C:\Program Files (x86)\Shop To Win2011-10-12 21:35:11 -------- d-----w- C:\Program Files (x86)\StartNow Toolbar2011-10-11 19:54:43 3138048 ----a-w- C:\Windows\System32\win32k.sys2011-10-11 19:54:36 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax2011-10-11 19:54:36 613888 ----a-w- C:\Windows\System32\psisdecd.dll2011-10-11 19:54:35 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll2011-10-11 19:54:35 108032 ----a-w- C:\Windows\System32\psisrndr.ax2011-10-11 19:54:34 331776 ----a-w- C:\Windows\System32\oleacc.dll2011-10-11 19:54:34 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll2011-10-11 19:54:33 861696 ----a-w- C:\Windows\System32\oleaut32.dll2011-10-11 19:54:33 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll2011-10-09 18:15:57 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{24F259D6-DD9F-41E6-974C-26BE46E746EE}2011-10-09 18:15:48 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{A74FF26D-8035-4461-BCDF-17D0F31E5D12}2011-10-09 18:15:29 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{034D76F2-0E09-41D9-B481-A8794C1B7861}2011-10-09 17:55:54 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{86888F14-9455-46E1-A2FB-ABBE69670F0F}2011-10-09 17:55:44 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{05B017AA-6B7F-4D6A-BB54-47C804DBE620}2011-10-09 17:53:35 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{7980FCD3-F7AC-4E77-B996-9312C74CB92B}2011-10-09 17:53:25 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{57DD774A-4273-465C-B398-A70297368803}2011-10-09 17:52:21 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{6658FA9C-222F-4F19-A63E-FF4AD11821E2}2011-10-09 17:52:11 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{8F40CBDE-1ED8-4166-B729-08430D2F9C1F}2011-10-09 17:44:52 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Windows Live2011-10-09 17:44:37 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{A0D45EBC-B685-4DEB-AD55-0DD11F777630}2011-10-08 18:01:55 -------- d-----w- C:\Program Files (x86)\MSECache2011-10-06 01:46:26 465264 ----a-w- C:\Program Files (x86)\Common Files\AppFramework.dll2011-10-06 01:46:26 402800 ----a-w- C:\Program Files (x86)\Common Files\facebook.dll2011-10-06 01:46:26 332144 ----a-w- C:\Program Files (x86)\Common Files\MediaOrganizer.dll2011-10-06 01:46:26 33136 ----a-w- C:\Program Files (x86)\Common Files\FlickrProvider.dll2011-10-06 01:46:26 130416 ----a-w- C:\Program Files (x86)\Common Files\PluginCommon.dll2011-10-05 03:33:41 6144 ------w- C:\Windows\System32\FA53.tmp2011-10-05 03:33:20 6144 ------w- C:\Windows\System32\A86C.tmp2011-10-05 03:33:07 -------- d-----w- C:\Program Files (x86)\Sophos2011-10-03 21:40:35 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll2011-10-03 17:26:38 -------- d-----w- C:\Users\Wayne-Rhonda\My Backup Files2011-10-03 16:25:14 -------- d-----w- C:\Program Files (x86)\Dell Touch Software Suite2011-10-03 16:25:14 -------- d-----w- C:\FIND_EULA_PATH2011-10-03 04:17:49 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\PCTools2011-10-03 03:49:54 -------- d-----w- C:\ProgramData\PC Tools2011-10-02 19:43:16 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Adobe2011-09-28 21:01:39 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation2011-09-28 20:57:43 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab2011-09-28 20:54:27 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Microsoft Games2011-09-28 16:19:39 -------- d-----w- C:\Users\Wayne-Rhonda\.rainlendar22011-09-28 16:19:26 -------- d-----w- C:\Program Files (x86)\Rainlendar22011-09-28 03:30:01 8 --sh--r- C:\ProgramData\AC859C82A4.sys2011-09-28 03:30:01 8 --sh--r- C:\ProgramData\4CB328A682.sys2011-09-28 03:30:01 8 --sh--r- C:\ProgramData\4C5B74840F.sys2011-09-28 03:30:00 8 --sh--r- C:\ProgramData\DED7A8BC10.sys2011-09-28 03:30:00 8 --sh--r- C:\ProgramData\07B2980D97.sys2011-09-28 03:22:52 8 --sh--r- C:\ProgramData\F351B99706.sys2011-09-28 03:22:52 8 --sh--r- C:\ProgramData\C019B48D0E.sys2011-09-28 03:22:52 8 --sh--r- C:\ProgramData\313F27D68B.sys2011-09-28 03:22:51 8456 --sha-w- C:\ProgramData\KGyGaAvL.sys2011-09-27 21:35:29 -------- d-----w- C:\Program Files (x86)\Siber Systems2011-09-27 21:06:17 -------- d-----w- C:\ProgramData\eSellerate2011-09-27 21:05:56 -------- d-----w- C:\Program Files (x86)\SmartSound Software2011-09-27 21:05:55 -------- d-----w- C:\ProgramData\SmartSound Software Inc2011-09-27 21:05:38 -------- d--h--w- C:\Windows\msdownld.tmp2011-09-27 21:05:38 -------- d-----w- C:\Windows\RegisteredPackages2011-09-27 21:05:34 -------- d-----w- C:\ProgramData\InterVideo2011-09-27 21:05:31 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll2011-09-27 21:05:31 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\IScript.dll2011-09-27 21:05:31 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll2011-09-27 21:05:30 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll2011-09-27 21:05:30 212992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll2011-09-27 21:03:11 -------- d-----w- C:\Program Files (x86)\Windows Media Components2011-09-27 21:02:52 -------- d-----w- C:\Program Files (x86)\Common Files\Ulead Systems2011-09-27 21:01:18 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe2011-09-27 20:57:57 143360 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll2011-09-27 20:57:57 143360 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll2011-09-27 20:57:57 143360 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll2011-09-27 20:57:57 143360 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll2011-09-27 20:57:57 143360 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll2011-09-27 20:57:57 143360 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll2011-09-27 20:57:57 143360 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll2011-09-27 20:57:02 -------- d-----w- C:\ProgramData\Corel2011-09-27 20:57:02 -------- d-----w- C:\Program Files (x86)\Common Files\Protexis2011-09-27 20:55:36 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Corel2011-09-27 20:54:07 -------- d-----w- C:\Program Files (x86)\Corel2011-09-27 20:54:07 -------- d-----w- C:\Program Files (x86)\Common Files\Corel2011-09-27 20:39:59 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Malwarebytes2011-09-27 20:39:54 -------- d-----w- C:\ProgramData\Malwarebytes2011-09-27 20:39:51 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys2011-09-27 20:39:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2011-09-27 20:10:18 -------- d-----w- C:\Program Files\CCleaner2011-09-27 17:00:22 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\PCDr2011-09-27 17:00:02 -------- d-----w- C:\ProgramData\PCDr2011-09-27 15:23:18 -------- d-----w- C:\Program Files (x86)\MSXML 4.02011-09-27 15:13:45 -------- d-----w- C:\Program Files (x86)\Common Files\AnswerWorks 5.02011-09-27 15:13:43 4199768 ----a-w- C:\Windows\SysWow64\cdintf400.dll2011-09-27 15:13:21 -------- d-----w- C:\Program Files (x86)\Common Files\Intuit2011-09-27 15:13:19 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Intuit2011-09-27 15:13:19 -------- d-----w- C:\Program Files (x86)\Quicken2011-09-27 15:12:55 -------- d-----w- C:\ProgramData\Intuit2011-09-27 01:37:28 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Cyberlink2011-09-27 01:03:12 -------- d-----w- C:\ProgramData\Creative Labs2011-09-27 01:02:33 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys2011-09-27 01:02:32 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys2011-09-27 00:59:55 53248 ------w- C:\Windows\Ctregrun.exe2011-09-27 00:59:16 61440 ------w- C:\Windows\SysWow64\CTChkAud.dll2011-09-27 00:59:16 183296 ------w- C:\Windows\System32\CTOPT352.dll2011-09-27 00:59:16 166912 ------w- C:\Windows\SysWow64\CTOPT352.dll2011-09-27 00:59:15 49664 ------w- C:\Windows\System32\CTChkAud.dll2011-09-27 00:59:15 42496 ------w- C:\Windows\System32\AddCat.exe2011-09-27 00:41:30 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Roxio Log Files2011-09-27 00:40:49 -------- d-----w- C:\Windows\System32\appmgmt2011-09-27 00:34:31 -------- d-----w- C:\Program Files (x86)\Common Files\Creative Labs Shared2011-09-27 00:24:29 -------- d-----w- C:\Windows\SysWow64\Wat2011-09-27 00:24:29 -------- d-----w- C:\Windows\System32\Wat2011-09-27 00:23:29 -------- d-----w- C:\Program Files (x86)\OpenAL2011-09-27 00:19:36 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Thunderbird2011-09-26 23:08:06 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys2011-09-26 23:07:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2011-09-26 23:07:51 2048 ----a-w- C:\Windows\System32\tzres.dll2011-09-26 22:29:07 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation2011-09-26 20:25:31 -------- d-----w- C:\Netgear2011-09-26 20:23:03 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Macrovision2011-09-26 19:19:32 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Diagnostics2011-09-26 19:15:09 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Nero_AG2011-09-26 18:45:16 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Dell2011-09-26 18:45:11 -------- d-sh--w- C:\System Recovery2011-09-26 18:44:26 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Fingertapps2011-09-26 18:44:25 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Dell2011-09-26 18:44:13 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Dell Touch Zone2011-09-26 18:44:03 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Intel Corporation2011-09-26 18:43:26 -------- d-----r- C:\Users\Wayne-Rhonda\Virtual Machines2011-09-26 18:43:06 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\VirtualStore.==================== Find3M ====================.2011-10-04 15:38:41 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2011-09-27 01:40:13 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll2011-09-27 01:40:12 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll2011-09-27 01:40:12 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll2011-09-27 00:23:29 466520 ----a-w- C:\Windows\System32\wrap_oal.dll2011-09-27 00:23:29 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll2011-09-27 00:23:29 123480 ----a-w- C:\Windows\System32\OpenAL32.dll2011-09-27 00:23:28 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll2011-09-15 22:46:06 86528 ----a-w- C:\Windows\SysWow64\iesysprep.dll2011-09-15 21:24:48 521448 ----a-w- C:\Windows\System32\deployJava1.dll2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2011-08-19 22:59:28 158832 ----a-w- C:\Windows\System32\mfevtps.exe2011-08-15 17:00:06 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys2011-08-15 17:00:06 75672 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys2011-08-15 17:00:06 65128 ----a-w- C:\Windows\System32\drivers\cfwids.sys2011-08-15 17:00:06 642824 ----a-w- C:\Windows\System32\drivers\mfehidk.sys2011-08-15 17:00:06 481504 ----a-w- C:\Windows\System32\drivers\mfefirek.sys2011-08-15 17:00:06 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys2011-08-15 17:00:06 228752 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys2011-08-15 17:00:06 158584 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys2011-08-15 17:00:06 100904 ----a-w- C:\Windows\System32\drivers\mferkdet.sys2011-08-03 10:31:54 311912 ----a-w- C:\Windows\SysWow64\nvStreaming.exe.============= FINISH: 14:34:12.02 =============== Link to post Share on other sites More sharing options...
Staff screen317 Posted October 22, 2011 Staff ID:487729 Share Posted October 22, 2011 Hi,Please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317 Link to post Share on other sites More sharing options...
BWC Posted October 31, 2011 Author ID:490477 Share Posted October 31, 2011 Hi,Please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317When attempting to reply with the listed log's included in the reply the program responded "too large, try again." Therefor, I have attached the log's even though that's not the desired method. Also, after running a quick scan the listed "pup" infection was discovered by Maleware. That is the first time that file was found and it was deleted. Also, it seems to be associated with Google Chrome and I do not have that program on this computer.THANKS for all your help!dds.txtComboFix.txtmbam-log-2011-10-31 (11-19-00).txt Link to post Share on other sites More sharing options...
Staff screen317 Posted November 5, 2011 Staff ID:492038 Share Posted November 5, 2011 Hi,My apologies for the extended delay.Use multiple posts if necessary to post future logs instead of attaching them.Update MBAM, run a Quick Scan, and post its log.Grab a fresh copy of ComboFix, run it, and post its log.Download the file TDSSKiller.zip and extract it into a folder on the infected PC.Execute the file TDSSKiller.exe by double-clicking on it.Wait for the scan and disinfection process to be over.When its work is over, the utility prompts for a reboot to complete the disinfection.By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).The log is like UtilityName.Version_Date_Time_log.txt.for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.Please post that log here.Post a fresh DDS log.Next, please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick ScanWait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topicNext, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Let me know how things are running now and what issues remain.-screen317 Link to post Share on other sites More sharing options...
