Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected by credit puma & google keeps redirecting


  • This topic is locked This topic is locked
29 replies to this topic

#1 adamtheaxe

adamtheaxe

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 10 February 2012 - 11:05 PM

Hi, just creating a new topic. My system has been infected with a site called credit puma/food puma and google keeps redirecting. Thanks in advance for any help!



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by VICKI at 22:55:37 on 2012-02-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.5778 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
C:\ProgramData\Clickfree\FullImagingBackup\FibUac.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\ProgramData\Clickfree\FullImagingBackup\FibReminder.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\wmiprvse.exe
C:\programdata\Clickfree\FullImagingBackup\FullImagingService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Users\VICKI\AppData\Local\Microsoft\Windows Live\Installer\Catalog\wlsetup.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\VICKI\Desktop\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.rr.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll
mURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120105204030.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll
uRun: [FibReminder] c:\programdata\Clickfree\FullImagingBackup\FibReminder.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{DCD40082-A1C3-4FEA-89AA-6E271EC2F901} : DhcpNameServer = 209.18.47.61 209.18.47.62
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll
BHO-X64: Coupons.com - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120105204030.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB-X64: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 Sahdad64;HDD Filter Driver;C:\Windows\system32\Drivers\Sahdad64.sys --> C:\Windows\system32\Drivers\Sahdad64.sys [?]
R0 Saibad64;Volume Filter Driver;C:\Windows\system32\Drivers\Saibad64.sys --> C:\Windows\system32\Drivers\Saibad64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 MpKslcf8055e6;MpKslcf8055e6;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1F01622D-2A38-4740-AA9E-FAB6300A1815}\MpKslcf8055e6.sys [2012-2-10 35664]
R1 SaibVdAd64;Virtual Disk Driver;C:\Windows\system32\Drivers\SaibVdAd64.sys --> C:\Windows\system32\Drivers\SaibVdAd64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-6-2 457200]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 BOT4Service;BOT4Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-8-30 39408]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-10-26 162816]
R2 FibUacService;FibUacService;C:\ProgramData\Clickfree\FullImagingBackup\FibUac.exe [2012-1-5 36688]
R2 FullImagingService;FullImagingService;C:\ProgramData\Clickfree\FullImagingBackup\FullImagingService.exe [2012-1-5 196944]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-9 652360]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-12-21 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-12-21 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-12-21 1692480]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;\??\C:\Windows\system32\Drivers\OA002Afx.sys --> C:\Windows\system32\Drivers\OA002Afx.sys [?]
R3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA002Ufd.sys --> C:\Windows\system32\DRIVERS\OA002Ufd.sys [?]
R3 OA002Vid;Creative Camera OA002 Function Driver;C:\Windows\system32\DRIVERS\OA002Vid.sys --> C:\Windows\system32\DRIVERS\OA002Vid.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-7-16 354288]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-12-21 224704]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB13;RoxMediaDB13;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-7-16 1099248]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-02-11 03:15:12 -------- d-----w- C:\Users\VICKI\AppData\Local\{CB248D26-7EDA-4249-B104-52DDE92375AD}
2012-02-11 03:14:50 -------- d-----w- C:\Users\VICKI\AppData\Local\{688C52FB-3A7A-4E9C-92DB-E2D7974ACB99}
2012-02-11 01:58:57 -------- d-----w- C:\Windows\en
2012-02-11 01:56:22 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-11 01:54:13 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\dd53e861cce86001\MeshBetaRemover.exe
2012-02-11 01:52:07 -------- d-----w- C:\Users\VICKI\AppData\Local\{8F6CD718-50AC-4964-9DDA-BCFD3832B9FA}
2012-02-11 01:51:57 -------- d-----w- C:\Users\VICKI\AppData\Local\{8E08A2AB-5B6D-45AB-8BA6-693603F1DFA3}
2012-02-10 17:47:17 -------- d-----w- C:\Users\VICKI\AppData\Local\{C05DF83E-7DEA-4FDD-BE65-0B589C0637A2}
2012-02-10 17:46:56 -------- d-----w- C:\Users\VICKI\AppData\Local\{A440F10B-50F8-4AE8-8DDD-5AC4E046FAB7}
2012-02-10 17:17:31 -------- d-----w- C:\Users\VICKI\AppData\Local\{B7042A9A-991D-4865-A107-7AC764D34BD2}
2012-02-10 17:17:06 -------- d-----w- C:\Users\VICKI\AppData\Local\{46D43F75-F09D-4FD4-A547-42E5CB7C87E0}
2012-02-10 13:55:29 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1F01622D-2A38-4740-AA9E-FAB6300A1815}\offreg.dll
2012-02-10 13:54:39 35664 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1F01622D-2A38-4740-AA9E-FAB6300A1815}\MpKslcf8055e6.sys
2012-02-10 13:49:30 917840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-10 13:49:20 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FA4E8277-1245-4984-966C-937C370ACD56}\gapaengine.dll
2012-02-10 13:49:20 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-10 13:49:10 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1F01622D-2A38-4740-AA9E-FAB6300A1815}\mpengine.dll
2012-02-10 13:36:26 -------- d-----w- C:\Users\VICKI\AppData\Local\{ABD7519A-5D82-489C-B635-2D560ABB0A39}
2012-02-10 12:53:44 -------- d-----w- C:\Users\VICKI\AppData\Local\{E6798BAD-7F96-4BCA-B1A2-6BA7F02C9ADF}
2012-02-10 12:53:22 -------- d-----w- C:\Users\VICKI\AppData\Local\{27E65C9B-6737-4B6D-9BDB-8FA7EA0743CF}
2012-02-10 02:28:54 -------- d-----w- C:\Program Files (x86)\ESET
2012-02-10 02:17:03 -------- d-----w- C:\Users\VICKI\AppData\Local\{6912EA0A-B90C-47B5-8EA6-719D6F3DE977}
2012-02-10 01:13:22 20480 ------w- C:\Windows\svchost.exe
2012-02-10 01:03:21 -------- d-----w- C:\Users\VICKI\AppData\Roaming\Malwarebytes
2012-02-10 01:03:11 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-10 01:03:10 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-10 01:03:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-10 00:07:06 -------- d-----w- C:\Users\VICKI\AppData\Local\{D2465E52-F63E-43D8-83BD-EFE70440A988}
2012-02-10 00:06:55 -------- d-----w- C:\Users\VICKI\AppData\Local\{BD682869-0552-4E75-9E03-C6CBD48F3FE7}
2012-02-09 14:47:19 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-02-09 14:47:15 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-02-09 14:39:27 -------- d-----w- C:\Users\VICKI\AppData\Local\ElevatedDiagnostics
2012-02-09 05:31:26 -------- d-----w- C:\Users\VICKI\AppData\Local\{82701866-5496-44B9-A1F0-3B12A5D9BF07}
2012-02-09 02:29:04 -------- d-----w- C:\Users\VICKI\AppData\Local\{591A5155-F999-4552-BEB3-ED204B286C0E}
2012-02-09 02:28:41 -------- d-----w- C:\Users\VICKI\AppData\Local\{1F540D03-CF82-4DF8-B4EA-DB1D0733BC5E}
2012-02-08 22:45:16 -------- d-----w- C:\Users\VICKI\AppData\Local\{2A29C783-B249-47A1-8FEB-B2996704E5FD}
2012-02-08 22:44:54 -------- d-----w- C:\Users\VICKI\AppData\Local\{9484E374-18B1-43FA-A6F5-6962F7834CCD}
2012-02-08 14:51:03 -------- d-----w- C:\Users\VICKI\AppData\Local\{402D5B9D-CA06-47F6-9C5D-7946C50C278E}
2012-02-08 14:50:52 -------- d-----w- C:\Users\VICKI\AppData\Local\{F457541B-8906-400A-8F99-617A2580ACE2}
2012-02-08 05:17:20 -------- d-----w- C:\Users\VICKI\AppData\Local\{5FC7DC0C-E01A-464B-8C19-8DC5B8181986}
2012-02-08 01:05:03 -------- d-----w- C:\Users\VICKI\AppData\Local\{3624B382-C88B-436E-A419-6507BD669A1A}
2012-02-08 00:29:29 -------- d-----w- C:\Users\VICKI\AppData\Local\{0D881BB5-9904-4A2F-BE66-2E1E21E5DE4A}
2012-02-08 00:29:08 -------- d-----w- C:\Users\VICKI\AppData\Local\{114DEC4C-4518-459A-8365-5B9A8B5E4979}
2012-02-07 22:11:18 -------- d-----w- C:\Users\VICKI\AppData\Local\{AC1F2DC9-055E-4275-B04A-A87718A0D4C2}
2012-02-07 22:11:05 -------- d-----w- C:\Users\VICKI\AppData\Local\{1F4BA7B9-63CD-4967-B796-66E77818F977}
2012-02-07 14:07:52 -------- d-----w- C:\Users\VICKI\AppData\Local\{25C7FF10-3FDF-4FBA-91B9-0C8E1FBF79D7}
2012-02-07 14:07:30 -------- d-----w- C:\Users\VICKI\AppData\Local\{3157A229-9B2E-4886-9B07-06FBDDEE0000}
2012-02-07 11:23:21 -------- d-----w- C:\Users\VICKI\AppData\Local\{7D80B44F-B795-472D-A6F6-D8115E109211}
2012-02-07 11:23:05 -------- d-----w- C:\Users\VICKI\AppData\Local\{B6BA0034-5B84-405E-86E3-2C9DAA91D68E}
2012-02-07 07:12:29 -------- d-----w- C:\Users\VICKI\AppData\Local\{996983E7-F050-48D2-B4C3-F941CA9AC3DE}
2012-02-07 07:12:05 -------- d-----w- C:\Users\VICKI\AppData\Local\{6816DD74-ABA5-4604-ADBC-2959853E2C8B}
2012-02-06 17:57:03 -------- d-----w- C:\Users\VICKI\AppData\Local\{5ED20FD9-A60E-4F43-8AB5-24D0A1377127}
2012-02-06 17:56:42 -------- d-----w- C:\Users\VICKI\AppData\Local\{F3A69499-EDCB-4E8B-953A-CDA4FC62C537}
2012-02-06 12:41:21 -------- d-----w- C:\Users\VICKI\AppData\Local\{F3CEFC21-EAE8-43B3-80F9-2FC428EC887C}
2012-02-06 12:41:09 -------- d-----w- C:\Users\VICKI\AppData\Local\{2ED23611-4EBD-4537-8F2E-7BA2D587017D}
2012-02-06 06:17:48 -------- d-----w- C:\Users\VICKI\AppData\Roaming\Roxio Burn
2012-02-05 00:33:04 -------- d-----w- C:\Users\VICKI\AppData\Local\{E7DBF90E-999F-4A35-ACA1-96CF09EB032D}
2012-02-05 00:32:43 -------- d-----w- C:\Users\VICKI\AppData\Local\{A6989E01-EAEF-4252-8C91-299CA90F5D8B}
2012-02-05 00:30:59 -------- d-----w- C:\Users\VICKI\AppData\Local\{A2F4B16A-5073-4DCA-B1FB-B182E6C4177F}
2012-02-05 00:30:38 -------- d-----w- C:\Users\VICKI\AppData\Local\{FACF9AB4-6CD6-4A7C-A921-141C8DB3A00F}
2012-02-04 18:31:44 -------- d-----w- C:\Users\VICKI\AppData\Local\{98C0A9EE-B82C-4B19-841B-638A466F4C71}
2012-02-04 18:31:33 -------- d-----w- C:\Users\VICKI\AppData\Local\{83F46B71-C832-47D3-A93C-23DCBA361DFF}
2012-02-04 04:12:50 -------- d-----w- C:\Users\VICKI\AppData\Local\{8A8A6BFD-7DD9-4745-8BD7-A6CBF146BDD1}
2012-02-03 13:36:44 -------- d-----w- C:\Users\VICKI\AppData\Local\{78D5DF19-16A7-4683-BCA2-1DDEF574C5B7}
2012-02-03 13:36:22 -------- d-----w- C:\Users\VICKI\AppData\Local\{004AE124-C0EC-4152-B23A-42D239626668}
