Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Somewhere


  • This topic is locked This topic is locked
31 replies to this topic

#1 -Celestial-

-Celestial-

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 10 February 2012 - 08:37 AM

I have performed numerous scans from anti-malware programs and did remove some threats, but some things were still not resolved so now I need professional help.

The symptoms include redirecting search engine links, not recognizing external hard drives, and an overall slower performance. McAfee found a W32/Mariofev!mem trojan in C:\windows\system32\services.exe and claimed it could not fix the problem. After running through other scans and then redoing McAfee's scan, the trojan no longer comes up, but since the problems are not fixed I don't know if it's hiding or if something else is out there.

I turned off system restore, not sure if I should keep it that way.

Any help would be appreciated.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:35 PM

Posted 10 February 2012 - 11:19 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Turn system restore back on.



DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 -Celestial-

-Celestial-
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 11 February 2012 - 12:02 AM

No problems so far.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Run by Peter at 22:46:59 on 2012-02-10
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4063.2133 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Migo\PC Backup Pro\NMSAccessU.exe
C:\Program Files (x86)\Migo\PC Backup Pro\NSENGINE.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\vfsFPService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spool\drivers\x64\3\EKAiO2MUI.exe
C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k bthsvcs
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\sppsvc.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uStart Page = https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1328749353&rver=6.1.6195.0&wp=MBI_SSL&wreply=https:%2F%2Flogin.secure.co1.msn.com%2Fwlsignin.aspx%3Fru%3Dhttp%253a%252f%252fwww.msn.com%252f&lc=1033&id=1184
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: DigitalPersona Personal Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
BHO: Incredibar.com Helper Object: {6e13dde1-2b6e-46ce-8b66-dc8bf36f6b99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120207065409.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - C:\Program Files (x86)\Dealio Toolbar\SearchSettings.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
TB: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
TB: Incredibar Toolbar: {f9639e4a-801b-4843-aee3-03d9da199e77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
uRun: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKAiO2StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKAiO2MUI.exe
dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{99396CC4-5F9F-40AC-BE19-80804AD67DC7} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{99A38EE9-40F6-4F54-A3A4-80944AABE7F0} : DhcpNameServer = 75.75.75.75 75.75.76.76
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
LSA: Notification Packages = scecli DPPWDFLT
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: DigitalPersona Personal Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
BHO-X64: DigitalPersona Personal Extension - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
BHO-X64: Somoto Toolbar - No File
BHO-X64: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll
BHO-X64: Incredibar.com Helper Object - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120207065409.dll
BHO-X64: scriptproxy - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll
BHO-X64: Updater For XFIN_PORTAL - No File
BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO-X64: WeCareReminder - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
C:\Program Files (x86)\Dealio Toolbar\SearchSettings.dll
BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - No File
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
TB-X64: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Conime] %windir%\system32\conime.exe
mRun-x64: [EKAiO2StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKAiO2MUI.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\bsdpsjlc.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://dictionary.reference.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=100789&babsrc=adbartrp&mntrId=60aabd9e000000000000001e6501690d&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\MpcStar\Codecs\QuickTime\Plugins\npqtplugin.dll
FF - plugin: C:\Program Files (x86)\MpcStar\Codecs\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: C:\Program Files (x86)\MpcStar\Codecs\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: C:\Program Files (x86)\MpcStar\Codecs\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: C:\Program Files (x86)\MpcStar\Codecs\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: C:\Program Files (x86)\MpcStar\Codecs\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: C:\Program Files (x86)\Opera\program\plugins\np_gp.dll
FF - plugin: C:\Program Files (x86)\Opera\program\plugins\npdivx32.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\system32\C2MP\npdivx32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQ7HjVJ69&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 60aabd9e000000000000001e6501690d
FF - user.js: extensions.incredibar_i.hardId - 60aabd9e000000000000001e6501690d
FF - user.js: extensions.incredibar_i.instlDay - 15337
FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2711:44:13
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQ7HjVJ69
FF - user.js: extensions.incredibar_i.upn2n - 92541425911803129
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10589
FF - user.js: extensions.incredibar_i.ppd -
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100789
FF - user.js: extensions.BabylonToolbar_i.babExt - somoto
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 60aabd9e000000000000001e6501690d
FF - user.js: extensions.BabylonToolbar_i.hardId - 60aabd9e000000000000001e6501690d
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15337
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:47:01
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb5
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AntiSpywareService;Comcast AntiSpyware;C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe [2012-2-10 67584]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-10 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-10 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-10 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-10 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-6-10 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-6-10 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-6-10 161168]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-2-6 365952]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-8-27 1153368]
R2 vfsFPService;Validity Fingerprint Service;C:\Windows\System32\vfsFPService.exe [2008-11-18 599344]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 CleanService;CleanService;C:\Program Files (x86)\StompSoft\Digital File Shredder Pro\CleanService.exe [2009-9-5 52736]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-10 249936]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128]
S4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2012-02-10 13:54:47 -------- d-----w- C:\Users\Peter\AppData\Local\Safe mirror
2012-02-10 13:54:22 -------- d-----w- C:\Program Files (x86)\Cobian Backup 10
2012-02-10 01:54:13 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-02-08 17:26:55 -------- d-----w- C:\Users\Peter\AppData\Roaming\SUPERAntiSpyware.com
2012-02-08 17:26:22 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-02-08 17:26:22 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-02-07 19:24:32 16200 ----a-w- C:\Windows\stinger.sys
2012-02-07 19:24:08 -------- d-----w- C:\Program Files (x86)\stinger
2012-02-07 12:58:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-01-21 03:32:10 -------- d-----w- C:\Windows\SysWow64\kodak
2012-01-14 00:33:43 -------- d-----w- C:\Windows\solcache
2012-01-14 00:31:53 231936 ----a-w- C:\Windows\SysWow64\SNWValid.dll
2012-01-14 00:31:52 1022976 ----a-w- C:\Windows\SysWow64\SierraNW.dll
2012-01-14 00:31:47 -------- d-----w- C:\SIERRA
2012-01-14 00:31:47 -------- d-----w- C:\Program Files (x86)\Sierra On-Line
.
==================== Find3M ====================
.
2011-12-10 16:22:44 1058304 ----a-w- C:\Windows\System32\EKAiO2MON.dll
2011-12-10 16:22:28 177664 ----a-w- C:\Windows\System32\EKAiO2COI07.dll
2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-11-19 15:07:41 77312 ----a-w- C:\Windows\System32\packager.dll
2011-11-19 14:06:13 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2011-11-17 07:17:03 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 07:17:02 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 07:15:08 460296 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 07:14:10 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2011-11-17 07:12:02 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 07:11:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 07:11:33 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 07:11:02 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 07:08:18 1446912 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 07:05:16 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:41:38 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-11-17 05:39:28 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:39:21 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:39:21 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:35:13 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2011-11-15 12:10:22 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 22:58:57.40 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/5/2010 4:00:12 PM
System Uptime: 2/10/2012 9:49:27 PM (1 hours ago)
.
Motherboard: Quanta | | 361B
Processor: Intel® Core™2 Duo CPU P7550 @ 2.26GHz | CPU | 2266/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 456 GiB total, 402.21 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.726 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet M1522nf MFP
Device ID: ROOT\MULTIFUNCTION\0009
Manufacturer: Hewlett-Packard
Name: HP LaserJet M1522nf MFP
PNP Device ID: ROOT\MULTIFUNCTION\0009
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet 8150 Series
Device ID: ROOT\MULTIFUNCTION\0065
Manufacturer: Hewlett-Packard
Name: HP LaserJet 8150 Series
PNP Device ID: ROOT\MULTIFUNCTION\0065
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP Color LaserJet CP2025n
Device ID: ROOT\MULTIFUNCTION\0010
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet CP2025n
PNP Device ID: ROOT\MULTIFUNCTION\0010
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet P3005
Device ID: ROOT\MULTIFUNCTION\0066
Manufacturer: Hewlett-Packard
Name: HP LaserJet P3005
PNP Device ID: ROOT\MULTIFUNCTION\0066
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet 3055
Device ID: ROOT\MULTIFUNCTION\0011
Manufacturer: Hewlett-Packard
Name: HP LaserJet 3055
PNP Device ID: ROOT\MULTIFUNCTION\0011
Service:
.
Class GUID:
Description: designjet 5500ps (Q1252A)
Device ID: ROOT\MULTIFUNCTION\0067
Manufacturer:
Name: designjet 5500ps (Q1252A)
PNP Device ID: ROOT\MULTIFUNCTION\0067
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP Color LaserJet 3600
Device ID: ROOT\MULTIFUNCTION\0012
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet 3600
PNP Device ID: ROOT\MULTIFUNCTION\0012
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: hp LaserJet 9040
Device ID: ROOT\MULTIFUNCTION\0068
Manufacturer: Hewlett-Packard
Name: hp LaserJet 9040
PNP Device ID: ROOT\MULTIFUNCTION\0068
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP Color LaserJet CP3525
Device ID: ROOT\MULTIFUNCTION\0013
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet CP3525
PNP Device ID: ROOT\MULTIFUNCTION\0013
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet P2055x
Device ID: ROOT\MULTIFUNCTION\0069
Manufacturer: Hewlett-Packard
Name: HP LaserJet P2055x
PNP Device ID: ROOT\MULTIFUNCTION\0069
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet 5000 Series
Device ID: ROOT\MULTIFUNCTION\0014
Manufacturer: Hewlett-Packard
Name: HP LaserJet 5000 Series
PNP Device ID: ROOT\MULTIFUNCTION\0014
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet P2015 Series
Device ID: ROOT\MULTIFUNCTION\0070
Manufacturer: Hewlett-Packard
Name: HP LaserJet P2015 Series
PNP Device ID: ROOT\MULTIFUNCTION\0070
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP Color LaserJet 3600
Device ID: ROOT\MULTIFUNCTION\0015
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet 3600
PNP Device ID: ROOT\MULTIFUNCTION\0015
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet 8150 Series
Device ID: ROOT\MULTIFUNCTION\0071
Manufacturer: Hewlett-Packard
Name: HP LaserJet 8150 Series
PNP Device ID: ROOT\MULTIFUNCTION\0071
Service:
.
Class GUID:
Description: hp LaserJet 1320 series
Device ID: ROOT\MULTIFUNCTION\0019
Manufacturer:
Name: hp LaserJet 1320 series
PNP Device ID: ROOT\MULTIFUNCTION\0019
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet 4100 Series
Device ID: ROOT\MULTIFUNCTION\0072
Manufacturer: Hewlett-Packard
Name: HP LaserJet 4100 Series
PNP Device ID: ROOT\MULTIFUNCTION\0072
Service:
.
Class GUID:
Description: hp LaserJet 9040
Device ID: ROOT\MULTIFUNCTION\0020
Manufacturer:
Name: hp LaserJet 9040
PNP Device ID: ROOT\MULTIFUNCTION\0020
Service:
.
Class GUID:
Description: HP LaserJet 8150 Series
Device ID: ROOT\MULTIFUNCTION\0080
Manufacturer:
Name: HP LaserJet 8150 Series
PNP Device ID: ROOT\MULTIFUNCTION\0080
Service:
.
Class GUID:
Description: hp LaserJet 9050
Device ID: ROOT\MULTIFUNCTION\0023
Manufacturer:
Name: hp LaserJet 9050
PNP Device ID: ROOT\MULTIFUNCTION\0023
Service:
.
Class GUID:
Description: DesignJet 1055CM (C6075A)
Device ID: ROOT\MULTIFUNCTION\0084
Manufacturer:
Name: DesignJet 1055CM (C6075A)
PNP Device ID: ROOT\MULTIFUNCTION\0084
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet 8150 Series
Device ID: ROOT\MULTIFUNCTION\0029
Manufacturer: Hewlett-Packard
Name: HP LaserJet 8150 Series
PNP Device ID: ROOT\MULTIFUNCTION\0029
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet 8100 Series
Device ID: ROOT\MULTIFUNCTION\0089
Manufacturer: Hewlett-Packard
Name: HP LaserJet 8100 Series
PNP Device ID: ROOT\MULTIFUNCTION\0089
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet M1522nf MFP
Device ID: ROOT\MULTIFUNCTION\0030
Manufacturer: Hewlett-Packard
Name: HP LaserJet M1522nf MFP
PNP Device ID: ROOT\MULTIFUNCTION\0030
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: hp color LaserJet 4600
Device ID: ROOT\MULTIFUNCTION\0108
Manufacturer: Hewlett-Packard
Name: hp color LaserJet 4600
PNP Device ID: ROOT\MULTIFUNCTION\0108
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: hp LaserJet 9040
Device ID: ROOT\MULTIFUNCTION\0031
Manufacturer: Hewlett-Packard
Name: hp LaserJet 9040
PNP Device ID: ROOT\MULTIFUNCTION\0031
Service:
.
Class GUID:
Description: HP LaserJet 8150 Series
Device ID: ROOT\MULTIFUNCTION\0135
Manufacturer:
Name: HP LaserJet 8150 Series
PNP Device ID: ROOT\MULTIFUNCTION\0135
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: hp color LaserJet 5550
Device ID: ROOT\MULTIFUNCTION\0032
Manufacturer: Hewlett-Packard
Name: hp color LaserJet 5550
PNP Device ID: ROOT\MULTIFUNCTION\0032
Service:
.
Class GUID:
Description: hp color LaserJet 4600
Device ID: ROOT\MULTIFUNCTION\0142
Manufacturer:
Name: hp color LaserJet 4600
PNP Device ID: ROOT\MULTIFUNCTION\0142
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet 8150 Series
Device ID: ROOT\MULTIFUNCTION\0033
Manufacturer: Hewlett-Packard
Name: HP LaserJet 8150 Series
PNP Device ID: ROOT\MULTIFUNCTION\0033
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP Color LaserJet 3600
Device ID: ROOT\MULTIFUNCTION\0168
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet 3600
PNP Device ID: ROOT\MULTIFUNCTION\0168
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet 8150 Series
Device ID: ROOT\MULTIFUNCTION\0034
Manufacturer: Hewlett-Packard
Name: HP LaserJet 8150 Series
PNP Device ID: ROOT\MULTIFUNCTION\0034
Service:
.
Class GUID:
Description: hp LaserJet 9040
Device ID: ROOT\MULTIFUNCTION\0170
Manufacturer:
Name: hp LaserJet 9040
PNP Device ID: ROOT\MULTIFUNCTION\0170
Service:
.
Class GUID:
Description: HP LaserJet P2015 Series
Device ID: ROOT\MULTIFUNCTION\0005
Manufacturer:
Name: HP LaserJet P2015 Series
PNP Device ID: ROOT\MULTIFUNCTION\0005
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: hp LaserJet 4300
Device ID: ROOT\MULTIFUNCTION\0035
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4300
PNP Device ID: ROOT\MULTIFUNCTION\0035
Service:
.
Class GUID:
Description: HP LaserJet 8150 Series
Device ID: ROOT\MULTIFUNCTION\0202
Manufacturer:
Name: HP LaserJet 8150 Series
PNP Device ID: ROOT\MULTIFUNCTION\0202
Service:
.
Class GUID:
Description: hp color LaserJet 4600
Device ID: ROOT\MULTIFUNCTION\0006
Manufacturer:
Name: hp color LaserJet 4600
PNP Device ID: ROOT\MULTIFUNCTION\0006
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: hp LaserJet 4350
Device ID: ROOT\MULTIFUNCTION\0036
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4350
PNP Device ID: ROOT\MULTIFUNCTION\0036
Service:
.
Class GUID:
Description: HP LaserJet 4000 Series
Device ID: ROOT\MULTIFUNCTION\0234
Manufacturer:
Name: HP LaserJet 4000 Series
PNP Device ID: ROOT\MULTIFUNCTION\0234
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet P4015
Device ID: ROOT\MULTIFUNCTION\0007
Manufacturer: Hewlett-Packard
Name: HP LaserJet P4015
PNP Device ID: ROOT\MULTIFUNCTION\0007
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP Color LaserJet 4700
Device ID: ROOT\MULTIFUNCTION\0037
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet 4700
PNP Device ID: ROOT\MULTIFUNCTION\0037
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: hp color LaserJet 4600
Device ID: ROOT\MULTIFUNCTION\0262
Manufacturer: Hewlett-Packard
Name: hp color LaserJet 4600
PNP Device ID: ROOT\MULTIFUNCTION\0262
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet 8000 Series
Device ID: ROOT\MULTIFUNCTION\0008
Manufacturer: Hewlett-Packard
Name: HP LaserJet 8000 Series
PNP Device ID: ROOT\MULTIFUNCTION\0008
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet P2055dn
Device ID: ROOT\MULTIFUNCTION\0056
Manufacturer: Hewlett-Packard
Name: HP LaserJet P2055dn
PNP Device ID: ROOT\MULTIFUNCTION\0056
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.0.1)
aioscnnr
ASPCA Reminder by We-Care.com v5.0.5.1
Braid (Version 1.015)
BSP FileBulldog Toolbar
Business Contact Manager for Microsoft Outlook 2010
C4USelfUpdater
CA Pest Patrol Realtime Protection
Castlevania & Contra
CCleaner (remove only)
center
Cobian Backup 10
Combined Community Codec Pack 2011-07-30
Comcast Desktop Software (v1.2.0.9)
ConvertHelper 2.2
Creative System Information
Creative ZEN
Crystal Reports 2008 Runtime SP1
CyberLink DVD Suite
D-i-v-X AVI Codec Pack Pro 2.4.0
Dealio Toolbar v4.0.1
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DHTML Editing Component
essentials
ESU for Microsoft Vista
FastStone Image Viewer 4.2
FormatFactory 2.90
FRAGILE walking ?????????
GIMP 2.6.6
Half-Life
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Help and Support
HP Total Care Setup
HP Update
HP USB Disk Storage Format Tool
HP User Guides 0115
HP Wireless Assistant
HPAsset component for HP Active Support Library
IDT Audio
Incredibar Toolbar on IE and Chrome
Java Auto Updater
Java™ 6 Update 21
Java™ 6 Update 7
JMicron JMB38X Flash Media Controller Driver
Juno Preloader
KODAK AiO Software
LabelPrint
LightScribe System Software 1.14.17.1
Malwarebytes' Anti-Malware
McAfee Total Protection
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft redistributable runtime DLLs VS2008 SP1(x86)
Microsoft Silverlight
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft XML Parser
Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010)
Migo PC Backup Pro
Migo Recover Lost Data
Mozilla Firefox 10.0 (x86 en-US)
MpcStar 5.1
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4.0 redistributable
MyITLab ActiveX Installer 2, 9, 8, 65535
NetZero Preloader
ocr
osu!
Peachtree Complete Accounting 2010
Plants vs. Zombies
PreReq
Realtek 8169 8168 8101E 8102E Ethernet Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Septerra Core
Service Pack 1 for SQL Server 2008 (KB968369)
Sierra Utilities
Spybot - Search & Destroy
Sql Server Customer Experience Improvement Program
StompSoft Digital File Shredder Pro
StompSoft Digital Vault
StompSoft Recover Lost Data
Swiff Player 1.7.2
To the Moon
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
vcredist_x86
VLC media player 1.0.3
Windows Live Mesh ActiveX Control for Remote Connections
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
2/9/2012 8:03:33 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
2/9/2012 7:43:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaSvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
2/9/2012 7:42:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
2/9/2012 7:38:43 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
2/9/2012 7:38:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/9/2012 7:38:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/9/2012 7:38:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/9/2012 7:38:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2/9/2012 7:38:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SASDIFSV SASKUTIL spldr Wanarpv6
2/9/2012 10:16:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}
2/10/2012 9:49:29 PM, Error: hpdskflt [1001] -
2/10/2012 2:34:51 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
2/10/2012 2:34:40 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: hpdskflt
2/10/2012 12:44:50 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:35 PM