BWC Posted November 7, 2011 Author ID:492533 Share Posted November 7, 2011 MBAM09:11:32 Wayne-Rhonda MESSAGE Protection started successfully09:11:36 Wayne-Rhonda MESSAGE IP Protection started successfully09:12:38 Wayne-Rhonda MESSAGE Scheduled update executed successfully09:13:00 Wayne-Rhonda MESSAGE IP Protection stopped09:13:01 Wayne-Rhonda MESSAGE Database updated successfully09:13:02 Wayne-Rhonda MESSAGE IP Protection started successfully09:24:05 Wayne-Rhonda MESSAGE Protection started successfully09:24:09 Wayne-Rhonda MESSAGE IP Protection started successfully10:56:37 Wayne-Rhonda MESSAGE IP Protection stopped10:56:38 Wayne-Rhonda MESSAGE Database updated successfully10:56:39 Wayne-Rhonda MESSAGE IP Protection started successfully11:29:45 Wayne-Rhonda MESSAGE Protection started successfully11:29:49 Wayne-Rhonda MESSAGE IP Protection started successfullyComboFix 11-11-07.03 - Wayne-Rhonda 11/07/2011 11:16:19.2.8 - x64Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12279.10244 [GMT -8:00]Running from: c:\users\Wayne-Rhonda\Downloads\ComboFix.exeAV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((( Files Created from 2011-10-07 to 2011-11-07 )))))))))))))))))))))))))))))))..2011-11-07 19:20 . 2011-11-07 19:20 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2011-11-07 19:20 . 2011-11-07 19:20 -------- d-----w- c:\users\Default\AppData\Local\temp2011-11-06 20:52 . 2011-11-06 20:52 -------- d-----w- c:\users\Wayne-Rhonda\AppData\Local\Google2011-11-01 20:15 . 2011-11-01 20:15 -------- d-----w- c:\users\Wayne-Rhonda\AppData\Local\Apple Computer2011-10-31 23:32 . 2011-10-31 23:32 -------- d-----w- c:\program files (x86)\Microsoft ActiveSync2011-10-31 23:29 . 2011-10-31 23:29 -------- d-----r- C:\MSOCache2011-10-27 01:25 . 2011-10-27 01:25 -------- d-----w- c:\users\Wayne-Rhonda\AppData\Roaming\NVIDIA2011-10-27 01:25 . 2011-10-27 01:25 -------- d-----w- c:\users\Wayne-Rhonda\AppData\Roaming\Sony Corporation2011-10-27 01:02 . 2011-10-27 01:02 -------- d-----w- c:\program files (x86)\Sony2011-10-27 01:02 . 2011-10-27 01:02 -------- d-----w- c:\programdata\Sony Corporation2011-10-26 23:12 . 2011-10-26 23:12 -------- d-----w- c:\program files (x86)\Siber Systems2011-10-26 22:26 . 2011-10-26 22:26 -------- d-----w- c:\program files (x86)\Common Files\Java2011-10-15 07:54 . 2011-10-15 07:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe2011-10-13 02:43 . 2011-10-13 02:43 -------- d-----w- c:\windows\SysWow64\Dell2011-10-12 21:43 . 2011-11-01 21:36 -------- d-----w- c:\programdata\Spybot - Search & Destroy2011-10-12 21:43 . 2011-10-12 21:45 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy2011-10-12 21:35 . 2011-10-12 21:35 -------- d-----w- c:\program files (x86)\Shop to Win 222011-10-11 23:29 . 2011-10-11 23:30 -------- d-----w- c:\program files\Common Files\Adobe2011-10-11 19:54 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys2011-10-11 19:54 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll2011-10-11 19:54 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax2011-10-11 19:54 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax2011-10-11 19:54 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll2011-10-11 19:54 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll2011-10-11 19:54 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll2011-10-11 19:54 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll2011-10-11 19:54 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll2011-10-09 17:44 . 2011-10-28 17:59 -------- d-----w- c:\users\Wayne-Rhonda\AppData\Local\Windows Live...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-11-01 19:34 . 2011-09-28 03:22 8456 --sha-w- c:\programdata\KGyGaAvL.sys2011-10-18 16:48 . 2011-09-15 21:19 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2011-10-15 08:53 . 2011-09-28 21:00 1533248 ----a-w- c:\windows\system32\nvdispco64.dll2011-10-15 08:53 . 2011-09-28 21:00 1454400 ----a-w- c:\windows\system32\nvgenco64.dll2011-10-15 08:53 . 2011-09-15 22:49 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll2011-10-15 08:53 . 2011-09-15 22:49 7041856 ----a-w- c:\windows\SysWow64\nvwgf2um.dll2011-10-15 08:53 . 2011-09-15 22:49 13205312 ----a-w- c:\windows\SysWow64\nvd3dum.dll2011-10-15 08:53 . 2011-09-15 22:49 2808128 ----a-w- c:\windows\system32\nvapi64.dll2011-10-15 08:53 . 2011-04-04 05:15 137536 ----a-w- c:\windows\system32\nvshext.dll2011-10-15 08:53 . 2011-04-04 03:15 222528 ----a-w- c:\windows\system32\nvmctray.dll2011-10-15 08:53 . 2011-04-04 03:15 1640768 ----a-w- c:\windows\system32\nvvsvc.exe2011-10-15 08:53 . 2011-04-04 03:15 837952 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll2011-10-15 08:53 . 2011-04-04 03:14 10406208 ----a-w- c:\windows\system32\nvcpl.dll2011-10-15 08:53 . 2011-04-04 03:14 5067584 ----a-w- c:\windows\system32\nvsvc64.dll2011-10-03 12:06 . 2011-09-15 21:24 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll2011-09-28 03:30 . 2011-09-28 03:30 8 --sh--r- c:\programdata\AC859C82A4.sys2011-09-28 03:30 . 2011-09-28 03:30 8 --sh--r- c:\programdata\4CB328A682.sys2011-09-28 03:30 . 2011-09-28 03:30 8 --sh--r- c:\programdata\4C5B74840F.sys2011-09-28 03:30 . 2011-09-28 03:30 8 --sh--r- c:\programdata\DED7A8BC10.sys2011-09-28 03:30 . 2011-09-28 03:30 8 --sh--r- c:\programdata\07B2980D97.sys2011-09-28 03:22 . 2011-09-28 03:22 8 --sh--r- c:\programdata\F351B99706.sys2011-09-28 03:22 . 2011-09-28 03:22 8 --sh--r- c:\programdata\C019B48D0E.sys2011-09-28 03:22 . 2011-09-28 03:22 8 --sh--r- c:\programdata\313F27D68B.sys2011-09-27 01:40 . 2011-09-15 21:34 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll2011-09-27 01:40 . 2011-09-15 21:34 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll2011-09-27 01:40 . 2011-09-15 21:34 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll2011-09-27 00:23 . 2011-09-15 23:10 466520 ----a-w- c:\windows\system32\wrap_oal.dll2011-09-27 00:23 . 2011-09-15 23:10 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll2011-09-27 00:23 . 2011-09-15 23:10 123480 ----a-w- c:\windows\system32\OpenAL32.dll2011-09-27 00:23 . 2011-09-15 23:10 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll2011-09-27 00:07 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2011-09-15 23:04 . 2011-09-15 23:04 360832 ----a-w- c:\windows\system32\drivers\vpcvmm.sys2011-09-15 23:04 . 2011-09-15 23:04 936448 ----a-w- c:\windows\system32\vmsal.exe2011-09-15 23:04 . 2011-09-15 23:04 793600 ----a-w- c:\windows\SysWow64\vmsal.exe2011-09-15 23:04 . 2011-09-15 23:04 59392 ----a-w- c:\windows\system32\drivers\vpcnfltr.sys2011-09-15 23:04 . 2011-09-15 23:04 562176 ----a-w- c:\windows\system32\VMCPropertyHandler.dll2011-09-15 23:04 . 2011-09-15 23:04 4514816 ----a-w- c:\windows\system32\vpc.exe2011-09-15 23:04 . 2011-09-15 23:04 2264064 ----a-w- c:\windows\system32\VPCWizard.exe2011-09-15 23:04 . 2011-09-15 23:04 1369600 ----a-w- c:\windows\system32\VPCSettings.exe2011-09-15 23:04 . 2011-09-15 23:04 1210368 ----a-w- c:\windows\system32\VMWindow.exe2011-09-15 23:04 . 2011-09-15 23:04 95232 ----a-w- c:\windows\system32\drivers\vpcusb.sys2011-09-15 23:04 . 2011-09-15 23:04 194944 ----a-w- c:\windows\system32\drivers\vpchbus.sys2011-09-15 23:04 . 2011-09-15 23:04 15872 ----a-w- c:\windows\system32\vpchbuspipe.dll2011-09-15 23:04 . 2011-09-15 23:04 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll2011-09-15 23:04 . 2011-09-15 23:04 31232 ----a-w- c:\windows\SysWow64\prevhost.exe2011-09-15 23:04 . 2011-09-15 23:04 31232 ----a-w- c:\windows\system32\prevhost.exe2011-09-15 23:04 . 2011-09-15 23:04 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll2011-09-15 23:04 . 2011-09-15 23:04 976896 ----a-w- c:\windows\system32\inetcomm.dll2011-09-15 23:04 . 2011-09-15 23:04 902656 ----a-w- c:\windows\system32\d2d1.dll2011-09-15 23:04 . 2011-09-15 23:04 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll2011-09-15 23:04 . 2011-09-15 23:04 739840 ----a-w- c:\windows\SysWow64\d2d1.dll2011-09-15 23:04 . 2011-09-15 23:04 70656 ----a-w- c:\windows\SysWow64\fontsub.dll2011-09-15 23:04 . 2011-09-15 23:04 499200 ----a-w- c:\windows\system32\drivers\afd.sys2011-09-15 23:04 . 2011-09-15 23:04 46080 ----a-w- c:\windows\system32\atmlib.dll2011-09-15 23:04 . 2011-09-15 23:04 367616 ----a-w- c:\windows\system32\atmfd.dll2011-09-15 23:04 . 2011-09-15 23:04 34304 ----a-w- c:\windows\SysWow64\atmlib.dll2011-09-15 23:04 . 2011-09-15 23:04 294912 ----a-w- c:\windows\SysWow64\atmfd.dll2011-09-15 23:04 . 2011-09-15 23:04 2871808 ----a-w- c:\windows\explorer.exe2011-09-15 23:04 . 2011-09-15 23:04 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys2011-09-15 23:04 . 2011-09-15 23:04 2616320 ----a-w- c:\windows\SysWow64\explorer.exe2011-09-15 23:04 . 2011-09-15 23:04 197120 ----a-w- c:\windows\system32\d3d10_1.dll2011-09-15 23:04 . 2011-09-15 23:04 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll2011-09-15 23:04 . 2011-09-15 23:04 1544192 ----a-w- c:\windows\system32\DWrite.dll2011-09-15 23:04 . 2011-09-15 23:04 1395712 ----a-w- c:\windows\system32\mfc42.dll2011-09-15 23:04 . 2011-09-15 23:04 1359872 ----a-w- c:\windows\system32\mfc42u.dll2011-09-15 23:04 . 2011-09-15 23:04 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll2011-09-15 23:04 . 2011-09-15 23:04 1139200 ----a-w- c:\windows\system32\FntCache.dll2011-09-15 23:04 . 2011-09-15 23:04 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll2011-09-15 23:04 . 2011-09-15 23:04 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll2011-09-15 23:04 . 2011-09-15 23:04 100864 ----a-w- c:\windows\system32\fontsub.dll2011-09-15 23:04 . 2011-09-15 23:04 961024 ----a-w- c:\windows\system32\CPFilters.dll2011-09-15 23:04 . 2011-09-15 23:04 850944 ----a-w- c:\windows\SysWow64\sbe.dll2011-09-15 23:04 . 2011-09-15 23:04 723968 ----a-w- c:\windows\system32\EncDec.dll2011-09-15 23:04 . 2011-09-15 23:04 715776 ----a-w- c:\windows\system32\kerberos.dll2011-09-15 23:04 . 2011-09-15 23:04 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll2011-09-15 23:04 . 2011-09-15 23:04 542208 ----a-w- c:\windows\SysWow64\kerberos.dll2011-09-15 23:04 . 2011-09-15 23:04 534528 ----a-w- c:\windows\SysWow64\EncDec.dll2011-09-15 23:04 . 2011-09-15 23:04 259072 ----a-w- c:\windows\system32\mpg2splt.ax2011-09-15 23:04 . 2011-09-15 23:04 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax2011-09-15 23:04 . 2011-09-15 23:04 1118720 ----a-w- c:\windows\system32\sbe.dll2011-09-15 23:04 . 2011-09-15 23:04 99328 ----a-w- c:\windows\system32\drivers\usbccgp.sys2011-09-15 23:04 . 2011-09-15 23:04 96768 ----a-w- c:\windows\system32\fsutil.exe2011-09-15 23:04 . 2011-09-15 23:04 7936 ----a-w- c:\windows\system32\drivers\usbd.sys2011-09-15 23:04 . 2011-09-15 23:04 74240 ----a-w- c:\windows\SysWow64\fsutil.exe2011-09-15 23:04 . 2011-09-15 23:04 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys2011-09-15 23:04 . 2011-09-15 23:04 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys2011-09-15 23:04 . 2011-09-15 23:04 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll2011-09-15 23:04 . 2011-09-15 23:04 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys2011-09-15 23:04 . 