2012-02-03 05:08:22 -------- d-----w- C:\Users\VICKI\AppData\Local\{6B240C5F-0882-4ACD-98D5-8711FF703D04}
2012-02-02 03:22:33 -------- d-----w- C:\Users\VICKI\AppData\Local\{4BD2AF54-96D2-4B2A-AB2D-18203E66D39D}
2012-02-02 03:22:12 -------- d-----w- C:\Users\VICKI\AppData\Local\{2733144F-02F1-496E-959E-326F258898FE}
2012-02-01 20:52:04 -------- d-----w- C:\Users\VICKI\AppData\Local\{18FF9B62-925E-4F2B-8B03-77659E9CD1C6}
2012-02-01 20:51:43 -------- d-----w- C:\Users\VICKI\AppData\Local\{38A10CA8-7ABB-4427-984F-7A6306FC1E54}
2012-02-01 18:45:31 -------- d-----w- C:\Users\VICKI\AppData\Local\{82EF0EFC-44B4-46AC-9BDF-8E5068A284AC}
2012-02-01 18:25:59 -------- d-----w- C:\Users\VICKI\AppData\Local\{9FD1714C-3E84-47C8-A458-F5705D389911}
2012-02-01 18:25:37 -------- d-----w- C:\Users\VICKI\AppData\Local\{19D88337-1DA3-441F-B209-C9B04EAFC8F3}
2012-02-01 13:57:46 -------- d-----w- C:\Users\VICKI\AppData\Local\{92DC263B-2BE1-4041-B599-051F3AA1EE4B}
2012-02-01 13:57:23 -------- d-----w- C:\Users\VICKI\AppData\Local\{21C4A70F-34CF-4001-8976-ADB2D222CC4B}
2012-02-01 08:53:29 -------- d-----w- C:\Users\VICKI\AppData\Local\{FFE3EB2F-8F85-45C8-B22F-5116866396AC}
2012-02-01 01:55:31 -------- d-----w- C:\Users\VICKI\AppData\Local\{394E2EE4-9DE2-49C7-A798-B1347FF291D8}
2012-02-01 01:55:09 -------- d-----w- C:\Users\VICKI\AppData\Local\{E32BA64F-A22F-47C4-8988-26B90ED0966A}
2012-02-01 01:53:19 -------- d-----w- C:\Users\VICKI\AppData\Local\{19919E5A-EDDF-4C96-B521-49214C308E18}
2012-02-01 01:52:58 -------- d-----w- C:\Users\VICKI\AppData\Local\{C597E409-7145-423F-968B-F9E40330ADEE}
2012-01-31 23:13:41 -------- d-----w- C:\Users\VICKI\AppData\Local\{7BBF63B4-0693-47E5-B7DF-25997B939577}
2012-01-31 23:13:19 -------- d-----w- C:\Users\VICKI\AppData\Local\{BB2073B4-3CDD-4399-99D0-897AFD8C7B7B}
2012-01-31 21:59:51 -------- d-----w- C:\Users\VICKI\AppData\Local\{C8E1EF37-3384-48AA-ADF2-A651CC0D0ED7}
2012-01-31 21:59:30 -------- d-----w- C:\Users\VICKI\AppData\Local\{8D51C166-4CD4-4A28-8017-C0C45BB6074D}
2012-01-31 18:10:53 -------- d-----w- C:\Users\VICKI\AppData\Local\{200CD332-AE93-4E55-B0BE-799E91DB2EEF}
2012-01-31 18:10:31 -------- d-----w- C:\Users\VICKI\AppData\Local\{22998178-E3A8-4C9D-BCCA-5015B5887680}
2012-01-31 17:54:59 -------- d-----w- C:\Users\VICKI\AppData\Local\{3850AB59-7365-423D-89B3-03E9C8727BB1}
2012-01-31 17:54:38 -------- d-----w- C:\Users\VICKI\AppData\Local\{5A96BAAE-A501-4562-AF80-B72CF14FC83F}
2012-01-31 08:44:32 -------- d-----w- C:\Users\VICKI\AppData\Local\{254F5459-AB8D-4CC6-82DC-ECFE87051AB0}
2012-01-31 08:44:11 -------- d-----w- C:\Users\VICKI\AppData\Local\{B62220C8-CD51-45E0-9182-DABD9CB7BF10}
2012-01-31 05:17:35 -------- d-----w- C:\Users\VICKI\AppData\Local\{18433F87-8A98-41A1-93A3-449BC09080E4}
2012-01-31 05:17:14 -------- d-----w- C:\Users\VICKI\AppData\Local\{CA916DB5-3D69-42EB-ACA8-6F112817F247}
2012-01-31 02:33:54 -------- d-----w- C:\Users\VICKI\AppData\Local\{79DDAC48-D0CD-48E2-A516-C8994D069F8C}
2012-01-31 02:33:33 -------- d-----w- C:\Users\VICKI\AppData\Local\{8E6214B2-C902-40B8-943A-D2DF7DFB2D1B}
2012-01-31 00:57:16 -------- d-----w- C:\Users\VICKI\AppData\Local\{7B8D9D6B-EE39-4C97-88AF-9C7344CB67B9}
2012-01-31 00:56:53 -------- d-----w- C:\Users\VICKI\AppData\Local\{806B1B37-AF00-49F5-969C-DA94A3144ED0}
2012-01-31 00:36:51 -------- d-----w- C:\Users\VICKI\AppData\Local\{7C0BD352-C1E5-41B7-B227-B883520C8131}
2012-01-31 00:36:27 -------- d-----w- C:\Users\VICKI\AppData\Local\{62252D85-7F08-4122-9651-9AFD9EB4D5CC}
2012-01-30 19:47:08 -------- d-----w- C:\Users\VICKI\AppData\Local\{7D804A74-0988-4AC5-93D1-3D93CA1B500C}
2012-01-30 19:46:46 -------- d-----w- C:\Users\VICKI\AppData\Local\{2E478DAB-0DEE-454B-8D01-EB79C831EB05}
2012-01-30 19:22:34 -------- d-----w- C:\Users\VICKI\AppData\Local\{2E3EE676-6768-4B7E-A220-814A4CFAB594}
2012-01-30 19:22:12 -------- d-----w- C:\Users\VICKI\AppData\Local\{0AC80A64-22A4-44B6-993F-EF8E7AE5447B}
2012-01-30 04:36:22 -------- d-----w- C:\Users\VICKI\AppData\Local\{E7F00F4B-17F4-4FAD-90DC-33F2BEC9547A}
2012-01-30 04:36:01 -------- d-----w- C:\Users\VICKI\AppData\Local\{0EDC1541-1C79-45AD-959F-C8E2FE60A0CF}
2012-01-30 01:49:59 -------- d-----w- C:\Users\VICKI\AppData\Local\{E45FDED3-430D-4E5B-BCFF-D86F7AC485B4}
2012-01-30 01:49:36 -------- d-----w- C:\Users\VICKI\AppData\Local\{77E6B031-FDBE-44DE-B2AC-963EEC1C5687}
2012-01-29 03:35:52 -------- d-----w- C:\Users\VICKI\AppData\Local\{CA3C683B-A226-4E2D-BDD1-EA5284981879}
2012-01-28 03:37:17 -------- d-----w- C:\Users\VICKI\AppData\Local\{748F6752-D45A-47D5-A95F-2D4C82C04A08}
2012-01-28 03:36:56 -------- d-----w- C:\Users\VICKI\AppData\Local\{1E016D3E-4AD2-4B3B-846D-2F0CAEAF24AD}
2012-01-28 01:25:55 -------- d-----w- C:\Program Files\iPod
2012-01-28 01:25:54 -------- d-----w- C:\Program Files\iTunes
2012-01-28 01:25:54 -------- d-----w- C:\Program Files (x86)\iTunes
2012-01-28 01:07:30 -------- d-----w- C:\Users\VICKI\AppData\Local\{7F9EBB9E-AE16-436F-9E30-FDD5E2E00EB3}
2012-01-28 01:07:09 -------- d-----w- C:\Users\VICKI\AppData\Local\{653CD407-3050-4DAC-A381-454B198F9272}
2012-01-27 20:00:10 -------- d-----w- C:\Users\VICKI\AppData\Local\{96367A79-D52F-47E2-AC36-DBD20716A14C}
2012-01-27 19:59:48 -------- d-----w- C:\Users\VICKI\AppData\Local\{44EE1C46-EB44-43A1-9246-BD188398E373}
2012-01-27 15:31:25 -------- d-----w- C:\Users\VICKI\AppData\Local\{76207F3D-EF95-4D40-B193-9F38176BC356}
2012-01-27 15:31:03 -------- d-----w- C:\Users\VICKI\AppData\Local\{27721472-21AA-44D2-82CB-1C128790716B}
2012-01-27 14:26:50 -------- d-----w- C:\Users\VICKI\AppData\Local\{D1C12B9B-E0DE-4274-819C-04353A40F65B}
2012-01-27 14:26:29 -------- d-----w- C:\Users\VICKI\AppData\Local\{0BFA664D-7F79-4118-B3C8-2CADF8518123}
2012-01-27 12:44:26 -------- d-----w- C:\Users\VICKI\AppData\Local\{5C0D52F7-6351-4E16-9873-2425E391D56A}
2012-01-27 12:44:05 -------- d-----w- C:\Users\VICKI\AppData\Local\{4EDFA477-5167-450D-A3D0-E0918272CD43}
2012-01-27 08:00:43 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-01-27 03:39:48 -------- d-----w- C:\Users\VICKI\AppData\Roaming\Macrovision
2012-01-27 03:39:18 -------- d-----w- C:\Users\VICKI\AppData\Local\Sonic_Solutions
2012-01-27 03:30:13 -------- d-----w- C:\Users\VICKI\AppData\Local\{926D5CA1-BC35-4353-A428-BCE7D7CA2045}
2012-01-27 03:29:51 -------- d-----w- C:\Users\VICKI\AppData\Local\{BCFA023A-6913-4ED7-8209-50251CADA6B5}
2012-01-27 03:25:20 -------- d-----w- C:\ProgramData\Uninstall
2012-01-27 03:24:57 -------- d-----w- C:\ProgramData\eSellerate
2012-01-27 03:24:17 27632 ------w- C:\Windows\System32\drivers\SaibVdAd64.sys
2012-01-27 03:24:17 27120 ------w- C:\Windows\System32\drivers\Sahdad64.sys
2012-01-27 03:24:17 19952 ------w- C:\Windows\System32\drivers\Saibad64.sys
2012-01-27 03:20:28 55856 ----a-w- C:\Windows\System32\drivers\PxHlpa64.sys
2012-01-27 03:20:28 10224 ----a-w- C:\Windows\System32\drivers\cdralw2k.sys
2012-01-27 03:20:28 10224 ----a-w- C:\Windows\System32\drivers\cdr4_xp.sys
2012-01-27 03:18:01 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
2012-01-27 03:16:59 -------- d-----w- C:\Users\VICKI\AppData\Roaming\Simple Star
2012-01-27 03:16:55 -------- d-----w- C:\ProgramData\PhotoShow Shared Assets
2012-01-27 03:16:52 -------- d-----w- C:\Program Files\Roxio
2012-01-27 03:16:43 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2012-01-27 03:16:36 -------- d-----w- C:\Program Files (x86)\SmartSound Software
2012-01-27 03:16:32 -------- d-----w- C:\ProgramData\SmartSound Software Inc
2012-01-27 03:14:22 -------- d-----w- C:\Users\VICKI\AppData\Roaming\Roxio Log Files
2012-01-26 23:59:58 -------- d-----w- C:\Users\VICKI\AppData\Local\{E5E3FFEA-7FE9-471F-9CAB-FEFD25666FDE}
2012-01-26 23:59:36 -------- d-----w- C:\Users\VICKI\AppData\Local\{2198D4EE-308A-4D06-858E-AF6B44D2B30A}
2012-01-26 03:59:49 -------- d-----w- C:\Users\VICKI\AppData\Local\{5865CC6B-F888-4936-9F72-9F062A582C3C}
2012-01-26 03:59:28 -------- d-----w- C:\Users\VICKI\AppData\Local\{88007BE9-C2B1-4CB7-A95A-EB6B58F53262}
2012-01-26 01:24:53 -------- d-----w- C:\Users\VICKI\AppData\Local\{53A9CC1D-8908-48CC-AE67-8D5772B6FB5A}
2012-01-26 01:24:31 -------- d-----w- C:\Users\VICKI\AppData\Local\{90CAE3F2-3F8F-41AF-9966-C6FF841732EB}
2012-01-25 13:57:45 -------- d-----w- C:\Users\VICKI\AppData\Local\{6078E2F6-1EB6-434E-A376-95F393C8F578}
2012-01-25 13:57:23 -------- d-----w- C:\Users\VICKI\AppData\Local\{60BCD615-FB87-4C75-B9FF-EB49CE3360E6}
2012-01-25 13:43:22 -------- d-----w- C:\ProgramData\ArcSoft
2012-01-25 13:42:51 -------- d-----w- C:\Users\VICKI\AppData\Local\Downloaded Installations
2012-01-25 13:41:00 -------- d-----w- C:\Users\VICKI\AppData\Local\ArcSoft
2012-01-25 13:34:33 -------- d-----w- C:\Program Files (x86)\Dell Touch Software Suite
2012-01-25 13:34:33 -------- d-----w- C:\FIND_EULA_PATH
2012-01-24 22:31:13 -------- d-----w- C:\Users\VICKI\AppData\Local\{0D7237FD-C600-41A3-A01F-F0A4F67942D7}
2012-01-24 14:51:45 -------- d-----w- C:\Users\VICKI\AppData\Local\{611541E3-D35F-4DB6-A75C-F74E1FBBC6C1}
2012-01-24 03:04:31 -------- d-----w- C:\Users\VICKI\AppData\Local\{B89C58BA-6BE4-4E52-93D6-40D5D012A6F1}
2012-01-24 03:04:10 -------- d-----w- C:\Users\VICKI\AppData\Local\{A9AF3571-4850-4450-B580-2DBEAEEB9067}
2012-01-23 22:30:22 -------- d-----w- C:\Users\VICKI\AppData\Local\{9F4B8E4E-DAAD-4D7A-A8CD-48C291AAB082}
2012-01-23 22:30:00 -------- d-----w- C:\Users\VICKI\AppData\Local\{665DD954-728D-4C2D-B5F8-5B917B21ED64}
2012-01-23 14:50:04 -------- d-----w- C:\Users\VICKI\AppData\Local\{25CF1D88-BC38-4680-9C50-46194A51A310}
2012-01-23 14:49:42 -------- d-----w- C:\Users\VICKI\AppData\Local\{5F8DCADF-109F-43E8-B409-6BD13FF7CA04}
2012-01-23 06:22:36 -------- d-----w- C:\Users\VICKI\AppData\Local\{9AD16637-3DC1-4130-AF22-82ED6A6ACAC8}
2012-01-21 18:20:14 -------- d-----w- C:\Users\VICKI\AppData\Local\{E5E7D035-E3D9-4FBE-8216-37156770A6A4}
2012-01-21 18:19:53 -------- d-----w- C:\Users\VICKI\AppData\Local\{CF910C8D-8D86-4EC5-969C-394C9DFE17F6}
2012-01-21 15:40:27 -------- d-----w- C:\Users\VICKI\AppData\Local\{9869F0F8-043B-4156-B098-9D5F9868BAA2}
2012-01-21 15:40:06 -------- d-----w- C:\Users\VICKI\AppData\Local\{D634A276-94C3-4817-B799-3CAF3F2D1C89}
2012-01-21 00:01:34 -------- d-----w- C:\Users\VICKI\AppData\Local\{9984CC21-BB60-4CFE-B9FF-0C3FBB11D692}
2012-01-21 00:01:13 -------- d-----w- C:\Users\VICKI\AppData\Local\{AD441A4A-31A0-4DF3-827C-12B810CBB76C}