Posted 11 February 2012 - 12:40 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 -Celestial-

-Celestial-
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 11 February 2012 - 10:34 AM

Still being redirected at search engines and I still can't access external hard drives. Hotmail also runs extremely slow in Firefox (yet it's fine in Internet Explorer), but I'm not sure if that has to do with this. I also can't get my computer to go into hibernate. The display turns off, but the computer will stay on.

EDIT ~ The files in the My Pictures folder have disappeared except for a few I created yesterday (not that important to restore, but just thought I'd mention it in case it helps with the recovery process). Also the desktop wallpaper is a black screen now, and I am not in safe mode.

ComboFix took approximately an hour even though it said the process would usually not take longer than 10 minutes, so does this mean I should assume my computer is heavily infected?

ComboFix 12-02-11.02 - Peter 02/11/2012 7:52.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4063.2606 [GMT -6:00]
Running from: c:\users\Peter\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DealBulldog Toolbar
c:\program files (x86)\Dealio Toolbar
c:\program files (x86)\Dealio Toolbar\config.ini
c:\program files (x86)\Dealio Toolbar\Res\amazon.gif
c:\program files (x86)\Dealio Toolbar\Res\apple.gif
c:\program files (x86)\Dealio Toolbar\Res\barnes.gif
c:\program files (x86)\Dealio Toolbar\Res\bestbuy.gif
c:\program files (x86)\Dealio Toolbar\Res\dealio_logo.gif
c:\program files (x86)\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files (x86)\Dealio Toolbar\Res\ebay.gif
c:\program files (x86)\Dealio Toolbar\Res\icon_settings.gif
c:\program files (x86)\Dealio Toolbar\Res\macys.gif
c:\program files (x86)\Dealio Toolbar\Res\newegg.gif
c:\program files (x86)\Dealio Toolbar\Res\overstock.gif
c:\program files (x86)\Dealio Toolbar\Res\search-button-hover.gif
c:\program files (x86)\Dealio Toolbar\Res\search-button.gif
c:\program files (x86)\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files (x86)\Dealio Toolbar\Res\search-chevron.gif
c:\program files (x86)\Dealio Toolbar\Res\search_amazon.gif
c:\program files (x86)\Dealio Toolbar\Res\search_dealio.gif
c:\program files (x86)\Dealio Toolbar\Res\search_ebay.gif
c:\program files (x86)\Dealio Toolbar\Res\search_yahoo.gif
c:\program files (x86)\Dealio Toolbar\Res\separator.gif
c:\program files (x86)\Dealio Toolbar\Res\target.gif
c:\program files (x86)\Dealio Toolbar\Res\walmart.gif
c:\program files (x86)\Dealio Toolbar\Res\widgets.xml
c:\program files (x86)\Dealio Toolbar\SearchSettings.dll
c:\program files (x86)\Dealio Toolbar\SearchSettings.exe
c:\program files (x86)\Dealio Toolbar\SearchSettingsRes409.dll
c:\program files (x86)\Dealio Toolbar\sscfg.ini
c:\program files (x86)\Dealio Toolbar\WidgiHelper.exe
c:\program files (x86)\Incredibar.com
c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibar.crx
c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarApp.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarEng.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarsrv.exe
c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\inCRedibartlbr.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\uninstall.exe
c:\program files (x86)\somototoolbar\vmNTemplatex.dll
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\users\Default\AppData\Roaming\DPInst.exe
c:\users\Default\AppData\Roaming\gacutil.exe
c:\users\Default\AppData\Roaming\PnPutil.exe
c:\users\Peter\AppData\Local\TempDIR
c:\users\Peter\AppData\Local\TempDIR\BetterInstaller.exe
c:\users\Peter\Documents\~WRL0014.tmp
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\GroupPolicy\Machine\Registry.pol
.
.
((((((((((((((((((((((((( Files Created from 2012-01-11 to 2012-02-11 )))))))))))))))))))))))))))))))
.
.
2012-02-11 14:44 . 2012-02-11 14:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-11 05:00 . 2012-02-11 05:00 -------- d-----w- c:\users\Peter\AppData\Roaming\To the Moon - Freebird Games
2012-02-11 04:56 . 2012-02-11 04:56 291826 ----a-w- c:\windows\To the Moon Uninstaller.exe
2012-02-11 04:55 . 2012-02-11 04:55 -------- d-----w- c:\program files (x86)\To the Moon
2012-02-10 13:54 . 2012-02-10 13:54 -------- d-----w- c:\users\Peter\AppData\Local\Safe mirror
2012-02-10 13:54 . 2012-02-10 13:54 -------- d-----w- c:\program files (x86)\Cobian Backup 10
2012-02-10 01:54 . 2012-02-10 01:54 -------- d-----w- c:\programdata\Kaspersky Lab
2012-02-08 17:26 . 2012-02-08 17:26 -------- d-----w- c:\users\Peter\AppData\Roaming\SUPERAntiSpyware.com
2012-02-08 17:26 . 2012-02-08 17:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-08 17:26 . 2012-02-08 17:26 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-07 19:24 . 2012-02-07 19:24 16200 ----a-w- c:\windows\stinger.sys
2012-02-07 19:24 . 2012-02-09 18:46 -------- d-----w- c:\program files (x86)\stinger
2012-02-07 12:58 . 2011-11-17 07:10 340992 ----a-w- c:\windows\system32\schannel.dll
2012-01-21 03:32 . 2012-01-21 03:32 -------- d-----w- c:\windows\SysWow64\kodak
2012-01-14 00:33 . 2012-01-14 00:33 -------- d-----w- c:\windows\solcache
2012-01-14 00:31 . 1998-10-31 05:21 231936 ----a-w- c:\windows\SysWow64\SNWValid.dll
2012-01-14 00:31 . 1998-10-31 05:21 1022976 ----a-w- c:\windows\SysWow64\SierraNW.dll
2012-01-14 00:31 . 2012-02-07 12:48 -------- d-----w- C:\SIERRA
2012-01-14 00:31 . 2012-01-14 00:33 -------- d-----w- c:\program files (x86)\Sierra On-Line
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 16:22 . 2011-12-10 16:22 1058304 ----a-w- c:\windows\system32\EKAiO2MON.dll
2011-12-10 16:22 . 2011-12-10 16:22 177664 ----a-w- c:\windows\system32\EKAiO2COI07.dll
2011-11-24 05:00 . 2011-12-15 13:33 3141632 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 15:07 . 2012-01-11 14:31 77312 ----a-w- c:\windows\system32\packager.dll
2011-11-19 14:06 . 2012-01-11 14:31 67072 ----a-w- c:\windows\SysWow64\packager.dll
2011-11-17 07:14 . 2012-01-11 14:51 1739160 ----a-w- c:\windows\system32\ntdll.dll
2011-11-17 05:41 . 2012-01-11 14:51 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2011-11-15 12:10 . 2011-05-17 22:56 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-06-21 03:35 787744 ------w- c:\program files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Software"="c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
"ComcastAntispyClient"="c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 5487488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"EKAiO2StatusMonitor"="c:\windows\System32\spool\drivers\x64\3\EKAiO2MUI.exe" [2011-12-10 3240448]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2011-12-12 2234288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 MpKsl46cbdad4;MpKsl46cbdad4;c:\windows\system32\MpEngineStore\MpKsl46cbdad4.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 CleanService;CleanService;c:\program files (x86)\StompSoft\Digital File Shredder Pro\CleanService.exe [2006-09-26 52736]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]
R4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AntiSpywareService;Comcast AntiSpyware;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files (x86)\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-10-18 161168]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\SMINST\BLService.exe [2008-12-18 365952]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-11-18 721712]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
*Deregistered* - MPFP
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-07 c:\windows\Tasks\HPCeeScheduleForPeter.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-02-06 19:34]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EKAIO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe" [2011-12-10 3240448]
"combofix"="c:\combofix\CF22549.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1328749353&rver=6.1.6195.0&wp=MBI_SSL&wreply=https:%2F%2Flogin.secure.co1.msn.com%2Fwlsignin.aspx%3Fru%3Dhttp%253a%252f%252fwww.msn.com%252f&lc=1033&id=1184
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
FF - ProfilePath - c:\users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\bsdpsjlc.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://dictionary.reference.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=100789&babsrc=adbartrp&mntrId=60aabd9e000000000000001e6501690d&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQ7HjVJ69&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 60aabd9e000000000000001e6501690d
FF - user.js: extensions.incredibar_i.hardId - 60aabd9e000000000000001e6501690d
FF - user.js: extensions.incredibar_i.instlDay - 15337
FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2711:44
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQ7HjVJ69
FF - user.js: extensions.incredibar_i.upn2n - 92541425911803129
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10589
FF - user.js: extensions.incredibar_i.ppd -
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100789
FF - user.js: extensions.BabylonToolbar_i.babExt - somoto
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 60aabd9e000000000000001e6501690d
FF - user.js: extensions.BabylonToolbar_i.hardId - 60aabd9e000000000000001e6501690d
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15337
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:47
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb5
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
AddRemove-FRAGILE walking - c:\windows\system32\FRAGILE walking.scr
AddRemove-incredibar - c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
c:\program files (x86)\CA\PPRT\bin\ITMRTSVC.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Migo\PC Backup Pro\NMSAccessU.exe
c:\program files (x86)\Migo\PC Backup Pro\NSENGINE.exe
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Completion time: 2012-02-11 09:13:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-11 15:13
.
Pre-Run: 428,290,453,504 bytes free
Post-Run: 428,175,613,952 bytes free
.
- - End Of File - - 861D4DE5596FF4AB12A37B0B141EF6F4