2011-09-15 23:04 325120 ----a-w- c:\windows\system32\drivers\usbport.sys2011-09-15 23:04 . 2011-09-15 23:04 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys2011-09-15 23:04 . 2011-09-15 23:04 30208 ----a-w- c:\windows\system32\dnscacheugc.exe2011-09-15 23:04 . 2011-09-15 23:04 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe2011-09-15 23:04 . 2011-09-15 23:04 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys2011-09-15 23:04 . 2011-09-15 23:04 267776 ----a-w- c:\windows\system32\FXSCOVER.exe2011-09-15 23:04 . 2011-09-15 23:04 2565632 ----a-w- c:\windows\system32\esent.dll2011-09-15 23:04 . 2011-09-15 23:04 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys2011-09-15 23:04 . 2011-09-15 23:04 189824 ----a-w- c:\windows\system32\drivers\storport.sys2011-09-15 23:04 . 2011-09-15 23:04 183296 ----a-w- c:\windows\system32\dnsrslvr.dll2011-09-15 23:04 . 2011-09-15 23:04 1699328 ----a-w- c:\windows\SysWow64\esent.dll2011-09-15 23:04 . 2011-09-15 23:04 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys..((((((((((((((((((((((((((((( SnapShot@2011-10-31_18.02.38 ))))))))))))))))))))))))))))))))))))))))).+ 1999-11-25 01:40 . 1999-11-25 01:40 40960 c:\windows\SysWOW64\VBAME.DLL+ 1998-03-25 04:54 . 1998-03-25 04:54 15872 c:\windows\SysWOW64\SCP32.DLL+ 1998-06-18 02:08 . 1998-06-18 02:08 53248 c:\windows\SysWOW64\MFC42ENU.DLL+ 2007-03-23 02:17 . 2007-03-23 02:17 35440 c:\windows\SysWOW64\FM20ENU.DLL- 2009-07-14 04:54 . 2011-10-31 16:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2009-07-14 04:54 . 2011-11-07 17:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2009-07-14 04:54 . 2011-10-31 16:31 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2009-07-14 04:54 . 2011-11-07 17:24 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2009-07-14 04:54 . 2011-11-07 17:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat- 2009-07-14 04:54 . 2011-10-31 16:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2010-11-21 03:09 . 2011-11-07 17:23 42740 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin+ 2009-07-14 05:10 . 2011-11-07 17:23 40076 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin+ 2011-10-31 23:32 . 2007-04-09 20:23 46472 c:\windows\system32\spool\drivers\x64\mdiui.dll- 2011-09-26 18:41 . 2011-10-31 17:09 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2011-09-26 18:41 . 2011-11-07 17:38 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2011-09-26 18:41 . 2011-10-31 17:09 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2011-09-26 18:41 . 2011-11-07 17:38 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2009-07-14 04:54 . 2011-11-07 17:38 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat- 2009-07-14 04:54 . 2011-10-31 17:09 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2009-07-14 04:46 . 2011-11-03 16:13 89872 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat+ 2011-05-24 23:27 . 2011-05-24 23:27 60928 c:\windows\Installer\12424fa.msp+ 2011-10-31 23:32 . 2011-11-01 19:24 23040 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\unbndico.exe+ 2011-10-31 23:32 . 2011-11-01 19:24 61440 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\pubs.exe+ 2011-10-31 23:32 . 2011-11-01 19:24 27136 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\oisicon.exe+ 2011-10-31 23:32 . 2011-11-01 19:24 11264 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\mspicons.exe+ 2011-10-31 23:32 . 2011-11-01 19:24 86016 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\inficon.exe+ 2011-10-31 23:32 . 2011-11-01 19:24 12288 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\cagicon.exe+ 1999-12-10 04:21 . 1999-12-10 04:21 32768 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\XLCALL32.DLL+ 2011-10-31 23:32 . 2011-10-31 23:32 64088 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\VBIDEPIA.DLL+ 2003-07-15 05:53 . 2003-07-15 05:53 11848 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL.EXE+ 2003-07-15 05:57 . 2003-07-15 05:57 58944 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL+ 2003-07-15 05:57 . 2003-07-15 05:57 40512 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL+ 2003-05-09 04:54 . 2003-05-09 04:54 77824 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL+ 2003-07-15 10:14 . 2003-07-15 10:14 27192 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\OISCTRL.DLL+ 2003-07-15 05:56 . 2003-07-15 05:56 13888 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL+ 2003-07-15 05:57 . 2003-07-15 05:57 56888 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\NAME.DLL+ 1998-08-09 18:07 . 1998-08-09 18:07 94208 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSSTKPRP.DLL+ 2003-07-15 05:52 . 2003-07-15 05:52 41528 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSSH.DLL+ 2003-06-19 00:31 . 2003-06-19 00:31 16384 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL+ 2003-07-15 05:45 . 2003-07-15 05:45 39488 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL+ 2003-07-15 05:45 . 2003-07-15 05:45 55360 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE+ 2003-07-15 05:46 . 2003-07-15 05:46 42040 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL+ 2003-07-15 05:52 . 2003-07-15 05:52 35896 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSOSV.DLL+ 2003-07-15 05:52 . 2003-07-15 05:52 28224 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL+ 2003-07-15 05:52 . 2003-07-15 05:52 55360 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE+ 2003-07-15 05:52 . 2003-07-15 05:52 67128 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSOHEV.DLL+ 2003-07-15 05:44 . 2003-07-15 05:44 25144 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSOEURO.DLL+ 2003-07-15 05:52 . 2003-07-15 05:52 27704 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSODCW.DLL+ 2003-07-15 05:52 . 2003-07-15 05:52 17464 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSMH.DLL+ 2003-07-15 05:51 . 2003-07-15 05:51 87104 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSENCODE.DLL+ 2003-06-19 00:31 . 2003-06-19 00:31 35328 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MDIUI.DLL+ 2003-06-19 00:31 . 2003-06-19 00:31 18944 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MDIPPR.DLL+ 2003-06-19 00:31 . 2003-06-19 00:31 17920 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MDIMON.DLL+ 2003-07-15 05:57 . 2003-07-15 05:57 87096 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\IEAWSDC.DLL+ 2003-07-15 05:53 . 2003-07-15 05:53 34880 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\DWTRIG20.EXE+ 2003-07-15 05:52 . 2003-07-15 05:52 39992 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\DWDCW20.DLL+ 2003-07-15 05:57 . 2003-07-15 05:57 98360 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\DSSM.EXE+ 2003-07-15 05:56 . 2003-07-15 05:56 14904 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\DSITF.DLL+ 2003-07-15 10:18 . 2003-07-15 10:18 14400 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\DFUIPRXY.DLL+ 2003-07-15 10:18 . 2003-07-15 10:18 47160 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\DFUICOM.EXE+ 2003-07-15 05:53 . 2003-07-15 05:53 94768 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\AW.DLL+ 2003-07-15 05:57 . 2003-07-15 05:57 38968 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL+ 2011-10-31 23:32 . 2011-10-31 23:32 16384 c:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll+ 2011-10-31 23:36 . 2011-10-31 23:36 66936 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll+ 2011-09-27 00:08 . 2011-11-07 17:23 7074 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3288449280-1958838829-573916818-1000_UserData.bin+ 2011-11-07 19:21 . 2011-11-07 19:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat- 2011-10-31 18:01 . 2011-10-31 18:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat+ 2011-11-07 19:21 . 2011-11-07 19:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat- 2011-10-31 18:01 . 2011-10-31 18:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat+ 2011-10-31 23:32 . 2011-11-01 19:24 4096 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\opwicon.exe+ 2011-10-31 23:32 . 2011-10-31 23:32 4096 c:\windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll+ 2000-04-04 00:52 . 2000-04-04 00:52 151552 c:\windows\SysWOW64\RDOCURS.DLL+ 2000-05-24 05:45 . 2000-05-24 05:45 118784 c:\windows\SysWOW64\MSSTDFMT.DLL+ 2000-05-11 20:06 . 2000-05-11 20:06 397312 c:\windows\SysWOW64\MSRDO20.DLL+ 2011-10-31 23:32 . 2007-04-09 20:24 758664 c:\windows\system32\spool\drivers\x64\mdigraph.dll- 2009-07-14 02:36 . 2011-10-30 06:35 661680 c:\windows\system32\perfh009.dat+ 2009-07-14 02:36 . 2011-11-07 17:26 661680 c:\windows\system32\perfh009.dat- 2009-07-14 02:36 . 2011-10-30 06:35 121598 c:\windows\system32\perfc009.dat+ 2009-07-14 02:36 . 2011-11-07 17:26 121598 c:\windows\system32\perfc009.dat+ 2009-07-14 04:45 . 2011-11-01 16:51 318256 c:\windows\system32\FNTCACHE.DAT+ 2011-09-26 23:51 . 2011-11-07 04:26 840584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat+ 2009-07-14 05:01 . 2011-11-07 19:20 270544 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat+ 2011-09-26 23:51 . 2011-11-01 04:02 540808 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3288449280-1958838829-573916818-1000-12288.dat+ 2009-09-09 22:40 . 2009-09-09 22:40 632320 c:\windows\Installer\89637b.msp+ 2008-07-28 21:59 . 2008-07-28 21:59 180736 c:\windows\Installer\89620d.msp+ 2010-11-12 18:08 . 2010-11-12 18:08 889344 c:\windows\Installer\8961f2.msp+ 2011-10-31 23:32 . 2011-11-01 19:24 409600 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\xlicons.exe+ 2011-10-31 23:32 . 2011-11-01 19:24 286720 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\wordicon.exe+ 2011-10-31 23:32 . 2011-11-01 19:24 249856 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\pptico.exe+ 2011-10-31 23:32 . 2011-11-01 19:24 794624 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\outicon.exe+ 2011-10-31 23:32 . 2011-11-01 19:24 135168 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\misc.exe+ 2011-10-31 23:32 . 2011-11-01 19:24 593920 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\accicons.exe+ 2007-05-10 21:35 . 2007-05-10 21:35 120160 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.8173\MSCONV97.DLL+ 2007-04-19 21:01 . 2007-04-19 21:01 238424 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.8173\MSCDM.DLL+ 2007-04-19 21:09 . 2007-04-19 21:09 167256 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.8173\IETAG.DLL+ 2003-07-15 10:14 . 2003-07-15 10:14 242240 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL+ 2003-07-15 10:14 . 2003-07-15 10:14 828472 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\OISAPP.DLL+ 2003-07-15 10:14 . 2003-07-15 10:14 283696 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\OIS.EXE+ 2011-10-31 23:32 . 2011-10-31 23:32 223800 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\OFFICE.DLL+ 2003-07-15 06:00 . 2003-07-15 06:00 145984 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL+ 1998-06-17 18:52 . 1998-06-17 18:52 401462 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSVCP60.DLL+ 2003-07-24 05:40 . 