2012-01-20 22:45:02 -------- d-----w- C:\Users\VICKI\AppData\Local\{ACF6B670-BBC8-4618-96D5-23F101D82F66}
2012-01-20 22:13:33 -------- d-----w- C:\Users\VICKI\AppData\Local\{3A5C39D6-ED0C-4918-B9E4-EC573C74D289}
2012-01-20 17:54:37 -------- d-----w- C:\Users\VICKI\AppData\Local\{2164C803-FA18-486B-B124-339C1BF8116D}
2012-01-20 17:54:16 -------- d-----w- C:\Users\VICKI\AppData\Local\{94596EA4-9B89-471C-B276-5F9E87F77AEA}
2012-01-20 13:57:43 -------- d-----w- C:\Users\VICKI\AppData\Local\{C67F1B7F-572C-4722-8058-0FA4CCFF66F2}
2012-01-20 13:57:33 -------- d-----w- C:\Users\VICKI\AppData\Local\{E0468CCC-E89F-4B57-9860-1B2EDBBEBAB4}
2012-01-20 13:08:30 -------- d-----w- C:\Users\VICKI\AppData\Local\{77C96282-AC44-4C62-B41B-D78F7B1B87F0}
2012-01-20 13:08:09 -------- d-----w- C:\Users\VICKI\AppData\Local\{471CC702-C974-4A2B-B224-1B692B72EFE6}
2012-01-20 09:20:13 -------- d-----w- C:\Users\VICKI\AppData\Local\{D9C19A1A-5602-471C-8074-502827D90961}
2012-01-20 09:19:52 -------- d-----w- C:\Users\VICKI\AppData\Local\{37F165EE-39D6-4DD3-87FC-946240DC8712}
2012-01-20 06:05:17 -------- d-----w- C:\Users\VICKI\AppData\Local\{BD4ABC73-0A59-4F0B-AD00-67C4B6DF8DF4}
2012-01-20 03:40:32 -------- d-----w- C:\Users\VICKI\AppData\Local\{40227922-FD6B-4100-A6B8-8B0F1EFE9938}
2012-01-20 03:40:11 -------- d-----w- C:\Users\VICKI\AppData\Local\{5B3E1B06-0A83-4370-985B-065E5FE375B0}
2012-01-20 03:39:12 -------- d-----w- C:\Users\VICKI\AppData\Local\{BD05DB08-0853-4969-86EF-7846FC7D0DFD}
2012-01-20 03:39:02 -------- d-----w- C:\Users\VICKI\AppData\Local\{CD2BDA10-E85F-4312-A8FC-A2291E88DA70}
2012-01-20 03:37:35 -------- d-----w- C:\Users\VICKI\AppData\Local\{987D10F3-5C4B-4813-893C-51FDCD5F71F6}
2012-01-20 03:37:14 -------- d-----w- C:\Users\VICKI\AppData\Local\{4198DF9F-7C1F-4AC8-A4BE-3AB7831DAF47}
2012-01-20 02:23:00 -------- d-----w- C:\Users\VICKI\AppData\Local\{DD5C8657-0BFA-4780-8D72-10F01C06651B}
2012-01-20 00:44:27 -------- d-----w- C:\Users\VICKI\AppData\Local\{5ACE9BD9-22BB-4C03-B4DB-211343FF43BC}
2012-01-20 00:44:05 -------- d-----w- C:\Users\VICKI\AppData\Local\{504E2D7A-FDCA-429B-86AC-06EACFA0E6D1}
2012-01-20 00:43:13 -------- d-----w- C:\Users\VICKI\AppData\Local\{729D0BBF-FF26-4580-AD8E-38E6BEF46FFF}
2012-01-20 00:42:52 -------- d-----w- C:\Users\VICKI\AppData\Local\{C42B3CBC-5D62-4CC6-A16C-D219A264AA00}
2012-01-19 16:17:52 -------- d-----w- C:\Users\VICKI\AppData\Local\{064EB9AC-BE5E-4C8A-B414-E89B5B6A9FDF}
2012-01-19 16:17:31 -------- d-----w- C:\Users\VICKI\AppData\Local\{AE3E9C65-1D44-4F12-B890-46610521DCAF}
2012-01-19 11:24:21 -------- d-----w- C:\Users\VICKI\AppData\Local\{B2A50125-FA8F-45CE-8C43-8E919DD8180F}
2012-01-19 11:24:09 -------- d-----w- C:\Users\VICKI\AppData\Local\{831696A4-F7B4-42ED-8676-4BF2B00C947E}
2012-01-19 04:44:57 -------- d-----w- C:\Users\VICKI\AppData\Local\{E415062B-524C-4D72-B211-0F2FE9FDCDDC}
2012-01-19 04:44:36 -------- d-----w- C:\Users\VICKI\AppData\Local\{BBDC534E-B47E-4073-BE0E-8A1A4BAA6445}
2012-01-19 03:24:55 -------- d-----w- C:\Users\VICKI\AppData\Local\{32DBB18D-5C59-4DF0-8ED7-B2D8C03E2F56}
2012-01-19 03:24:34 -------- d-----w- C:\Users\VICKI\AppData\Local\{8B06D75C-41B0-4714-97A4-EAC2874AADBF}
2012-01-19 01:16:40 -------- d-----w- C:\Users\VICKI\AppData\Local\{D811D703-D987-4FB8-A73F-92EBFA9834BC}
2012-01-19 01:16:30 -------- d-----w- C:\Users\VICKI\AppData\Local\{A2AE445A-B541-458B-8720-1C3108BCE615}
2012-01-18 16:39:20 -------- d-----w- C:\Users\VICKI\AppData\Local\{F7D4C6D2-577C-4900-AB17-4E551A6D4E33}
2012-01-18 16:39:10 -------- d-----w- C:\Users\VICKI\AppData\Local\{5E231FBE-6A4B-432C-8831-53261BD0DE62}
2012-01-18 15:10:29 -------- d-----w- C:\Users\VICKI\AppData\Local\{10BA5317-F5AB-425B-A959-2B5258178C6F}
2012-01-18 15:10:08 -------- d-----w- C:\Users\VICKI\AppData\Local\{09D40A95-0BA6-4C0E-97F2-61937A4FBD18}
2012-01-18 15:02:10 -------- d-----w- C:\Users\VICKI\AppData\Local\{F36BE798-4E12-47D6-9CF7-59FE5C739C9E}
2012-01-18 15:01:59 -------- d-----w- C:\Users\VICKI\AppData\Local\{A5BFED2D-C5FB-4560-9065-8926F3BFC0DF}
2012-01-18 13:36:23 -------- d-----w- C:\Users\VICKI\AppData\Local\{DE000315-2CD6-4E67-B427-2BD4CED964E0}
2012-01-18 13:36:01 -------- d-----w- C:\Users\VICKI\AppData\Local\{BFE3EB58-0E63-4D14-A6A7-FA11ECB5F243}
2012-01-18 12:38:27 -------- d-----w- C:\Users\VICKI\AppData\Local\{8F3B3EBA-55D7-4394-B282-47E1A73287FC}
2012-01-18 12:38:05 -------- d-----w- C:\Users\VICKI\AppData\Local\{8914BD59-1FD2-4CF0-A3CB-7861BC30AA19}
2012-01-18 05:12:53 -------- d-----w- C:\Users\VICKI\AppData\Local\{B8931B6E-806D-4A35-9BB9-8C10909E805B}
2012-01-17 22:54:47 -------- d-----w- C:\ProgramData\VirtualizedApplications
2012-01-17 20:44:19 -------- d-----w- C:\Users\VICKI\AppData\Roaming\SoftGrid Client
2012-01-17 20:44:19 -------- d-----w- C:\Users\VICKI\AppData\Local\SoftGrid Client
2012-01-17 20:43:40 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-01-17 20:43:32 -------- d-----w- C:\Users\VICKI\AppData\Roaming\TP
2012-01-17 12:49:29 -------- d-----w- C:\Users\VICKI\AppData\Local\{C9008A76-D1ED-4E0C-B1DC-1D29EE615F9C}
2012-01-17 12:49:19 -------- d-----w- C:\Users\VICKI\AppData\Local\{E06970FF-7D99-4876-AD10-1664C0089343}
2012-01-17 12:43:46 -------- d-----w- C:\Users\VICKI\AppData\Local\{2FFBA483-BD83-43EE-9288-3E57BEF31E3A}
2012-01-17 12:43:25 -------- d-----w- C:\Users\VICKI\AppData\Local\{F350FAEB-FE23-4003-B902-27CF2A7AF58C}
2012-01-17 12:16:52 -------- d-----w- C:\Users\VICKI\AppData\Local\{CFBFBDDB-E66C-4AAB-AB66-64F565C5E1CD}
2012-01-17 12:16:42 -------- d-----w- C:\Users\VICKI\AppData\Local\{69148536-5167-49E5-B75C-61CE99BABD78}
2012-01-17 11:38:29 -------- d-----w- C:\Users\VICKI\AppData\Local\{E481C45C-7722-43D1-B58A-331A5F81BE9F}
2012-01-17 11:38:08 -------- d-----w- C:\Users\VICKI\AppData\Local\{DB1A253E-F7A7-4BA2-B957-ED42046E45F2}
2012-01-17 11:26:24 -------- d-----w- C:\Users\VICKI\AppData\Local\{66EEA247-81D0-475E-9D01-641C20F00258}
2012-01-17 11:26:14 -------- d-----w- C:\Users\VICKI\AppData\Local\{1B552DEB-1418-44C3-BA3D-E95C60E7480E}
2012-01-17 00:27:38 -------- d-----w- C:\Program Files (x86)\Amazon
2012-01-16 23:24:24 -------- d-----w- C:\Users\VICKI\AppData\Local\{C376C83C-C4C3-4018-ABE2-494C3B75556C}
2012-01-16 23:24:08 -------- d-----w- C:\Users\VICKI\AppData\Local\{F7CC9BE9-8E35-49F0-8986-5CCB939CEC51}
2012-01-16 16:32:22 -------- d-----w- C:\Users\VICKI\AppData\Local\{51970744-5BC2-4A9F-8E34-E0FE73B7BBD7}
2012-01-16 14:18:04 -------- d-----w- C:\Users\VICKI\AppData\Roaming\Catalina Marketing Corp
2012-01-16 14:05:10 -------- d-----w- C:\Users\VICKI\AppData\Local\{4FB0A535-B268-4D5B-BFE3-CE0242F63F19}
2012-01-16 14:04:53 -------- d-----w- C:\Users\VICKI\AppData\Local\{27CB868A-9CFC-4167-8DA0-784AF046A6C7}
2012-01-15 08:46:03 -------- d-----w- C:\Users\VICKI\AppData\Local\{94503267-028F-43DD-86FC-A962685D473C}
2012-01-14 15:47:48 -------- d-----w- C:\Users\VICKI\AppData\Local\{44BC22B2-A226-4654-A172-BD2B30A312A5}
2012-01-14 15:47:26 -------- d-----w- C:\Users\VICKI\AppData\Local\{55B27F16-3A17-4E4C-835C-6D8356782B41}
2012-01-14 09:20:46 -------- d-----w- C:\Users\VICKI\AppData\Local\{F7AD6592-798C-4DA0-83ED-2B2B8B5DC0C4}
2012-01-14 06:10:02 -------- d-----w- C:\Users\VICKI\AppData\Local\Apple Computer
2012-01-14 06:09:52 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-01-14 06:09:52 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-01-14 06:09:52 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-01-14 06:09:17 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-01-14 06:08:49 -------- d-----w- C:\Users\VICKI\AppData\Local\Apple
2012-01-14 06:08:18 -------- d-----w- C:\Program Files\Bonjour
2012-01-14 06:08:18 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-01-13 20:14:44 -------- d-----w- C:\Users\VICKI\AppData\Local\{7D3DACAD-335F-45AC-ABDD-5BEC643A071F}
2012-01-13 20:14:23 -------- d-----w- C:\Users\VICKI\AppData\Local\{26F2BAF9-B7D0-4F0C-BB1F-64508C3284E2}
2012-01-13 13:35:55 -------- d-----w- C:\Users\VICKI\AppData\Local\{EA970724-EE1B-4221-B19D-E525B1F08CE6}
2012-01-13 13:35:34 -------- d-----w- C:\Users\VICKI\AppData\Local\{0559CC9F-7F85-4044-828E-460C6DB8004F}
2012-01-13 13:11:05 -------- d-----w- C:\Users\VICKI\AppData\Local\{B1F4B23D-20F5-454E-8A51-83C8BD06E55D}
2012-01-13 13:10:44 -------- d-----w- C:\Users\VICKI\AppData\Local\{33A49CA1-1BAE-46A3-B4FB-973AF65016F5}
2012-01-13 06:31:25 -------- d-----w- C:\Users\VICKI\AppData\Local\{57F37C9E-5D91-4804-A198-5D70044334FF}
2012-01-13 00:37:28 -------- d-----w- C:\Program Files (x86)\Conduit
2012-01-13 00:37:24 -------- d-----w- C:\Users\VICKI\AppData\Local\Conduit
2012-01-13 00:37:23 -------- d-----w- C:\Users\VICKI\AppData\Local\Google
2012-01-13 00:37:22 -------- d-----w- C:\Program Files (x86)\Coupons.com
2012-01-13 00:37:02 -------- d-----w- C:\Program Files (x86)\Coupons
2012-01-12 12:04:49 -------- d-----w- C:\Users\VICKI\AppData\Local\{6D2D38EC-7ACD-4487-961C-0F393FFD7E97}
2012-01-12 12:04:26 -------- d-----w- C:\Users\VICKI\AppData\Local\{1CDE188A-91D7-4E19-ADBB-D84AD4C8F790}
2012-01-12 07:27:51 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-12 07:27:51 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-12 07:27:50 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-12 07:27:50 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-12 07:27:45 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-12 07:27:44 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-12 07:27:39 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-12 07:27:39 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-12 07:12:40 -------- d-----w- C:\Users\VICKI\AppData\Local\{E39357F6-EBF9-4388-8088-66CA5C1C9A3D}
.
==================== Find3M ====================
.
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-13 12:56:12 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-21 11:48:53 0 ----a-w- C:\Windows\ativpsrm.bin
2011-12-21 11:28:16 86528 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2011-12-21 10:08:22 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2011-12-21 10:07:55 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-12-06 22:25:40 161168 ----a-w- C:\Windows\System32\mfevtps.exe
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 22:56:38.30 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:50 PM