Edited by -Celestial-, 11 February 2012 - 10:58 AM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:35 PM

Posted 11 February 2012 - 11:56 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 -Celestial-

-Celestial-
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 11 February 2012 - 01:32 PM

I downloaded both programs, but when I double click on each that message pops up that asks to allow the program to make changes to the computer; I say yes, and nothing comes up. I waited a couple of minutes to be sure but neither program starts.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:35 PM

Posted 11 February 2012 - 05:49 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 -Celestial-

-Celestial-
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 12 February 2012 - 10:13 AM

Alright, this is urgent.

I downloaded the fixTDSS file and used it. It found something (don't remember the name specifically but I'm pretty sure it had "MBR" in it), repaired it, and then I went straight to use TDSSKiller. I performed the scan and it didn't find anything. Then I went to use aswMBR, had it download the program it asked for and went straight to the scan. As it was scanning I got the blue screen of death and my computer shut down. I went to boot it back up, but the blue screen flashes and then Windows tries to recover the computer. It couldn't fix it, but I did a system restore from the point ComboFix made. Even after the system restore, the blue screen flashes and I get to the repair menu. I tried to go into Safe Mode with Networking and the same result happens.

Basically my computer is locked and I don't know how to get back to it. I am currently performing a memory scan.

EDIT ~ No problems found in the memory scan. I can open the Command Prompt if that helps.

EDIT 2 ~ Turned off the automatic restart option so that I can see the blue screen. The full STOP error is:

0X0000007B (0XFFFFF880009A98E8, 0XFFFFFFFFC000000D, 0X0000000000000000, 0X0000000000000000)

Edited by -Celestial-, 12 February 2012 - 12:23 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:35 PM

Posted 12 February 2012 - 12:40 PM

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 -Celestial-

-Celestial-
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 12 February 2012 - 12:53 PM

Scan result of Farbar Recovery Scan Tool Version: 11-02-2012
Ran by SYSTEM at 2012-02-12 11:49:06
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [EKAIO2StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe [3240448 2011-12-10] (Eastman Kodak Company)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2011-01-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2011-11-22] (McAfee, Inc.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Conime] %windir%\system32\conime.exe [x]
HKLM-x32\...\Run: [EKAiO2StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKAiO2MUI.exe [3240448 2011-12-10] (Eastman Kodak Company)
HKU\Peter\...\Run: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden [1081 2011-08-26] ()
HKU\Peter\...\Run: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide [1589208 2009-08-19] ()
HKU\Peter\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5487488 2012-01-20] (SUPERAntiSpyware.com)
HKU\Peter\...\Policies\system: [disableregistrytools] 0
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Lsa: [Notification Packages] scecli
DPPWDFLT

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
2 AntiSpywareService; C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [616408 2009-06-17] ()
2 BcmSqlStartupSvc; "C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [31144 2010-03-25] (Microsoft Corporation)
2 cbVSCService; C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe [67584 2010-09-23] (CobianSoft, Luis Cobian)
3 CleanService; C:\Program Files (x86)\StompSoft\Digital File Shredder Pro\CleanService.exe [52736 2006-09-26] ()
2 DpHost; C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe [322624 2009-09-29] (DigitalPersona, Inc.)
2 hpsrv; C:\Windows\System32\Hpservice.exe [23040 2008-03-18] (Hewlett-Packard Corporation)
2 ITMRTSVC; "C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe" [283912 2007-09-26] (CA, Inc.)
2 Kodak AiO Network Discovery Service; C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [394672 2011-12-19] (Eastman Kodak Company)
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [501768 2011-03-17] (McAfee, Inc.)
4 McOobeSv; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2011-10-18] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [208536 2011-10-18] (McAfee, Inc.)
2 mfevtp; "C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe" [161168 2011-10-18] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 MSSQL$MSSMLBIZ; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [43010392 2009-03-30] (Microsoft Corporation)
4 MSSQLServerADHelper100; "C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [47128 2009-03-30] (Microsoft Corporation)
2 NMSAccessU; C:\Program Files (x86)\Migo\PC Backup Pro\NMSAccessU.exe [65536 2007-06-11] ()
2 NsEngine; C:\Program Files (x86)\Migo\PC Backup Pro\NSENGINE.exe [177544 2007-07-25] (Migo Software, Inc.)
2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-12-17] ()
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
4 SQLAgent$MSSMLBIZ; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE" -i MSSMLBIZ [366936 2009-03-30] (Microsoft Corporation)
4 SQLBrowser; "C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [254808 2009-03-30] (Microsoft Corporation)
2 SQLWriter; "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [157720 2008-07-10] (Microsoft Corporation)
2 vfsFPService; C:\Windows\system32\vfsFPService.exe [721712 2008-11-18] (Validity Sensors, Inc.)
2 HP Health Check Service; "c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]

========================== Drivers (Whitelisted) =============

3 Accelerometer; C:\Windows\System32\DRIVERS\Accelerometer.sys [40296 2008-03-27] (Hewlett-Packard Corporation)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65264 2011-10-15] (McAfee, Inc.)
3 enecir; C:\Windows\System32\DRIVERS\enecir.sys [64000 2008-09-04] (ENE TECHNOLOGY INC.)
0 hpdskflt; C:\Windows\System32\DRIVERS\hpdskflt.sys [26984 2008-03-27] (Hewlett-Packard Corporation)
3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160280 2011-10-15] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [229528 2011-10-15] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [481768 2011-10-15] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [647080 2011-10-15] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75808 2011-10-15] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100912 2011-10-15] (McAfee, Inc.)
1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [284648 2011-10-15] (McAfee, Inc.)
3 RTL8169; C:\Windows\System32\DRIVERS\Rtlh64.sys [174592 2008-08-06] (Realtek Corporation )
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 mfeavfk01; [x]
1 MpKsl46cbdad4; \??\C:\Windows\system32\MpEngineStore\MpKsl46cbdad4.sys [x]
2 SBKUPNT; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-02-12 06:03 - 2012-02-12 06:03 - 0039928 ____A C:\Users\Peter\Desktop\tdsskillerlog.txt
2012-02-12 06:00 - 2012-02-12 06:01 - 0079940 ____A C:\TDSSKiller.2.7.11.0_12.02.2012_08.00.59_log.txt
2012-02-11 07:14 - 2012-02-11 07:14 - 0023003 ____A C:\ComboFix.txt
2012-02-11 06:47 - 2012-02-11 06:47 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-02-11 06:47 - 2012-02-11 06:47 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-02-11 06:47 - 2012-02-11 06:47 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-02-11 06:47 - 2012-02-11 06:47 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-02-11 06:47 - 2012-02-11 06:47 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-02-11 06:47 - 2012-02-11 06:47 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-02-11 06:47 - 2012-02-11 06:47 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-02-11 06:47 - 2012-02-11 06:47 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-02-11 06:47 - 2012-02-11 06:47 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-02-11 06:47 - 2012-02-11 06:47 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-02-11 05:43 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-02-11 05:43 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-02-11 05:43 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-02-11 05:43 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-02-11 05:43 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-02-11 05:43 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-02-11 05:43 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-02-11 05:43 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-02-11 05:42 - 2012-02-12 08:52 - 0000000 ___SD C:\ComboFix
2012-02-11 05:40 - 2012-02-12 08:52 - 0000000 ____D C:\Windows\ERDNT
2012-02-11 05:37 - 2012-02-11 07:14 - 0000000 ____D C:\Qoobox
2012-02-11 05:31 - 2012-02-11 05:31 - 4401300 ____R (Swearware) C:\Users\Peter\Desktop\ComboFix.exe
2012-02-11 05:25 - 2012-02-12 05:57 - 0003026 ____A C:\Users\Peter\Desktop\bleepinginstructions.txt
2012-02-11 05:21 - 2012-02-11 05:22 - 0000000 ____D C:\Users\Peter\Documents\gimp-2.6.0
2012-02-10 21:01 - 2012-02-10 21:01 - 0026261 ____A C:\Users\Peter\Desktop\DDS.txt
2012-02-10 21:01 - 2012-02-10 21:01 - 0018602 ____A C:\Users\Peter\Desktop\Attach.txt
2012-02-10 21:00 - 2012-02-10 21:00 - 0000000 ____D C:\Users\Peter\AppData\Roaming\To the Moon - Freebird Games
2012-02-10 20:56 - 2012-02-10 20:56 - 0291826 ____A C:\Windows\To the Moon Uninstaller.exe
2012-02-10 20:55 - 2012-02-10 20:55 - 0000000 ____D C:\Program Files (x86)\To the Moon
2012-02-10 20:44 - 2012-02-10 20:44 - 0607260 ____R (Swearware) C:\Users\Peter\Desktop\dds.scr
2012-02-10 20:44 - 2012-02-10 20:44 - 0000472 ____A C:\Users\Peter\Desktop\defogger_disable.log
2012-02-10 20:44 - 2012-02-10 20:44 - 0000000 ____A C:\Users\Peter\defogger_reenable
2012-02-10 20:43 - 2012-02-10 20:43 - 0050477 ____A C:\Users\Peter\Desktop\Defogger.exe
2012-02-10 20:39 - 2012-02-10 20:54 - 77242757 ____A C:\Users\Peter\Documents\To_the_Moon-1.1_installer.exe
2012-02-10 14:53 - 2012-02-10 14:53 - 15897821 ____A C:\Users\Peter\Documents\gimp-2.6.0.tar.bz2
2012-02-10 14:53 - 2012-02-10 14:53 - 0003922 ____A C:\Users\Peter\.recently-used.xbel
2012-02-10 12:41 - 2012-02-10 12:41 - 0001071 ____A C:\Users\Peter\Desktop\Ext HDD 1021 - Shortcut.lnk
2012-02-10 09:31 - 2012-02-10 09:31 - 0000162 ___AH C:\Users\Peter\Documents\~$0 - Resume Action Words.doc
2012-02-10 07:30 - 2012-02-10 08:49 - 0000057 ____A C:\Users\Peter\Desktop\backup_2-10-2012 2012-02-10 09;27;27.zip
2012-02-10 06:07 - 2012-02-10 07:25 - 0000057 ____A C:\Users\Peter\Desktop\backup_2-10-2012 2012-02-10 08;05;18.zip
2012-02-10 05:54 - 2012-02-10 05:54 - 0000000 ____D C:\Users\Peter\AppData\Local\Safe mirror
2012-02-10 05:54 - 2012-02-10 05:54 - 0000000 ____D C:\Program Files (x86)\Cobian Backup 10
2012-02-10 05:49 - 2012-02-10 05:51 - 15492608 ____A (Luis Cobian, CobianSoft) C:\Users\Peter\Documents\cbSetup.exe
2012-02-10 05:13 - 2012-02-10 05:13 - 0040700 ____A C:\Users\Peter\Documents\Extras.Txt
2012-02-10 05:12 - 2012-02-10 05:12 - 2622712 ____A C:\Users\Peter\Documents\OTL.Txt
2012-02-09 20:48 - 2012-02-09 20:48 - 0219136 ____A C:\Users\Peter\Documents\370 - Resume Action Words.doc
2012-02-09 18:18 - 2012-02-09 18:44 - 22435230 ____A C:\Users\Peter\Documents\FSP.zip
2012-02-09 17:54 - 2012-02-09 17:54 - 0000000 ____D C:\Users\All Users\Kaspersky Lab
2012-02-09 17:54 - 2012-02-09 17:54 - 0000000 ____D C:\ProgramData\Kaspersky Lab
2012-02-09 17:48 - 2012-02-09 17:50 - 119173808 ____A C:\Users\Peter\Documents\setup_11.0.0.1245.x01_2012_02_10_04_53.exe
2012-02-09 17:26 - 2010-12-31 23:14 - 0002254 ____A C:\Users\Peter\Documents\eula.txt
2012-02-09 08:09 - 2012-02-09 17:38 - 0222572 ____A C:\Windows\ntbtlog.txt
2012-02-09 04:32 - 2012-02-09 04:32 - 0000162 ___AH C:\Users\Peter\Documents\~$sume_internship.docx
2012-02-08 12:47 - 2012-02-08 12:47 - 0100483 ____A C:\Users\Peter\Documents\Accountancy_2.pdf
2012-02-08 12:34 - 2012-02-10 12:49 - 0017660 ____A C:\Users\Peter\Documents\resume_internship.docx
2012-02-08 09:26 - 2012-02-08 09:26 - 14693680 ____A (SUPERAntiSpyware.com) C:\Users\Peter\Documents\SUPERAntiSpyware.exe
2012-02-08 09:26 - 2012-02-08 09:26 - 0000000 ____D C:\Users\Peter\AppData\Roaming\SUPERAntiSpyware.com
2012-02-08 09:26 - 2012-02-08 09:26 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-02-08 09:26 - 2012-02-08 09:26 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-02-08 09:26 - 2012-02-08 09:26 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-02-08 05:51 - 2012-02-08 05:51 - 0000162 ___AH C:\Users\Peter\Documents\~$utinemessage.docx
2012-02-07 17:47 - 2012-02-07 17:47 - 0034586 ____A C:\Users\Peter\Documents\Case Analysis 2 - Edited 2-7.docx
2012-02-07 11:29 - 2012-02-09 10:46 - 0000065 ___RH C:\Users\Peter\Documents\stinger.opt
2012-02-07 11:29 - 2012-02-07 11:29 - 0000484 ____A C:\Users\Peter\Documents\stinger.txt
2012-02-07 11:24 - 2012-02-09 10:46 - 0000000 ____D C:\Program Files (x86)\stinger
2012-02-07 11:24 - 2012-02-07 11:24 - 0016200 ____A (McAfee, Inc.) C:\Windows\stinger.sys
2012-02-07 11:23 - 2012-02-07 11:23 - 9094720 ____A (McAfee Inc.) C:\Users\Peter\Documents\stinger.exe
2012-02-07 08:01 - 2012-02-07 08:01 - 15795464 ____A (Mozilla) C:\Users\Peter\Documents\Firefox Setup 10.0.exe
2012-02-07 07:58 - 2012-02-07 11:04 - 0000115 ____A C:\Windows\wininit.ini
2012-02-07 07:46 - 2012-02-07 07:49 - 0015455 ____A C:\Users\Peter\Documents\analyticalreportmemo.docx
2012-02-07 07:45 - 2012-02-10 08:42 - 0017223 ____A C:\Users\Peter\Documents\routinemessage.docx
2012-02-07 04:58 - 2011-11-16 23:17 - 0152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-02-07 04:58 - 2011-11-16 23:17 - 0095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-02-07 04:58 - 2011-11-16 23:15 - 0460296 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-02-07 04:58 - 2011-11-16 23:12 - 0395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-02-07 04:58 - 2011-11-16 23:11 - 0136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-02-07 04:58 - 2011-11-16 23:11 - 0028672 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-02-07 04:58 - 2011-11-16 23:11 - 0028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-02-07 04:58 - 2011-11-16 23:10 - 0340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-02-07 04:58 - 2011-11-16 23:08 - 1446912 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-02-07 04:58 - 2011-11-16 23:05 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-02-07 04:58 - 2011-11-16 21:39 - 0314368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2012-02-07 04:58 - 2011-11-16 21:39 - 0224768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-02-07 04:58 - 2011-11-16 21:39 - 0022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-02-07 04:58 - 2011-11-16 21:35 - 0096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-02-06 04:32 - 2012-02-06 04:32 - 0000162 ___AH C:\Users\Peter\Documents\~$lfassessment.docx
2012-02-06 04:32 - 2012-02-06 04:32 - 0000162 ___AH C:\Users\Peter\Documents\~$0 SA paper-1.doc
2012-02-01 18:09 - 2012-02-01 18:51 - 0202916 ____A C:\Users\Peter\Documents\walmart.docx
2012-02-01 18:09 - 2012-02-01 18:09 - 0028672 ____A C:\Users\Peter\Documents\370 SA paper-1.doc
2012-02-01 14:50 - 2012-02-06 10:59 - 0015025 ____A C:\Users\Peter\Documents\selfassessment.docx
2012-02-01 13:15 - 2012-02-01 13:15 - 0012494 ____A C:\Users\Peter\Documents\resume.docx
2012-01-31 10:47 - 2012-01-31 10:47 - 1502856 ____A C:\Windows\Minidump\013112-27237-01.dmp
2012-01-31 04:32 - 2012-01-31 04:32 - 0000162 ___AH C:\Users\Peter\Documents\~$formationalreport.docx
2012-01-30 14:27 - 2012-01-30 14:27 - 41830467 ____A C:\Users\Peter\Documents\FFSetup290.zip
2012-01-25 11:09 - 2012-01-25 11:09 - 0000012 ____A C:\Users\Peter\Documents\tritongpa.txt
2012-01-22 14:15 - 2012-02-01 13:11 - 0019547 ____A C:\Users\Peter\Documents\informationalreport.docx
2012-01-20 19:32 - 2012-01-20 19:32 - 0000000 ____D C:\Windows\SysWOW64\kodak
2012-01-18 10:40 - 2012-02-09 18:49 - 0027136 ____A C:\Users\Peter\Documents\datasheet.doc
2012-01-13 16:33 - 2012-01-13 16:33 - 0000000 ____D C:\Windows\solcache
2012-01-13 16:31 - 2012-02-07 04:48 - 0000000 ____D C:\SIERRA
2012-01-13 16:31 - 2012-01-13 16:33 - 0000000 ____D C:\Program Files (x86)\Sierra On-Line
2012-01-13 16:31 - 1998-10-30 21:21 - 1022976 ____A (Cendant Software) C:\Windows\SysWOW64\SierraNW.dll
2012-01-13 16:31 - 1998-10-30 21:21 - 0231936 ____A (Cendant Software) C:\Windows\SysWOW64\SNWValid.dll
2012-01-13 16:30 - 2012-01-13 16:34 - 0000586 ____A C:\Windows\SIERRA.INI