2003-07-24 05:40 482872 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSTORES.DLL+ 2003-07-15 05:56 . 2003-07-15 05:56 124984 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSTORE.EXE+ 2003-07-15 06:02 . 2003-07-15 06:02 627256 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSTORDB.EXE+ 2003-06-19 23:05 . 2003-06-19 23:05 364648 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE+ 2003-07-15 10:18 . 2003-07-15 10:18 376888 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSORUN.DLL+ 2003-07-24 05:35 . 2003-07-24 05:35 127032 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSOCFU.DLL+ 2003-07-15 10:14 . 2003-07-15 10:14 106552 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSOCF.DLL+ 2003-07-15 05:57 . 2003-07-15 05:57 120888 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL+ 2002-04-10 03:14 . 2002-04-10 03:14 187560 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSMDUN80.DLL+ 2002-12-18 02:08 . 2002-12-18 02:08 359600 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSDMENG.DLL+ 2003-07-15 05:51 . 2003-07-15 05:51 116288 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSCONV97.DLL+ 2003-07-15 05:58 . 2003-07-15 05:58 230968 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSCDM.DLL+ 2003-06-19 00:31 . 2003-06-19 00:31 443904 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MDIVWCTL.DLL+ 2003-06-19 00:31 . 2003-06-19 00:31 252928 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL+ 2003-06-19 00:31 . 2003-06-19 00:31 758784 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MDIGRAPH.DLL+ 2003-07-15 05:53 . 2003-07-15 05:53 161336 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\IETAG.DLL+ 2003-07-26 02:14 . 2003-07-26 02:14 799288 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\FPWEC.DLL+ 2003-07-15 05:40 . 2003-07-15 05:40 165944 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\FPLACE.DLL+ 2003-07-15 05:40 . 2003-07-15 05:40 179768 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL+ 2003-07-15 06:36 . 2003-07-15 06:36 186424 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\FPDTC.DLL+ 2003-07-15 10:14 . 2003-07-15 10:14 350264 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\CDLMSO.DLL+ 2003-07-15 10:18 . 2003-07-15 10:18 141360 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\ATP.DLL+ 2011-01-14 14:10 . 2011-01-14 14:10 155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL+ 2011-01-14 14:10 . 2011-01-14 14:10 140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL+ 2011-10-31 23:36 . 2011-10-31 23:36 226656 c:\windows\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL+ 2011-10-31 23:32 . 2011-10-31 23:32 229376 c:\windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL+ 2011-10-31 23:32 . 2011-10-31 23:32 110592 c:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll+ 2009-08-05 02:52 . 2009-08-05 02:52 1193832 c:\windows\SysWOW64\FM20.DLL+ 2010-08-05 17:57 . 2010-08-05 17:57 4066304 c:\windows\Installer\896405.msp+ 2009-10-17 01:07 . 2009-10-17 01:07 6115328 c:\windows\Installer\8963ea.msp+ 2010-10-22 22:45 . 2010-10-22 22:45 8444928 c:\windows\Installer\8963ce.msp+ 2011-07-26 15:17 . 2011-07-26 15:17 6824960 c:\windows\Installer\896397.msp+ 2009-08-20 12:02 . 2009-08-20 12:02 5204992 c:\windows\Installer\89635e.msp+ 2010-06-12 00:55 . 2010-06-12 00:55 1827328 c:\windows\Installer\896341.msp+ 2009-07-01 20:21 . 2009-07-01 20:21 8891904 c:\windows\Installer\896319.msp+ 2010-08-24 00:09 . 2010-08-24 00:09 7673344 c:\windows\Installer\8962f1.msp+ 2008-01-14 23:53 . 2008-01-14 23:53 5213696 c:\windows\Installer\8962d5.msp+ 2011-01-15 16:46 . 2011-01-15 16:46 2049536 c:\windows\Installer\8962bb.msi+ 2011-05-18 01:28 . 2011-05-18 01:28 6862848 c:\windows\Installer\8962b4.msp+ 2011-04-29 20:04 . 2011-04-29 20:04 5053440 c:\windows\Installer\896298.msp+ 2009-12-17 05:58 . 2009-12-17 05:58 5382144 c:\windows\Installer\89627d.msp+ 2008-10-25 16:15 . 2008-10-25 16:15 6227456 c:\windows\Installer\896260.msp+ 2009-09-29 16:08 . 2009-09-29 16:08 6747648 c:\windows\Installer\896245.msp+ 2011-05-23 21:15 . 2011-05-23 21:15 3617792 c:\windows\Installer\896229.msp+ 2010-08-26 00:06 . 2010-08-26 00:06 6479360 c:\windows\Installer\8961d2.msp+ 2010-10-02 04:53 . 2010-10-02 04:53 4147712 c:\windows\Installer\8961b6.msp+ 2010-03-30 19:34 . 2010-03-30 19:34 3826688 c:\windows\Installer\89619b.msp+ 2011-07-21 19:34 . 2011-07-21 19:34 3456000 c:\windows\Installer\1b4295.msp+ 2005-10-26 21:59 . 2005-10-26 21:59 2883072 c:\windows\Installer\1242516.msp+ 2011-09-20 22:36 . 2011-09-20 22:36 5521408 c:\windows\Installer\12424df.msp+ 2011-10-31 23:29 . 2011-10-31 23:29 5923328 c:\windows\Installer\124241e.msi+ 2007-05-10 00:19 . 2007-05-10 00:19 2585936 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.8173\VBE6.DLL+ 2007-05-10 20:45 . 2007-05-10 20:45 8069464 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.8173\OWC11.DLL+ 2007-04-19 21:09 . 2007-04-19 21:09 1061720 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.8173\OMFC.DLL+ 2007-06-06 17:53 . 2007-06-06 17:53 1195888 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.8173\FM20.DLL+ 2003-07-03 22:19 . 2003-07-03 22:19 2502656 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\VBE6.DLL+ 2003-08-03 17:52 . 2003-08-03 17:52 2808376 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\STSLIST.DLL+ 2003-08-01 22:09 . 2003-08-01 22:09 8086072 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\OWC11.DLL+ 2003-07-15 06:05 . 2003-07-15 06:05 1054264 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\OMFC.DLL+ 2003-06-19 00:31 . 2003-06-19 00:31 1033216 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSPCORE.DLL+ 2003-07-11 09:15 . 2003-07-11 09:15 1292872 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSONSEXT.DLL+ 2002-12-18 02:09 . 2002-12-18 02:09 2071752 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSOLAP80.DLL+ 2002-12-18 02:08 . 2002-12-18 02:08 1383592 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSDMINE.DLL+ 2003-07-15 06:11 . 2003-07-15 06:11 2139192 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\GRAPH.EXE+ 2003-07-26 02:00 . 2003-07-26 02:00 1157696 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\FPSRVUTL.DLL+ 2003-07-24 06:01 . 2003-07-24 06:01 1949240 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\FPCUTL.DLL+ 2003-08-03 17:56 . 2003-08-03 17:56 1146184 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\FM20.DLL+ 2011-01-14 14:10 . 2011-01-14 14:10 2395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL+ 2011-01-14 14:10 . 2011-01-14 14:10 2180992 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKPOWERPOINT.DLL+ 2011-01-14 14:10 . 2011-01-14 14:10 3443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL+ 2011-09-26 23:51 . 2011-11-07 19:20 13693888 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3288449280-1958838829-573916818-1000-8192.dat+ 2011-07-26 23:33 . 2011-07-26 23:33 10984448 c:\windows\Installer\8963b3.msp+ 2010-06-12 00:52 . 2010-06-12 00:52 45542912 c:\windows\Installer\896342.msp+ 2009-07-01 20:19 . 2009-07-01 20:19 10607104 c:\windows\Installer\89631a.msp+ 2007-05-31 20:37 . 2007-05-31 20:37 12310368 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.8173\WINWORD.EXE+ 2007-06-19 00:16 . 2007-06-19 00:16 12259160 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.8173\MSO.DLL+ 2007-05-31 20:41 . 2007-05-31 20:41 10352472 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE+ 2003-08-06 20:24 . 2003-08-06 20:24 12037688 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\WINWORD.EXE+ 2003-08-08 07:23 . 2003-08-08 07:23 12172336 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSO.DLL+ 2003-08-13 09:34 . 2003-08-13 09:34 10073144 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\EXCEL.EXE+ 2007-07-27 16:03 . 2007-07-27 16:03 119977472 c:\windows\Installer\12424ca.msp.-- Snapshot reset to current date --.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Rainlendar2"="c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2011-08-12 2433024]"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-10-26 107000].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-17 1674896]"CTxfiHlp"="CTXFIHLP.EXE" [2010-07-07 24576]"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 451144]"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"CTAutoUpdate"="c:\program files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe" [2009-06-19 623416].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-07-13 150920]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366664]R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-09-27 79360]R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-09-27 79360]R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2011-09-27 79360]R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\FA53.tmp [x]R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [x]R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools Security\TFEngine\TFService.exe service [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-09-05 64952]S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-08-19 208272]S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [x]S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]..--- Other Services/Drivers In Memory ---.*Deregistered* - mfeavfk01.Contents of the 'Scheduled Tasks' folder.2011-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3288449280-1958838829-573916818-1000Core.job- c:\users\Wayne-Rhonda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-06 20:52].2011-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3288449280-1958838829-573916818-1000UA.job- c:\users\Wayne-Rhonda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-06 20:52].2011-10-19 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32].2011-11-07 c:\windows\Tasks\SystemToolsDailyTest.job- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]..--------- x86-64 -----------..------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmIE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htmlIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlIE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlIE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlTCP: DhcpNameServer = 75.75.75.75 75.75.76.76DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]"ImagePath"="\??\c:\windows\system32\FA53.tmp".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Creative\Shared Files\CTAudSvc.exec:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exec:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exec:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXEc:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE.**************************************************************************.Completion time: 2011-11-07 11:23:54 - machine was rebootedComboFix-quarantined-files.txt 2011-11-07 19:23ComboFix2.txt 2011-10-31 18:04.Pre-Run: 914,422,521,856 bytes freePost-Run: 914,013,147,136 bytes free.- - End Of File - - 23D88642366E5A2D281B813069693D54 Link to post Share on other sites More sharing options...