Posted 11 February 2012 - 12:32 PM

Hello and welcome to the forum. :welcome:

I apologize for the delay in responding to your request for help but it is very busy here and we can get overwhelmed at times.

If you have since resolved the original problem you were having, we would appreciate you letting us know.

If you still do need our help, please note the following:
  • While working we us, please refrain from running tools or applying updates other than those we suggest while we are cleaning your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please also include a clear description of the problems you're having.
  • After 5 days if your topic is not replied I will assume it has been abandoned and will close it.

Please be patient while I analyze your logs. All of my fixes are checked by higher level forum members before posting.

Thank you.

Dave


#3 adamtheaxe

adamtheaxe
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 11 February 2012 - 05:23 PM

Thanks Dave. I look forward to your response and assistance!

Adam

#4 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:50 PM

Posted 12 February 2012 - 02:38 PM

Hi adamtheaxe!

It is not recommended that you have more than one anti virus product installed and running on your computer at a time.
The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to create "false alarms".

In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either McAfee or Microsoft Security Essentials.




Next let's take a look at your MBR (MasterBootRecord).


Download aswMBR.exe to your desktop. Double click the aswMBR.exe to run it.


•Click the "Scan" button to start scan.

•Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT

•Please post the contents of that log in your next reply.

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder.

Please attach that zipped file in your next reply.

And please, tell me how your computer is running now.

Thanks.

Dave

#5 adamtheaxe

adamtheaxe
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 12 February 2012 - 08:27 PM

Hey Dave, thanks for the response. I wasn't aware I had 2 anti virus programs running on here. Should I delete one of them or wait until the problem is resolved on my computer?

Thanks again...here's the log.


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-12 20:21:58
-----------------------------
20:21:58.225 OS Version: Windows x64 6.1.7601 Service Pack 1
20:21:58.225 Number of processors: 4 586 0x2A07
20:21:58.225 ComputerName: VICKI-PC UserName: VICKI
20:22:03.825 Initialize success
20:22:15.658 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:22:15.674 Disk 0 Vendor: ST3500413AS JC49 Size: 476940MB BusType: 3
20:22:15.674 Device \Driver\atapi -> MajorFunction fffffa80083f15c4
20:22:15.674 Disk 0 MBR read successfully
20:22:15.674 Disk 0 MBR scan
20:22:15.674 Disk 0 TDL4@MBR code has been found
20:22:15.674 Disk 0 MBR hidden
20:22:15.674 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
20:22:15.689 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15642 MB offset 81920
20:22:15.705 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461257 MB offset 32116736
20:22:15.705 Disk 0 MBR [TDL4] **ROOTKIT**
20:22:15.705 Disk 0 trace - called modules:
20:22:15.721 ntoskrnl.exe CLASSPNP.SYS disk.sys Sahdad64.sys ACPI.sys >>UNKNOWN [0xfffffa80083f15c4]<<
20:22:15.721 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007de5060]
20:22:15.721 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8007c15870]
20:22:15.721 5 Sahdad64.sys[fffff880019b7e25] -> nt!IofCallDriver -> [0xfffffa800774be40]
20:22:15.736 7 ACPI.sys[fffff88000d5c7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007750060]
20:22:15.736 \Driver\atapi[0xfffffa800832db40] -> IRP_MJ_CREATE -> 0xfffffa80083f15c4
20:22:15.736 Scan finished successfully
20:22:25.299 Disk 0 MBR has been saved successfully to "C:\Users\VICKI\Desktop\MBR.dat"
20:22:25.299 The log file has been saved successfully to "C:\Users\VICKI\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   586bytes   4 downloads


#6 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:50 PM

Posted 13 February 2012 - 01:31 PM

Hi adamtheaxe!