============ 3 Months Modified Files and Folders =============

2012-02-12 11:49 - 2012-02-12 11:49 - 0000000 ____D C:\FRST
2012-02-12 08:53 - 2011-08-30 18:37 - 0000000 ____D C:\Users\Peter\AppData\Local\TempDIR
2012-02-12 08:53 - 2010-03-05 13:07 - 0000000 ____D C:\users\Peter
2012-02-12 08:53 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-02-12 08:52 - 2012-02-11 05:42 - 0000000 ___SD C:\ComboFix
2012-02-12 08:52 - 2012-02-11 05:40 - 0000000 ____D C:\Windows\ERDNT
2012-02-12 08:52 - 2011-12-29 09:44 - 0000000 ____D C:\Program Files (x86)\Incredibar.com
2012-02-12 08:52 - 2011-08-30 18:37 - 0000000 ____D C:\Program Files (x86)\somototoolbar
2012-02-12 08:52 - 2011-08-18 09:30 - 0000000 ____D C:\Users\All Users\Kodak
2012-02-12 08:52 - 2011-08-18 09:30 - 0000000 ____D C:\ProgramData\Kodak
2012-02-12 08:52 - 2011-06-23 10:54 - 0000000 ____D C:\Users\All Users\Tarma Installer
2012-02-12 08:52 - 2011-06-23 10:54 - 0000000 ____D C:\ProgramData\Tarma Installer
2012-02-12 08:52 - 2009-08-21 13:33 - 0000000 ____D C:\Program Files (x86)\Dealio Toolbar
2012-02-12 08:52 - 2009-08-07 00:11 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-02-12 08:52 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-02-12 08:52 - 2009-07-13 19:18 - 0000000 __SHD C:\$RECYCLE.BIN
2012-02-12 08:51 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2012-02-12 06:03 - 2012-02-12 06:03 - 0039928 ____A C:\Users\Peter\Desktop\tdsskillerlog.txt
2012-02-12 06:01 - 2012-02-12 06:00 - 0079940 ____A C:\TDSSKiller.2.7.11.0_12.02.2012_08.00.59_log.txt
2012-02-12 05:58 - 2010-03-05 13:56 - 3195424768 __ASH C:\hiberfil.sys
2012-02-12 05:57 - 2012-02-11 05:25 - 0003026 ____A C:\Users\Peter\Desktop\bleepinginstructions.txt
2012-02-11 10:18 - 2010-01-06 16:51 - 0037580 ____A C:\Users\Peter\Documents\gamelist.xlsx
2012-02-11 07:14 - 2012-02-11 07:14 - 0023003 ____A C:\ComboFix.txt
2012-02-11 07:14 - 2012-02-11 05:37 - 0000000 ____D C:\Qoobox
2012-02-11 06:47 - 2012-02-11 06:47 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-02-11 06:47 - 2012-02-11 06:47 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-02-11 06:47 - 2012-02-11 06:47 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-02-11 06:47 - 2012-02-11 06:47 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-02-11 06:47 - 2012-02-11 06:47 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-02-11 06:47 - 2012-02-11 06:47 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-02-11 06:47 - 2012-02-11 06:47 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-02-11 06:47 - 2012-02-11 06:47 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-02-11 06:47 - 2012-02-11 06:47 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-02-11 06:47 - 2012-02-11 06:47 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-02-11 06:47 - 2009-07-13 18:34 - 91226112 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-02-11 06:47 - 2009-07-13 18:34 - 25165824 ____A C:\Windows\System32\config\SYSTEM.bak
2012-02-11 06:47 - 2009-07-13 18:34 - 0524288 ____A C:\Windows\System32\config\DEFAULT.bak
2012-02-11 06:47 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-02-11 06:47 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SAM.bak
2012-02-11 05:31 - 2012-02-11 05:31 - 4401300 ____R (Swearware) C:\Users\Peter\Desktop\ComboFix.exe
2012-02-11 05:28 - 2010-03-05 13:04 - 0011104 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-02-11 05:28 - 2010-03-05 13:04 - 0011104 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-02-11 05:25 - 2010-03-05 13:54 - 1703448 ____A C:\Windows\WindowsUpdate.log
2012-02-11 05:24 - 2009-07-13 21:13 - 0818112 ____A C:\Windows\System32\PerfStringBackup.INI
2012-02-11 05:22 - 2012-02-11 05:21 - 0000000 ____D C:\Users\Peter\Documents\gimp-2.6.0
2012-02-11 05:18 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-02-11 05:18 - 2009-07-13 20:51 - 36801985 ____A C:\Windows\setupact.log
2012-02-10 21:01 - 2012-02-10 21:01 - 0026261 ____A C:\Users\Peter\Desktop\DDS.txt
2012-02-10 21:01 - 2012-02-10 21:01 - 0018602 ____A C:\Users\Peter\Desktop\Attach.txt
2012-02-10 21:00 - 2012-02-10 21:00 - 0000000 ____D C:\Users\Peter\AppData\Roaming\To the Moon - Freebird Games
2012-02-10 20:56 - 2012-02-10 20:56 - 0291826 ____A C:\Windows\To the Moon Uninstaller.exe
2012-02-10 20:55 - 2012-02-10 20:55 - 0000000 ____D C:\Program Files (x86)\To the Moon
2012-02-10 20:54 - 2012-02-10 20:39 - 77242757 ____A C:\Users\Peter\Documents\To_the_Moon-1.1_installer.exe
2012-02-10 20:44 - 2012-02-10 20:44 - 0607260 ____R (Swearware) C:\Users\Peter\Desktop\dds.scr
2012-02-10 20:44 - 2012-02-10 20:44 - 0000472 ____A C:\Users\Peter\Desktop\defogger_disable.log
2012-02-10 20:44 - 2012-02-10 20:44 - 0000000 ____A C:\Users\Peter\defogger_reenable
2012-02-10 20:43 - 2012-02-10 20:43 - 0050477 ____A C:\Users\Peter\Desktop\Defogger.exe
2012-02-10 16:32 - 2009-08-05 14:41 - 0000000 ____D C:\Users\Peter\AppData\Local\VirtualStore
2012-02-10 14:53 - 2012-02-10 14:53 - 15897821 ____A C:\Users\Peter\Documents\gimp-2.6.0.tar.bz2
2012-02-10 14:53 - 2012-02-10 14:53 - 0003922 ____A C:\Users\Peter\.recently-used.xbel
2012-02-10 14:53 - 2009-08-11 10:38 - 0000000 ____D C:\Users\Peter\AppData\Roaming\gtk-2.0
2012-02-10 14:53 - 2009-08-10 22:31 - 0000000 ___HD C:\Users\Peter\.gimp-2.6
2012-02-10 12:49 - 2012-02-08 12:34 - 0017660 ____A C:\Users\Peter\Documents\resume_internship.docx
2012-02-10 12:41 - 2012-02-10 12:41 - 0001071 ____A C:\Users\Peter\Desktop\Ext HDD 1021 - Shortcut.lnk
2012-02-10 09:31 - 2012-02-10 09:31 - 0000162 ___AH C:\Users\Peter\Documents\~$0 - Resume Action Words.doc
2012-02-10 09:01 - 2010-03-05 13:35 - 0160498 ____A C:\Windows\PFRO.log
2012-02-10 08:49 - 2012-02-10 07:30 - 0000057 ____A C:\Users\Peter\Desktop\backup_2-10-2012 2012-02-10 09;27;27.zip
2012-02-10 08:42 - 2012-02-07 07:45 - 0017223 ____A C:\Users\Peter\Documents\routinemessage.docx
2012-02-10 07:25 - 2012-02-10 06:07 - 0000057 ____A C:\Users\Peter\Desktop\backup_2-10-2012 2012-02-10 08;05;18.zip
2012-02-10 05:54 - 2012-02-10 05:54 - 0000000 ____D C:\Users\Peter\AppData\Local\Safe mirror
2012-02-10 05:54 - 2012-02-10 05:54 - 0000000 ____D C:\Program Files (x86)\Cobian Backup 10
2012-02-10 05:51 - 2012-02-10 05:49 - 15492608 ____A (Luis Cobian, CobianSoft) C:\Users\Peter\Documents\cbSetup.exe
2012-02-10 05:13 - 2012-02-10 05:13 - 0040700 ____A C:\Users\Peter\Documents\Extras.Txt
2012-02-10 05:12 - 2012-02-10 05:12 - 2622712 ____A C:\Users\Peter\Documents\OTL.Txt
2012-02-09 20:48 - 2012-02-09 20:48 - 0219136 ____A C:\Users\Peter\Documents\370 - Resume Action Words.doc
2012-02-09 18:49 - 2012-01-18 10:40 - 0027136 ____A C:\Users\Peter\Documents\datasheet.doc
2012-02-09 18:44 - 2012-02-09 18:18 - 22435230 ____A C:\Users\Peter\Documents\FSP.zip
2012-02-09 17:54 - 2012-02-09 17:54 - 0000000 ____D C:\Users\All Users\Kaspersky Lab
2012-02-09 17:54 - 2012-02-09 17:54 - 0000000 ____D C:\ProgramData\Kaspersky Lab
2012-02-09 17:50 - 2012-02-09 17:48 - 119173808 ____A C:\Users\Peter\Documents\setup_11.0.0.1245.x01_2012_02_10_04_53.exe
2012-02-09 17:38 - 2012-02-09 08:09 - 0222572 ____A C:\Windows\ntbtlog.txt
2012-02-09 10:46 - 2012-02-07 11:29 - 0000065 ___RH C:\Users\Peter\Documents\stinger.opt
2012-02-09 10:46 - 2012-02-07 11:24 - 0000000 ____D C:\Program Files (x86)\stinger
2012-02-09 04:32 - 2012-02-09 04:32 - 0000162 ___AH C:\Users\Peter\Documents\~$sume_internship.docx
2012-02-08 12:47 - 2012-02-08 12:47 - 0100483 ____A C:\Users\Peter\Documents\Accountancy_2.pdf
2012-02-08 09:26 - 2012-02-08 09:26 - 14693680 ____A (SUPERAntiSpyware.com) C:\Users\Peter\Documents\SUPERAntiSpyware.exe
2012-02-08 09:26 - 2012-02-08 09:26 - 0000000 ____D C:\Users\Peter\AppData\Roaming\SUPERAntiSpyware.com
2012-02-08 09:26 - 2012-02-08 09:26 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-02-08 09:26 - 2012-02-08 09:26 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-02-08 09:26 - 2012-02-08 09:26 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-02-08 05:51 - 2012-02-08 05:51 - 0000162 ___AH C:\Users\Peter\Documents\~$utinemessage.docx
2012-02-07 17:47 - 2012-02-07 17:47 - 0034586 ____A C:\Users\Peter\Documents\Case Analysis 2 - Edited 2-7.docx
2012-02-07 13:00 - 2009-08-11 11:20 - 0000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-02-07 11:29 - 2012-02-07 11:29 - 0000484 ____A C:\Users\Peter\Documents\stinger.txt
2012-02-07 11:24 - 2012-02-07 11:24 - 0016200 ____A (McAfee, Inc.) C:\Windows\stinger.sys
2012-02-07 11:23 - 2012-02-07 11:23 - 9094720 ____A (McAfee Inc.) C:\Users\Peter\Documents\stinger.exe
2012-02-07 11:04 - 2012-02-07 07:58 - 0000115 ____A C:\Windows\wininit.ini
2012-02-07 08:01 - 2012-02-07 08:01 - 15795464 ____A (Mozilla) C:\Users\Peter\Documents\Firefox Setup 10.0.exe
2012-02-07 07:53 - 2011-01-27 06:30 - 0000000 ____D C:\Program Files (x86)\McAfee
2012-02-07 07:49 - 2012-02-07 07:46 - 0015455 ____A C:\Users\Peter\Documents\analyticalreportmemo.docx
2012-02-07 07:25 - 2009-08-05 14:52 - 0000334 ____A C:\Windows\Tasks\HPCeeScheduleForPeter.job
2012-02-07 04:53 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-02-07 04:48 - 2012-01-13 16:31 - 0000000 ____D C:\SIERRA
2012-02-07 04:48 - 2011-12-27 12:38 - 0000000 ____D C:\DriveKey
2012-02-07 04:48 - 2011-12-27 06:19 - 0000000 ____D C:\Users\All Users\WeCareReminder
2012-02-07 04:48 - 2011-12-27 06:19 - 0000000 ____D C:\ProgramData\WeCareReminder
2012-02-07 04:48 - 2011-11-20 08:44 - 0000000 ____D C:\Users\Peter\Documents\FormatFactory
2012-02-07 04:48 - 2011-10-28 12:29 - 0000000 ____D C:\Program Files (x86)\Sage Software
2012-02-07 04:48 - 2011-10-28 12:29 - 0000000 ____D C:\Program Files (x86)\Pervasive Software
2012-02-07 04:48 - 2011-08-18 09:34 - 0000000 ____D C:\Users\Peter\AppData\Local\Eastman_Kodak_Company
2012-02-07 04:48 - 2010-09-21 14:06 - 0000000 ____D C:\Users\Peter\Documents\restechstuff
2012-02-07 04:48 - 2010-04-06 12:53 - 0000000 ____D C:\Users\All Users\Real
2012-02-07 04:48 - 2010-04-06 12:53 - 0000000 ____D C:\ProgramData\Real
2012-02-07 04:48 - 2010-01-23 06:12 - 0000000 ____D C:\Program Files (x86)\osu!
2012-02-07 04:48 - 2010-01-23 06:11 - 0000000 ____D C:\Users\Peter\AppData\Roaming\Downloaded Installations
2012-02-07 04:48 - 2009-12-04 11:28 - 0000000 ____D C:\DOSgames
2012-02-07 04:48 - 2009-11-21 20:46 - 0000000 ____D C:\Users\Peter\AppData\Roaming\vlc
2012-02-07 04:48 - 2009-09-08 17:22 - 0000000 ____D C:\Users\Peter\AppData\Roaming\U3
2012-02-07 04:48 - 2009-08-28 13:32 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-07 04:48 - 2009-08-27 04:21 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-02-07 04:48 - 2009-08-27 04:21 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-02-07 04:48 - 2009-08-27 04:21 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-02-07 04:48 - 2009-08-21 17:41 - 0000000 ____D C:\Users\Peter\AppData\Roaming\dvdcss
2012-02-07 04:48 - 2009-08-21 17:32 - 0000000 ____D C:\Users\Peter\Downloads\aimp_2.09
2012-02-07 04:48 - 2009-08-21 16:21 - 0000000 ____D C:\Users\Peter\Downloads\FlvToMp3_1.2.1_w32
2012-02-07 04:48 - 2009-08-21 16:15 - 0000000 ____D C:\Users\Peter\AppData\Roaming\Audacity
2012-02-07 04:48 - 2009-08-17 13:57 - 0000000 ____D C:\Users\All Users\HP
2012-02-07 04:48 - 2009-08-17 13:57 - 0000000 ____D C:\ProgramData\HP
2012-02-07 04:48 - 2009-08-07 18:43 - 0000000 ____D C:\Users\Peter\AppData\Local\Microsoft Help
2012-02-07 04:48 - 2009-08-06 11:16 - 0000000 ____D C:\Users\Peter\AppData\Roaming\Creative
2012-02-07 04:48 - 2009-08-05 14:53 - 0000000 ____D C:\Users\Peter\AppData\Local\Hewlett-Packard
2012-02-07 04:48 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-02-07 04:48 - 2009-02-06 08:15 - 0000000 ____D C:\Program Files (x86)\SMINST
2012-02-07 04:48 - 2009-02-06 06:21 - 0000000 ___HD C:\HP
2012-02-07 04:48 - 2008-06-09 05:44 - 0000000 ____D C:\SWSetup
2012-02-07 04:48 - 1999-03-30 10:17 - 0000000 ___HD C:\System.sav
2012-02-07 04:46 - 2011-09-08 06:15 - 0000000 ____D C:\Users\Peter\AppData\Roaming\SAP
2012-02-07 04:46 - 2010-04-06 12:53 - 0000000 ____D C:\Users\Peter\AppData\Roaming\Real
2012-02-07 04:46 - 2009-08-07 17:39 - 0000000 ____D C:\Users\Peter\AppData\Roaming\Opera
2012-02-07 04:46 - 2009-08-07 00:11 - 0000000 ____D C:\Users\Peter\AppData\Roaming\Mozilla
2012-02-07 04:46 - 2009-08-05 20:20 - 0000000 ____D C:\Users\Peter\Documents\My Games
2012-02-07 04:45 - 2011-08-26 04:58 - 0000000 ____D C:\Users\Peter\AppData\Local\SupportSoft
2012-02-07 04:45 - 2009-08-07 17:39 - 0000000 ____D C:\Users\Peter\AppData\Local\Opera
2012-02-07 04:45 - 2009-08-06 20:12 - 0000000 ____D C:\Users\Peter\AppData\Roaming\Macromedia
2012-02-07 04:45 - 2009-08-05 19:24 - 0000000 ____D C:\Users\Peter\AppData\Roaming\Adobe
2012-02-07 04:45 - 2009-08-05 14:54 - 0000000 ____D C:\Users\Peter\AppData\Roaming\Macrovision