BWC Posted November 7, 2011 Author ID:492534 Share Posted November 7, 2011 Hi,My apologies for the extended delay.Use multiple posts if necessary to post future logs instead of attaching them.Update MBAM, run a Quick Scan, and post its log.Grab a fresh copy of ComboFix, run it, and post its log.Download the file TDSSKiller.zip and extract it into a folder on the infected PC.Execute the file TDSSKiller.exe by double-clicking on it.Wait for the scan and disinfection process to be over.When its work is over, the utility prompts for a reboot to complete the disinfection.By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).The log is like UtilityName.Version_Date_Time_log.txt.for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.Please post that log here.Post a fresh DDS log.Next, please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick ScanWait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topicNext, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Let me know how things are running now and what issues remain.-screen31711:37:47.0406 2752 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:5111:37:48.0155 2752 ============================================================11:37:48.0155 2752 Current date / time: 2011/11/07 11:37:48.015511:37:48.0155 2752 SystemInfo:11:37:48.0155 2752 11:37:48.0155 2752 OS Version: 6.1.7601 ServicePack: 1.011:37:48.0155 2752 Product type: Workstation11:37:48.0155 2752 ComputerName: WAYNE-RHONDA-PC11:37:48.0155 2752 UserName: Wayne-Rhonda11:37:48.0155 2752 Windows directory: C:\Windows11:37:48.0155 2752 System windows directory: C:\Windows11:37:48.0155 2752 Running under WOW6411:37:48.0155 2752 Processor architecture: Intel x6411:37:48.0155 2752 Number of processors: 811:37:48.0155 2752 Page size: 0x100011:37:48.0155 2752 Boot type: Normal boot11:37:48.0155 2752 ============================================================11:37:49.0013 2752 Initialize success11:38:03.0724 6700 ============================================================11:38:03.0724 6700 Scan started11:38:03.0724 6700 Mode: Manual; 11:38:03.0724 6700 ============================================================11:38:04.0083 6700 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys11:38:04.0083 6700 1394ohci - ok11:38:04.0176 6700 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys11:38:04.0176 6700 ACPI - ok11:38:04.0207 6700 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys11:38:04.0254 6700 AcpiPmi - ok11:38:04.0301 6700 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys11:38:04.0317 6700 adp94xx - ok11:38:04.0348 6700 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys11:38:04.0363 6700 adpahci - ok11:38:04.0379 6700 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys11:38:04.0410 6700 adpu320 - ok11:38:04.0473 6700 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys11:38:04.0473 6700 AFD - ok11:38:04.0488 6700 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys11:38:04.0519 6700 agp440 - ok11:38:04.0535 6700 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys11:38:04.0535 6700 aliide - ok11:38:04.0551 6700 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys11:38:04.0551 6700 amdide - ok11:38:04.0551 6700 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys11:38:04.0566 6700 AmdK8 - ok11:38:04.0566 6700 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys11:38:04.0566 6700 AmdPPM - ok11:38:04.0597 6700 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys11:38:04.0644 6700 amdsata - ok11:38:04.0675 6700 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys11:38:04.0691 6700 amdsbs - ok11:38:04.0707 6700 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys11:38:04.0707 6700 amdxata - ok11:38:04.0738 6700 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys11:38:04.0785 6700 AppID - ok11:38:04.0785 6700 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys11:38:04.0800 6700 arc - ok11:38:04.0800 6700 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys11:38:04.0800 6700 arcsas - ok11:38:04.0847 6700 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys11:38:04.0847 6700 AsyncMac - ok11:38:04.0894 6700 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys11:38:04.0909 6700 atapi - ok11:38:04.0972 6700 athr (195786ed7a26e1913a4f9799fdbc2c71) C:\Windows\system32\DRIVERS\athrx.sys11:38:05.0034 6700 athr - ok11:38:05.0081 6700 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys11:38:05.0097 6700 b06bdrv - ok11:38:05.0112 6700 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys11:38:05.0128 6700 b57nd60a - ok11:38:05.0159 6700 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys11:38:05.0159 6700 Beep - ok11:38:05.0190 6700 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys11:38:05.0206 6700 blbdrive - ok11:38:05.0221 6700 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys11:38:05.0237 6700 bowser - ok11:38:05.0253 6700 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys11:38:05.0253 6700 BrFiltLo - ok11:38:05.0268 6700 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys11:38:05.0268 6700 BrFiltUp - ok11:38:05.0299 6700 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys11:38:05.0315 6700 Brserid - ok11:38:05.0315 6700 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys11:38:05.0331 6700 BrSerWdm - ok11:38:05.0346 6700 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys11:38:05.0346 6700 BrUsbMdm - ok11:38:05.0346 6700 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys11:38:05.0346 6700 BrUsbSer - ok11:38:05.0362 6700 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys11:38:05.0362 6700 BTHMODEM - ok11:38:05.0362 6700 catchme - ok11:38:05.0377 6700 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys11:38:05.0393 6700 cdfs - ok11:38:05.0409 6700 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys11:38:05.0455 6700 cdrom - ok11:38:05.0487 6700 cfwids (75f91554e5fa6e962b880405fecc97a1) C:\Windows\system32\drivers\cfwids.sys11:38:05.0533 6700 cfwids - ok11:38:05.0549 6700 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys11:38:05.0565 6700 circlass - ok11:38:05.0596 6700 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys11:38:05.0596 6700 CLFS - ok11:38:05.0643 6700 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys11:38:05.0643 6700 CmBatt - ok11:38:05.0643 6700 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys11:38:05.0658 6700 cmdide - ok11:38:05.0689 6700 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys11:38:05.0689 6700 CNG - ok11:38:05.0689 6700 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys11:38:05.0689 6700 Compbatt - ok11:38:05.0721 6700 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys11:38:05.0783 6700 CompositeBus - ok11:38:05.0799 6700 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys11:38:05.0799 6700 crcdisk - ok11:38:05.0892 6700 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys11:38:05.0939 6700 CSC - ok11:38:05.0970 6700 CT20XUT (148c9c111291c41d6b2abfb6fbb43856) C:\Windows\system32\drivers\CT20XUT.SYS11:38:06.0017 6700 CT20XUT - ok11:38:06.0033 6700 CT20XUT.SYS (148c9c111291c41d6b2abfb6fbb43856) C:\Windows\System32\drivers\CT20XUT.SYS11:38:06.0033 6700 CT20XUT.SYS - ok11:38:06.0079 6700 ctac32k (397fbd4454e5b2fb77e55d1013df548c) C:\Windows\system32\drivers\ctac32k.sys11:38:06.0142 6700 ctac32k - ok11:38:06.0189 6700 ctaud2k (50a8cd4df066fe57d0c473a2645988cc) C:\Windows\system32\drivers\ctaud2k.sys11:38:06.0235 6700 ctaud2k - ok11:38:06.0282 6700 CTEXFIFX (6f9c3c6c78f5296f4bc7102fb0f7cb65) C:\Windows\system32\drivers\CTEXFIFX.SYS11:38:06.0298 6700 CTEXFIFX - ok11:38:06.0313 6700 CTEXFIFX.SYS (6f9c3c6c78f5296f4bc7102fb0f7cb65) C:\Windows\System32\drivers\CTEXFIFX.SYS11:38:06.0329 6700 CTEXFIFX.SYS - ok11:38:06.0329 6700 CTHWIUT (ae78ca7ee865a28ac841211db655acf3) C:\Windows\system32\drivers\CTHWIUT.SYS11:38:06.0345 6700 CTHWIUT - ok11:38:06.0360 6700 CTHWIUT.SYS (ae78ca7ee865a28ac841211db655acf3) C:\Windows\System32\drivers\CTHWIUT.SYS11:38:06.0360 6700 CTHWIUT.SYS - ok11:38:06.0376 6700 ctprxy2k (757776e207ca5e71e4a16bd1260ae1f2) C:\Windows\system32\drivers\ctprxy2k.sys11:38:06.0391 6700 ctprxy2k - ok11:38:06.0407 6700 ctsfm2k (9b111ee2f488a8d9c21a13ed4c777795) C:\Windows\system32\drivers\ctsfm2k.sys11:38:06.0438 6700 ctsfm2k - ok11:38:06.0469 6700 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys11:38:06.0485 6700 DfsC - ok11:38:06.0501 6700 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys11:38:06.0501 6700 discache - ok11:38:06.0532 6700 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys11:38:06.0532 6700 Disk - ok11:38:06.0563 6700 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys11:38:06.0610 6700 dmvsc - ok11:38:06.0625 6700 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys11:38:06.0641 6700 drmkaud - ok11:38:06.0672 6700 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys11:38:06.0719 6700 DXGKrnl - ok11:38:06.0781 6700 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys11:38:06.0859 6700 ebdrv - ok11:38:06.0875 6700 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys11:38:06.0906 6700 elxstor - ok11:38:06.0922 6700 emupia (683dcaf0d4efc3f95a32e8924849202d) C:\Windows\system32\drivers\emupia2k.sys11:38:06.0953 6700 emupia - ok11:38:06.0969 6700 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys11:38:06.0969 6700 ErrDev - ok11:38:07.0000 6700 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys11:38:07.0015 6700 exfat - ok11:38:07.0031 6700 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys11:38:07.0047 6700 fastfat - ok11:38:07.0062 6700 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys11:38:07.0078 6700 fdc - ok11:38:07.0093 6700 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys11:38:07.0093 6700 FileInfo - ok11:38:07.0109 6700 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys11:38:07.0125 6700 Filetrace - ok11:38:07.0140 6700 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys11:38:07.0140 6700 flpydisk - ok11:38:07.0156 6700 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys11:38:07.0156 6700 FltMgr - ok11:38:07.0171 6700 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys11:38:07.0171 6700 FsDepends - ok11:38:07.0187 6700 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys11:38:07.0187 6700 Fs_Rec - ok11:38:07.0203 6700 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys11:38:07.0218 6700 fvevol - ok11:38:07.0218 6700 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys11:38:07.0234 6700 gagp30kx - ok11:38:07.0312 6700 ha20x22k (076f366b87575adc7d152c7a34acb3dc) C:\Windows\system32\drivers\ha20x22k.sys11:38:07.0343 6700 ha20x22k - ok11:38:07.0405 6700 ha20x2k (4a7533eb52dc9d1847e7f78dee1ce322) C:\Windows\system32\drivers\ha20x2k.sys11:38:07.0452 6700 ha20x2k - ok11:38:07.0483 6700 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys11:38:07.0483 6700 hcw85cir - ok11:38:07.0515 6700 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys11:38:07.0515 6700 HDAudBus - ok11:38:07.0515 6700 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys11:38:07.0515 6700 HidBatt - ok11:38:07.0530 6700 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys11:38:07.0530 6700 HidBth - ok11:38:07.0546 6700 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys11:38:07.0561 6700 HidIr - ok11:38:07.0577 6700 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys11:38:07.0608 6700 HidUsb - ok11:38:07.0639 6700 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys11:38:07.0655 6700 HpSAMD - ok11:38:07.0686 6700 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys11:38:07.0686 6700 HTTP - ok11:38:07.0702 6700 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys11:38:07.0702 6700 hwpolicy - ok11:38:07.0733 6700 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys11:38:07.0749 6700 i8042prt - ok11:38:07.0780 6700 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys11:38:07.0780 6700 iaStor - ok11:38:07.0842 6700 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys11:38:07.0842 6700 iaStorV - ok11:38:07.0842 6700 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys11:38:07.0858 6700 iirsp - ok11:38:07.0873 6700 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys11:38:07.0873 6700 intelide - ok11:38:07.0889 6700 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys11:38:07.0889 6700 intelppm - ok11:38:07.0889 6700 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys11:38:07.0920 6700 IpFilterDriver - ok11:38:07.0920 6700 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys11:38:07.0951 6700 IPMIDRV - ok11:38:07.0951 6700 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys11:38:07.0967 6700 IPNAT - ok11:38:07.0983 6700 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys11:38:07.0983 6700 IRENUM - ok11:38:07.0983 6700 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys11:38:07.0998 6700 isapnp - ok11:38:08.0029 6700 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys11:38:08.0076 6700 iScsiPrt - ok11:38:08.0076 6700 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys11:38:08.0092 6700 kbdclass - ok11:38:08.0092 6700 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys11:38:08.0123 6700 kbdhid - ok11:38:08.0139 6700 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys11:38:08.0139 6700 KSecDD - ok11:38:08.0154 6700 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys11:38:08.0154 6700 KSecPkg - ok11:38:08.0170 6700 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys11:38:08.0185 6700 ksthunk - ok11:38:08.0248 6700 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys11:38:08.0263 6700 lltdio - ok11:38:08.0279 6700 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys11:38:08.0310 6700 LSI_FC - ok11:38:08.0310 6700 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys11:38:08.0326 6700 LSI_SAS - ok11:38:08.0326 6700 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys11:38:08.0326 6700 LSI_SAS2 - ok11:38:08.0326 6700 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys11:38:08.0341 6700 LSI_SCSI - ok11:38:08.0357 6700 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys11:38:08.0373 6700 luafv - ok11:38:08.0419 6700 MBAMProtector (8537af53945f45565908729286ba6149) C:\Windows\system32\drivers\mbam.sys11:38:08.0419 6700 MBAMProtector - ok11:38:08.0482 6700 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys11:38:08.0497 6700 megasas - ok11:38:08.0513 6700 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys11:38:08.0513 6700 MegaSR - ok11:38:08.0560 6700 MEMSWEEP2 (f9ce67e9e0226079b59107b649851f96) C:\Windows\system32\FA53.tmp11:38:08.0560 6700 MEMSWEEP2 - ok11:38:08.0591 6700 mfeapfk (eac376dd77ec9e95d38108a27c261dca) C:\Windows\system32\drivers\mfeapfk.sys11:38:08.0638 6700 mfeapfk - ok11:38:08.0669 6700 mfeavfk (f55f50b11d635658f346db0457bb2b79) C:\Windows\system32\drivers\mfeavfk.sys11:38:08.0716 6700 mfeavfk - ok11:38:08.0731 6700 mfeavfk01 - ok11:38:08.0778 6700 mfefirek (33b8e35c5839a83d6700aab3e464553b) C:\Windows\system32\drivers\mfefirek.sys11:38:08.0825 6700 mfefirek - ok11:38:08.0841 6700 mfehidk (ada8c105c8f9a61284c75157c170585b) C:\Windows\system32\drivers\mfehidk.sys11:38:08.0856 6700 mfehidk - ok11:38:08.0872 6700 mfenlfk (c52ee6d1e1e5a69c989acc478051964e) C:\Windows\system32\DRIVERS\mfenlfk.sys11:38:08.0903 6700 mfenlfk - ok11:38:08.0903 6700 mferkdet (b000720e19ef733f938a6269d630f5dd) C:\Windows\system32\drivers\mferkdet.sys11:38:08.0965 6700 mferkdet - ok11:38:08.0981 6700 