Yes, you need to uninstall one of those AV programs first, if you are able to.


  • Then, please download TDSSKiller and save it to your Desktop.
  • Extract its contents to your Desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

And please tell me how your computer is running at the moment!

Thanks

Dave

#7 adamtheaxe

adamtheaxe
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 13 February 2012 - 09:08 PM

Hey Dave,

I deleted the one anti virus program and did the scan but I can't seem to find the log to post on here. I tried to find it in the C folder and it came up with an error.

#8 adamtheaxe

adamtheaxe
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 13 February 2012 - 09:10 PM

nevermind...think i got it. sorry



20:55:47.0174 10956 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
20:55:47.0736 10956 ============================================================
20:55:47.0736 10956 Current date / time: 2012/02/13 20:55:47.0736
20:55:47.0736 10956 SystemInfo:
20:55:47.0736 10956
20:55:47.0736 10956 OS Version: 6.1.7601 ServicePack: 1.0
20:55:47.0736 10956 Product type: Workstation
20:55:47.0736 10956 ComputerName: VICKI-PC
20:55:47.0736 10956 UserName: VICKI
20:55:47.0736 10956 Windows directory: C:\Windows
20:55:47.0736 10956 System windows directory: C:\Windows
20:55:47.0736 10956 Running under WOW64
20:55:47.0736 10956 Processor architecture: Intel x64
20:55:47.0736 10956 Number of processors: 4
20:55:47.0736 10956 Page size: 0x1000
20:55:47.0736 10956 Boot type: Normal boot
20:55:47.0736 10956 ============================================================
20:55:48.0703 10956 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:55:48.0750 10956 \Device\Harddisk0\DR0:
20:55:48.0750 10956 MBR used
20:55:48.0750 10956 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1E8D000
20:55:48.0750 10956 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1EA1000, BlocksNum 0x384E4800
20:55:48.0781 10956 Initialize success
20:55:48.0781 10956 ============================================================
20:55:51.0074 4660 ============================================================
20:55:51.0074 4660 Scan started
20:55:51.0074 4660 Mode: Manual;
20:55:51.0074 4660 ============================================================
20:55:52.0930 4660 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:55:52.0977 4660 1394ohci - ok
20:55:53.0008 4660 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:55:53.0008 4660 ACPI - ok
20:55:53.0055 4660 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:55:53.0102 4660 AcpiPmi - ok
20:55:53.0180 4660 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
20:55:53.0180 4660 adp94xx - ok
20:55:53.0211 4660 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
20:55:53.0227 4660 adpahci - ok
20:55:53.0242 4660 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
20:55:53.0242 4660 adpu320 - ok
20:55:53.0289 4660 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
20:55:53.0289 4660 AFD - ok
20:55:53.0305 4660 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:55:53.0320 4660 agp440 - ok
20:55:53.0336 4660 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:55:53.0336 4660 aliide - ok
20:55:53.0352 4660 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:55:53.0352 4660 amdide - ok
20:55:53.0367 4660 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
20:55:53.0367 4660 AmdK8 - ok
20:55:53.0508 4660 amdkmdag (62ddf55680f8c53e4b8dde4189ada0b8) C:\Windows\system32\DRIVERS\atikmdag.sys
20:55:53.0679 4660 amdkmdag - ok
20:55:53.0710 4660 amdkmdap (51f027dffedfb8d763fabffa06b56e6d) C:\Windows\system32\DRIVERS\atikmpag.sys
20:55:53.0742 4660 amdkmdap - ok
20:55:53.0773 4660 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
20:55:53.0773 4660 AmdPPM - ok
20:55:53.0804 4660 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:55:53.0851 4660 amdsata - ok
20:55:53.0882 4660 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
20:55:53.0882 4660 amdsbs - ok
20:55:53.0898 4660 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:55:53.0898 4660 amdxata - ok
20:55:53.0913 4660 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:55:53.0944 4660 AppID - ok
20:55:53.0976 4660 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
20:55:53.0976 4660 arc - ok
20:55:53.0976 4660 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
20:55:53.0991 4660 arcsas - ok
20:55:54.0007 4660 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:55:54.0022 4660 AsyncMac - ok
20:55:54.0038 4660 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:55:54.0038 4660 atapi - ok
20:55:54.0100 4660 athr (96abf88241f90ff647e55c934c55c2f1) C:\Windows\system32\DRIVERS\athrx.sys
20:55:54.0163 4660 athr - ok
20:55:54.0194 4660 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
20:55:54.0241 4660 AtiHDAudioService - ok
20:55:54.0319 4660 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
20:55:54.0334 4660 b06bdrv - ok
20:55:54.0366 4660 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:55:54.0381 4660 b57nd60a - ok
20:55:54.0397 4660 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:55:54.0397 4660 Beep - ok
20:55:54.0428 4660 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:55:54.0444 4660 blbdrive - ok
20:55:54.0490 4660 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:55:54.0490 4660 bowser - ok
20:55:54.0522 4660 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
20:55:54.0522 4660 BrFiltLo - ok
20:55:54.0537 4660 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
20:55:54.0553 4660 BrFiltUp - ok
20:55:54.0568 4660 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:55:54.0584 4660 Brserid - ok
20:55:54.0600 4660 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:55:54.0615 4660 BrSerWdm - ok
20:55:54.0615 4660 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:55:54.0631 4660 BrUsbMdm - ok
20:55:54.0646 4660 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:55:54.0646 4660 BrUsbSer - ok
20:55:54.0662 4660 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
20:55:54.0662 4660 BTHMODEM - ok
20:55:54.0693 4660 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:55:54.0693 4660 cdfs - ok
20:55:54.0724 4660 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:55:54.0756 4660 cdrom - ok
20:55:54.0802 4660 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
20:55:54.0802 4660 cfwids - ok
20:55:54.0818 4660 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
20:55:54.0818 4660 circlass - ok
20:55:54.0849 4660 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:55:54.0865 4660 CLFS - ok
20:55:54.0880 4660 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
20:55:54.0880 4660 CmBatt - ok
20:55:54.0896 4660 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:55:54.0912 4660 cmdide - ok
20:55:54.0974 4660 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:55:54.0974 4660 CNG - ok
20:55:55.0021 4660 CnxtHdAudService (5c855932e4df00b1b6f5f6f57e82b6c5) C:\Windows\system32\drivers\CHDRT64.sys
20:55:55.0099 4660 CnxtHdAudService - ok
20:55:55.0114 4660 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
20:55:55.0114 4660 Compbatt - ok
20:55:55.0146 4660 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:55:55.0192 4660 CompositeBus - ok
20:55:55.0224 4660 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
20:55:55.0224 4660 crcdisk - ok
20:55:55.0286 4660 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:55:55.0286 4660 DfsC - ok
20:55:55.0302 4660 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:55:55.0302 4660 discache - ok
20:55:55.0348 4660 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
20:55:55.0348 4660 Disk - ok
20:55:55.0380 4660 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:55:55.0395 4660 drmkaud - ok
20:55:55.0426 4660 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:55:55.0489 4660 DXGKrnl - ok
20:55:55.0551 4660 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
20:55:55.0598 4660 ebdrv - ok
20:55:55.0754 4660 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
20:55:55.0754 4660 elxstor - ok
20:55:55.0770 4660 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:55:55.0770 4660 ErrDev - ok
20:55:55.0801 4660 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:55:55.0801 4660 exfat - ok
20:55:55.0832 4660 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:55:55.0832 4660 fastfat - ok
20:55:55.0848 4660 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
20:55:55.0848 4660 fdc - ok
20:55:55.0894 4660 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:55:55.0894 4660 FileInfo - ok
20:55:55.0910 4660 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:55:55.0926 4660 Filetrace - ok
20:55:55.0941 4660 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
20:55:55.0941 4660 flpydisk - ok
20:55:55.0957 4660 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:55:55.0972 4660 FltMgr - ok
20:55:55.0972 4660 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:55:55.0988 4660 FsDepends - ok
20:55:56.0004 4660 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:55:56.0004 4660 Fs_Rec - ok
20:55:56.0050 4660 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:55:56.0050 4660 fvevol - ok
20:55:56.0082 4660 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
20:55:56.0082 4660 gagp30kx - ok
20:55:56.0113 4660 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:55:56.0160 4660 GEARAspiWDM - ok
20:55:56.0175 4660 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:55:56.0191 4660 hcw85cir - ok
20:55:56.0222 4660 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:55:56.0222 4660 HDAudBus - ok
20:55:56.0238 4660 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
20:55:56.0253 4660 HidBatt - ok
20:55:56.0253 4660 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
20:55:56.0269 4660 HidBth - ok
20:55:56.0300 4660 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
20:55:56.0300 4660 HidIr - ok
20:55:56.0331 4660 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:55:56.0378 4660 HidUsb - ok
20:55:56.0394 4660 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:55:56.0440 4660 HpSAMD - ok
20:55:56.0472 4660 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:55:56.0472 4660 HTTP - ok
20:55:56.0487 4660 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:55:56.0487 4660 hwpolicy - ok
20:55:56.0518 4660 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:55:56.0518 4660 i8042prt - ok
20:55:56.0550 4660 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:55:56.0596 4660 iaStorV - ok
20:55:56.0628 4660 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
20:55:56.0628 4660 iirsp - ok
20:55:56.0643 4660 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:55:56.0643 4660 intelide - ok
20:55:56.0659 4660 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:55:56.0659 4660 intelppm - ok
20:55:56.0690 4660 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:55:56.0737 4660 IpFilterDriver - ok
20:55:56.0752 4660 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:55:56.0768 4660 IPMIDRV - ok
20:55:56.0784 4660 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:55:56.0784 4660 IPNAT - ok
20:55:56.0846 4660 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:55:56.0846 4660 IRENUM - ok
20:55:56.0877 4660 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:55:56.0877 4660 isapnp - ok
20:55:56.0908 4660 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:55:56.0955 4660 iScsiPrt - ok
20:55:56.0971 4660 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:55:56.0971 4660 kbdclass - ok
20:55:56.0986 4660 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
20:55:57.0018 4660 kbdhid - ok
20:55:57.0049 4660 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:55:57.0049 4660 KSecDD - ok
20:55:57.0096 4660 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:55:57.0096 4660 KSecPkg - ok
20:55:57.0111 4660 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:55:57.0111 4660 ksthunk - ok
20:55:57.0142 4660 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:55:57.0158 4660 lltdio - ok
20:55:57.0189 4660 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
20:55:57.0189 4660 LSI_FC - ok
20:55:57.0205 4660 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
20:55:57.0205 4660 LSI_SAS - ok
20:55:57.0220 4660 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
20:55:57.0220 4660 LSI_SAS2 - ok
20:55:57.0236 4660 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
20:55:57.0236 4660 LSI_SCSI - ok
20:55:57.0252 4660 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:55:57.0252 4660 luafv - ok
20:55:57.0298 4660 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
20:55:57.0298 4660 MBAMProtector - ok
20:55:57.0345 4660 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
20:55:57.0345 4660 megasas - ok
20:55:57.0392 4660 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
20:55:57.0392 4660 MegaSR - ok
20:55:57.0439 4660 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
20:55:57.0486 4660 MEIx64 - ok
20:55:57.0517 4660 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
20:55:57.0517 4660 mfeapfk - ok
20:55:57.0548 4660 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
20:55:57.0548 4660 mfeavfk - ok
20:55:57.0579 4660 mfeavfk01 - ok
20:55:57.0610 4660 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
20:55:57.0610 4660 mfefirek - ok
20:55:57.0657 4660 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
20:55:57.0673 4660 mfehidk - ok
20:55:57.0688 4660 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
20:55:57.0688 4660 mfenlfk - ok
20:55:57.0720 4660 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
20:55:57.0720 4660 mferkdet - ok
20:55:57.0735 4660 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
20:55:57.0751 4660 mfewfpk - ok
20:55:57.0782 4660 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:55:57.0782 4660 Modem - ok
20:55:57.0798 4660 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:55:57.0813 4660 monitor - ok
20:55:57.0829 4660 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:55:57.0829 4660 mouclass - ok
20:55:57.0844 4660 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:55:57.0844 4660 mouhid - ok
20:55:57.0876 4660 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:55:57.0876 4660 mountmgr - ok
20:55:57.0907 4660 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:55:57.0938 4660 mpio - ok
20:55:58.0000 4660 MpKsle6ee1410 - ok
20:55:58.0078 4660 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:55:58.0078 4660 mpsdrv - ok
20:55:58.0110 4660 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:55:58.0156 4660 MRxDAV - ok
20:55:58.0172 4660 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:55:58.0172 4660 mrxsmb - ok
20:55:58.0203 4660 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:55:58.0203 4660 mrxsmb10 - ok
20:55:58.0219 4660 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:55:58.0219 4660 mrxsmb20 - ok
20:55:58.0250 4660 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:55:58.0297 4660 msahci - ok
20:55:58.0328 4660 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:55:58.0359 4660 msdsm - ok
20:55:58.0375 4660 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:55:58.0375 4660 Msfs - ok
20:55:58.0390 4660 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:55:58.0390 4660 mshidkmdf - ok
20:55:58.0422 4660 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:55:58.0422 4660 msisadrv - ok
20:55:58.0437 4660 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:55:58.0453 4660 MSKSSRV - ok
20:55:58.0453 4660 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:55:58.0453 4660 MSPCLOCK - ok
20:55:58.0468 4660 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:55:58.0468 4660 MSPQM - ok
20:55:58.0484 4660 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:55:58.0484 4660 MsRPC - ok
20:55:58.0515 4660 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:55:58.0515 4660 mssmbios - ok
20:55:58.0531 4660 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:55:58.0531 4660 MSTEE - ok
20:55:58.0546 4660 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
20:55:58.0546 4660 MTConfig - ok
20:55:58.0562 4660 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:55:58.0562 4660 Mup - ok
20:55:58.0624 4660 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:55:58.0624 4660 NativeWifiP - ok
20:55:58.0671 4660 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
20:55:58.0687 4660 NDIS - ok
20:55:58.0718 4660 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:55:58.0718 4660 NdisCap - ok
20:55:58.0749 4660 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:55:58.0749 4660 NdisTapi - ok
20:55:58.0780 4660 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:55:58.0812 4660 Ndisuio - ok
20:55:58.0827 4660 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:55:58.0858 4660 NdisWan - ok
20:55:58.0874 4660 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:55:58.0905 4660 NDProxy - ok
20:55:58.0936 4660 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:55:58.0936 4660 NetBIOS - ok
20:55:58.0952 4660 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:55:58.0968 4660 NetBT - ok
20:55:59.0014 4660 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
20:55:59.0014 4660 nfrd960 - ok
20:55:59.0046 4660 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:55:59.0046 4660 Npfs - ok
20:55:59.0061 4660 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:55:59.0061 4660 nsiproxy - ok
20:55:59.0108 4660 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:55:59.0139 4660 Ntfs - ok
20:55:59.0155 4660 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:55:59.0170 4660 Null - ok
20:55:59.0186 4660 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:55:59.0233 4660 nvraid - ok
20:55:59.0248 4660 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:55:59.0280 4660 nvstor - ok
20:55:59.0358 4660 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:55:59.0358 4660 nv_agp - ok
20:55:59.0404 4660 OA002Afx (226d2c0e1aa9040646d6b158fd344046) C:\Windows\system32\Drivers\OA002Afx.sys
20:55:59.0436 4660 OA002Afx - ok
20:55:59.0451 4660 OA002Ufd (706f5504af9f28c8641dab5eddfde03b) C:\Windows\system32\DRIVERS\OA002Ufd.sys
20:55:59.0482 4660 OA002Ufd - ok
20:55:59.0498 4660 OA002Vid (2ce066adca145892715f1df163d879da) C:\Windows\system32\DRIVERS\OA002Vid.sys
20:55:59.0529 4660 OA002Vid - ok
20:55:59.0545 4660 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:55:59.0545 4660 ohci1394 - ok
20:55:59.0592 4660 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
20:55:59.0592 4660 Parport - ok
20:55:59.0623 4660 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:55:59.0638 4660 partmgr - ok
20:55:59.0654 4660 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:55:59.0654 4660 pci - ok
20:55:59.0685 4660 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:55:59.0685 4660 pciide - ok
20:55:59.0701 4660 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
20:55:59.0716 4660 pcmcia - ok
20:55:59.0732 4660 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:55:59.0732 4660 pcw - ok
20:55:59.0763 4660 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:55:59.0779 4660 PEAUTH - ok
20:55:59.0841 4660 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:55:59.0888 4660 PptpMiniport - ok
20:55:59.0904 4660 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
20:55:59.0904 4660 Processor - ok
20:55:59.0935 4660 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:55:59.0935 4660 Psched - ok
20:55:59.0966 4660 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
20:55:59.0982 4660 PxHlpa64 - ok
20:56:00.0028 4660 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
20:56:00.0060 4660 ql2300 - ok
20:56:00.0060 4660 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
20:56:00.0075 4660 ql40xx - ok
20:56:00.0091 4660 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:56:00.0091 4660 QWAVEdrv - ok
20:56:00.0106 4660 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:56:00.0106 4660 RasAcd - ok
20:56:00.0153 4660 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:56:00.0153 4660 RasAgileVpn - ok
20:56:00.0184 4660 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:56:00.0216 4660 Rasl2tp - ok
20:56:00.0247 4660 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:56:00.0247 4660 RasPppoe - ok
20:56:00.0262 4660 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:56:00.0262 4660 RasSstp - ok
20:56:00.0294 4660 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:56:00.0294 4660 rdbss - ok
20:56:00.0309 4660 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
20:56:00.0309 4660 rdpbus - ok
20:56:00.0340 4660 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:56:00.0340 4660 RDPCDD - ok
20:56:00.0372 4660 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:56:00.0372 4660 RDPENCDD - ok
20:56:00.0387 4660 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:56:00.0387 4660 RDPREFMP - ok
20:56:00.0434 4660 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
20:56:00.0481 4660 RDPWD - ok
20:56:00.0512 4660 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:56:00.0512 4660 rdyboost - ok
20:56:00.0590 4660 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:56:00.0606 4660 rspndr - ok
20:56:00.0637 4660 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:56:00.0684 4660 RTL8167 - ok
20:56:00.0715 4660 Sahdad64 (27db9153d259d632d15483deeab799ed) C:\Windows\system32\Drivers\Sahdad64.sys
20:56:00.0715 4660 Sahdad64 - ok
20:56:00.0746 4660 Saibad64 (f77849d909b90bcacfcf7295aecf299b) C:\Windows\system32\Drivers\Saibad64.sys
20:56:00.0746 4660 Saibad64 - ok
20:56:00.0824 4660 SaibVdAd64 (704d415290a568f68de20942dac23f7e) C:\Windows\system32\Drivers\SaibVdAd64.sys
20:56:00.0871 4660 SaibVdAd64 - ok
20:56:00.0902 4660 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:56:00.0933 4660 sbp2port - ok
20:56:00.0949 4660 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:56:00.0980 4660 scfilter - ok
20:56:01.0011 4660 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:56:01.0011 4660 secdrv - ok
20:56:01.0042 4660 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
20:56:01.0042 4660 Serenum - ok
20:56:01.0089 4660 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
20:56:01.0105 4660 Serial - ok
20:56:01.0120 4660 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
20:56:01.0120 4660 sermouse - ok
20:56:01.0136 4660 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:56:01.0136 4660 sffdisk - ok
20:56:01.0152 4660 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:56:01.0152 4660 sffp_mmc - ok
20:56:01.0167 4660 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:56:01.0183 4660 sffp_sd - ok
20:56:01.0198 4660 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
20:56:01.0198 4660 sfloppy - ok
20:56:01.0261 4660 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
20:56:01.0308 4660 Sftfs - ok
20:56:01.0339 4660 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
20:56:01.0386 4660 Sftplay - ok
20:56:01.0401 4660 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
20:56:01.0401 4660 Sftredir - ok
20:56:01.0417 4660 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
20:56:01.0432 4660 Sftvol - ok
20:56:01.0479 4660 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
20:56:01.0479 4660 SiSRaid2 - ok
20:56:01.0495 4660 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
20:56:01.0495 4660 SiSRaid4 - ok
20:56:01.0526 4660 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:56:01.0542 4660 Smb - ok
20:56:01.0557 4660 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:56:01.0573 4660 spldr - ok
20:56:01.0604 4660 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:56:01.0604 4660 srv - ok
20:56:01.0635 4660 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:56:01.0635 4660 srv2 - ok
20:56:01.0651 4660 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:56:01.0651 4660 srvnet - ok
20:56:01.0698 4660 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
20:56:01.0698 4660 stexstor - ok
20:56:01.0729 4660 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:56:01.0729 4660 swenum - ok
20:56:01.0791 4660 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:56:01.0822 4660 Tcpip - ok
20:56:01.0885 4660 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:56:01.0900 4660 TCPIP6 - ok
20:56:01.0916 4660 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:56:01.0947 4660 tcpipreg - ok
20:56:01.0978 4660 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:56:01.0978 4660 TDPIPE - ok
20:56:01.0978 4660 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:56:01.0994 4660 TDTCP - ok
20:56:02.0010 4660 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:56:02.0041 4660 tdx - ok
20:56:02.0072 4660 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
20:56:02.0103 4660 TermDD - ok
20:56:02.0134 4660 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:56:02.0150 4660 tssecsrv - ok
20:56:02.0166 4660 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:56:02.0197 4660 TsUsbFlt - ok
20:56:02.0197 4660 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
20:56:02.0228 4660 TsUsbGD - ok
20:56:02.0259 4660 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:56:02.0290 4660 tunnel - ok
20:56:02.0306 4660 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
20:56:02.0306 4660 uagp35 - ok
20:56:02.0322 4660 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:56:02.0368 4660 udfs - ok
20:56:02.0400 4660 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:56:02.0400 4660 uliagpkx - ok
20:56:02.0415 4660 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
20:56:02.0446 4660 umbus - ok
20:56:02.0446 4660 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
20:56:02.0446 4660 UmPass - ok
20:56:02.0493 4660 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
20:56:02.0524 4660 USBAAPL64 - ok
20:56:02.0556 4660 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
20:56:02.0587 4660 usbaudio - ok
20:56:02.0618 4660 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
20:56:02.0649 4660 usbccgp - ok
20:56:02.0680 4660 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:56:02.0680 4660 usbcir - ok
20:56:02.0712 4660 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:56:02.0743 4660 usbehci - ok
20:56:02.0758 4660 usbhub (8b892002d7b79312821169a14317ab86) C:\Windows\system32\DRIVERS\usbhub.sys
20:56:02.0790 4660 usbhub - ok
20:56:02.0821 4660 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:56:02.0852 4660 usbohci - ok
20:56:02.0868 4660 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:56:02.0883 4660 usbprint - ok
20:56:02.0899 4660 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:56:02.0899 4660 usbscan - ok
20:56:02.0914 4660 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:56:02.0946 4660 USBSTOR - ok
20:56:02.0977 4660 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:56:03.0008 4660 usbuhci - ok
20:56:03.0039 4660 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:56:03.0039 4660 vdrvroot - ok
20:56:03.0070 4660 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:56:03.0070 4660 vga - ok
20:56:03.0086 4660 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:56:03.0102 4660 VgaSave - ok
20:56:03.0117 4660 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:56:03.0164 4660 vhdmp - ok
20:56:03.0164 4660 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:56:03.0164 4660 viaide - ok
20:56:03.0195 4660 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:56:03.0195 4660 volmgr - ok
20:56:03.0211 4660 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:56:03.0211 4660 volmgrx - ok
20:56:03.0258 4660 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:56:03.0258 4660 volsnap - ok
20:56:03.0289 4660 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
20:56:03.0289 4660 vsmraid - ok
20:56:03.0320 4660 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:56:03.0320 4660 vwifibus - ok
20:56:03.0351 4660 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:56:03.0367 4660 vwififlt - ok
20:56:03.0382 4660 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
20:56:03.0382 4660 vwifimp - ok
20:56:03.0414 4660 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
20:56:03.0429 4660 WacomPen - ok
20:56:03.0460 4660 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:56:03.0492 4660 WANARP - ok
20:56:03.0492 4660 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:56:03.0492 4660 Wanarpv6 - ok
20:56:03.0507 4660 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
20:56:03.0523 4660 Wd - ok
20:56:03.0538 4660 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:56:03.0538 4660 Wdf01000 - ok
20:56:03.0570 4660 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:56:03.0570 4660 WfpLwf - ok
20:56:03.0601 4660 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
20:56:03.0648 4660 WimFltr - ok
20:56:03.0663 4660 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:56:03.0663 4660 WIMMount - ok
20:56:03.0694 4660 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:56:03.0694 4660 WmiAcpi - ok
20:56:03.0726 4660 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:56:03.0726 4660 ws2ifsl - ok
20:56:03.0741 4660 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:56:03.0772 4660 WudfPf - ok
20:56:03.0819 4660 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:56:03.0850 4660 WUDFRd - ok
20:56:03.0897 4660 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0
20:56:03.0928 4660 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
20:56:03.0928 4660 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
20:56:03.0944 4660 Boot (0x1200) (5f05445dcfd900ee8f5c721fc0585c5c) \Device\Harddisk0\DR0\Partition0
20:56:03.0960 4660 \Device\Harddisk0\DR0\Partition0 - ok
20:56:03.0960 4660 Boot (0x1200) (6dfdc788fa0945c9c537571dd5f81017) \Device\Harddisk0\DR0\Partition1
20:56:03.0960 4660 \Device\Harddisk0\DR0\Partition1 - ok
20:56:03.0960 4660 ============================================================
20:56:03.0960 4660 Scan finished
20:56:03.0960 4660 ============================================================
20:56:03.0975 6628 Detected object count: 1
20:56:03.0975 6628 Actual detected object count: 1
20:56:13.0819 6628 \Device\Harddisk0\DR0\# - copied to quarantine
20:56:13.0819 6628 \Device\Harddisk0\DR0 - copied to quarantine
20:56:13.0897 6628 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
20:56:19.0435 6628 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
20:56:24.0177 6628 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
20:56:28.0811 6628 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
20:56:33.0257 6628 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
20:56:33.0288 6628 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
20:56:33.0303 6628 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
20:56:33.0335 6628 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
20:56:37.0812 6628 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
20:56:42.0585 6628 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
20:56:42.0726 6628 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
20:56:47.0265 6628 \Device\Harddisk0\DR0\TDLFS\spr.dll - copied to quarantine
20:56:51.0883 6628 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
20:56:51.0883 6628 \Device\Harddisk0\DR0 - ok
20:56:59.0041 6628 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
20:57:04.0548 8756 Deinitialize success