2012-02-07 04:45 - 2009-08-05 14:53 - 0000000 ____D C:\Users\Peter\AppData\Roaming\DigitalPersona
2012-02-07 04:45 - 2009-08-05 14:42 - 0000000 ____D C:\Users\Peter\AppData\LocalLow
2012-02-07 04:43 - 2011-12-29 09:46 - 0000000 ____D C:\Users\Peter\AppData\Local\Babylon
2012-02-07 04:43 - 2009-08-06 18:16 - 0000000 ____D C:\Users\Peter\AppData\Local\Microsoft Games
2012-02-07 04:41 - 2011-09-07 12:24 - 0000000 ____D C:\Users\All Users\myitlab2010
2012-02-07 04:41 - 2011-09-07 12:24 - 0000000 ____D C:\ProgramData\myitlab2010
2012-02-07 04:41 - 2011-01-27 06:30 - 0000000 ____D C:\Users\All Users\McAfee
2012-02-07 04:41 - 2011-01-27 06:30 - 0000000 ____D C:\ProgramData\McAfee
2012-02-07 04:41 - 2010-08-18 20:04 - 0000000 ____D C:\Users\All Users\EPSON
2012-02-07 04:41 - 2010-08-18 20:04 - 0000000 ____D C:\ProgramData\EPSON
2012-02-07 04:41 - 2010-04-23 06:31 - 0000000 ____D C:\Users\All Users\InstallShield
2012-02-07 04:41 - 2010-04-23 06:31 - 0000000 ____D C:\ProgramData\InstallShield
2012-02-07 04:41 - 2009-10-07 04:42 - 0000000 ____D C:\Users\All Users\Downloaded Installations
2012-02-07 04:41 - 2009-10-07 04:42 - 0000000 ____D C:\ProgramData\Downloaded Installations
2012-02-07 04:41 - 2009-08-28 13:32 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-02-07 04:41 - 2009-08-28 13:32 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-02-07 04:41 - 2009-05-16 02:08 - 0000000 ____D C:\Users\All Users\Macrovision
2012-02-07 04:41 - 2009-05-16 02:08 - 0000000 ____D C:\ProgramData\Macrovision
2012-02-07 04:41 - 2009-02-06 06:28 - 0000000 ____D C:\Users\All Users\Adobe
2012-02-07 04:41 - 2009-02-06 06:28 - 0000000 ____D C:\ProgramData\Adobe
2012-02-07 04:41 - 2009-02-06 05:40 - 0000000 ____D C:\Users\All Users\Hewlett-Packard
2012-02-07 04:41 - 2009-02-06 05:40 - 0000000 ____D C:\ProgramData\Hewlett-Packard
2012-02-07 04:40 - 2009-08-07 18:42 - 0000000 __RHD C:\MSOCache
2012-02-06 20:18 - 2010-04-03 17:36 - 0000000 ____D C:\Users\Peter\AppData\Local\ElevatedDiagnostics
2012-02-06 10:59 - 2012-02-01 14:50 - 0015025 ____A C:\Users\Peter\Documents\selfassessment.docx
2012-02-06 04:32 - 2012-02-06 04:32 - 0000162 ___AH C:\Users\Peter\Documents\~$lfassessment.docx
2012-02-06 04:32 - 2012-02-06 04:32 - 0000162 ___AH C:\Users\Peter\Documents\~$0 SA paper-1.doc
2012-02-01 18:51 - 2012-02-01 18:09 - 0202916 ____A C:\Users\Peter\Documents\walmart.docx
2012-02-01 18:09 - 2012-02-01 18:09 - 0028672 ____A C:\Users\Peter\Documents\370 SA paper-1.doc
2012-02-01 13:15 - 2012-02-01 13:15 - 0012494 ____A C:\Users\Peter\Documents\resume.docx
2012-02-01 13:11 - 2012-01-22 14:15 - 0019547 ____A C:\Users\Peter\Documents\informationalreport.docx
2012-01-31 10:47 - 2012-01-31 10:47 - 1502856 ____A C:\Windows\Minidump\013112-27237-01.dmp
2012-01-31 10:47 - 2011-06-03 23:22 - 397286292 ____A C:\Windows\MEMORY.DMP
2012-01-31 10:47 - 2011-06-03 23:22 - 0000000 ____D C:\Windows\Minidump
2012-01-31 10:44 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-01-31 04:32 - 2012-01-31 04:32 - 0000162 ___AH C:\Users\Peter\Documents\~$formationalreport.docx
2012-01-30 14:31 - 2011-05-13 12:07 - 0000000 ____D C:\Users\Peter\Documents\FFOutput
2012-01-30 14:27 - 2012-01-30 14:27 - 41830467 ____A C:\Users\Peter\Documents\FFSetup290.zip
2012-01-30 05:32 - 2010-03-20 08:04 - 0057344 ____A C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-01-25 11:52 - 2010-03-30 17:02 - 0000000 ___HD C:\Users\All Users\boost_interprocess
2012-01-25 11:52 - 2010-03-30 17:02 - 0000000 ___HD C:\ProgramData\boost_interprocess
2012-01-25 11:09 - 2012-01-25 11:09 - 0000012 ____A C:\Users\Peter\Documents\tritongpa.txt
2012-01-20 19:33 - 2011-08-18 09:34 - 0000000 ___HD C:\Users\Peter\AppData\Local\Eastman Kodak Company
2012-01-20 19:32 - 2012-01-20 19:32 - 0000000 ____D C:\Windows\SysWOW64\kodak
2012-01-20 19:30 - 2011-08-18 09:32 - 0000000 ____D C:\Program Files (x86)\Kodak
2012-01-20 19:28 - 2011-09-07 17:41 - 0800824 ____A (Microsoft Corporation) C:\Users\Default\AppData\Roaming\DPInst.exe
2012-01-20 19:28 - 2011-09-07 17:41 - 0800824 ____A (Microsoft Corporation) C:\Users\Default User\AppData\Roaming\DPInst.exe
2012-01-20 19:28 - 2011-09-07 17:41 - 0106496 ____A (Microsoft Corporation) C:\Users\Default\AppData\Roaming\gacutil.exe
2012-01-20 19:28 - 2011-09-07 17:41 - 0106496 ____A (Microsoft Corporation) C:\Users\Default User\AppData\Roaming\gacutil.exe
2012-01-20 19:28 - 2011-09-07 17:41 - 0036352 ____A (Microsoft Corporation) C:\Users\Default\AppData\Roaming\PnPutil.exe
2012-01-20 19:28 - 2011-09-07 17:41 - 0036352 ____A (Microsoft Corporation) C:\Users\Default User\AppData\Roaming\PnPutil.exe
2012-01-20 19:28 - 2011-09-07 17:41 - 0000181 ____A C:\Users\Default\AppData\Roaming\gacutil.exe.config
2012-01-20 19:28 - 2011-09-07 17:41 - 0000181 ____A C:\Users\Default User\AppData\Roaming\gacutil.exe.config
2012-01-18 19:24 - 2009-08-07 20:26 - 0000000 ____D C:\Firefox_backup
2012-01-13 16:34 - 2012-01-13 16:30 - 0000586 ____A C:\Windows\SIERRA.INI
2012-01-13 16:33 - 2012-01-13 16:33 - 0000000 ____D C:\Windows\solcache
2012-01-13 16:33 - 2012-01-13 16:31 - 0000000 ____D C:\Program Files (x86)\Sierra On-Line
2012-01-11 13:12 - 2009-08-07 18:43 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-01-11 13:12 - 2009-08-07 18:43 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-01-11 13:09 - 2010-03-10 11:02 - 54008112 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-01-04 10:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2011-12-29 09:53 - 2011-12-29 09:53 - 0000000 ____D C:\Program Files (x86)\Internet Download Manager
2011-12-29 09:47 - 2011-12-29 09:44 - 0000690 ____A C:\user.js
2011-12-29 09:46 - 2011-12-29 09:46 - 0000000 ___HD C:\Users\Peter\AppData\Roaming\Babylon
2011-12-29 09:46 - 2011-12-29 09:46 - 0000000 ___HD C:\Users\All Users\Babylon
2011-12-29 09:46 - 2011-12-29 09:46 - 0000000 ___HD C:\ProgramData\Babylon
2011-12-29 09:43 - 2011-12-29 09:37 - 0000000 ____D C:\Program Files (x86)\Wondershare
2011-12-29 09:39 - 2011-12-29 09:39 - 0000000 ___HD C:\Users\All Users\xml_param
2011-12-29 09:39 - 2011-12-29 09:39 - 0000000 ___HD C:\ProgramData\xml_param
2011-12-29 07:51 - 2011-12-29 07:51 - 0000000 ___HD C:\Users\Peter\AppData\Local\MPlayer
2011-12-29 07:51 - 2011-12-29 07:50 - 0000000 ___HD C:\Users\All Users\PMS
2011-12-29 07:51 - 2011-12-29 07:50 - 0000000 ___HD C:\ProgramData\PMS
2011-12-29 07:16 - 2009-07-13 20:45 - 0440664 ____A C:\Windows\System32\FNTCACHE.DAT
2011-12-28 19:16 - 2010-03-05 14:02 - 0120536 ___AH C:\Users\Peter\AppData\Local\GDIPFONTCACHEV1.DAT
2011-12-28 04:30 - 2011-09-08 06:07 - 0000000 ____D C:\Program Files (x86)\SAP
2011-12-28 04:29 - 2011-09-08 06:10 - 0000000 ___HD C:\Users\Peter\AppData\Local\SAP
2011-12-28 04:29 - 2011-09-08 06:10 - 0000000 ____D C:\Users\Peter\Documents\SAP
2011-12-28 04:27 - 2011-09-08 06:11 - 0000000 ___HD C:\Users\Peter\AppData\Local\sijab-logs
2011-12-28 04:24 - 2011-10-28 12:23 - 0059655 ____A C:\Windows\PeachWLog.XML
2011-12-28 04:24 - 2009-02-06 05:39 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2011-12-28 04:17 - 2011-10-28 12:29 - 0000023 ____A C:\Windows\ODBCINST.INI
2011-12-28 04:11 - 2011-10-28 12:23 - 0000548 ____A C:\Windows\SysWOW64\Microsoft.VC90.MFC.manifest
2011-12-28 04:11 - 2011-10-28 12:23 - 0000524 ____A C:\Windows\SysWOW64\Microsoft.VC90.CRT.manifest
2011-12-27 12:29 - 2011-12-27 12:29 - 2074384 ____A (Hewlett-Packard ) C:\Users\Peter\Documents\SP27608.exe
2011-12-27 06:19 - 2011-12-27 06:19 - 4556134 ____A (InstallShield Software Corporation) C:\Users\Peter\Downloads\swissknife.exe
2011-12-25 11:00 - 2011-12-25 10:54 - 32608261 ____A C:\Users\Peter\Documents\EBOOT.PBP
2011-12-21 08:26 - 2009-07-13 21:08 - 0032610 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-12-20 07:38 - 2011-12-20 07:38 - 0000000 ____D C:\Program Files (x86)\GlobFX
2011-12-10 08:22 - 2011-12-10 08:22 - 1058304 ____A (Eastman Kodak Company) C:\Windows\System32\EKAiO2MON.dll
2011-12-10 08:22 - 2011-12-10 08:22 - 0177664 ____A (Eastman Kodak Company) C:\Windows\System32\EKAiO2COI07.dll
2011-12-01 19:53 - 2011-12-01 19:50 - 155934919 ____A C:\Users\Peter\Documents\DFInstall.zip
2011-12-01 19:50 - 2011-12-01 19:49 - 9196300 ____A C:\Users\Peter\Documents\Arena106Setup.zip
2011-12-01 07:15 - 2011-11-28 19:53 - 1404928 ____A C:\Users\Peter\Documents\FINISHEDDATABASE.accdb
2011-12-01 04:19 - 2011-12-01 04:14 - 1466368 ____A C:\Users\Peter\Documents\FINISHEDDATABASE2.accdb
2011-11-29 07:12 - 2011-11-29 07:12 - 1417216 ____A C:\Users\Peter\Documents\FINISHEDDATABASE1.accdb
2011-11-28 12:44 - 2011-11-28 12:44 - 1372160 ____A C:\Users\Peter\Documents\updateddatabase_2011-11-281.accdb
2011-11-28 06:05 - 2011-11-28 06:05 - 1253376 ____A C:\Users\Peter\Documents\updateddatabase_2011-11-28.accdb
2011-11-27 14:40 - 2011-11-21 16:22 - 0022417 ____A C:\Users\Peter\Documents\businessplan.docx
2011-11-24 18:19 - 2011-11-23 07:32 - 1122304 ____A C:\Users\Peter\Documents\updateddatabase[1]_2011-11-22.accdb
2011-11-23 21:00 - 2011-12-15 05:33 - 3141632 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-11-23 11:51 - 2011-11-23 11:51 - 0030624 ____A C:\Users\Peter\Documents\310AReport.docx
2011-11-23 11:47 - 2011-11-23 11:47 - 0027238 ____A C:\Users\Peter\Documents\Business Plan Form - Fall 2011-1.docx
2011-11-22 16:11 - 2011-11-22 15:53 - 8734751 ____A C:\Users\Peter\Documents\Negai no Kakera (ef - a tale of melodies ending 2).mp3
2011-11-22 04:24 - 2011-11-22 04:24 - 1056768 ____A C:\Users\Peter\Documents\updateddatabase.accdb
2011-11-21 15:56 - 2011-11-21 15:56 - 1048576 ____A C:\Users\Peter\Documents\recentdatabase.accdb
2011-11-21 05:05 - 2011-11-19 16:19 - 1089536 ____A C:\Users\Peter\Documents\masterdatabase.accdb
2011-11-21 05:04 - 2011-11-21 05:04 - 1089536 ____A C:\Users\Peter\Documents\masterdatabase_2011-11-21_backup.accdb
2011-11-20 20:06 - 2011-11-20 20:06 - 0000269 ____A C:\Windows\pvsw.log
2011-11-20 08:40 - 2011-11-20 08:40 - 42006528 ____A C:\Users\Peter\Documents\CT2207613_00699_00706_072054_BL.EXE
2011-11-19 16:20 - 2011-11-19 16:20 - 0860160 ____A C:\Users\Peter\Documents\masterdatabase_2011-11-19_backup.accdb
2011-11-19 07:07 - 2012-01-11 06:31 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2011-11-19 06:06 - 2012-01-11 06:31 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2011-11-18 14:02 - 2011-11-18 14:02 - 0774144 ____A C:\Users\Peter\Documents\masterdatabase_backup.accdb
2011-11-16 23:17 - 2012-02-07 04:58 - 0152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2011-11-16 23:17 - 2012-02-07 04:58 - 0095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2011-11-16 23:15 - 2012-02-07 04:58 - 0460296 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2011-11-16 23:14 - 2012-01-11 06:51 - 1739160 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2011-11-16 23:12 - 2012-02-07 04:58 - 0395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2011-11-16 23:11 - 2012-02-07 04:58 - 0136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2011-11-16 23:11 - 2012-02-07 04:58 - 0028672 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2011-11-16 23:11 - 2012-02-07 04:58 - 0028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2011-11-16 23:10 - 2012-02-07 04:58 - 0340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2011-11-16 23:08 - 2012-02-07 04:58 - 1446912 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2011-11-16 23:05 - 2012-02-07 04:58 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2011-11-16 21:41 - 2012-01-11 06:51 - 1292592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2011-11-16 21:39 - 2012-02-07 04:58 - 0314368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2011-11-16 21:39 - 2012-02-07 04:58 - 0224768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2011-11-16 21:39 - 2012-02-07 04:58 - 0022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2011-11-16 21:35 - 2012-02-07 04:58 - 0096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2011-11-15 04:10 - 2011-11-15 04:10 - 0000000 ____D C:\Windows\System32\Macromed
2011-11-15 04:10 - 2011-05-17 14:56 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 4063.2 MB
Available physical RAM: 3417.04 MB
Total Pagefile: 4061.34 MB
Available Pagefile: 3401.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:455.9 GB) (Free:398.83 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:9.86 GB) (Free:1.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Removable) (Total:0.06 GB) (Free:0.06 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 2048 KB
Disk 1 Online 62 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 455 GB 1024 KB
Partition 2 Primary 9 GB 455 GB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 455 GB Healthy

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D RECOVERY NTFS Partition 9 GB Healthy

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 62 MB 31 KB

Disk: 1
Partition 1
Type : 0E
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 62 MB Healthy


==========================================================
TDL4: custom:26000022


==========================================================

Last Boot: 2012-02-11 10:50

======================= End Of Log ==========================

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:35 PM

Posted 12 February 2012 - 01:05 PM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

TDL4: custom:26000022
CMD: bootrec /FixMbr

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 -Celestial-

-Celestial-
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 12 February 2012 - 01:09 PM

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 11-02-2012
Ran by SYSTEM at 2012-02-12 12:08:23 R:1
Running from F:\

==============================================


The operation completed successfully.
The operation completed successfully.

========= bootrec /FixMbr =========

˙ţT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


==== End of Fixlog ====

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:35 PM

Posted 12 February 2012 - 01:29 PM

Hello

Is the computer booting at this time?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 -Celestial-

-Celestial-
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 12 February 2012 - 01:43 PM

Yes, it's back up and running. Should I turn the automatic restart option back on?

Here is the TDSSKiller log from before the computer wouldn't boot up:

08:00:59.0631 2112 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
08:01:01.0644 2112 ============================================================
08:01:01.0644 2112 Current date / time: 2012/02/12 08:01:01.0644
08:01:01.0644 2112 SystemInfo:
08:01:01.0644 2112
08:01:01.0644 2112 OS Version: 6.1.7600 ServicePack: 0.0
08:01:01.0644 2112 Product type: Workstation
08:01:01.0644 2112 ComputerName: SLY
08:01:01.0644 2112 UserName: Peter
08:01:01.0644 2112 Windows directory: C:\Windows
08:01:01.0644 2112 System windows directory: C:\Windows
08:01:01.0644 2112 Running under WOW64
08:01:01.0644 2112 Processor architecture: Intel x64
08:01:01.0644 2112 Number of processors: 2
08:01:01.0644 2112 Page size: 0x1000
08:01:01.0644 2112 Boot type: Normal boot
08:01:01.0644 2112 ============================================================
08:01:03.0781 2112 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:01:03.0781 2112 \Device\Harddisk0\DR0:
08:01:03.0781 2112 MBR used
08:01:03.0781 2112 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x38FCE000
08:01:03.0781 2112 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x38FCE800, BlocksNum 0x13B6000
08:01:03.0843 2112 Initialize success
08:01:03.0843 2112 ============================================================
08:01:05.0668 4188 ============================================================
08:01:05.0668 4188 Scan started
08:01:05.0668 4188 Mode: Manual;
08:01:05.0668 4188 ============================================================
08:01:07.0244 4188 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
08:01:07.0260 4188 1394ohci - ok
08:01:07.0306 4188 Accelerometer (60fbb29ccce48b4c3a6517caf42c3496) C:\Windows\system32\DRIVERS\Accelerometer.sys
08:01:07.0306 4188 Accelerometer - ok
08:01:07.0353 4188 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
08:01:07.0353 4188 ACPI - ok
08:01:07.0369 4188 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
08:01:07.0369 4188 AcpiPmi - ok
08:01:07.0416 4188 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
08:01:07.0416 4188 adp94xx - ok
08:01:07.0462 4188 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
08:01:07.0462 4188 adpahci - ok
08:01:07.0478 4188 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
08:01:07.0478 4188 adpu320 - ok
08:01:07.0556 4188 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
08:01:07.0572 4188 AFD - ok
08:01:07.0618 4188 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
08:01:07.0618 4188 agp440 - ok
08:01:07.0650 4188 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
08:01:07.0650 4188 aliide - ok
08:01:07.0665 4188 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
08:01:07.0665 4188 amdide - ok
08:01:07.0696 4188 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
08:01:07.0712 4188 AmdK8 - ok
08:01:07.0728 4188 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:01:07.0728 4188 AmdPPM - ok
08:01:07.0774 4188 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
08:01:07.0774 4188 amdsata - ok
08:01:07.0821 4188 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
08:01:07.0821 4188 amdsbs - ok
08:01:07.0837 4188 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
08:01:07.0837 4188 amdxata - ok
08:01:07.0899 4188 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
08:01:07.0899 4188 AppID - ok
08:01:07.0962 4188 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
08:01:07.0962 4188 arc - ok
08:01:07.0993 4188 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
08:01:07.0993 4188 arcsas - ok
08:01:08.0024 4188 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:01:08.0024 4188 AsyncMac - ok
08:01:08.0071 4188 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
08:01:08.0071 4188 atapi - ok
08:01:08.0118 4188 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
08:01:08.0118 4188 b06bdrv - ok
08:01:08.0164 4188 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:01:08.0164 4188 b57nd60a - ok
08:01:08.0242 4188 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:01:08.0242 4188 Beep - ok
08:01:08.0289 4188 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:01:08.0305 4188 blbdrive - ok
08:01:08.0320 4188 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
08:01:08.0336 4188 bowser - ok
08:01:08.0352 4188 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:01:08.0352 4188 BrFiltLo - ok
08:01:08.0367 4188 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:01:08.0367 4188 BrFiltUp - ok
08:01:08.0398 4188 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
08:01:08.0414 4188 BridgeMP - ok
08:01:08.0430 4188 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:01:08.0430 4188 Brserid - ok
08:01:08.0461 4188 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:01:08.0461 4188 BrSerWdm - ok
08:01:08.0476 4188 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:01:08.0476 4188 BrUsbMdm - ok
08:01:08.0492 4188 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:01:08.0492 4188 BrUsbSer - ok
08:01:08.0539 4188 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
08:01:08.0554 4188 BthEnum - ok
08:01:08.0570 4188 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
08:01:08.0586 4188 BTHMODEM - ok
08:01:08.0632 4188 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
08:01:08.0632 4188 BthPan - ok
08:01:08.0695 4188 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
08:01:08.0695 4188 BTHPORT - ok
08:01:08.0726 4188 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
08:01:08.0726 4188 BTHUSB - ok
08:01:08.0866 4188 catchme - ok
08:01:09.0038 4188 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:01:09.0038 4188 cdfs - ok
08:01:09.0085 4188 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
08:01:09.0100 4188 cdrom - ok
08:01:09.0163 4188 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
08:01:09.0163 4188 cfwids - ok
08:01:09.0210 4188 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:01:09.0210 4188 circlass - ok
08:01:09.0272 4188 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:01:09.0272 4188 CLFS - ok
08:01:09.0366 4188 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:01:09.0366 4188 CmBatt - ok
08:01:09.0381 4188 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
08:01:09.0381 4188 cmdide - ok
08:01:09.0428 4188 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
08:01:09.0428 4188 CNG - ok
08:01:09.0459 4188 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:01:09.0459 4188 Compbatt - ok
08:01:09.0506 4188 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
08:01:09.0506 4188 CompositeBus - ok
08:01:09.0553 4188 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
08:01:09.0553 4188 crcdisk - ok
08:01:09.0646 4188 dc3d (76e02db615a03801d698199a2bc4a06a) C:\Windows\system32\DRIVERS\dc3d.sys
08:01:09.0646 4188 dc3d - ok
08:01:09.0709 4188 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
08:01:09.0709 4188 DfsC - ok
08:01:09.0771 4188 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:01:09.0771 4188 discache - ok
08:01:09.0802 4188 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
08:01:09.0802 4188 Disk - ok
08:01:09.0865 4188 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
08:01:09.0880 4188 Dot4 - ok
08:01:09.0927 4188 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
08:01:09.0927 4188 Dot4Print - ok
08:01:09.0958 4188 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
08:01:09.0958 4188 dot4usb - ok
08:01:10.0005 4188 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:01:10.0005 4188 drmkaud - ok
08:01:10.0052 4188 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
08:01:10.0068 4188 DXGKrnl - ok
08:01:10.0161 4188 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
08:01:10.0224 4188 ebdrv - ok
08:01:10.0302 4188 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
08:01:10.0317 4188 elxstor - ok
08:01:10.0364 4188 enecir (f218a3a27ed6592c0e22ec3595554447) C:\Windows\system32\DRIVERS\enecir.sys
08:01:10.0364 4188 enecir - ok
08:01:10.0380 4188 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
08:01:10.0380 4188 ErrDev - ok
08:01:10.0411 4188 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:01:10.0411 4188 exfat - ok
08:01:10.0426 4188 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:01:10.0426 4188 fastfat - ok
08:01:10.0442 4188 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
08:01:10.0458 4188 fdc - ok
08:01:10.0489 4188 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:01:10.0489 4188 FileInfo - ok
08:01:10.0504 4188 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:01:10.0504 4188 Filetrace - ok
08:01:10.0520 4188 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
08:01:10.0520 4188 flpydisk - ok
08:01:10.0551 4188 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
08:01:10.0551 4188 FltMgr - ok
08:01:10.0567 4188 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:01:10.0567 4188 FsDepends - ok
08:01:10.0598 4188 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
08:01:10.0598 4188 Fs_Rec - ok
08:01:10.0676 4188 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:01:10.0676 4188 fvevol - ok
08:01:10.0692 4188 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:01:10.0692 4188 gagp30kx - ok
08:01:10.0707 4188 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:01:10.0723 4188 hcw85cir - ok
08:01:10.0770 4188 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
08:01:10.0770 4188 HdAudAddService - ok
08:01:10.0816 4188 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:01:10.0816 4188 HDAudBus - ok
08:01:10.0832 4188 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
08:01:10.0832 4188 HidBatt - ok
08:01:10.0848 4188 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
08:01:10.0848 4188 HidBth - ok
08:01:10.0863 4188 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
08:01:10.0863 4188 HidIr - ok
08:01:10.0910 4188 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
08:01:10.0910 4188 HidUsb - ok
08:01:10.0972 4188 hpdskflt (4a435ca815a54639ca09ddf75d751ebc) C:\Windows\system32\DRIVERS\hpdskflt.sys
08:01:10.0972 4188 hpdskflt - ok
08:01:11.0004 4188 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
08:01:11.0004 4188 HpqKbFiltr - ok
08:01:11.0050 4188 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
08:01:11.0050 4188 HpSAMD - ok
08:01:11.0097 4188 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
08:01:11.0113 4188 HTTP - ok
08:01:11.0144 4188 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
08:01:11.0144 4188 hwpolicy - ok
08:01:11.0175 4188 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
08:01:11.0175 4188 i8042prt - ok
08:01:11.0206 4188 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
08:01:11.0206 4188 iaStorV - ok
08:01:11.0253 4188 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
08:01:11.0253 4188 iirsp - ok
08:01:11.0269 4188 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
08:01:11.0269 4188 intelide - ok
08:01:11.0316 4188 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:01:11.0316 4188 intelppm - ok
08:01:11.0331 4188 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:01:11.0331 4188 IpFilterDriver - ok
08:01:11.0362 4188 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
08:01:11.0362 4188 IPMIDRV - ok
08:01:11.0409 4188 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:01:11.0409 4188 IPNAT - ok
08:01:11.0440 4188 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:01:11.0440 4188 IRENUM - ok
08:01:11.0456 4188 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
08:01:11.0472 4188 isapnp - ok
08:01:11.0487 4188 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
08:01:11.0487 4188 iScsiPrt - ok
08:01:11.0565 4188 JMCR (54df9eafb54a98e1a2ac3db69c16cf05) C:\Windows\system32\DRIVERS\jmcr.sys
08:01:11.0565 4188 JMCR - ok
08:01:11.0596 4188 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
08:01:11.0596 4188 kbdclass - ok
08:01:11.0659 4188 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
08:01:11.0659 4188 kbdhid - ok
08:01:11.0721 4188 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
08:01:11.0721 4188 KSecDD - ok
08:01:11.0737 4188 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
08:01:11.0737 4188 KSecPkg - ok
08:01:11.0784 4188 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:01:11.0784 4188 ksthunk - ok
08:01:11.0830 4188 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:01:11.0830 4188 lltdio - ok
08:01:11.0862 4188 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:01:11.0877 4188 LSI_FC - ok
08:01:11.0893 4188 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:01:11.0893 4188 LSI_SAS - ok
08:01:11.0908 4188 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:01:11.0908 4188 LSI_SAS2 - ok
08:01:11.0924 4188 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:01:11.0924 4188 LSI_SCSI - ok
08:01:11.0955 4188 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:01:11.0955 4188 luafv - ok
08:01:12.0158 4188 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
08:01:12.0158 4188 megasas - ok
08:01:12.0189 4188 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
08:01:12.0189 4188 MegaSR - ok
08:01:12.0236 4188 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
08:01:12.0236 4188 mfeapfk - ok
08:01:12.0298 4188 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
08:01:12.0298 4188 mfeavfk - ok
08:01:12.0330 4188 mfeavfk01 - ok
08:01:12.0423 4188 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
08:01:12.0423 4188 mfefirek - ok
08:01:12.0501 4188 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
08:01:12.0517 4188 mfehidk - ok
08:01:12.0564 4188 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
08:01:12.0564 4188 mfenlfk - ok
08:01:12.0657 4188 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
08:01:12.0657 4188 mferkdet - ok
08:01:12.0720 4188 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
08:01:12.0720 4188 mfewfpk - ok
08:01:12.0798 4188 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:01:12.0798 4188 Modem - ok
08:01:12.0829 4188 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:01:12.0829 4188 monitor - ok
08:01:12.0860 4188 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:01:12.0876 4188 mouclass - ok
08:01:12.0907 4188 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:01:12.0907 4188 mouhid - ok
08:01:12.0938 4188 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
08:01:12.0938 4188 mountmgr - ok
08:01:12.0969 4188 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
08:01:12.0969 4188 mpio - ok
08:01:13.0016 4188 MpKsl46cbdad4 - ok
08:01:13.0032 4188 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:01:13.0047 4188 mpsdrv - ok
08:01:13.0063 4188 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
08:01:13.0063 4188 MRxDAV - ok
08:01:13.0110 4188 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:01:13.0110 4188 mrxsmb - ok
08:01:13.0125 4188 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:01:13.0141 4188 mrxsmb10 - ok
08:01:13.0203 4188 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:01:13.0203 4188 mrxsmb20 - ok
08:01:13.0234 4188 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
08:01:13.0234 4188 msahci - ok
08:01:13.0281 4188 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
08:01:13.0281 4188 msdsm - ok
08:01:13.0328 4188 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:01:13.0328 4188 Msfs - ok
08:01:13.0344 4188 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:01:13.0344 4188 mshidkmdf - ok
08:01:13.0359 4188 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
08:01:13.0359 4188 msisadrv - ok
08:01:13.0422 4188 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:01:13.0422 4188 MSKSSRV - ok
08:01:13.0453 4188 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:01:13.0453 4188 MSPCLOCK - ok
08:01:13.0468 4188 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:01:13.0468 4188 MSPQM - ok
08:01:13.0500 4188 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
08:01:13.0500 4188 MsRPC - ok
08:01:13.0531 4188 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
08:01:13.0531 4188 mssmbios - ok
08:01:13.0562 4188 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:01:13.0562 4188 MSTEE - ok
08:01:13.0578 4188 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
08:01:13.0578 4188 MTConfig - ok
08:01:13.0624 4188 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:01:13.0624 4188 Mup - ok
08:01:13.0702 4188 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:01:13.0702 4188 NativeWifiP - ok
08:01:13.0765 4188 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
08:01:13.0780 4188 NDIS - ok
08:01:13.0796 4188 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:01:13.0796 4188 NdisCap - ok
08:01:13.0843 4188 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:01:13.0843 4188 NdisTapi - ok
08:01:13.0890 4188 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
08:01:13.0890 4188 Ndisuio - ok
08:01:13.0905 4188 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
08:01:13.0905 4188 NdisWan - ok
08:01:13.0936 4188 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
08:01:13.0936 4188 NDProxy - ok
08:01:13.0968 4188 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:01:13.0968 4188 NetBIOS - ok
08:01:14.0014 4188 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
08:01:14.0014 4188 NetBT - ok
08:01:14.0233 4188 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
08:01:14.0389 4188 NETw5s64 - ok
08:01:14.0514 4188 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
08:01:14.0607 4188 netw5v64 - ok
08:01:14.0654 4188 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
08:01:14.0654 4188 nfrd960 - ok
08:01:14.0685 4188 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:01:14.0701 4188 Npfs - ok
08:01:14.0716 4188 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:01:14.0716 4188 nsiproxy - ok
08:01:14.0763 4188 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
08:01:14.0794 4188 Ntfs - ok
08:01:14.0857 4188 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
08:01:14.0857 4188 NuidFltr - ok
08:01:14.0872 4188 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:01:14.0872 4188 Null - ok
08:01:14.0904 4188 NVHDA (cb599955ce2ce9694721562f9481cd84) C:\Windows\system32\drivers\nvhda64v.sys
08:01:14.0904 4188 NVHDA - ok
08:01:15.0138 4188 nvlddmkm (4b4bc072cc115292a2e16cfeea510456) C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:01:15.0184 4188 nvlddmkm - ok
08:01:15.0216 4188 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
08:01:15.0216 4188 nvraid - ok
08:01:15.0231 4188 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
08:01:15.0247 4188 nvstor - ok
08:01:15.0262 4188 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
08:01:15.0278 4188 nv_agp - ok
08:01:15.0294 4188 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
08:01:15.0294 4188 ohci1394 - ok
08:01:15.0356 4188 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
08:01:15.0356 4188 Parport - ok
08:01:15.0387 4188 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
08:01:15.0387 4188 partmgr - ok
08:01:15.0403 4188 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
08:01:15.0418 4188 pci - ok
08:01:15.0434 4188 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
08:01:15.0434 4188 pciide - ok
08:01:15.0450 4188 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
08:01:15.0465 4188 pcmcia - ok
08:01:15.0481 4188 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:01:15.0481 4188 pcw - ok
08:01:15.0512 4188 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:01:15.0528 4188 PEAUTH - ok
08:01:15.0590 4188 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
08:01:15.0621 4188 PptpMiniport - ok
08:01:15.0637 4188 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
08:01:15.0637 4188 Processor - ok
08:01:15.0684 4188 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
08:01:15.0684 4188 Psched - ok
08:01:15.0730 4188 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
08:01:15.0762 4188 ql2300 - ok
08:01:15.0793 4188 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
08:01:15.0793 4188 ql40xx - ok
08:01:15.0808 4188 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:01:15.0824 4188 QWAVEdrv - ok
08:01:15.0840 4188 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:01:15.0840 4188 RasAcd - ok
08:01:15.0886 4188 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:01:15.0886 4188 RasAgileVpn - ok
08:01:15.0902 4188 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:01:15.0902 4188 Rasl2tp - ok
08:01:15.0933 4188 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:01:15.0933 4188 RasPppoe - ok
08:01:15.0949 4188 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:01:15.0949 4188 RasSstp - ok
08:01:15.0980 4188 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
08:01:15.0980 4188 rdbss - ok
08:01:15.0996 4188 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:01:15.0996 4188 rdpbus - ok
08:01:16.0027 4188 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:01:16.0027 4188 RDPCDD - ok
08:01:16.0058 4188 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:01:16.0058 4188 RDPENCDD - ok
08:01:16.0089 4188 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:01:16.0089 4188 RDPREFMP - ok
08:01:16.0105 4188 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
08:01:16.0105 4188 RDPWD - ok
08:01:16.0152 4188 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
08:01:16.0167 4188 rdyboost - ok
08:01:16.0214 4188 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
08:01:16.0214 4188 RFCOMM - ok
08:01:16.0261 4188 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:01:16.0261 4188 rspndr - ok
08:01:16.0308 4188 RTL8169 (8b91737da75add21cb1554b38089196a) C:\Windows\system32\DRIVERS\Rtlh64.sys
08:01:16.0308 4188 RTL8169 - ok
08:01:16.0401 4188 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
08:01:16.0401 4188 SASDIFSV - ok
08:01:16.0432 4188 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
08:01:16.0432 4188 SASKUTIL - ok
08:01:16.0464 4188 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
08:01:16.0464 4188 sbp2port - ok
08:01:16.0479 4188 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
08:01:16.0495 4188 scfilter - ok
08:01:16.0542 4188 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:01:16.0542 4188 secdrv - ok
08:01:16.0573 4188 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:01:16.0573 4188 Serenum - ok
08:01:16.0620 4188 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:01:16.0620 4188 Serial - ok
08:01:16.0651 4188 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
08:01:16.0651 4188 sermouse - ok
08:01:16.0682 4188 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
08:01:16.0682 4188 sffdisk - ok
08:01:16.0698 4188 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
08:01:16.0698 4188 sffp_mmc - ok
08:01:16.0713 4188 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
08:01:16.0713 4188 sffp_sd - ok
08:01:16.0729 4188 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
08:01:16.0729 4188 sfloppy - ok
08:01:16.0744 4188 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:01:16.0760 4188 SiSRaid2 - ok
08:01:16.0776 4188 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
08:01:16.0776 4188 SiSRaid4 - ok
08:01:16.0791 4188 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:01:16.0807 4188 Smb - ok
08:01:16.0854 4188 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:01:16.0854 4188 spldr - ok
08:01:16.0932 4188 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
08:01:16.0947 4188 srv - ok
08:01:16.0978 4188 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
08:01:16.0978 4188 srv2 - ok
08:01:17.0025 4188 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
08:01:17.0025 4188 srvnet - ok
08:01:17.0088 4188 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
08:01:17.0088 4188 stexstor - ok
08:01:17.0119 4188 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
08:01:17.0119 4188 swenum - ok
08:01:17.0197 4188 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
08:01:17.0212 4188 Tcpip - ok
08:01:17.0275 4188 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
08:01:17.0290 4188 TCPIP6 - ok
08:01:17.0306 4188 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
08:01:17.0306 4188 tcpipreg - ok
08:01:17.0322 4188 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:01:17.0337 4188 TDPIPE - ok
08:01:17.0353 4188 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
08:01:17.0353 4188 TDTCP - ok
08:01:17.0368 4188 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
08:01:17.0368 4188 tdx - ok
08:01:17.0400 4188 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
08:01:17.0400 4188 TermDD - ok
08:01:17.0415 4188 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:01:17.0431 4188 tssecsrv - ok
08:01:17.0462 4188 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
08:01:17.0462 4188 tunnel - ok
08:01:17.0478 4188 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
08:01:17.0478 4188 uagp35 - ok
08:01:17.0509 4188 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
08:01:17.0509 4188 udfs - ok
08:01:17.0556 4188 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
08:01:17.0556 4188 uliagpkx - ok
08:01:17.0618 4188 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
08:01:17.0634 4188 umbus - ok
08:01:17.0649 4188 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
08:01:17.0649 4188 UmPass - ok
08:01:17.0712 4188 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
08:01:17.0712 4188 usbccgp - ok
08:01:17.0743 4188 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
08:01:17.0743 4188 usbcir - ok
08:01:17.0758 4188 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
08:01:17.0774 4188 usbehci - ok
08:01:17.0821 4188 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
08:01:17.0821 4188 usbhub - ok
08:01:17.0836 4188 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
08:01:17.0836 4188 usbohci - ok
08:01:17.0852 4188 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:01:17.0852 4188 usbprint - ok
08:01:17.0914 4188 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
08:01:17.0914 4188 usbscan - ok
08:01:17.0930 4188 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:01:17.0930 4188 USBSTOR - ok
08:01:17.0961 4188 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
08:01:17.0961 4188 usbuhci - ok
08:01:18.0024 4188 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
08:01:18.0024 4188 usbvideo - ok
08:01:18.0070 4188 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
08:01:18.0070 4188 vdrvroot - ok
08:01:18.0102 4188 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:01:18.0102 4188 vga - ok
08:01:18.0133 4188 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:01:18.0148 4188 VgaSave - ok
08:01:18.0164 4188 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
08:01:18.0164 4188 vhdmp - ok
08:01:18.0195 4188 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
08:01:18.0195 4188 viaide - ok
08:01:18.0211 4188 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
08:01:18.0211 4188 volmgr - ok
08:01:18.0242 4188 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
08:01:18.0258 4188 volmgrx - ok
08:01:18.0289 4188 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
08:01:18.0289 4188 volsnap - ok
08:01:18.0304 4188 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
08:01:18.0320 4188 vsmraid - ok
08:01:18.0336 4188 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
08:01:18.0336 4188 vwifibus - ok
08:01:18.0382 4188 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
08:01:18.0382 4188 vwififlt - ok
08:01:18.0414 4188 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
08:01:18.0429 4188 vwifimp - ok
08:01:18.0445 4188 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
08:01:18.0445 4188 WacomPen - ok
08:01:18.0492 4188 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
08:01:18.0492 4188 WANARP - ok
08:01:18.0507 4188 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
08:01:18.0507 4188 Wanarpv6 - ok
08:01:18.0570 4188 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
08:01:18.0570 4188 Wd - ok
08:01:18.0601 4188 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:01:18.0648 4188 Wdf01000 - ok
08:01:18.0694 4188 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:01:18.0694 4188 WfpLwf - ok
08:01:18.0726 4188 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:01:18.0726 4188 WIMMount - ok
08:01:18.0788 4188 WinUSB (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
08:01:18.0788 4188 WinUSB - ok
08:01:18.0819 4188 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
08:01:18.0835 4188 WmiAcpi - ok
08:01:18.0866 4188 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:01:18.0866 4188 ws2ifsl - ok
08:01:18.0897 4188 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
08:01:18.0897 4188 WudfPf - ok
08:01:18.0913 4188 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:01:18.0913 4188 WUDFRd - ok
08:01:18.0960 4188 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:01:19.0022 4188 \Device\Harddisk0\DR0 - ok
08:01:19.0022 4188 Boot (0x1200) (c7ba1b34d53f73cf46097e219f504788) \Device\Harddisk0\DR0\Partition0
08:01:19.0022 4188 \Device\Harddisk0\DR0\Partition0 - ok
08:01:19.0053 4188 Boot (0x1200) (f30613815524ccaa4e52cb6b05619984) \Device\Harddisk0\DR0\Partition1
08:01:19.0053 4188 \Device\Harddisk0\DR0\Partition1 - ok
08:01:19.0053 4188 ============================================================
08:01:19.0053 4188 Scan finished
08:01:19.0053 4188 ============================================================
08:01:19.0069 4180 Detected object count: 0
08:01:19.0069 4180 Actual detected object count: 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users