mfewfpk (62717ab68b38efee54678b85e19b0538) C:\Windows\system32\drivers\mfewfpk.sys11:38:08.0981 6700 mfewfpk - ok11:38:08.0997 6700 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys11:38:09.0012 6700 Modem - ok11:38:09.0090 6700 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys11:38:09.0090 6700 monitor - ok11:38:09.0137 6700 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys11:38:09.0137 6700 mouclass - ok11:38:09.0184 6700 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys11:38:09.0231 6700 mouhid - ok11:38:09.0262 6700 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys11:38:09.0262 6700 mountmgr - ok11:38:09.0293 6700 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys11:38:09.0340 6700 mpio - ok11:38:09.0340 6700 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys11:38:09.0355 6700 mpsdrv - ok11:38:09.0371 6700 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys11:38:09.0433 6700 MRxDAV - ok11:38:09.0465 6700 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys11:38:09.0465 6700 mrxsmb - ok11:38:09.0511 6700 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys11:38:09.0511 6700 mrxsmb10 - ok11:38:09.0527 6700 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys11:38:09.0527 6700 mrxsmb20 - ok11:38:09.0543 6700 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys11:38:09.0589 6700 msahci - ok11:38:09.0605 6700 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys11:38:09.0636 6700 msdsm - ok11:38:09.0652 6700 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys11:38:09.0667 6700 Msfs - ok11:38:09.0683 6700 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys11:38:09.0683 6700 mshidkmdf - ok11:38:09.0699 6700 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys11:38:09.0699 6700 msisadrv - ok11:38:09.0730 6700 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys11:38:09.0745 6700 MSKSSRV - ok11:38:09.0761 6700 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys11:38:09.0777 6700 MSPCLOCK - ok11:38:09.0792 6700 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys11:38:09.0792 6700 MSPQM - ok11:38:09.0808 6700 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys11:38:09.0823 6700 MsRPC - ok11:38:09.0839 6700 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys11:38:09.0855 6700 mssmbios - ok11:38:09.0855 6700 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys11:38:09.0855 6700 MSTEE - ok11:38:09.0870 6700 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys11:38:09.0870 6700 MTConfig - ok11:38:09.0886 6700 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys11:38:09.0886 6700 Mup - ok11:38:09.0933 6700 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys11:38:09.0933 6700 NativeWifiP - ok11:38:09.0995 6700 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys11:38:10.0011 6700 NDIS - ok11:38:10.0026 6700 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys11:38:10.0042 6700 NdisCap - ok11:38:10.0057 6700 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys11:38:10.0073 6700 NdisTapi - ok11:38:10.0089 6700 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys11:38:10.0120 6700 Ndisuio - ok11:38:10.0135 6700 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys11:38:10.0167 6700 NdisWan - ok11:38:10.0182 6700 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys11:38:10.0213 6700 NDProxy - ok11:38:10.0213 6700 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys11:38:10.0229 6700 NetBIOS - ok11:38:10.0245 6700 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys11:38:10.0260 6700 NetBT - ok11:38:10.0338 6700 netvsc (73ce12b8bdd747b0063cb0a7ef44cea7) C:\Windows\system32\DRIVERS\netvsc60.sys11:38:10.0401 6700 netvsc - ok11:38:10.0416 6700 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys11:38:10.0416 6700 nfrd960 - ok11:38:10.0447 6700 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys11:38:10.0447 6700 Npfs - ok11:38:10.0447 6700 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys11:38:10.0447 6700 nsiproxy - ok11:38:10.0525 6700 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys11:38:10.0541 6700 Ntfs - ok11:38:10.0557 6700 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys11:38:10.0557 6700 Null - ok11:38:10.0588 6700 nusb3hub (f5bc2345e8c89d4e90fafd23a2239935) C:\Windows\system32\DRIVERS\nusb3hub.sys11:38:10.0635 6700 nusb3hub - ok11:38:10.0666 6700 nusb3xhc (5d42578241bc2a9b4a64837077436d5f) C:\Windows\system32\DRIVERS\nusb3xhc.sys11:38:10.0713 6700 nusb3xhc - ok11:38:10.0759 6700 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys11:38:10.0806 6700 NVHDA - ok11:38:10.0993 6700 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys11:38:11.0056 6700 nvlddmkm - ok11:38:11.0087 6700 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys11:38:11.0118 6700 nvraid - ok11:38:11.0149 6700 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys11:38:11.0212 6700 nvstor - ok11:38:11.0243 6700 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys11:38:11.0259 6700 nv_agp - ok11:38:11.0274 6700 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys11:38:11.0290 6700 ohci1394 - ok11:38:11.0321 6700 ossrv (a29a80a1cf63d0dc27eefcaf27d34664) C:\Windows\system32\drivers\ctoss2k.sys11:38:11.0368 6700 ossrv - ok11:38:11.0399 6700 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys11:38:11.0399 6700 Parport - ok11:38:11.0415 6700 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys11:38:11.0430 6700 partmgr - ok11:38:11.0446 6700 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys11:38:11.0461 6700 pci - ok11:38:11.0461 6700 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys11:38:11.0477 6700 pciide - ok11:38:11.0493 6700 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys11:38:11.0508 6700 pcmcia - ok11:38:11.0508 6700 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys11:38:11.0508 6700 pcw - ok11:38:11.0539 6700 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys11:38:11.0571 6700 PEAUTH - ok11:38:11.0649 6700 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys11:38:11.0695 6700 PptpMiniport - ok11:38:11.0711 6700 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys11:38:11.0727 6700 Processor - ok11:38:11.0742 6700 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys11:38:11.0742 6700 Psched - ok11:38:11.0773 6700 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys11:38:11.0773 6700 PxHlpa64 - ok11:38:11.0836 6700 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys11:38:11.0867 6700 ql2300 - ok11:38:11.0898 6700 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys11:38:11.0914 6700 ql40xx - ok11:38:11.0914 6700 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys11:38:11.0929 6700 QWAVEdrv - ok11:38:11.0945 6700 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys11:38:11.0945 6700 RasAcd - ok11:38:11.0976 6700 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys11:38:11.0992 6700 RasAgileVpn - ok11:38:11.0992 6700 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys11:38:12.0054 6700 Rasl2tp - ok11:38:12.0070 6700 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys11:38:12.0085 6700 RasPppoe - ok11:38:12.0117 6700 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys11:38:12.0132 6700 RasSstp - ok11:38:12.0148 6700 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys11:38:12.0148 6700 rdbss - ok11:38:12.0163 6700 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys11:38:12.0179 6700 rdpbus - ok11:38:12.0179 6700 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys11:38:12.0179 6700 RDPCDD - ok11:38:12.0210 6700 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys11:38:12.0257 6700 RDPDR - ok11:38:12.0288 6700 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys11:38:12.0288 6700 RDPENCDD - ok11:38:12.0304 6700 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys11:38:12.0304 6700 RDPREFMP - ok11:38:12.0319 6700 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys11:38:12.0382 6700 RdpVideoMiniport - ok11:38:12.0397 6700 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys11:38:12.0444 6700 RDPWD - ok11:38:12.0460 6700 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys11:38:12.0460 6700 rdyboost - ok11:38:12.0491 6700 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys11:38:12.0507 6700 rspndr - ok11:38:12.0522 6700 RSUSBSTOR (5aab4808e8ccae8c2ecda5b791260616) C:\Windows\system32\Drivers\RtsUStor.sys11:38:12.0522 6700 RSUSBSTOR - ok11:38:12.0553 6700 RTL8167 (777fc2c418465404e3d8a290dc247d24) C:\Windows\system32\DRIVERS\Rt64win7.sys11:38:12.0616 6700 RTL8167 - ok11:38:12.0631 6700 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys11:38:12.0678 6700 s3cap - ok11:38:12.0694 6700 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys11:38:12.0756 6700 sbp2port - ok11:38:12.0772 6700 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys11:38:12.0819 6700 scfilter - ok11:38:12.0834 6700 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys11:38:12.0834 6700 secdrv - ok11:38:12.0850 6700 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys11:38:12.0850 6700 Serenum - ok11:38:12.0865 6700 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys11:38:12.0865 6700 Serial - ok11:38:12.0881 6700 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys11:38:12.0881 6700 sermouse - ok11:38:12.0897 6700 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys11:38:12.0897 6700 sffdisk - ok11:38:12.0897 6700 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys11:38:12.0897 6700 sffp_mmc - ok11:38:12.0912 6700 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys11:38:12.0959 6700 sffp_sd - ok11:38:12.0959 6700 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys11:38:12.0959 6700 sfloppy - ok11:38:12.0959 6700 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys11:38:12.0975 6700 SiSRaid2 - ok11:38:12.0975 6700 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys11:38:12.0990 6700 SiSRaid4 - ok11:38:12.0990 6700 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys11:38:12.0990 6700 Smb - ok11:38:13.0021 6700 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys11:38:13.0021 6700 spldr - ok11:38:13.0037 6700 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys11:38:13.0053 6700 srv - ok11:38:13.0068 6700 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys11:38:13.0068 6700 srv2 - ok11:38:13.0099 6700 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys11:38:13.0115 6700 srvnet - ok11:38:13.0146 6700 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys11:38:13.0162 6700 stexstor - ok11:38:13.0193 6700 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys11:38:13.0255 6700 storvsc - ok11:38:13.0271 6700 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys11:38:13.0271 6700 swenum - ok11:38:13.0287 6700 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\Synth3dVsc.sys11:38:13.0318 6700 Synth3dVsc - ok11:38:13.0333 6700 SynthVid (4cdd7df58730d23ba9cb5829a6e2ecea) C:\Windows\system32\DRIVERS\VMBusVideoM.sys11:38:13.0365 6700 SynthVid - ok11:38:13.0427 6700 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys11:38:13.0458 6700 Tcpip - ok11:38:13.0474 6700 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys11:38:13.0474 6700 TCPIP6 - ok11:38:13.0489 6700 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys11:38:13.0521 6700 tcpipreg - ok11:38:13.0552 6700 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys11:38:13.0567 6700 TDPIPE - ok11:38:13.0583 6700 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys11:38:13.0583 6700 TDTCP - ok11:38:13.0599 6700 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys11:38:13.0645 6700 tdx - ok11:38:13.0661 6700 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys11:38:13.0677 6700 TermDD - ok11:38:13.0677 6700 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys11:38:13.0708 6700 terminpt - ok11:38:13.0723 6700 TfFsMon - ok11:38:13.0723 6700 TfNetMon - ok11:38:13.0739 6700 TFSysMon - ok11:38:13.0786 6700 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys11:38:13.0833 6700 tssecsrv - ok11:38:13.0833 6700 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys11:38:13.0864 6700 TsUsbFlt - ok11:38:13.0864 6700 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys11:38:13.0879 6700 TsUsbGD - ok11:38:13.0895 6700 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys11:38:13.0926 6700 tsusbhub - ok11:38:13.0942 6700 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys11:38:14.0004 6700 tunnel - ok11:38:14.0004 6700 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys11:38:14.0004 6700 uagp35 - ok11:38:14.0020 6700 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys11:38:14.0051 6700 udfs - ok11:38:14.0067 6700 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys11:38:14.0067 6700 uliagpkx - ok11:38:14.0082 6700 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys11:38:14.0145 6700 umbus - ok11:38:14.0176 6700 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys11:38:14.0176 6700 UmPass - ok11:38:14.0223 6700 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys11:38:14.0269 6700 usbccgp - ok11:38:14.0316 6700 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys11:38:14.0332 6700 usbcir - ok11:38:14.0332 6700 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys11:38:14.0379 6700 usbehci - ok11:38:14.0394 6700 usbhub (8b892002d7b79312821169a14317ab86) C:\Windows\system32\DRIVERS\usbhub.sys11:38:14.0425 6700 usbhub - ok11:38:14.0441 6700 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys11:38:14.0488 6700 usbohci - ok11:38:14.0503 6700 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys11:38:14.0519 6700 usbprint - ok11:38:14.0550 6700 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys11:38:14.0550 6700 usbscan - ok11:38:14.0566 6700 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS11:38:14.0566 6700 USBSTOR - ok11:38:14.0581 6700 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys11:38:14.0628 6700 usbuhci - ok11:38:14.0644 6700 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys11:38:14.0644 6700 vdrvroot - ok11:38:14.0659 6700 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys11:38:14.0675 6700 vga - ok11:38:14.0691 6700 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys11:38:14.0706 6700 VgaSave - ok11:38:14.0706 6700 VGPU - ok11:38:14.0722 6700 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys11:38:14.0784 6700 vhdmp - ok11:38:14.0784 6700 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys11:38:14.0784 6700 viaide - ok11:38:14.0800 6700 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys11:38:14.0847 6700 VMBusHID - ok11:38:14.0862 6700 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys11:38:14.0862 6700 volmgr - ok11:38:14.0878 6700 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys11:38:14.0878 6700 volmgrx - ok11:38:14.0925 6700 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys11:38:14.0925 6700 volsnap - ok11:38:14.0971 6700 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys11:38:15.0018 6700 vpcbus - ok11:38:15.0049 6700 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys11:38:15.0081 6700 vpcnfltr - ok11:38:15.0096 6700 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys11:38:15.0143 6700 vpcusb - ok11:38:15.0174 6700 vpcvmm (30d4243726a15a14f5c5e45898d14394) C:\Windows\system32\drivers\vpcvmm.sys11:38:15.0174 6700 vpcvmm - ok11:38:15.0205 6700 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys11:38:15.0221 6700 vsmraid - ok11:38:15.0221 6700 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys11:38:15.0237 6700 vwifibus - ok11:38:15.0252 6700 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys11:38:15.0268 6700 vwififlt - ok11:38:15.0268 6700 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys11:38:15.0268 6700 vwifimp - ok11:38:15.0299 6700 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys11:38:15.0315 6700 WacomPen - ok11:38:15.0330 6700 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys11:38:15.0377 6700 WANARP - ok11:38:15.0393 6700 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys11:38:15.0393 6700 Wanarpv6 - ok11:38:15.0424 6700 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys11:38:15.0424 6700 Wd - ok11:38:15.0439 6700 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys11:38:15.0455 6700 Wdf01000 - ok11:38:15.0502 6700 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys11:38:15.0502 6700 WfpLwf - ok11:38:15.0549 6700 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys11:38:15.0595 6700 WimFltr - ok11:38:15.0627 6700 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys11:38:15.0627 6700 WIMMount - ok11:38:15.0642 6700 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys11:38:15.0642 6700 WmiAcpi - ok11:38:15.0673 6700 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys11:38:15.0673 6700 ws2ifsl - ok11:38:15.0689 6700 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys11:38:15.0751 6700 WudfPf - ok11:38:15.0767 6700 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys11:38:15.0814 6700 WUDFRd - ok11:38:15.0829 6700 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR011:38:15.0845 6700 \Device\Harddisk0\DR0 - ok11:38:16.0313 6700 MBR (0x1B8) (e5d1bf267a130bc345536d79674242ab) \Device\Harddisk1\DR111:38:16.0313 6700 \Device\Harddisk1\DR1 - ok11:38:16.0329 6700 Boot (0x1200) (3d7b652948ad9d3e1330b6b0d1f51d10) \Device\Harddisk0\DR0\Partition011:38:16.0329 6700 \Device\Harddisk0\DR0\Partition0 - ok11:38:16.0344 6700 Boot (0x1200) (e3cdc4e2ff10d3c86952a37535384566) \Device\Harddisk0\DR0\Partition111:38:16.0344 6700 \Device\Harddisk0\DR0\Partition1 - ok11:38:16.0344 6700 Boot (0x1200) (e56b3b353bf85821533af04cd4bf2598) \Device\Harddisk1\DR1\Partition011:38:16.0344 6700 \Device\Harddisk1\DR1\Partition0 - ok11:38:16.0344 6700 ============================================================11:38:16.0344 6700 Scan finished11:38:16.0344 6700 ============================================================11:38:16.0360 3552 Detected object count: 011:38:16.0360 3552 Actual detected object count: 011:39:06.0309 2940 Deinitialize success.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421Run by Wayne-Rhonda at 11:39:22 on 2011-11-07Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12279.10138 [GMT -8:00].AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Windows\system32\mfevtps.exeC:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exeC:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exec:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exeC:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\WUDFHost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Rainlendar2\Rainlendar2.exeC:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files\mcafee.com\agent\mcagent.exeC:\Windows\SysWOW64\Ctxfihlp.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exeC:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXEC:\Windows\SysWOW64\CTXFISPI.EXEC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\system32\DllHost.exec:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dllBHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllBHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111012155818.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllTB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dlluRun: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exeuRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exeuRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exemRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeymRun: [CTxfiHlp] CTXFIHLP.EXEmRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttraymRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startupmRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exedRunOnce: [CTAutoUpdate] "C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe" /RunFromInstallermPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htmlIE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlIE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlIE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlIE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlIE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlIE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLLIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dllDPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cabDPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CABDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CABDPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cabDPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cabDPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cabTCP: DhcpNameServer = 75.75.75.75 75.75.76.76TCP: Interfaces\{F49114D8-41C8-4635-AAA3-DDA000FC615C} : DhcpNameServer = 75.75.75.75 75.75.76.76Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dllC:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllBHO-X64: RoboForm BHO - No FileBHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111012155818.dllBHO-X64: scriptproxy - No FileBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllTB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllmRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exemRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeymRun-x64: [CTxfiHlp] CTXFIHLP.EXEmRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttraymRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startupmRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exeIE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlIE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlIE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html.============= SERVICES / DRIVERS ===============.R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-9-5 64952]R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-7-13 150920]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-15 13336]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-2 366664]R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-9-15 199008]R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-9-15 208272]R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-28 2253120]R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-10-12 1153368]R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-9-15 1692480]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\system32\drivers\ha20x22k.sys --> C:\Windows\system32\drivers\ha20x22k.sys [?]R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-9-26 79360]S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-9-26 79360]S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2011-9-26 79360]S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-9-15 224704]S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\FA53.tmp --> C:\Windows\system32\FA53.tmp [?]S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]S3 netvsc;netvsc;C:\Windows\system32\DRIVERS\netvsc60.sys --> C:\Windows\system32\DRIVERS\netvsc60.sys [?]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\system32\drivers\Synth3dVsc.sys --> C:\Windows\system32\drivers\Synth3dVsc.sys [?]S3 SynthVid;SynthVid;C:\Windows\system32\DRIVERS\VMBusVideoM.sys --> C:\Windows\system32\DRIVERS\VMBusVideoM.sys [?]S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]S3 ThreatFire;ThreatFire;C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service --> C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service [?]S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2011-11-07 19:21:45 -------- d-----w- C:\$RECYCLE.BIN2011-11-06 20:52:10 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Google2011-11-01 20:15:53 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Apple Computer2011-10-31 23:32:33 -------- d-----w- C:\Program Files (x86)\Microsoft ActiveSync2011-10-31 17:55:54 98816 ----a-w- C:\Windows\sed.exe2011-10-31 17:55:54 518144 ----a-w- C:\Windows\SWREG.exe2011-10-31 17:55:54 256000 ----a-w- C:\Windows\PEV.exe2011-10-31 17:55:54 208896 ----a-w- C:\Windows\MBR.exe2011-10-29 17:39:03 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{D24E7CBA-803D-40A7-B6BB-519A7107B982}2011-10-27 01:25:24 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\NVIDIA2011-10-27 01:02:11 -------- d-----w- C:\Program Files (x86)\Sony2011-10-27 01:02:08 -------- d-----w- C:\ProgramData\Sony Corporation2011-10-26 23:12:12 -------- d-----w- C:\Program Files (x86)\Siber Systems2011-10-22 02:40:32 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{DB629B4D-AD6C-491F-8447-327CB7022FE8}2011-10-22 02:36:12 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{E6AAD9E7-258C-4A81-84D8-742D21C58E98}2011-10-22 02:35:48 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{E12B7A88-9E68-4875-B52A-A0C5A186A2D7}2011-10-22 02:35:27 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{48DF0CCF-582E-4130-B20D-C758282691FA}2011-10-22 02:29:29 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{34C42238-0FA8-4AAF-907F-C0F85E2E1F3A}2011-10-22 02:29:19 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{6EE0BBD7-44A9-4532-A522-F1BBC1B769C4}2011-10-15 07:54:52 321856 ----a-w- C:\Windows\SysWow64\nvStreaming.exe2011-10-13 02:43:26 -------- d-----w- C:\Windows\SysWow64\Dell2011-10-12 21:43:26 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy2011-10-12 21:43:26 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy2011-10-12 21:35:16 -------- d-----w- C:\Program Files (x86)\Shop to Win 222011-10-11 19:54:43 3138048 ----a-w- C:\Windows\System32\win32k.sys2011-10-11 19:54:36 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax2011-10-11 19:54:36 613888 ----a-w- C:\Windows\System32\psisdecd.dll2011-10-11 19:54:35 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll2011-10-11 19:54:35 108032 ----a-w- C:\Windows\System32\psisrndr.ax2011-10-11 19:54:34 331776 ----a-w- C:\Windows\System32\oleacc.dll2011-10-11 19:54:34 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll2011-10-11 19:54:33 861696 ----a-w- C:\Windows\System32\oleaut32.dll2011-10-11 19:54:33 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll2011-10-09 18:15:57 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{24F259D6-DD9F-41E6-974C-26BE46E746EE}2011-10-09 18:15:48 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{A74FF26D-8035-4461-BCDF-17D0F31E5D12}2011-10-09 18:15:29 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{034D76F2-0E09-41D9-B481-A8794C1B7861}2011-10-09 17:55:54 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{86888F14-9455-46E1-A2FB-ABBE69670F0F}2011-10-09 17:55:44 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{05B017AA-6B7F-4D6A-BB54-47C804DBE620}2011-10-09 17:53:35 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{7980FCD3-F7AC-4E77-B996-9312C74CB92B}2011-10-09 17:53:25 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{57DD774A-4273-465C-B398-A70297368803}2011-10-09 17:52:21 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{6658FA9C-222F-4F19-A63E-FF4AD11821E2}2011-10-09 17:52:11 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{8F40CBDE-1ED8-4166-B729-08430D2F9C1F}2011-10-09 17:44:52 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Windows Live2011-10-09 17:44:37 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{A0D45EBC-B685-4DEB-AD55-0DD11F777630}.==================== Find3M ====================.2011-11-01 19:34:46 8456 --sha-w- C:\ProgramData\KGyGaAvL.sys2011-10-18 16:48:35 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2011-10-03 12:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll2011-09-28 03:30:01 8 --sh--r- C:\ProgramData\AC859C82A4.sys2011-09-28 03:30:01 8 --sh--r- C:\ProgramData\4CB328A682.sys2011-09-28 03:30:01 8 --sh--r- C:\ProgramData\4C5B74840F.sys2011-09-28 03:30:00 8 --sh--r- C:\ProgramData\DED7A8BC10.sys2011-09-28 03:30:00 8 --sh--r- C:\ProgramData\07B2980D97.sys2011-09-28 03:22:52 8 --sh--r- C:\ProgramData\F351B99706.sys2011-09-28 03:22:52 8 --sh--r- C:\ProgramData\C019B48D0E.sys2011-09-28 03:22:52 8 --sh--r- C:\ProgramData\313F27D68B.sys2011-09-27 01:40:13 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll2011-09-27 01:40:12 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll2011-09-27 01:40:12 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll2011-09-27 00:23:29 466520 ----a-w- C:\Windows\System32\wrap_oal.dll2011-09-27 00:23:29 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll2011-09-27 00:23:29 123480 ----a-w- C:\Windows\System32\OpenAL32.dll2011-09-27 00:23:28 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll2011-09-15 22:46:06 86528 ----a-w- C:\Windows\SysWow64\iesysprep.dll2011-09-15 21:24:48 521448 ----a-w- C:\Windows\System32\deployJava1.dll2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2011-09-01 00:00:34 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys2011-08-24 01:42:54 332144 ----a-w- C:\Program Files (x86)\Common Files\MediaOrganizer.dll2011-08-24 01:35:38 33136 ----a-w- C:\Program Files (x86)\Common Files\FlickrProvider.dll2011-08-24 01:35:14 402800 ----a-w- C:\Program Files (x86)\Common Files\facebook.dll2011-08-24 01:35:14 130416 ----a-w- C:\Program Files (x86)\Common Files\PluginCommon.dll2011-08-24 01:34:26 465264 ----a-w- C:\Program Files (x86)\Common Files\AppFramework.dll2011-08-19 22:59:28 158832 ----a-w- C:\Windows\System32\mfevtps.exe2011-08-15 17:00:06 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys2011-08-15 17:00:06 75672 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys2011-08-15 17:00:06 65128 ----a-w- C:\Windows\System32\drivers\cfwids.sys2011-08-15 17:00:06 642824 ----a-w- C:\Windows\System32\drivers\mfehidk.sys2011-08-15 17:00:06 481504 ----a-w- C:\Windows\System32\drivers\mfefirek.sys2011-08-15 17:00:06 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys2011-08-15 17:00:06 228752 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys2011-08-15 17:00:06 158584 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys2011-08-15 17:00:06 100904 ----a-w- C:\Windows\System32\drivers\mferkdet.sys.============= FINISH: 11:39:51.02 ===============C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantinedC:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantinedC:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToOLbar32.dll.vir a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantinedC:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe.vir a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantinedC:\Users\Wayne-Rhonda\Downloads\Spybot+Search+&+Destroy.exe MSIL/Solimba.A application deleted - quarantinedE:\AAA\powersuite.exe Win32/RegistryBooster application deleted - quarantinedE:\WAYNE\Backup Set 2010-02-26 194151\Backup Files 2010-02-26 194151\Backup files 22.zip Win32/RegistryBooster application deleted - quarantinedE:\WAYNE-RHONDA-PC\Backup Set 2011-09-14 171824\Backup Files 2011-09-14 171824\Backup files 57.zip Win32/RegistryBooster application deleted - quarantined Link to post Share on other sites More sharing options...