#9 adamtheaxe

adamtheaxe
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 13 February 2012 - 09:12 PM

I just tried google and now it seems to be back to normal...No more credit puma!

#10 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:50 PM

Posted 13 February 2012 - 10:19 PM

Hi adamtheaxe!

looks good! :thumbup2:

Let's try this next.

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable Security Programs

•Double click on ComboFix.exe & follow the prompts.

Notes: ComboFix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.

Posted Image

If running XP, Click on YES and allow the Recovery Console to install. If running Vista or 7, click on NO to continue the scanning for malware.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy/Paste in your next reply.

Notes:

1.Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. ComboFix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. ComboFix disconnects your machine from the internet. The connection is automatically restored before ComboFix completes its run.

Give it at least 20-30 minutes to finish if needed.

Please do not attach the scan results from ComboFix. Use copy/paste.

Also please describe how your computer behaves at the moment.

thanks.

Dave

#11 adamtheaxe

adamtheaxe
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 14 February 2012 - 12:53 AM

Ok, I did combo fix and almost had a heart attack. I just got back on the internet because it was saying when I clicked on anything it was deleted from the registry. I couldn't even save the log because I had to restart the computer. The message "Windows cannot find NIRKMD. Make sure you typed the name correctly and then try again" popped up well over 50 times. Things seem to be running ok but I see ads all over this website now. Is this normal?

#12 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:50 PM

Posted 14 February 2012 - 09:07 AM

hi adamtheaxe!

Please go to Start -> Run.

Copy and paste the bold line in the run-box and click OK:

cmd /c dir /a/s/b C:\QooBox >log.txt & log.txt

A text file opens up, copy and paste the content to your reply.

Thanks.

Dave

#13 adamtheaxe

adamtheaxe
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 14 February 2012 - 04:23 PM

Hey Dave,

All it does is flash on the screen but then disappears when I do that. I tried saving it to the desktop and all I got was my windows version and copyright 2009.

#14 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:50 PM

Posted 14 February 2012 - 07:58 PM

OK, adamtheaxe, let's try this.

Please Right-click on Start and Left-click on Explore.

Then, Left-click on C:\ and if it is there, the Combofix.txt should be in the window to the right.

Post it if it is there and let me know if it is not.

Thanks,

Dave

#15 adamtheaxe

adamtheaxe
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 14 February 2012 - 10:21 PM

Thanks Dave...here's what I found:


ComboFix 12-02-13.01 - VICKI 02/14/2012 0:02.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.6263 [GMT -5:00]
Running from: c:\users\VICKI\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\GroupPolicy\Machine\Registry.pol
.
.
((((((((((((((((((((((((( Files Created from 2012-01-14 to 2012-02-14 )))))))))))))))))))))))))))))))
.
.
2012-02-14 05:32 . 2012-02-14 05:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-14 01:56 . 2012-02-14 01:56 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-11 18:03 . 2012-02-11 18:03 -------- d-----w- C:\b89c1c0ef96609db6f
2012-02-11 01:58 . 2012-02-11 01:58 -------- d-----w- c:\windows\en
2012-02-11 01:56 . 2012-02-11 01:56 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-11 01:54 . 2012-02-11 01:54 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\dd53e861cce86001\MeshBetaRemover.exe
2012-02-10 02:28 . 2012-02-10 02:28 -------- d-----w- c:\program files (x86)\ESET
2012-02-10 01:03 . 2012-02-10 01:03 -------- d-----w- c:\users\VICKI\AppData\Roaming\Malwarebytes
2012-02-10 01:03 . 2012-02-10 01:03 -------- d-----w- c:\programdata\Malwarebytes
2012-02-10 01:03 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-10 01:03 . 2012-02-10 01:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-09 14:39 . 2012-02-10 06:12 -------- d-----w- c:\users\VICKI\AppData\Local\ElevatedDiagnostics
2012-02-06 06:17 . 2012-02-06 06:17 -------- d-----w- c:\users\VICKI\AppData\Roaming\Roxio Burn
2012-01-28 01:25 . 2012-02-09 02:42 -------- d-----w- c:\program files\iPod
2012-01-28 01:25 . 2012-02-09 02:45 -------- d-----w- c:\program files\iTunes
2012-01-28 01:25 . 2012-02-09 02:45 -------- d-----w- c:\program files (x86)\iTunes
2012-01-27 08:00 . 2012-01-27 08:00 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-01-27 03:39 . 2012-01-27 03:39 -------- d-----w- c:\users\VICKI\AppData\Roaming\Macrovision
2012-01-27 03:39 . 2012-01-27 03:39 -------- d-----w- c:\users\VICKI\AppData\Local\Sonic_Solutions
2012-01-27 03:35 . 2012-01-27 03:42 -------- d-----w- c:\users\VICKI\AppData\Roaming\Roxio
2012-01-27 03:25 . 2012-02-09 15:02 -------- d-----w- c:\programdata\Uninstall
2012-01-27 03:24 . 2012-01-27 03:25 -------- d-----w- c:\programdata\eSellerate
2012-01-27 03:24 . 2009-06-02 06:00 27632 ------w- c:\windows\system32\drivers\SaibVdAd64.sys
2012-01-27 03:24 . 2009-06-02 06:00 27120 ------w- c:\windows\system32\drivers\Sahdad64.sys
2012-01-27 03:24 . 2009-06-02 06:00 19952 ------w- c:\windows\system32\drivers\Saibad64.sys
2012-01-27 03:22 . 2012-02-10 01:30 -------- d-----w- c:\programdata\Sonic
2012-01-27 03:20 . 2010-03-19 08:00 55856 ----a-w- c:\windows\system32\drivers\PxHlpa64.sys
2012-01-27 03:20 . 2009-10-20 08:00 10224 ----a-w- c:\windows\system32\drivers\cdralw2k.sys
2012-01-27 03:20 . 2009-10-20 08:00 10224 ----a-w- c:\windows\system32\drivers\cdr4_xp.sys
2012-01-27 03:18 . 2012-01-27 03:45 -------- d-----w- c:\programdata\Roxio
2012-01-27 03:18 . 2012-01-27 03:22 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2012-01-27 03:17 . 2012-01-27 03:17 -------- d-----w- c:\programdata\Macrovision
2012-01-27 03:16 . 2012-01-27 03:16 -------- d-----w- c:\users\VICKI\AppData\Roaming\Simple Star
2012-01-27 03:16 . 2012-01-27 03:16 -------- d-----w- c:\programdata\PhotoShow Shared Assets
2012-01-27 03:16 . 2012-01-27 03:16 -------- d-----w- c:\program files\Roxio
2012-01-27 03:16 . 2012-01-27 03:20 -------- d-----w- c:\program files (x86)\Common Files\Roxio Shared
2012-01-27 03:16 . 2012-02-09 02:45 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-01-27 03:16 . 2012-01-27 03:24 -------- d-----w- c:\program files (x86)\SmartSound Software
2012-01-27 03:16 . 2012-01-27 03:25 -------- d-----w- c:\programdata\SmartSound Software Inc
2012-01-27 03:14 . 2012-01-27 08:25 -------- d-----w- c:\users\VICKI\AppData\Roaming\Roxio Log Files
2012-01-25 13:43 . 2012-01-25 13:43 -------- d-----w- c:\programdata\ArcSoft
2012-01-25 13:42 . 2012-01-25 13:42 -------- d-----w- c:\users\VICKI\AppData\Local\Downloaded Installations
2012-01-25 13:41 . 2012-01-25 13:41 -------- d-----w- c:\users\VICKI\AppData\Local\ArcSoft
2012-01-25 13:34 . 2012-01-25 13:34 -------- d-----w- C:\FIND_EULA_PATH
2012-01-25 13:34 . 2012-01-25 13:34 -------- d-----w- c:\program files (x86)\Dell Touch Software Suite
2012-01-17 22:54 . 2012-01-17 23:03 -------- d-----w- c:\programdata\VirtualizedApplications
2012-01-17 20:49 . 2012-01-17 20:49 -------- d-----r- C:\MSOCache
2012-01-17 20:44 . 2012-02-14 05:33 -------- d-----w- c:\users\VICKI\AppData\Roaming\SoftGrid Client
2012-01-17 20:44 . 2012-01-17 20:44 -------- d-----w- c:\users\VICKI\AppData\Local\SoftGrid Client
2012-01-17 20:43 . 2012-01-21 08:01 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2012-01-17 20:43 . 2012-01-17 20:44 -------- d-----w- c:\users\VICKI\AppData\Roaming\TP
2012-01-17 00:28 . 2012-01-17 00:28 -------- d-----w- c:\users\VICKI\AppData\Roaming\Amazon
2012-01-17 00:27 . 2012-01-17 00:27 -------- d-----w- c:\program files (x86)\Amazon
2012-01-16 14:18 . 2012-01-16 14:18 -------- d-----w- c:\users\VICKI\AppData\Roaming\Catalina Marketing Corp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 12:44 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-16 14:17 . 2012-01-11 17:07 485576 ----a-w- c:\users\VICKI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
2012-01-13 12:56 . 2011-12-21 09:54 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-21 11:43 . 2011-12-21 11:43 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-12-21 11:43 . 2011-12-21 11:43 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-12-21 11:43 . 2011-12-21 11:43 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2011-12-21 11:43 . 2011-12-21 11:43 778752 ----a-w- c:\windows\system32\mssvp.dll
2011-12-21 11:43 . 2011-12-21 11:43 75264 ----a-w- c:\windows\system32\msscntrs.dll
2011-12-21 11:43 . 2011-12-21 11:43 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2011-12-21 11:43 . 2011-12-21 11:43 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2011-12-21 11:43 . 2011-12-21 11:43 591872 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-12-21 11:43 . 2011-12-21 11:43 491520 ----a-w- c:\windows\system32\mssph.dll
2011-12-21 11:43 . 2011-12-21 11:43 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2011-12-21 11:43 . 2011-12-21 11:43 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2011-12-21 11:43 . 2011-12-21 11:43 288256 ----a-w- c:\windows\system32\mssphtb.dll
2011-12-21 11:43 . 2011-12-21 11:43 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-12-21 11:43 . 2011-12-21 11:43 2315776 ----a-w- c:\windows\system32\tquery.dll
2011-12-21 11:43 . 2011-12-21 11:43 2223616 ----a-w- c:\windows\system32\mssrch.dll
2011-12-21 11:43 . 2011-12-21 11:43 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
2011-12-21 11:43 . 2011-12-21 11:43 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2011-12-21 11:43 . 2011-12-21 11:43 1549312 ----a-w- c:\windows\SysWow64\tquery.dll
2011-12-21 11:43 . 2011-12-21 11:43 1401344 ----a-w- c:\windows\SysWow64\mssrch.dll
2011-12-21 11:43 . 2011-12-21 11:43 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-12-21 11:43 . 2011-12-21 11:43 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-12-21 11:43 . 2011-12-21 11:43 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-12-21 11:43 . 2011-12-21 11:43 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-12-21 11:43 . 2011-12-21 11:43 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2011-12-21 11:43 . 2011-12-21 11:43 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-12-21 11:43 . 2011-12-21 11:43 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-12-21 11:43 . 2011-12-21 11:43 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-21 11:43 . 2011-12-21 11:43 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-12-21 11:43 . 2011-12-21 11:43 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-12-21 11:43 . 2011-12-21 11:43 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-12-21 11:43 . 2011-12-21 11:43 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-12-21 11:43 . 2011-12-21 11:43 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-12-21 11:43 . 2011-12-21 11:43 367616 ----a-w- c:\windows\system32\atmfd.dll
2011-12-21 11:43 . 2011-12-21 11:43 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-12-21 11:43 . 2011-12-21 11:43 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-12-21 11:43 . 2011-12-21 11:43 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-12-21 11:43 . 2011-12-21 11:43 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-12-21 11:43 . 2011-12-21 11:43 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-12-21 11:43 . 2011-12-21 11:43 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-12-21 11:43 . 2011-12-21 11:43 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-12-21 11:43 . 2011-12-21 11:43 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-12-21 11:43 . 2011-12-21 11:43 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-12-21 11:43 . 2011-12-21 11:43 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-12-21 11:43 . 2011-12-21 11:43 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-12-21 11:43 . 2011-12-21 11:43 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-12-21 11:43 . 2011-12-21 11:43 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-12-21 11:43 . 2011-12-21 11:43 100864 ----a-w- c:\windows\system32\fontsub.dll
2011-12-21 11:43 . 2011-12-21 11:43 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-12-21 11:43 . 2011-12-21 11:43 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-12-21 11:43 . 2011-12-21 11:43 715776 ----a-w- c:\windows\system32\kerberos.dll
2011-12-21 11:43 . 2011-12-21 11:43 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2011-12-21 11:43 . 2011-12-21 11:43 2871808 ----a-w- c:\windows\explorer.exe
2011-12-21 11:43 . 2011-12-21 11:43 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2011-12-21 11:43 . 2011-12-21 11:43 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-12-21 11:43 . 2011-12-21 11:43 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-12-21 11:43 . 2011-12-21 11:43 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-12-21 11:43 . 2011-12-21 11:43 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-12-21 11:43 . 2011-12-21 11:43 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-12-21 11:43 . 2011-12-21 11:43 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-12-21 11:43 . 2011-12-21 11:43 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-12-21 11:43 . 2011-12-21 11:43 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-12-21 11:43 . 2011-12-21 11:43 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-12-21 11:43 . 2011-12-21 11:43 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-12-21 11:43 . 2011-12-21 11:43 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-12-21 11:43 . 2011-12-21 11:43 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-12-21 11:43 . 2011-12-21 11:43 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-12-21 11:43 . 2011-12-21 11:43 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-12-21 11:43 . 2011-12-21 11:43 421888 ----a-w- c:\windows\system32\KernelBase.dll
2011-12-21 11:43 . 2011-12-21 11:43 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-12-21 11:43 . 2011-12-21 11:43 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-12-21 11:43 . 2011-12-21 11:43 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-12-21 11:43 . 2011-12-21 11:43 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-12-21 11:43 . 2011-12-21 11:43 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-12-21 11:43 . 2011-12-21 11:43 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-12-21 11:43 . 2011-12-21 11:43 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-12-21 11:43 . 2011-12-21 11:43 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-12-21 11:43 . 2011-12-21 11:43 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-12-21 11:43 . 2011-12-21 11:43 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-12-21 11:43 . 2011-12-21 11:43 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-12-21 11:43 . 2011-12-21 11:43 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-12-21 11:43 . 2011-12-21 11:43 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-12-21 11:43 . 2011-12-21 11:43 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-12-21 11:43 . 2011-12-21 11:43 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-12-21 11:43 . 2011-12-21 11:43 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-12-21 11:43 . 2011-12-21 11:43 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-12-21 11:43 . 2011-12-21 11:43 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-12-21 11:43 . 2011-12-21 11:43 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-12-21 11:43 . 2011-12-21 11:43 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-12-21 11:43 . 2011-12-21 11:43 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-12-21 11:43 . 2011-12-21 11:43 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-12-21 11:43 . 2011-12-21 11:43 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-12-21 11:43 . 2011-12-21 11:43 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-12-21 11:43 . 2011-12-21 11:43 338432 ----a-w- c:\windows\system32\conhost.exe
2011-12-21 11:43 . 2011-12-21 11:43 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-12-21 11:43 . 2011-12-21 11:43 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-12-21 11:43 . 2011-12-21 11:43 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-12-21 11:43 . 2011-12-21 11:43 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{37153479-1976-43c3-a1ee-557513977b64}"= "c:\program files (x86)\Coupons.com\prxtbCoup.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{37153479-1976-43c3-a1ee-557513977b64}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{37153479-1976-43c3-a1ee-557513977b64}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Coupons.com\prxtbCoup.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{37153479-1976-43c3-a1ee-557513977b64}"= "c:\program files (x86)\Coupons.com\prxtbCoup.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{37153479-1976-43c3-a1ee-557513977b64}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FibReminder"="c:\programdata\Clickfree\FullImagingBackup\FibReminder.exe" [2011-12-16 3634000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-29 336384]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-01-03 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2011-07-07 75064]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" [2010-07-16 307184]
"Desktop Disc Tool"="c:\program files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe" [2010-06-30 477680]
"CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-08-25 84464]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-07-16 354288]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB13;RoxMediaDB13;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-07-16 1099248]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-28 249936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 Sahdad64;HDD Filter Driver;c:\windows\System32\Drivers\Sahdad64.sys [x]
S0 Saibad64;Volume Filter Driver;c:\windows\System32\Drivers\Saibad64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 SaibVdAd64;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVdAd64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-06-03 457200]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BOT4Service;BOT4Service;c:\program files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-09-13 39408]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-10-26 162816]
S2 FibUacService;FibUacService;c:\programdata\Clickfree\FullImagingBackup\FibUac.exe [2011-12-16 36688]
S2 FullImagingService;FullImagingService;c:\programdata\Clickfree\FullImagingBackup\FullImagingService.exe [2011-12-16 196944]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-12-06 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;c:\windows\system32\Drivers\OA002Afx.sys [x]
S3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;c:\windows\system32\DRIVERS\OA002Ufd.sys [x]
S3 OA002Vid;Creative Camera OA002 Function Driver;c:\windows\system32\DRIVERS\OA002Vid.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.rr.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{37153479-1976-43C3-A1EE-557513977B64} - (no file)
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
.
**************************************************************************
.
Completion time: 2012-02-14 00:42:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-14 05:42
.
Pre-Run: 379,055,775,744 bytes free
Post-Run: 378,829,381,632 bytes free
.
- - End Of File - - 57583A3869D4F9FD4FCA186FF439DB6E




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users