BWC Posted November 7, 2011 Author ID:492535 Share Posted November 7, 2011 OK, I believe I've run all the programs you wanted. The MBAM log does not reflect an "attempt to contact a malicious site" that appeared just before I ran the Quick Scan.The ESET program found several problems that have been deleted. I may not have posted the file you wanted. Let me know and I'll re-run the program.After ESET found the problem it did I'm cautiously optimistic that the problem has been fixed!Once again, thanks for your help!!! Link to post Share on other sites More sharing options...
BWC Posted November 9, 2011 Author ID:493120 Share Posted November 9, 2011 So much for cautious optimism. Below you'll find the latest MBAM log file reflecting the attempt at contacting a malicious website.09:26:03 (null) MESSAGE Scheduled update executed successfully09:28:54 Wayne-Rhonda MESSAGE Protection started successfully09:28:58 Wayne-Rhonda MESSAGE IP Protection started successfully09:29:22 Wayne-Rhonda MESSAGE IP Protection stopped09:29:23 Wayne-Rhonda MESSAGE Database updated successfully09:29:23 Wayne-Rhonda MESSAGE IP Protection started successfully14:52:01 Wayne-Rhonda IP-BLOCK 222.189.238.115 (Type: outgoing, Port: 137)14:52:01 Wayne-Rhonda IP-BLOCK 222.189.238.115 (Type: outgoing, Port: 137)14:52:01 Wayne-Rhonda IP-BLOCK 222.189.238.115 (Type: outgoing, Port: 137)14:52:01 Wayne-Rhonda IP-BLOCK 222.189.238.115 (Type: outgoing, Port: 137) Link to post Share on other sites More sharing options...
Staff screen317 Posted November 15, 2011 Staff ID:494965 Share Posted November 15, 2011 Hi,My apologies for the delay.Have the blocks persisted since then? Link to post Share on other sites More sharing options...
BWC Posted November 15, 2011 Author ID:495002 Share Posted November 15, 2011 Yes, the attempts continue. Below is one of the latest MBAM log's showing four different IP site's that contact has been blocked.07:59:23 Wayne-Rhonda MESSAGE Protection started successfully07:59:27 Wayne-Rhonda MESSAGE IP Protection started successfully08:00:30 Wayne-Rhonda MESSAGE Scheduled update executed successfully08:00:52 Wayne-Rhonda MESSAGE IP Protection stopped08:00:54 Wayne-Rhonda MESSAGE Database updated successfully08:00:54 Wayne-Rhonda MESSAGE IP Protection started successfully08:09:41 Wayne-Rhonda IP-BLOCK 218.10.17.251 (Type: outgoing, Port: 137)08:09:41 Wayne-Rhonda IP-BLOCK 218.10.17.251 (Type: outgoing, Port: 137)08:09:41 Wayne-Rhonda IP-BLOCK 218.10.17.251 (Type: outgoing, Port: 137)08:09:41 Wayne-Rhonda IP-BLOCK 218.10.17.251 (Type: outgoing, Port: 137)10:36:04 Wayne-Rhonda IP-BLOCK 219.146.3.10 (Type: outgoing, Port: 137)10:36:05 Wayne-Rhonda IP-BLOCK 219.146.3.10 (Type: outgoing, Port: 137)10:36:13 Wayne-Rhonda IP-BLOCK 219.146.3.10 (Type: outgoing, Port: 137)10:36:13 Wayne-Rhonda IP-BLOCK 219.146.3.10 (Type: outgoing, Port: 137)12:39:13 Wayne-Rhonda IP-BLOCK 222.189.238.115 (Type: outgoing, Port: 137)12:39:13 Wayne-Rhonda IP-BLOCK 222.189.238.115 (Type: outgoing, Port: 137)12:39:21 Wayne-Rhonda IP-BLOCK 222.189.238.115 (Type: outgoing, Port: 137)12:39:21 Wayne-Rhonda IP-BLOCK 222.189.238.115 (Type: outgoing, Port: 137)16:55:14 Wayne-Rhonda IP-BLOCK 61.147.116.73 (Type: outgoing, Port: 137)16:55:14 Wayne-Rhonda IP-BLOCK 61.147.116.73 (Type: outgoing, Port: 137)16:55:14 Wayne-Rhonda IP-BLOCK 61.147.116.73 (Type: outgoing, Port: 137)16:55:14 Wayne-Rhonda IP-BLOCK 61.147.116.73 (Type: outgoing, Port: 137)Any suggestions??? Link to post Share on other sites More sharing options...
Staff screen317 Posted November 21, 2011 Staff ID:496721 Share Posted November 21, 2011 Hi,Again my apologies for the delay.Can you use your McAfee firewall to block that port (137) from transmitting data? Link to post Share on other sites More sharing options...
BWC Posted November 23, 2011 Author ID:497563 Share Posted November 23, 2011 According to McAfee that port (137) is closed. It comes up unchecked when viewing port status which means it's closed. Now I'm even more confused!Also, I've added another MBAM log showing a new port as having a problem. 00:37:51 Wayne-Rhonda IP-BLOCK 122.224.5.73 (Type: outgoing, Port: 137)00:37:51 Wayne-Rhonda IP-BLOCK 122.224.5.73 (Type: outgoing, Port: 137)00:37:51 Wayne-Rhonda IP-BLOCK 122.224.5.73 (Type: outgoing, Port: 137)00:37:51 Wayne-Rhonda IP-BLOCK 122.224.5.73 (Type: outgoing, Port: 137)10:19:37 Wayne-Rhonda MESSAGE Protection started successfully10:19:40 Wayne-Rhonda MESSAGE IP Protection started successfully10:20:43 Wayne-Rhonda MESSAGE Scheduled update executed successfully10:21:06 Wayne-Rhonda MESSAGE IP Protection stopped10:21:07 Wayne-Rhonda MESSAGE Database updated successfully10:21:08 Wayne-Rhonda MESSAGE IP Protection started successfully11:44:14 Wayne-Rhonda IP-BLOCK 122.227.135.92 (Type: outgoing, Port: 137)11:44:15 Wayne-Rhonda IP-BLOCK 122.227.135.92 (Type: outgoing, Port: 137)11:44:15 Wayne-Rhonda IP-BLOCK 122.227.135.92 (Type: outgoing, Port: 137)11:44:15 Wayne-Rhonda IP-BLOCK 122.227.135.92 (Type: outgoing, Port: 137)14:39:03 Wayne-Rhonda IP-BLOCK 222.189.238.115 (Type: outgoing, Port: 137)14:39:03 Wayne-Rhonda IP-BLOCK 222.189.238.115 (Type: outgoing, Port: 137)14:39:03 Wayne-Rhonda IP-BLOCK 222.189.238.115 (Type: outgoing, Port: 137)14:39:03 Wayne-Rhonda IP-BLOCK 222.189.238.115 (Type: outgoing, Port: 137)20:33:06 Wayne-Rhonda IP-BLOCK 91.197.129.127 (Type: outgoing, Port: 52788, Process: iexplore.exe)20:33:06 Wayne-Rhonda IP-BLOCK 91.197.129.127 (Type: outgoing, Port: 52787, Process: iexplore.exe)20:33:06 Wayne-Rhonda IP-BLOCK 91.197.129.127 (Type: outgoing, Port: 52789, Process: iexplore.exe)20:33:06 Wayne-Rhonda IP-BLOCK 91.197.129.127 (Type: outgoing, Port: 52790, Process: iexplore.exe)Also, I've used a site called "Shields Up" that also checks port status. It shows that all port's are in stealth mode except 554, Real Time Stream Control Protocol. I don't know if that provides any useful information for you or not.Have a GREAT Thanksgiving! Link to post Share on other sites More sharing options...
Staff screen317 Posted November 27, 2011 Staff ID:498522 Share Posted November 27, 2011 Hi,Click Start --> Run, and type in msconfig.exeClick the Startup tab, then click Disable all...Check anything MBAM related.Click OK.Restart your computer and use it normally for a bit, and let me know if the problem persists. If not, that means one or more of your items running on startup are to blame. If the problem still persists, we will attempt other avenues of troubleshooting.Let me know how it goes.-screen317 Link to post Share on other sites More sharing options...
BWC Posted November 29, 2011 Author ID:499462 Share Posted November 29, 2011 I thought that would do it but unfortunately it still persists. Latest MBAM log is below.05:07:58 Wayne-Rhonda IP-BLOCK 218.10.16.113 (Type: outgoing, Port: 137)05:07:58 Wayne-Rhonda IP-BLOCK 218.10.16.113 (Type: outgoing, Port: 137)05:08:06 Wayne-Rhonda IP-BLOCK 218.10.16.113 (Type: outgoing, Port: 137)05:08:06 Wayne-Rhonda IP-BLOCK 218.10.16.113 (Type: outgoing, Port: 137)07:27:11 Wayne-Rhonda MESSAGE Scheduled update executed successfully07:27:33 Wayne-Rhonda MESSAGE IP Protection stopped07:27:35 Wayne-Rhonda MESSAGE Database updated successfully07:27:35 Wayne-Rhonda MESSAGE IP Protection started successfully13:13:51 Wayne-Rhonda IP-BLOCK 218.10.16.113 (Type: outgoing, Port: 137)13:13:52 Wayne-Rhonda IP-BLOCK 218.10.16.113 (Type: outgoing, Port: 137)13:14:00 Wayne-Rhonda IP-BLOCK 218.10.16.113 (Type: outgoing, Port: 137)13:14:00 Wayne-Rhonda IP-BLOCK 218.10.16.113 (Type: outgoing, Port: 137)13:56:01 Wayne-Rhonda IP-BLOCK 222.189.238.115 (Type: outgoing, Port: 137)13:56:01 Wayne-Rhonda IP-BLOCK 222.189.238.115 (Type: outgoing, Port: 137)13:56:01 Wayne-Rhonda IP-BLOCK 222.189.238.115 (Type: outgoing, Port: 137)13:56:01 Wayne-Rhonda IP-BLOCK 222.189.238.115 (Type: outgoing, Port: 137) Link to post Share on other sites More sharing options...
Staff screen317 Posted December 6, 2011 Staff ID:501955 Share Posted December 6, 2011 Okay, let's step back and see if we missed any malware.Update MBAM, run a Quick Scan, and post its log.Grab fresh copies of ComboFix and TDSSKiller, run them, and post their logs. Post a fresh DDS log.Read all these directions before proceeding.When you have the .ISO file downloaded, you need to create a bootable disk or flash drive with it, using a clean PC to do that. The .ISO file is a disk image. It should NOT be burned as a regular file. You need a program like BurnAware Free or ImgBurn that can burn an .ISO image. I think a CD is best as there is no way anything can write on it after it is made, but the USB may be more convenient and easier.Be sure to read these:Download Kaspersky Rescue Disk 10How to record Kaspersky Rescue Disk 10 to an USB device and boot my computer from it?How to record Kaspersky Rescue Disk 10 to a CD/DVD and boot my computer from the disk?Summarizing:Go to a clean PC.Download the .iso image file.Create a CD (or flash drive if you prefer).At the infected PC: put the disk in the drive and reboot.Follow the directions here, but you will find some differences. Familiarize yourself with How to create a report file in Kaspersky Rescue Disk 10?Print the following directions:Boot from Kaspersky Rescue Disk 10:Restart your computer and put the disk in the drive while booting. Press any key. A loading wizard will start (you will see the menu to select the required language). If you do not press any key in 10 seconds, the computer boots from hard drive automatically.Select the required interface language using the arrow-keys on your keyboard.Press the Enter key on the keyboard.In the start up wizard window that opens, select the Kaspersky Rescue Disk. Graphic Mode Click Enter.Click 'A' to accept the agreement.Select operating system from dropdown menu (select Windows whatever)Select Objects to scan: check Disk boot sectors, Hidden startup objects, C:Click My Update Center and update if any availableBack to other tab and click Start Object Scan.(It took 3 hours to scan my 47G)When scan has completed save a report:On the upper part of the Kaspersky Rescue Disk window, click on the Report link.On the bottom right hand corner of the Protection status - Kaspersky Rescue Disk window, click on the Detailed Report button.On the upper right hand corner of the Detailed report window, click on the Save button.After clicking Detailed Report and 'SAVE', a browse window opens. Double-click on the \Click 'disks'.All your drives will be shown and you can easily double-click C and save the report to C:\KasperskyRescueDisk10.txt.Click on the Save button.The report has been saved to the file. Remove the disk from the drive (or disconnect USB) and reboot normally. Link to post Share on other sites More sharing options...
Staff screen317 Posted December 19, 2011 Staff ID:506560 Share Posted December 19, 2011 Are you still with us? This topic will be closed in a few days if we do not hear back from you. Link to post Share on other sites More sharing options...
Staff screen317 Posted February 16, 2012 Staff ID:527454 Share Posted February 16, 2012 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts