Inactive [A] Svchost.exe

Status
Not open for further replies.
J

Jeramiah Gary

Posts: 6   +0
First of all, thank you to all of you that donate your time helping out with these problems. Malwarebytes detected the svchost.exe as a trojan. I followed the 5 steps and created my logs. They are posted below.

btw: gmer produced no results

mbam:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.03.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Yoder :: GARY-PC [administrator]

10/3/2012 9:53:35 PM
mbam-log-2012-10-03 (22-09-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 278014
Time elapsed: 14 minute(s), 47 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 2660 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)

-----------------------------------------------------------------------------------------

Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 2/20/2010 12:00:42 AM
System Uptime: 10/3/2012 9:21:05 PM (1 hours ago)
.
Motherboard: eMachines | | MCP61PM-GM
Processor: AMD Athlon(tm) II X2 250u Processor | CPU 1 | 1600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 687 GiB total, 319.92 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP345: 9/26/2012 3:00:27 AM - Windows Update
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.5
Advertising Center
Apple Application Support
Apple Software Update
ArcSoft TotalMedia Extreme setup
Audacity 1.2.6
Audacity 1.3.13 (Unicode)
Bing Bar
Bing Rewards Client Installer
Compatibility Pack for the 2007 Office system
ContentHD
Contents
Corel PaintShop Photo Pro X3
Corel VideoStudio Pro X3
Coupon Printer for Windows
D3DX10
DesignPro 5
DeviceIO
eMachines Games
eMachines Recovery Management
eMachines Registration
eMachines ScreenSaver
eMachines Updater
Express Burn Disc Burning Software
File Uploader
FreeRIP v3.42
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HP Deskjet 2050 J510 series Help
HP Photo Creations
HP Update
Hunting Unlimited 2008
Hunting Unlimited 2010
ICA
Identity Card
ImagXpress
IncrediMail
IncrediMail 2.0
Inspiration 8
InterVideo DeviceService
IPM_PSP_Pro
IPM_VS_Pro
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
LAME v3.98.3 for Audacity
Lexmark 1200 Series
Magentic
Malwarebytes Anti-Malware version 1.65.0.1400
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Office Suite Activation Assistant
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Web Publishing Wizard 1.52
Microsoft Works
Microsoft XML Parser
MLE
Mozilla Firefox 11.0 (x86 en-US)
Mozilla Firefox 15.0 (x86 en-US)
Mozilla Firefox 16.0 (x86 en-US)
Mozilla Maintenance Service
MSRedist
MSRedx64
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Nikon Message Center
Nikon Transfer
Norton Online
Norton Online Backup
Norton PC Checkup
Norton Safety Minder
Norton Security Suite
NVIDIA ForceWare Network Access Manager
PaintShop Photo Pro X3 Registration Incentive
Photo Notifier and Animation Creator
PhotoMail Maker
PhotoScape
Picture Control Utility
Presto! VideoWorks 6
PSPPContent
PSPPRO_DCRAW
PureHD
QuickTime
Realtek High Definition Audio Driver
Run N Gun Football
Safari
Samsung Kies
Savings Bond Wizard
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Setup
Share
SmartSound Common Data
SmartSound Quicktracks 5
Sony Ericsson Update Engine
Sony Ericsson Update Service
Sony PC Companion 2.10.094
Switch Sound File Converter
The Print Shop 22
TomTom HOME 2.7.6.2056
TomTom HOME Visual Studio Merge Modules
Ulead DVD DiscRecorder 2.3
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Installer for WildTangent Games App
ViewNX
VIO
VSClassic
VSPro
WavePad Sound Editor
WeatherBug
Welcome Center
WildTangent Games App (eMachines Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
XFINITY Caller ID
Zuma Deluxe 1.0
.
==== Event Viewer Messages From Past Week ========
.
9/30/2012 2:22:57 AM, Error: Service Control Manager [7022] - The McAfee VirusScan Announcer service hung on starting.
9/29/2012 4:05:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.
9/28/2012 11:03:33 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
9/26/2012 9:40:51 PM, Error: Application Popup [56] - Driver USB returned invalid ID for a child device (0).
9/26/2012 8:03:01 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PCCUJobMgr service.
10/3/2012 9:28:15 PM, Error: Service Control Manager [7034] - The Norton Online service terminated unexpectedly. It has done this 3 time(s).
10/3/2012 9:26:09 PM, Error: Service Control Manager [7031] - The Norton Online service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/3/2012 9:24:03 PM, Error: Service Control Manager [7031] - The Norton Online service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/3/2012 9:23:38 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFS
10/3/2012 9:22:07 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
10/3/2012 7:30:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
10/3/2012 7:26:20 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/3/2012 7:26:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/3/2012 7:26:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/3/2012 7:26:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/3/2012 7:26:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/3/2012 7:26:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/3/2012 7:26:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/3/2012 7:26:03 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AFS BHDrvx64 ccSet_NOF DfsC discache eeCtrl IDSVia64 mfehidk mfenlfk NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx Wanarpv6 WfpLwf
10/3/2012 7:26:03 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/3/2012 7:26:03 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/3/2012 7:26:03 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/3/2012 7:26:03 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/3/2012 7:26:03 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/3/2012 7:26:03 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
10/3/2012 7:26:03 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/3/2012 7:26:03 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
10/3/2012 7:26:03 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
10/3/2012 7:26:03 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.
10/3/2012 7:26:03 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
10/3/2012 7:26:03 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
10/3/2012 7:26:03 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/3/2012 7:26:03 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/3/2012 7:26:03 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/3/2012 5:04:24 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Gary-PC\Gary SID (S-1-5-21-3818315178-397050311-3406847735-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/3/2012 5:04:21 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Gary-PC\Gary SID (S-1-5-21-3818315178-397050311-3406847735-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/1/2012 4:21:35 PM, Error: Service Control Manager [7034] - The ForceWare IP service service terminated unexpectedly. It has done this 1 time(s).
10/1/2012 12:49:49 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Protexis Licensing V2 service to connect.
10/1/2012 12:49:49 PM, Error: Service Control Manager [7000] - The Protexis Licensing V2 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

---------------------------------------------------------------------------------------------------------------------------

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Yoder at 22:19:10 on 2012-10-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2250 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.9.24\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
-netsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.9.24\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton Online\Engine\2.3.0.7\ccSvcHst.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Norton Online\Engine\2.3.0.7\ccSvcHst.exe
C:\Program Files (x86)\Norton Online\Engine\2.3.0.7\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 4\firefox.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 4\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
C:\Users\Yoder\Downloads\h8hw8olc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17360210g206p0445v145r4491s247
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17360210g206p0445v145r4491s247
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17360210g206p0445v145r4491s247
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\IPS\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120916135552.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
BHO: Norton Safety Minder BHO: {b8e07826-0971-4f16-b133-047b88034e89} - C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.26\coIEPlg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll"
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Standby] "C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://mywayphotos.riteaid.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{189A7EA4-E3E5-4BEB-805A-E0A751964664} : DhcpNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120916135552.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
BHO-X64: Norton Safety Minder BHO: {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.26\coIEPlg.dll
BHO-X64: Norton Safety Minder BHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll"
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
mRun-x64: [(Default)]
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Standby] "C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Yoder\AppData\Roaming\Mozilla\Firefox\Profiles\uof9oweo.default\
FF - prefs.js: browser.startup.homepage - hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17360210g206p0445v145r4491s247
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 4\plugins\NPAdbESD.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 4\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 4\plugins\NPcol500.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 4\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 4\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 4\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 4\plugins\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 4\plugins\npqtplugin.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 4\plugins\npqtplugin2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 4\plugins\npqtplugin3.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 4\plugins\npqtplugin4.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 4\plugins\npqtplugin5.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 4\plugins\npqtplugin6.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 4\plugins\npqtplugin7.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Achernar;Achernar - SCSI Command Filter Drivers;C:\Windows\system32\Drivers\Achernar.sys --> C:\Windows\system32\Drivers\Achernar.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-10-1 1385120]
R1 ccSet_NOF;Norton Online Settings Manager;C:\Windows\system32\drivers\NOFx64\0203000.007\ccSetx64.sys --> C:\Windows\system32\drivers\NOFx64\0203000.007\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121002.001\IDSviA64.sys [2012-10-2 513184]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0502020.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0502020.003\SYMNETS.SYS [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-9-16 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-9-16 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-9-16 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-9-16 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-9-16 199304]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-9-16 210616]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe [2012-7-16 130008]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [2012-9-10 132056]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.9.24\ccSvcHst.exe [2011-1-1 126392]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-8-24 92008]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-11-24 240160]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-11 138912]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
RUnknown SASKUTIL;SASKUTIL; [x]
S2 0012211348076592mcinstcleanup;McAfee Application Installer Cleanup (0012211348076592);C:\Windows\TEMP\001221~1.EXE -cleanup -nolog --> C:\Windows\TEMP\001221~1.EXE -cleanup -nolog [?]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 NOF;Norton Online;C:\Program Files (x86)\Norton Online\Engine\2.3.0.7\ccsvchst.exe [2012-2-9 138248]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 250288]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-4 114656]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2011-6-26 155320]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Safety Minder;C:\Windows\system32\Drivers\NSMx64\0203000.01A\SymRdrS.SYS --> C:\Windows\system32\Drivers\NSMx64\0203000.01A\SymRdrS.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-10-04 01:22:54 20480 ----a-w- C:\Windows\svchost.exe
2012-10-04 01:11:57 -------- d-----w- C:\Users\Yoder\AppData\Local\Apple Computer
2012-10-04 00:47:45 -------- d-----w- C:\Users\Yoder\AppData\Roaming\SUPERAntiSpyware.com
2012-09-30 15:03:29 -------- d-----w- C:\Users\Yoder\AppData\Local\{8411BA4B-B1D6-4D4E-B62C-22F00F1B1253}
2012-09-30 14:44:52 -------- d-----w- C:\Users\Yoder\AppData\Local\{681721A0-28CC-4314-B0A5-1611B786870F}
2012-09-30 14:44:01 -------- d-----w- C:\Users\Yoder\AppData\Local\{066B94B1-016F-4C78-9E8A-EDFFE2C0EC3C}
2012-09-30 14:43:26 -------- d-----w- C:\Users\Yoder\AppData\Local\{11D396CD-E88C-4E82-8A4D-128C702CC073}
2012-09-30 06:19:09 -------- d-----w- C:\Users\Yoder\AppData\Local\{25FBED05-B443-43F3-BEA2-7F8238328270}
2012-09-25 19:49:44 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-24 21:35:48 -------- d-----w- C:\Program Files (x86)\MyFree Codec
2012-09-24 15:48:31 203104 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2012-09-24 15:48:31 102240 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2012-09-24 15:43:30 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2012-09-24 15:42:06 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll
2012-09-24 15:42:06 -------- d-----w- C:\Program Files (x86)\MarkAny
2012-09-24 15:40:31 -------- d-----w- C:\Program Files (x86)\Samsung
2012-09-24 15:31:34 -------- d-----w- C:\Program Files\SAMSUNG
2012-09-24 15:29:09 -------- d-----w- C:\ProgramData\Samsung
2012-09-24 14:15:55 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-09-24 14:13:02 -------- d-----w- C:\Program Files\iPod
2012-09-24 14:12:45 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-24 14:12:45 -------- d-----w- C:\Program Files\iTunes
2012-09-24 14:12:45 -------- d-----w- C:\Program Files (x86)\iTunes
2012-09-23 19:27:42 -------- d-----w- C:\Users\Yoder\AppData\Roaming\Malwarebytes
2012-09-23 19:27:12 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-23 19:27:08 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-23 19:27:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-23 14:29:38 -------- d-----w- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 4
2012-09-18 21:09:39 -------- d-----w- C:\Windows\pss
2012-09-17 14:04:20 -------- d-----w- C:\Program Files (x86)\Support.com
2012-09-17 00:47:28 -------- d-----w- C:\Users\Yoder\AppData\Local\ElevatedDiagnostics
2012-09-16 17:56:11 -------- d-----w- C:\Program Files (x86)\McAfee.com
2012-09-16 17:55:52 29312 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
2012-09-16 17:55:50 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2012-09-16 17:55:49 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2012-09-16 17:55:44 75936 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2012-09-16 17:55:44 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2012-09-16 17:55:44 487296 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2012-09-16 17:55:44 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2012-09-16 17:55:44 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2012-09-16 17:55:11 -------- d-----w- C:\Program Files\Common Files\McAfee
2012-09-16 17:55:08 -------- d-----w- C:\Program Files\McAfee.com
2012-09-16 17:55:08 -------- d-----w- C:\Program Files\McAfee
2012-09-16 17:55:05 -------- d-----w- C:\Program Files (x86)\McAfee
2012-09-16 17:46:57 177144 ----a-w- C:\Windows\System32\mfevtps.exe
2012-09-16 17:09:12 -------- d-----w- C:\Users\Yoder\AppData\Local\Diagnostics
2012-09-15 22:06:03 -------- d-----w- C:\Users\Yoder\AppData\Local\{E088E11F-5515-4544-B434-33EDE6122B5B}
2012-09-12 11:47:11 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 11:47:11 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 11:47:08 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 11:47:08 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 11:47:05 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 11:47:05 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-12 11:47:04 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-10 23:55:54 -------- d-----w- C:\Program Files (x86)\Norton PC Checkup 3.0
2012-09-09 01:36:11 -------- d-----w- C:\Users\Yoder\AppData\Local\{A0C13A73-24F3-4B7F-B1EB-0A2BBD36E540}
2012-09-09 01:34:44 -------- d-----w- C:\Users\Yoder\AppData\Local\{DCB5CF7F-1210-4952-9333-B4DEBE51B32A}
.
==================== Find3M ====================
.
2012-09-30 17:14:35 4184 --sha-w- C:\ProgramData\KGyGaAvL.sys
2012-09-27 20:03:21 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-27 20:03:21 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-21 17:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 17:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-07-31 15:31:40 87152 ----a-w- C:\Windows\System32\cpwmon64.dll
2012-07-30 17:32:08 708168 ----a-w- C:\Windows\System32\WinUSBCoInstaller.dll
2012-07-30 17:32:08 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-09 17:42:56 4547984 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-07-09 17:42:54 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2011-08-23 22:42:54 332144 ----a-w- C:\Program Files (x86)\Common Files\MediaOrganizer.dll
2011-08-23 22:35:38 33136 ----a-w- C:\Program Files (x86)\Common Files\FlickrProvider.dll
2011-08-23 22:35:14 402800 ----a-w- C:\Program Files (x86)\Common Files\facebook.dll
2011-08-23 22:35:14 130416 ----a-w- C:\Program Files (x86)\Common Files\PluginCommon.dll
2011-08-23 22:34:26 465264 ----a-w- C:\Program Files (x86)\Common Files\AppFramework.dll
.
============= FINISH: 22:21:56.52 ===============
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================

You're running two AV programs, Norton and McAfee.
You must uninstall one of them.
If Norton use this tool: http://majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html
If McAfee use this tool: http://majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html

Next....

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
23:41:41.0910 5560 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
23:41:43.0340 5560 ============================================================
23:41:43.0340 5560 Current date / time: 2012/10/03 23:41:43.0340
23:41:43.0340 5560 SystemInfo:
23:41:43.0340 5560
23:41:43.0340 5560 OS Version: 6.1.7601 ServicePack: 1.0
23:41:43.0340 5560 Product type: Workstation
23:41:43.0350 5560 ComputerName: GARY-PC
23:41:43.0350 5560 UserName: Yoder
23:41:43.0350 5560 Windows directory: C:\Windows
23:41:43.0350 5560 System windows directory: C:\Windows
23:41:43.0350 5560 Running under WOW64
23:41:43.0350 5560 Processor architecture: Intel x64
23:41:43.0350 5560 Number of processors: 2
23:41:43.0350 5560 Page size: 0x1000
23:41:43.0350 5560 Boot type: Normal boot
23:41:43.0350 5560 ============================================================
23:41:44.0621 5560 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:41:44.0651 5560 ============================================================
23:41:44.0651 5560 \Device\Harddisk0\DR0:
23:41:44.0661 5560 MBR partitions:
23:41:44.0661 5560 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1800800, BlocksNum 0x32000
23:41:44.0661 5560 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1832800, BlocksNum 0x55D13000
23:41:44.0661 5560 ============================================================
23:41:44.0691 5560 C: <-> \Device\Harddisk0\DR0\Partition2
23:41:44.0691 5560 ============================================================
23:41:44.0691 5560 Initialize success
23:41:44.0691 5560 ============================================================
23:41:50.0670 3048 ============================================================
23:41:50.0670 3048 Scan started
23:41:50.0670 3048 Mode: Manual;
23:41:50.0670 3048 ============================================================
23:41:52.0100 3048 ================ Scan system memory ========================
23:41:52.0100 3048 System memory - ok
23:41:52.0110 3048 ================ Scan services =============================
23:41:52.0270 3048 0012211348076592mcinstcleanup - ok
23:41:52.0500 3048 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
23:41:52.0510 3048 1394ohci - ok
23:41:52.0560 3048 [ E0A8525A951ADDB4655BC2068566407D ] 61883 C:\Windows\system32\DRIVERS\61883.sys
23:41:52.0560 3048 61883 - ok
23:41:52.0600 3048 ACDaemon - ok
23:41:52.0680 3048 [ 6C79F2371DD64B4194D9CBF7C4773573 ] Achernar C:\Windows\system32\Drivers\Achernar.sys
23:41:52.0680 3048 Achernar - ok
23:41:52.0700 3048 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:41:52.0710 3048 ACPI - ok
23:41:52.0740 3048 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:41:52.0740 3048 AcpiPmi - ok
23:41:52.0800 3048 [ 5DDC0A8D2CD60BDA593DDAF45821CE08 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
23:41:52.0800 3048 Adobe LM Service - ok
23:41:52.0860 3048 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:41:52.0860 3048 AdobeARMservice - ok
23:41:52.0980 3048 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:41:52.0980 3048 AdobeFlashPlayerUpdateSvc - ok
23:41:53.0020 3048 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:41:53.0030 3048 adp94xx - ok
23:41:53.0050 3048 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:41:53.0060 3048 adpahci - ok
23:41:53.0080 3048 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:41:53.0080 3048 adpu320 - ok
23:41:53.0110 3048 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:41:53.0110 3048 AeLookupSvc - ok
23:41:53.0170 3048 [ 0D0E5281784C2C526BA43C2ECD374288 ] Afc C:\Windows\syswow64\drivers\Afc.sys
23:41:53.0180 3048 Afc - ok
23:41:53.0230 3048 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
23:41:53.0240 3048 AFD - ok
23:41:53.0240 3048 AFS - ok
23:41:53.0280 3048 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:41:53.0280 3048 agp440 - ok
23:41:53.0300 3048 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
23:41:53.0300 3048 ALG - ok
23:41:53.0330 3048 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
23:41:53.0330 3048 aliide - ok
23:41:53.0340 3048 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
23:41:53.0340 3048 amdide - ok
23:41:53.0360 3048 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:41:53.0360 3048 AmdK8 - ok
23:41:53.0380 3048 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:41:53.0380 3048 AmdPPM - ok
23:41:53.0390 3048 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:41:53.0400 3048 amdsata - ok
23:41:53.0420 3048 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:41:53.0420 3048 amdsbs - ok
23:41:53.0440 3048 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:41:53.0440 3048 amdxata - ok
23:41:53.0500 3048 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
23:41:53.0510 3048 AppID - ok
23:41:53.0520 3048 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:41:53.0520 3048 AppIDSvc - ok
23:41:53.0570 3048 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
23:41:53.0570 3048 Appinfo - ok
23:41:53.0710 3048 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:41:53.0710 3048 Apple Mobile Device - ok
23:41:53.0750 3048 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
23:41:53.0750 3048 arc - ok
23:41:53.0780 3048 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:41:53.0780 3048 arcsas - ok
23:41:53.0820 3048 aspnet_state - ok
23:41:53.0850 3048 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:41:53.0850 3048 AsyncMac - ok
23:41:53.0880 3048 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
23:41:53.0880 3048 atapi - ok
23:41:54.0020 3048 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:41:54.0020 3048 AudioEndpointBuilder - ok
23:41:54.0040 3048 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:41:54.0050 3048 AudioSrv - ok
23:41:54.0100 3048 [ 16FABE84916623D0607E4A975544032C ] Avc C:\Windows\system32\DRIVERS\avc.sys
23:41:54.0110 3048 Avc - ok
23:41:54.0150 3048 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:41:54.0170 3048 AxInstSV - ok
23:41:54.0190 3048 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
23:41:54.0200 3048 b06bdrv - ok
23:41:54.0230 3048 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:41:54.0230 3048 b57nd60a - ok
23:41:54.0370 3048 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
23:41:54.0370 3048 BBSvc - ok
23:41:54.0430 3048 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
23:41:54.0430 3048 BBUpdate - ok
23:41:54.0490 3048 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
23:41:54.0500 3048 BDESVC - ok
23:41:54.0520 3048 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
23:41:54.0530 3048 Beep - ok
23:41:54.0610 3048 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
23:41:54.0620 3048 BFE - ok
23:41:54.0690 3048 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
23:41:54.0720 3048 BITS - ok
23:41:54.0770 3048 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:41:54.0770 3048 blbdrive - ok
23:41:54.0970 3048 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:41:54.0970 3048 Bonjour Service - ok
23:41:55.0030 3048 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:41:55.0030 3048 bowser - ok
23:41:55.0060 3048 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:41:55.0090 3048 BrFiltLo - ok
23:41:55.0120 3048 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:41:55.0130 3048 BrFiltUp - ok
23:41:55.0190 3048 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
23:41:55.0190 3048 Browser - ok
23:41:55.0310 3048 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:41:55.0360 3048 Brserid - ok
23:41:55.0380 3048 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:41:55.0390 3048 BrSerWdm - ok
23:41:55.0420 3048 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:41:55.0420 3048 BrUsbMdm - ok
23:41:55.0460 3048 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:41:55.0470 3048 BrUsbSer - ok
23:41:55.0510 3048 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:41:55.0520 3048 BTHMODEM - ok
23:41:55.0570 3048 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
23:41:55.0580 3048 bthserv - ok
23:41:55.0650 3048 [ 3014CA345E8AD68587BABFB162DDDEC5 ] Capture Device Service C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
23:41:55.0650 3048 Capture Device Service - ok
23:41:55.0740 3048 [ 0E1737A63AEC0F6DE231BB59836C0A11 ] ccSet_NOF C:\Windows\system32\drivers\NOFx64\0203000.007\ccSetx64.sys
23:41:55.0740 3048 ccSet_NOF - ok
23:41:55.0790 3048 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:41:55.0820 3048 cdfs - ok
23:41:55.0860 3048 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:41:55.0860 3048 cdrom - ok
23:41:55.0910 3048 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
23:41:55.0910 3048 CertPropSvc - ok
23:41:55.0970 3048 [ 274CE03459896006F7A5069266E0469E ] cfwids C:\Windows\system32\drivers\cfwids.sys
23:41:55.0970 3048 cfwids - ok
23:41:56.0010 3048 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:41:56.0010 3048 circlass - ok
23:41:56.0140 3048 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
23:41:56.0150 3048 CLFS - ok
23:41:56.0180 3048 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:41:56.0190 3048 clr_optimization_v2.0.50727_32 - ok
23:41:56.0240 3048 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:41:56.0240 3048 clr_optimization_v2.0.50727_64 - ok
23:41:56.0330 3048 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:41:56.0340 3048 clr_optimization_v4.0.30319_32 - ok
23:41:56.0380 3048 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:41:56.0390 3048 clr_optimization_v4.0.30319_64 - ok
23:41:56.0410 3048 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:41:56.0410 3048 CmBatt - ok
23:41:56.0440 3048 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:41:56.0440 3048 cmdide - ok
23:41:56.0505 3048 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
23:41:56.0505 3048 CNG - ok
23:41:56.0536 3048 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:41:56.0536 3048 Compbatt - ok
23:41:56.0614 3048 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
23:41:56.0614 3048 CompositeBus - ok
23:41:56.0630 3048 COMSysApp - ok
23:41:56.0646 3048 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:41:56.0646 3048 crcdisk - ok
23:41:56.0692 3048 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:41:56.0692 3048 CryptSvc - ok
23:41:56.0755 3048 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:41:56.0770 3048 DcomLaunch - ok
23:41:56.0837 3048 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
23:41:56.0837 3048 defragsvc - ok
23:41:56.0877 3048 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:41:56.0887 3048 DfsC - ok
23:41:56.0937 3048 [ 105373D52E71D2D1355AD3ACD18259C3 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
23:41:56.0937 3048 dg_ssudbus - ok
23:41:57.0027 3048 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
23:41:57.0027 3048 Dhcp - ok
23:41:57.0057 3048 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
23:41:57.0057 3048 discache - ok
23:41:57.0097 3048 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:41:57.0107 3048 Disk - ok
23:41:57.0167 3048 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:41:57.0167 3048 Dnscache - ok
23:41:57.0227 3048 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:41:57.0247 3048 dot3svc - ok
23:41:57.0297 3048 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
23:41:57.0307 3048 DPS - ok
23:41:57.0347 3048 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:41:57.0347 3048 drmkaud - ok
23:41:57.0487 3048 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:41:57.0497 3048 DXGKrnl - ok
23:41:57.0547 3048 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
23:41:57.0557 3048 EapHost - ok
23:41:57.0787 3048 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
23:41:57.0877 3048 ebdrv - ok
23:41:57.0917 3048 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
23:41:57.0917 3048 EFS - ok
23:41:58.0037 3048 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:41:58.0047 3048 ehRecvr - ok
23:41:58.0097 3048 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
23:41:58.0097 3048 ehSched - ok
23:41:58.0127 3048 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:41:58.0127 3048 elxstor - ok
23:41:58.0157 3048 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:41:58.0157 3048 ErrDev - ok
23:41:58.0197 3048 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
23:41:58.0207 3048 EventSystem - ok
23:41:58.0227 3048 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
23:41:58.0227 3048 exfat - ok
23:41:58.0247 3048 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:41:58.0257 3048 fastfat - ok
23:41:58.0287 3048 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
23:41:58.0297 3048 Fax - ok
23:41:58.0317 3048 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:41:58.0317 3048 fdc - ok
23:41:58.0337 3048 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
23:41:58.0337 3048 fdPHost - ok
23:41:58.0357 3048 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
23:41:58.0357 3048 FDResPub - ok
23:41:58.0387 3048 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:41:58.0397 3048 FileInfo - ok
23:41:58.0417 3048 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:41:58.0417 3048 Filetrace - ok
23:41:58.0427 3048 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:41:58.0427 3048 flpydisk - ok
23:41:58.0447 3048 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:41:58.0457 3048 FltMgr - ok
23:41:58.0707 3048 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
23:41:58.0767 3048 FontCache - ok
23:41:58.0827 3048 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:41:58.0847 3048 FontCache3.0.0.0 - ok
23:41:58.0898 3048 [ A9FF65EA14E4CABFCC1BB8ECE111A249 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
23:41:58.0914 3048 ForceWare Intelligent Application Manager (IAM) - ok
23:41:58.0930 3048 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:41:58.0930 3048 FsDepends - ok
23:41:58.0961 3048 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:41:58.0976 3048 Fs_Rec - ok
23:41:59.0023 3048 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:41:59.0023 3048 fvevol - ok
23:41:59.0039 3048 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:41:59.0054 3048 gagp30kx - ok
23:41:59.0132 3048 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
23:41:59.0132 3048 GamesAppService - ok
23:41:59.0195 3048 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:41:59.0195 3048 GEARAspiWDM - ok
23:41:59.0335 3048 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
23:41:59.0351 3048 gpsvc - ok
23:41:59.0444 3048 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
23:41:59.0460 3048 Greg_Service - ok
23:41:59.0491 3048 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:41:59.0491 3048 hcw85cir - ok
23:41:59.0522 3048 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:41:59.0522 3048 HdAudAddService - ok
23:41:59.0554 3048 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
23:41:59.0554 3048 HDAudBus - ok
23:41:59.0585 3048 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:41:59.0585 3048 HidBatt - ok
23:41:59.0600 3048 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:41:59.0616 3048 HidBth - ok
23:41:59.0632 3048 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:41:59.0647 3048 HidIr - ok
23:41:59.0678 3048 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
23:41:59.0678 3048 hidserv - ok
23:41:59.0710 3048 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
23:41:59.0725 3048 HidUsb - ok
23:41:59.0756 3048 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:41:59.0772 3048 hkmsvc - ok
23:41:59.0850 3048 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:41:59.0866 3048 HomeGroupListener - ok
23:41:59.0912 3048 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:41:59.0928 3048 HomeGroupProvider - ok
23:41:59.0944 3048 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:41:59.0959 3048 HpSAMD - ok
23:42:00.0053 3048 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:42:00.0068 3048 HTTP - ok
23:42:00.0084 3048 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:42:00.0084 3048 hwpolicy - ok
23:42:00.0162 3048 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
23:42:00.0178 3048 i8042prt - ok
23:42:00.0240 3048 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:42:00.0256 3048 iaStorV - ok
23:42:00.0427 3048 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:42:00.0443 3048 IDriverT - ok
23:42:00.0490 3048 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:42:00.0505 3048 idsvc - ok
23:42:00.0568 3048 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:42:00.0599 3048 iirsp - ok
23:42:00.0661 3048 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
23:42:00.0677 3048 IKEEXT - ok
23:42:00.0786 3048 [ BC64B75E8E0A0B8982AB773483164E72 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:42:00.0817 3048 IntcAzAudAddService - ok
23:42:00.0864 3048 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
23:42:00.0864 3048 intelide - ok
23:42:00.0895 3048 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:42:00.0895 3048 intelppm - ok
23:42:00.0911 3048 Iouhridynp - ok
23:42:00.0942 3048 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:42:00.0958 3048 IPBusEnum - ok
23:42:01.0004 3048 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:42:01.0020 3048 IpFilterDriver - ok
23:42:01.0145 3048 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:42:01.0145 3048 iphlpsvc - ok
23:42:01.0176 3048 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:42:01.0176 3048 IPMIDRV - ok
23:42:01.0192 3048 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:42:01.0192 3048 IPNAT - ok
23:42:01.0301 3048 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:42:01.0301 3048 iPod Service - ok
23:42:01.0316 3048 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:42:01.0332 3048 IRENUM - ok
23:42:01.0332 3048 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:42:01.0332 3048 isapnp - ok
23:42:01.0348 3048 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:42:01.0348 3048 iScsiPrt - ok
23:42:01.0379 3048 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
23:42:01.0379 3048 kbdclass - ok
23:42:01.0426 3048 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
23:42:01.0426 3048 kbdhid - ok
23:42:01.0441 3048 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
23:42:01.0441 3048 KeyIso - ok
23:42:01.0488 3048 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:42:01.0504 3048 KSecDD - ok
23:42:01.0582 3048 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:42:01.0597 3048 KSecPkg - ok
23:42:01.0644 3048 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:42:01.0644 3048 ksthunk - ok
23:42:01.0706 3048 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
23:42:01.0722 3048 KtmRm - ok
23:42:01.0800 3048 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
23:42:01.0800 3048 LanmanServer - ok
23:42:01.0847 3048 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:42:01.0847 3048 LanmanWorkstation - ok
23:42:01.0878 3048 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:42:01.0878 3048 lltdio - ok
23:42:01.0894 3048 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:42:01.0909 3048 lltdsvc - ok
23:42:01.0909 3048 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:42:01.0909 3048 lmhosts - ok
23:42:01.0940 3048 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:42:01.0940 3048 LSI_FC - ok
23:42:01.0956 3048 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:42:01.0972 3048 LSI_SAS - ok
23:42:01.0987 3048 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:42:01.0987 3048 LSI_SAS2 - ok
23:42:02.0003 3048 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:42:02.0003 3048 LSI_SCSI - ok
23:42:02.0034 3048 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
23:42:02.0034 3048 luafv - ok
23:42:02.0128 3048 [ ACB01BF1A905356AB7F978C7FE852209 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:42:02.0128 3048 McAfee SiteAdvisor Service - ok
23:42:02.0174 3048 [ ACB01BF1A905356AB7F978C7FE852209 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:42:02.0174 3048 McMPFSvc - ok
23:42:02.0190 3048 [ ACB01BF1A905356AB7F978C7FE852209 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:42:02.0190 3048 mcmscsvc - ok
23:42:02.0206 3048 [ ACB01BF1A905356AB7F978C7FE852209 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:42:02.0206 3048 McNaiAnn - ok
23:42:02.0221 3048 [ ACB01BF1A905356AB7F978C7FE852209 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:42:02.0221 3048 McNASvc - ok
23:42:02.0362 3048 [ 44D0DA102FA7A1BE22FD7499E80DCF9B ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
23:42:02.0362 3048 McODS - ok
23:42:02.0377 3048 [ ACB01BF1A905356AB7F978C7FE852209 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:42:02.0377 3048 McProxy - ok
23:42:02.0455 3048 [ 597C77235621E7DDD32A68574FDE6464 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
23:42:02.0455 3048 McShield - ok
23:42:02.0533 3048 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:42:02.0549 3048 Mcx2Svc - ok
23:42:02.0564 3048 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:42:02.0580 3048 megasas - ok
23:42:02.0627 3048 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:42:02.0642 3048 MegaSR - ok
23:42:02.0736 3048 [ B574522827D94126C03975FD53F0B26B ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
23:42:02.0736 3048 mfeapfk - ok
23:42:02.0830 3048 [ DAB9A9CDFB04E4D68924492AA043019D ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
23:42:02.0830 3048 mfeavfk - ok
23:42:02.0923 3048 mfeavfk01 - ok
23:42:02.0986 3048 [ 134BB16F93A07C2C89B0B9C399382BDB ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
23:42:02.0986 3048 mfefire - ok
23:42:03.0032 3048 [ CE9A3680675C0907ADE16404CA967B49 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
23:42:03.0032 3048 mfefirek - ok
 
Continued...

23:42:03.0095 3048 [ 7092A6C6158FC4F5AA39EBEB9D5AF03D ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
23:42:03.0110 3048 mfehidk - ok
23:42:03.0142 3048 [ A8129CFB919347F8533C934B365E9202 ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
23:42:03.0157 3048 mfenlfk - ok
23:42:03.0173 3048 [ 5041FA2BD2B3A2693B015771BFBF6DCA ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
23:42:03.0173 3048 mferkdet - ok
23:42:03.0251 3048 [ 04D48692EFF181DA46DD8EA8BE9FFB2B ] mfevtp C:\Windows\system32\mfevtps.exe
23:42:03.0251 3048 mfevtp - ok
23:42:03.0313 3048 [ 1631E2DA6C4B47D97ECA94842836592E ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
23:42:03.0329 3048 mfewfpk - ok
23:42:03.0360 3048 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
23:42:03.0360 3048 MMCSS - ok
23:42:03.0407 3048 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
23:42:03.0407 3048 Modem - ok
23:42:03.0454 3048 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:42:03.0454 3048 monitor - ok
23:42:03.0485 3048 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
23:42:03.0485 3048 mouclass - ok
23:42:03.0516 3048 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:42:03.0516 3048 mouhid - ok
23:42:03.0610 3048 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:42:03.0610 3048 mountmgr - ok
23:42:03.0703 3048 [ C41D993BF561B810E1567E9E88CF5904 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:42:03.0734 3048 MozillaMaintenance - ok
23:42:03.0781 3048 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
23:42:03.0781 3048 mpio - ok
23:42:03.0812 3048 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:42:03.0812 3048 mpsdrv - ok
23:42:03.0859 3048 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:42:03.0875 3048 MpsSvc - ok
23:42:03.0937 3048 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:42:03.0937 3048 MRxDAV - ok
23:42:03.0984 3048 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:42:03.0984 3048 mrxsmb - ok
23:42:04.0062 3048 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:42:04.0062 3048 mrxsmb10 - ok
23:42:04.0124 3048 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:42:04.0124 3048 mrxsmb20 - ok
23:42:04.0156 3048 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
23:42:04.0187 3048 msahci - ok
23:42:04.0202 3048 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:42:04.0218 3048 msdsm - ok
23:42:04.0234 3048 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
23:42:04.0234 3048 MSDTC - ok
23:42:04.0296 3048 [ 72949A24D37A20A54B3D4D3DADBB55E9 ] MSDV C:\Windows\system32\DRIVERS\msdv.sys
23:42:04.0296 3048 MSDV - ok
23:42:04.0358 3048 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:42:04.0358 3048 Msfs - ok
23:42:04.0390 3048 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:42:04.0390 3048 mshidkmdf - ok
23:42:04.0421 3048 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:42:04.0421 3048 msisadrv - ok
23:42:04.0452 3048 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:42:04.0452 3048 MSiSCSI - ok
23:42:04.0468 3048 msiserver - ok
23:42:04.0499 3048 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:42:04.0499 3048 MSKSSRV - ok
23:42:04.0514 3048 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:42:04.0514 3048 MSPCLOCK - ok
23:42:04.0530 3048 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:42:04.0546 3048 MSPQM - ok
23:42:04.0608 3048 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:42:04.0608 3048 MsRPC - ok
23:42:04.0655 3048 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
23:42:04.0655 3048 mssmbios - ok
23:42:04.0655 3048 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:42:04.0655 3048 MSTEE - ok
23:42:04.0686 3048 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:42:04.0686 3048 MTConfig - ok
23:42:04.0717 3048 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
23:42:04.0717 3048 Mup - ok
23:42:04.0733 3048 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
23:42:04.0748 3048 napagent - ok
23:42:04.0780 3048 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:42:04.0795 3048 NativeWifiP - ok
23:42:04.0842 3048 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:42:04.0858 3048 NDIS - ok
23:42:04.0873 3048 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:42:04.0873 3048 NdisCap - ok
23:42:04.0904 3048 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:42:04.0904 3048 NdisTapi - ok
23:42:04.0936 3048 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:42:04.0951 3048 Ndisuio - ok
23:42:05.0029 3048 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:42:05.0029 3048 NdisWan - ok
23:42:05.0092 3048 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:42:05.0092 3048 NDProxy - ok
23:42:05.0326 3048 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
23:42:05.0341 3048 Nero BackItUp Scheduler 4.0 - ok
23:42:05.0404 3048 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:42:05.0404 3048 NetBIOS - ok
23:42:05.0466 3048 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:42:05.0466 3048 NetBT - ok
23:42:05.0497 3048 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
23:42:05.0497 3048 Netlogon - ok
23:42:05.0560 3048 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
23:42:05.0575 3048 Netman - ok
23:42:05.0622 3048 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
23:42:05.0622 3048 netprofm - ok
23:42:05.0653 3048 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:42:05.0669 3048 NetTcpPortSharing - ok
23:42:05.0700 3048 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:42:05.0700 3048 nfrd960 - ok
23:42:05.0731 3048 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:42:05.0731 3048 NlaSvc - ok
23:42:05.0934 3048 [ 9D0F43B1D0434B44183D4795E89F6C14 ] NOF C:\Program Files (x86)\Norton Online\Engine\2.3.0.7\ccSvcHst.exe
23:42:05.0934 3048 NOF - ok
23:42:06.0001 3048 Norton PC Checkup Application Launcher - ok
23:42:06.0011 3048 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:42:06.0021 3048 Npfs - ok
23:42:06.0041 3048 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
23:42:06.0041 3048 nsi - ok
23:42:06.0061 3048 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:42:06.0061 3048 nsiproxy - ok
23:42:06.0081 3048 [ C04F5DEF37E55F6A34428B050F44D3D6 ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
23:42:06.0081 3048 nSvcIp - ok
23:42:06.0161 3048 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:42:06.0201 3048 Ntfs - ok
23:42:06.0221 3048 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
23:42:06.0221 3048 Null - ok
23:42:06.0261 3048 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
23:42:06.0261 3048 NVENETFD - ok
23:42:07.0131 3048 [ E55CAB397F77D5208DB18A78B1B7C0D5 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:42:07.0251 3048 nvlddmkm - ok
23:42:07.0301 3048 [ 0AD267A4674805B61A5D7B911D2A978A ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys
23:42:07.0301 3048 NVNET - ok
23:42:07.0341 3048 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:42:07.0341 3048 nvraid - ok
23:42:07.0361 3048 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:42:07.0361 3048 nvstor - ok
23:42:07.0391 3048 [ 7C7EEF51979658CE15BBC04F96A77D56 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
23:42:07.0401 3048 nvstor64 - ok
23:42:07.0501 3048 [ 43BC8151893AE6AFE42E149D663C2221 ] nvsvc C:\Windows\system32\nvvsvc.exe
23:42:07.0501 3048 nvsvc - ok
23:42:07.0541 3048 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:42:07.0551 3048 nv_agp - ok
23:42:07.0601 3048 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:42:07.0611 3048 ohci1394 - ok
23:42:07.0731 3048 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:42:07.0741 3048 ose - ok
23:42:07.0811 3048 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:42:07.0821 3048 p2pimsvc - ok
23:42:07.0851 3048 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
23:42:07.0851 3048 p2psvc - ok
23:42:07.0881 3048 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:42:07.0901 3048 Parport - ok
23:42:07.0961 3048 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:42:07.0971 3048 partmgr - ok
23:42:08.0001 3048 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:42:08.0011 3048 PcaSvc - ok
23:42:08.0141 3048 [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.9.24\ccSvcHst.exe
23:42:08.0141 3048 PCCUJobMgr - ok
23:42:08.0171 3048 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
23:42:08.0171 3048 pci - ok
23:42:08.0181 3048 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
23:42:08.0181 3048 pciide - ok
23:42:08.0211 3048 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:42:08.0211 3048 pcmcia - ok
23:42:08.0241 3048 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
23:42:08.0241 3048 pcw - ok
23:42:08.0341 3048 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:42:08.0341 3048 PEAUTH - ok
23:42:08.0421 3048 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:42:08.0421 3048 PerfHost - ok
23:42:08.0491 3048 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
23:42:08.0521 3048 pla - ok
23:42:08.0631 3048 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:42:08.0671 3048 PlugPlay - ok
23:42:08.0701 3048 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:42:08.0711 3048 PNRPAutoReg - ok
23:42:08.0731 3048 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:42:08.0741 3048 PNRPsvc - ok
23:42:08.0801 3048 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:42:08.0831 3048 PolicyAgent - ok
23:42:08.0871 3048 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
23:42:08.0871 3048 Power - ok
23:42:08.0921 3048 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:42:08.0921 3048 PptpMiniport - ok
23:42:08.0942 3048 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:42:08.0942 3048 Processor - ok
23:42:09.0002 3048 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
23:42:09.0012 3048 ProfSvc - ok
23:42:09.0022 3048 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:42:09.0022 3048 ProtectedStorage - ok
23:42:09.0072 3048 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:42:09.0082 3048 Psched - ok
23:42:09.0142 3048 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
23:42:09.0152 3048 PSI_SVC_2 - ok
23:42:09.0232 3048 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:42:09.0272 3048 ql2300 - ok
23:42:09.0323 3048 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:42:09.0323 3048 ql40xx - ok
23:42:09.0354 3048 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
23:42:09.0354 3048 QWAVE - ok
23:42:09.0385 3048 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:42:09.0385 3048 QWAVEdrv - ok
23:42:09.0401 3048 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:42:09.0401 3048 RasAcd - ok
23:42:09.0432 3048 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:42:09.0432 3048 RasAgileVpn - ok
23:42:09.0448 3048 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
23:42:09.0448 3048 RasAuto - ok
23:42:09.0495 3048 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:42:09.0510 3048 Rasl2tp - ok
23:42:09.0526 3048 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
23:42:09.0541 3048 RasMan - ok
23:42:09.0557 3048 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:42:09.0557 3048 RasPppoe - ok
23:42:09.0573 3048 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:42:09.0573 3048 RasSstp - ok
23:42:09.0619 3048 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:42:09.0619 3048 rdbss - ok
23:42:09.0666 3048 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:42:09.0697 3048 rdpbus - ok
23:42:09.0744 3048 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:42:09.0744 3048 RDPCDD - ok
23:42:09.0791 3048 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:42:09.0791 3048 RDPENCDD - ok
23:42:09.0838 3048 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:42:09.0853 3048 RDPREFMP - ok
23:42:09.0900 3048 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:42:09.0900 3048 RDPWD - ok
23:42:09.0947 3048 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:42:09.0947 3048 rdyboost - ok
23:42:09.0978 3048 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:42:09.0994 3048 RemoteAccess - ok
23:42:10.0025 3048 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:42:10.0025 3048 RemoteRegistry - ok
23:42:10.0041 3048 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:42:10.0056 3048 RpcEptMapper - ok
23:42:10.0103 3048 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
23:42:10.0103 3048 RpcLocator - ok
23:42:10.0150 3048 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
23:42:10.0165 3048 RpcSs - ok
23:42:10.0181 3048 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:42:10.0181 3048 rspndr - ok
23:42:10.0197 3048 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
23:42:10.0197 3048 SamSs - ok
23:42:10.0243 3048 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:42:10.0259 3048 sbp2port - ok
23:42:10.0290 3048 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:42:10.0306 3048 SCardSvr - ok
23:42:10.0353 3048 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:42:10.0368 3048 scfilter - ok
23:42:10.0462 3048 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
23:42:10.0477 3048 Schedule - ok
23:42:10.0540 3048 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:42:10.0540 3048 SCPolicySvc - ok
23:42:10.0571 3048 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:42:10.0587 3048 SDRSVC - ok
23:42:10.0633 3048 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:42:10.0633 3048 secdrv - ok
23:42:10.0680 3048 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
23:42:10.0696 3048 seclogon - ok
23:42:10.0711 3048 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
23:42:10.0711 3048 SENS - ok
23:42:10.0758 3048 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:42:10.0758 3048 SensrSvc - ok
23:42:10.0789 3048 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:42:10.0821 3048 Serenum - ok
23:42:10.0836 3048 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:42:10.0836 3048 Serial - ok
23:42:10.0867 3048 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:42:10.0867 3048 sermouse - ok
23:42:10.0945 3048 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
23:42:10.0977 3048 SessionEnv - ok
23:42:11.0008 3048 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:42:11.0008 3048 sffdisk - ok
23:42:11.0023 3048 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:42:11.0023 3048 sffp_mmc - ok
23:42:11.0039 3048 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:42:11.0039 3048 sffp_sd - ok
23:42:11.0070 3048 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:42:11.0070 3048 sfloppy - ok
23:42:11.0117 3048 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:42:11.0117 3048 SharedAccess - ok
23:42:11.0164 3048 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:42:11.0179 3048 ShellHWDetection - ok
23:42:11.0211 3048 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:42:11.0226 3048 SiSRaid2 - ok
23:42:11.0257 3048 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:42:11.0257 3048 SiSRaid4 - ok
23:42:11.0289 3048 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:42:11.0289 3048 Smb - ok
23:42:11.0320 3048 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:42:11.0320 3048 SNMPTRAP - ok
23:42:11.0476 3048 [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
23:42:11.0476 3048 Sony PC Companion - ok
23:42:11.0507 3048 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
23:42:11.0507 3048 spldr - ok
23:42:11.0616 3048 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
23:42:11.0616 3048 Spooler - ok
23:42:11.0803 3048 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
23:42:11.0835 3048 sppsvc - ok
23:42:11.0881 3048 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:42:11.0881 3048 sppuinotify - ok
23:42:11.0913 3048 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
23:42:11.0928 3048 srv - ok
23:42:11.0975 3048 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:42:11.0975 3048 srv2 - ok
23:42:12.0037 3048 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:42:12.0037 3048 srvnet - ok
23:42:12.0084 3048 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:42:12.0084 3048 SSDPSRV - ok
23:42:12.0100 3048 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:42:12.0100 3048 SstpSvc - ok
23:42:12.0162 3048 [ 74425FFA11C133D045E1C3BE2EAD481D ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
23:42:12.0162 3048 ssudmdm - ok
23:42:12.0193 3048 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:42:12.0209 3048 stexstor - ok
23:42:12.0365 3048 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
23:42:12.0412 3048 stisvc - ok
23:42:12.0443 3048 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
23:42:12.0443 3048 swenum - ok
23:42:12.0568 3048 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
23:42:12.0568 3048 swprv - ok
23:42:12.0615 3048 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
23:42:12.0630 3048 SymEvent - ok
23:42:12.0693 3048 [ C21550B1D42A39B3A6D128729A9EBDD6 ] SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A} C:\Windows\System32\Drivers\NSMx64\0203000.01A\SymRdrS.SYS
23:42:12.0693 3048 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A} - ok
23:42:12.0786 3048 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
23:42:12.0833 3048 SysMain - ok
23:42:12.0895 3048 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:42:12.0895 3048 TabletInputService - ok
23:42:12.0942 3048 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:42:12.0958 3048 TapiSrv - ok
23:42:13.0005 3048 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
23:42:13.0020 3048 TBS - ok
23:42:13.0301 3048 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:42:13.0348 3048 Tcpip - ok
23:42:13.0457 3048 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:42:13.0473 3048 TCPIP6 - ok
23:42:13.0519 3048 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:42:13.0519 3048 tcpipreg - ok
23:42:13.0575 3048 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:42:13.0575 3048 TDPIPE - ok
23:42:13.0625 3048 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:42:13.0635 3048 TDTCP - ok
23:42:13.0685 3048 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:42:13.0685 3048 tdx - ok
23:42:13.0735 3048 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
23:42:13.0735 3048 TermDD - ok
23:42:13.0815 3048 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
23:42:13.0825 3048 TermService - ok
23:42:13.0865 3048 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
23:42:13.0865 3048 Themes - ok
23:42:13.0945 3048 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
23:42:13.0945 3048 THREADORDER - ok
23:42:14.0086 3048 [ 747E60B773E95F6C93D5621B550D6865 ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
23:42:14.0086 3048 TomTomHOMEService - ok
23:42:14.0126 3048 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
23:42:14.0146 3048 TrkWks - ok
23:42:14.0216 3048 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:42:14.0226 3048 TrustedInstaller - ok
23:42:14.0276 3048 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:42:14.0286 3048 tssecsrv - ok
23:42:14.0336 3048 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:42:14.0336 3048 TsUsbFlt - ok
23:42:14.0396 3048 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:42:14.0396 3048 tunnel - ok
23:42:14.0426 3048 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:42:14.0436 3048 uagp35 - ok
23:42:14.0446 3048 udfpt - ok
23:42:14.0476 3048 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:42:14.0476 3048 udfs - ok
23:42:14.0506 3048 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:42:14.0516 3048 UI0Detect - ok
23:42:14.0536 3048 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:42:14.0536 3048 uliagpkx - ok
23:42:14.0566 3048 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
23:42:14.0576 3048 umbus - ok
23:42:14.0596 3048 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:42:14.0596 3048 UmPass - ok
23:42:14.0636 3048 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
23:42:14.0636 3048 Updater Service - ok
23:42:14.0686 3048 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
23:42:14.0706 3048 upnphost - ok
23:42:14.0776 3048 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
23:42:14.0776 3048 USBAAPL64 - ok
23:42:14.0836 3048 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:42:14.0836 3048 usbccgp - ok
23:42:14.0876 3048 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:42:14.0876 3048 usbcir - ok
23:42:14.0926 3048 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:42:14.0926 3048 usbehci - ok
23:42:14.0966 3048 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:42:14.0966 3048 usbhub - ok
23:42:15.0016 3048 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
23:42:15.0026 3048 usbohci - ok
23:42:15.0066 3048 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:42:15.0066 3048 usbprint - ok
23:42:15.0096 3048 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
23:42:15.0096 3048 usbscan - ok
23:42:15.0116 3048 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:42:15.0116 3048 USBSTOR - ok
23:42:15.0156 3048 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
23:42:15.0156 3048 usbuhci - ok
23:42:15.0186 3048 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
23:42:15.0196 3048 UxSms - ok
23:42:15.0206 3048 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
23:42:15.0206 3048 VaultSvc - ok
23:42:15.0246 3048 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:42:15.0246 3048 vdrvroot - ok
23:42:15.0296 3048 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
23:42:15.0306 3048 vds - ok
23:42:15.0356 3048 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:42:15.0376 3048 vga - ok
23:42:15.0396 3048 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
23:42:15.0396 3048 VgaSave - ok
23:42:15.0426 3048 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:42:15.0436 3048 vhdmp - ok
23:42:15.0456 3048 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
23:42:15.0476 3048 viaide - ok
23:42:15.0476 3048 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:42:15.0496 3048 volmgr - ok
23:42:15.0592 3048 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:42:15.0623 3048 volmgrx - ok
23:42:15.0654 3048 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:42:15.0670 3048 volsnap - ok
23:42:15.0716 3048 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:42:15.0732 3048 vsmraid - ok
23:42:15.0904 3048 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
23:42:15.0935 3048 VSS - ok
23:42:15.0992 3048 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
23:42:15.0992 3048 vwifibus - ok
23:42:16.0042 3048 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
23:42:16.0062 3048 W32Time - ok
23:42:16.0092 3048 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:42:16.0102 3048 WacomPen - ok
23:42:16.0182 3048 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:42:16.0182 3048 WANARP - ok
23:42:16.0192 3048 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:42:16.0192 3048 Wanarpv6 - ok
23:42:16.0362 3048 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
23:42:16.0422 3048 WatAdminSvc - ok
23:42:16.0512 3048 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
23:42:16.0582 3048 wbengine - ok
23:42:16.0602 3048 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:42:16.0612 3048 WbioSrvc - ok
23:42:16.0652 3048 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:42:16.0682 3048 wcncsvc - ok
23:42:16.0712 3048 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:42:16.0722 3048 WcsPlugInService - ok
23:42:16.0742 3048 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:42:16.0742 3048 Wd - ok
23:42:16.0812 3048 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:42:16.0822 3048 Wdf01000 - ok
23:42:16.0842 3048 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:42:16.0852 3048 WdiServiceHost - ok
23:42:16.0862 3048 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:42:16.0862 3048 WdiSystemHost - ok
23:42:16.0952 3048 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
23:42:16.0992 3048 WebClient - ok
23:42:17.0022 3048 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:42:17.0042 3048 Wecsvc - ok
23:42:17.0062 3048 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:42:17.0072 3048 wercplsupport - ok
23:42:17.0092 3048 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
23:42:17.0102 3048 WerSvc - ok
23:42:17.0122 3048 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:42:17.0122 3048 WfpLwf - ok
23:42:17.0162 3048 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:42:17.0162 3048 WIMMount - ok
23:42:17.0172 3048 WinDefend - ok
23:42:17.0182 3048 WinHttpAutoProxySvc - ok
23:42:17.0232 3048 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:42:17.0242 3048 Winmgmt - ok
23:42:17.0502 3048 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
23:42:17.0552 3048 WinRM - ok
23:42:17.0632 3048 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
23:42:17.0632 3048 WinUsb - ok
23:42:17.0732 3048 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
23:42:17.0772 3048 Wlansvc - ok
23:42:17.0892 3048 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:42:17.0942 3048 wlidsvc - ok
23:42:17.0962 3048 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:42:17.0962 3048 WmiAcpi - ok
23:42:17.0992 3048 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:42:17.0992 3048 wmiApSrv - ok
23:42:18.0023 3048 WMPNetworkSvc - ok
23:42:18.0054 3048 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:42:18.0070 3048 WPCSvc - ok
23:42:18.0085 3048 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:42:18.0116 3048 WPDBusEnum - ok
23:42:18.0148 3048 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:42:18.0148 3048 ws2ifsl - ok
23:42:18.0163 3048 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
23:42:18.0179 3048 wscsvc - ok
23:42:18.0179 3048 WSearch - ok
23:42:18.0460 3048 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
23:42:18.0538 3048 wuauserv - ok
23:42:18.0569 3048 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:42:18.0569 3048 WudfPf - ok
23:42:18.0600 3048 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:42:18.0600 3048 WUDFRd - ok
23:42:18.0647 3048 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:42:18.0678 3048 wudfsvc - ok
23:42:18.0694 3048 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
23:42:18.0709 3048 WwanSvc - ok
23:42:18.0756 3048 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
23:42:18.0772 3048 xusb21 - ok
23:42:18.0772 3048 ================ Scan global ===============================
23:42:18.0803 3048 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:42:18.0818 3048 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
23:42:18.0834 3048 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
23:42:18.0865 3048 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:42:18.0896 3048 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:42:18.0912 3048 [Global] - ok
23:42:18.0912 3048 ================ Scan MBR ==================================
23:42:18.0928 3048 [ 70E629B51C16B3C007730C6AE57144C9 ] \Device\Harddisk0\DR0
23:42:18.0928 3048 Suspicious mbr (Forged): \Device\Harddisk0\DR0
23:42:18.0990 3048 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
23:42:18.0990 3048 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
23:42:18.0990 3048 ================ Scan VBR ==================================
23:42:18.0990 3048 [ B45E6E22543ABA2ACF145D08585D4C02 ] \Device\Harddisk0\DR0\Partition1
23:42:19.0021 3048 \Device\Harddisk0\DR0\Partition1 - ok
23:42:19.0052 3048 [ 2B2826E7B36CBBC806FA62FD71DD53A2 ] \Device\Harddisk0\DR0\Partition2
23:42:19.0099 3048 \Device\Harddisk0\DR0\Partition2 - ok
23:42:19.0099 3048 ============================================================
23:42:19.0099 3048 Scan finished
23:42:19.0099 3048 ============================================================
23:42:19.0130 3524 Detected object count: 1
23:42:19.0130 3524 Actual detected object count: 1
23:42:45.0234 3524 \Device\Harddisk0\DR0\# - copied to quarantine
23:42:45.0254 3524 \Device\Harddisk0\DR0 - copied to quarantine
23:42:45.0475 3524 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
23:42:45.0565 3524 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
23:42:46.0665 3524 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
23:42:46.0745 3524 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
23:42:47.0080 3524 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
23:42:47.0252 3524 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
23:42:47.0267 3524 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
23:42:47.0267 3524 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
23:42:47.0283 3524 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
23:42:47.0470 3524 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
23:42:47.0688 3524 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
23:42:47.0688 3524 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
23:42:47.0720 3524 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
23:42:47.0876 3524 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
23:42:47.0891 3524 \Device\Harddisk0\DR0 - ok
23:42:48.0745 3524 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
23:42:59.0332 5576 Deinitialize success
 
Re-run MBAM one more time and post fresh log.

Next....

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

======================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Mbam:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.03.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Yoder :: GARY-PC [administrator]

10/4/2012 12:12:56 AM
mbam-log-2012-10-04 (00-25-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 277678
Time elapsed: 11 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)

--------------------------------------------------------------------------------------
RKreport[1]

RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Yoder [Admin rights]
Mode : Scan -- Date : 10/04/2012 00:32:13

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\61883 (system32\DRIVERS\61883.sys) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\61883 (system32\DRIVERS\61883.sys) -> FOUND
[TASK][BLPATH] HPCustParticipation HP Deskjet 2050 J510 series : "C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe" /UA 9.1 /DDV 0x0800 -> FOUND
[TASK][SUSP PATH] {27975CEF-8357-4244-9220-39A951C17582} : C:\Windows\system32\pcalua.exe -a "C:\Users\Gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G8WVRW43\Inspiration 8 Trial\Trial Install.exe" -d "C:\Users\Gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G8WVRW43\Inspiration 8 Trial" -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST375052 8AS SCSI Disk Device +++++
--- User ---
[MBR] e95f18f1561eb3fedef24d6888f5d05a
[BSP] e1e278320f9566088945d540093819e9 : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12288 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 25167872 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25372672 | Size: 703014 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

-------------------------------------------------------------------------------------------------------------

RKreport[2]

RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Yoder [Admin rights]
Mode : Remove -- Date : 10/04/2012 00:34:12

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\61883 (system32\DRIVERS\61883.sys) -> DELETED
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\61883 (system32\DRIVERS\61883.sys) -> DELETED
[TASK][BLPATH] HPCustParticipation HP Deskjet 2050 J510 series : "C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe" /UA 9.1 /DDV 0x0800 -> DELETED
[TASK][SUSP PATH] {27975CEF-8357-4244-9220-39A951C17582} : C:\Windows\system32\pcalua.exe -a "C:\Users\Gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G8WVRW43\Inspiration 8 Trial\Trial Install.exe" -d "C:\Users\Gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G8WVRW43\Inspiration 8 Trial" -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST375052 8AS SCSI Disk Device +++++
--- User ---
[MBR] e95f18f1561eb3fedef24d6888f5d05a
[BSP] e1e278320f9566088945d540093819e9 : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12288 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 25167872 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25372672 | Size: 703014 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4: Generic- MS/MS-Pro/HG USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

==================================================

aswMBR:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-04 00:37:00
-----------------------------
00:37:00.092 OS Version: Windows x64 6.1.7601 Service Pack 1
00:37:00.092 Number of processors: 2 586 0x602
00:37:00.108 ComputerName: GARY-PC UserName: Yoder
00:37:06.978 Initialize success
00:38:20.398 AVAST engine defs: 12100302
00:38:25.230 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005d
00:38:25.230 Disk 0 Vendor: ST375052 CC44 Size: 715404MB BusType: 3
00:38:25.230 Disk 0 MBR read successfully
00:38:25.246 Disk 0 MBR scan
00:38:25.246 Disk 0 unknown MBR code
00:38:25.246 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12288 MB offset 2048
00:38:25.277 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 25167872
00:38:25.293 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 703014 MB offset 25372672
00:38:25.324 Disk 0 scanning C:\Windows\system32\drivers
00:38:51.681 Service scanning
00:39:17.624 Modules scanning
00:39:17.634 Disk 0 trace - called modules:
00:39:17.654 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
00:39:17.664 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c2a060]
00:39:17.664 3 CLASSPNP.SYS[fffff880013cc43f] -> nt!IofCallDriver -> [0xfffffa800487a4e0]
00:39:17.674 5 ACPI.sys[fffff88000f887a1] -> nt!IofCallDriver -> \Device\0000005d[0xfffffa800487b060]
00:39:21.193 AVAST engine scan C:\Windows
00:39:25.593 AVAST engine scan C:\Windows\system32
00:45:59.155 AVAST engine scan C:\Windows\system32\drivers
00:46:16.018 AVAST engine scan C:\Users\Yoder
00:50:17.625 AVAST engine scan C:\ProgramData
00:57:44.152 Scan finished successfully
01:17:57.148 Disk 0 MBR has been saved successfully to "C:\Users\Yoder\Desktop\MBR.dat"
01:17:57.163 The log file has been saved successfully to "C:\Users\Yoder\Desktop\aswMBR.txt"
 
Your MBAM log says "No action taken".
Re-run it, fix all issues and post new log.
 
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.03.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Yoder :: GARY-PC [administrator]

10/4/2012 10:24:21 PM
mbam-log-2012-10-04 (22-24-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 278860
Time elapsed: 12 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
Good :)

Create new restore point before proceeding with the next step....
How to:
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

==================================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If restarting doesn't help use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 12-10-04.02 - Yoder 10/05/2012 1:20.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2310 [GMT -4:00]
Running from: c:\users\Yoder\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\8BD8189AEF.sys
c:\users\Stephen\Documents\~WRL0438.tmp
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-05 to 2012-10-05 )))))))))))))))))))))))))))))))
.
.
2012-10-05 05:32 . 2012-10-05 05:32 -------- d-----w- c:\users\Gary\AppData\Local\temp
2012-10-05 05:32 . 2012-10-05 05:32 -------- d-----w- c:\users\Stephen\AppData\Local\temp
2012-10-05 05:32 . 2012-10-05 05:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-05 05:32 . 2012-10-05 05:32 -------- d-----w- c:\users\Brennen\AppData\Local\temp
2012-10-05 05:23 . 2012-10-05 05:23 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4E20D490-3A66-4089-A375-0D1FD0EFFDE5}\offreg.dll
2012-10-04 14:57 . 2012-10-04 14:57 -------- d-----w- c:\users\Gary\AppData\Local\Adobe
2012-10-04 13:42 . 2012-10-04 13:42 -------- d-----w- c:\users\Gary\AppData\Local\Apple Computer
2012-10-04 06:15 . 2012-09-19 04:58 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4E20D490-3A66-4089-A375-0D1FD0EFFDE5}\mpengine.dll
2012-10-04 03:42 . 2012-10-04 03:42 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-04 01:11 . 2012-10-04 01:11 -------- d-----w- c:\users\Yoder\AppData\Local\Apple Computer
2012-10-04 00:47 . 2012-10-04 00:47 -------- d-----w- c:\users\Yoder\AppData\Roaming\SUPERAntiSpyware.com
2012-09-25 19:49 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-24 21:35 . 2012-09-24 21:35 -------- d-----w- c:\program files (x86)\MyFree Codec
2012-09-24 20:43 . 2012-09-24 20:43 -------- d-----w- c:\users\Gary\AppData\Local\Samsung
2012-09-24 20:43 . 2012-09-24 20:43 -------- d-----w- c:\users\Gary\AppData\Roaming\Samsung
2012-09-24 15:48 . 2012-07-31 10:42 203104 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-09-24 15:48 . 2012-07-31 10:42 102240 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-09-24 15:43 . 2012-08-28 14:05 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-09-24 15:42 . 2012-09-24 15:42 -------- d-----w- c:\program files (x86)\MarkAny
2012-09-24 15:42 . 2012-08-28 14:04 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2012-09-24 15:40 . 2012-09-24 15:46 -------- d-----w- c:\program files (x86)\Samsung
2012-09-24 15:31 . 2012-09-24 15:31 -------- d-----w- c:\program files\SAMSUNG
2012-09-24 15:29 . 2012-09-24 15:40 -------- d-----w- c:\programdata\Samsung
2012-09-24 15:18 . 2012-09-24 15:18 -------- d-----w- c:\users\Gary\AppData\Local\Downloaded Installations
2012-09-24 14:15 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-24 14:13 . 2012-09-24 14:13 -------- d-----w- c:\program files\iPod
2012-09-24 14:12 . 2012-09-24 14:15 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-24 14:12 . 2012-09-24 14:15 -------- d-----w- c:\program files\iTunes
2012-09-24 14:12 . 2012-09-24 14:15 -------- d-----w- c:\program files (x86)\iTunes
2012-09-23 19:27 . 2012-09-23 19:27 -------- d-----w- c:\users\Yoder\AppData\Roaming\Malwarebytes
2012-09-23 19:27 . 2012-09-23 19:27 -------- d-----w- c:\programdata\Malwarebytes
2012-09-23 19:27 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-23 19:27 . 2012-09-23 19:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-23 14:29 . 2012-10-05 04:23 -------- d-----w- c:\program files (x86)\Mozilla Firefox 4.0 Beta 4
2012-09-17 14:04 . 2012-09-17 14:04 -------- d-----w- c:\program files (x86)\Support.com
2012-09-17 00:47 . 2012-09-18 21:09 -------- d-----w- c:\users\Yoder\AppData\Local\ElevatedDiagnostics
2012-09-16 19:27 . 2012-09-16 19:27 -------- d-----w- c:\users\Stephen\AppData\Local\Diagnostics
2012-09-16 17:55 . 2012-05-25 21:09 29312 ----a-w- c:\program files (x86)\Mozilla Firefox\ScriptFF.dll
2012-09-16 17:55 . 2012-02-22 17:29 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-09-16 17:55 . 2012-09-16 17:56 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2012-09-16 17:55 . 2012-02-22 17:29 75936 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2012-09-16 17:55 . 2012-02-22 17:29 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-09-16 17:55 . 2012-02-22 17:29 487296 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-09-16 17:55 . 2012-02-22 17:29 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-09-16 17:55 . 2012-02-22 17:29 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-09-16 17:55 . 2012-09-16 17:56 -------- d-----w- c:\program files\Common Files\McAfee
2012-09-16 17:55 . 2012-09-16 17:57 -------- d-----w- c:\program files\McAfee
2012-09-16 17:55 . 2012-09-19 17:43 -------- d-----w- c:\program files (x86)\McAfee
2012-09-16 17:46 . 2012-06-22 11:38 177144 ----a-w- c:\windows\system32\mfevtps.exe
2012-09-16 17:46 . 2012-09-16 20:57 -------- d-----w- c:\programdata\McAfee
2012-09-16 17:09 . 2012-09-17 00:09 -------- d-----w- c:\users\Yoder\AppData\Local\Diagnostics
2012-09-12 11:47 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 11:47 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 11:47 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 11:47 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 11:47 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 11:47 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 11:47 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-10 23:57 . 2012-09-10 23:57 -------- d-----w- c:\users\Gary\AppData\Local\Chromium
2012-09-10 23:55 . 2012-09-10 23:55 -------- d-----w- c:\program files (x86)\Norton PC Checkup 3.0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-04 05:52 . 2011-10-27 01:21 4184 --sha-w- c:\programdata\KGyGaAvL.sys
2012-09-27 20:03 . 2012-04-05 20:55 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-27 20:03 . 2011-05-17 21:13 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-13 07:01 . 2010-02-20 19:21 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-28 14:04 . 2012-08-28 14:04 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-08-28 14:04 . 2012-08-28 14:04 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-08-28 14:04 . 2012-08-28 14:04 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-08-28 14:04 . 2012-08-28 14:04 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2012-08-28 14:04 . 2012-08-28 14:04 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2012-08-28 14:04 . 2012-08-28 14:04 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2012-08-28 14:04 . 2012-08-28 14:04 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2012-08-28 14:04 . 2012-08-28 14:04 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-08-28 14:04 . 2012-08-28 14:04 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-08-28 14:04 . 2012-08-28 14:04 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2012-08-28 14:04 . 2012-08-28 14:04 172032 ----a-w- c:\windows\SysWow64\muzapp.exe
2012-08-28 14:04 . 2012-08-28 14:04 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-08-28 14:04 . 2012-08-28 14:04 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2012-08-28 14:04 . 2012-08-28 14:04 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2012-08-28 14:04 . 2012-08-28 14:04 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2012-08-28 14:04 . 2012-08-28 14:04 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2012-08-28 14:04 . 2012-08-28 14:04 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2012-08-28 14:04 . 2012-08-28 14:04 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2012-08-28 14:04 . 2012-08-28 14:04 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2012-08-28 14:04 . 2012-08-28 14:04 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2012-08-28 14:04 . 2012-08-28 14:04 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2012-08-28 14:04 . 2012-08-28 14:04 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-08-28 14:04 . 2012-08-28 14:04 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2012-08-28 14:04 . 2012-08-28 14:04 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2012-08-28 14:04 . 2012-08-28 14:04 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2012-08-28 14:04 . 2012-08-28 14:04 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2012-08-28 14:04 . 2012-08-28 14:04 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2012-08-28 14:04 . 2012-08-28 14:04 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2012-08-28 14:04 . 2012-08-28 14:04 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2012-08-21 17:01 . 2010-04-21 12:48 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 17:01 . 2010-04-21 12:48 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-10 17:07 . 2012-08-10 17:07 998720 ----a-w- c:\programdata\Microsoft\Windows\DRM\install_flashplayer.exe
2012-07-31 15:31 . 2012-08-20 02:24 87152 ----a-w- c:\windows\system32\cpwmon64.dll
2012-07-30 17:32 . 2012-07-30 17:32 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2012-07-30 17:32 . 2012-07-30 17:32 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-07-18 18:15 . 2012-08-15 10:25 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-09 17:42 . 2012-07-09 17:42 4547984 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-07-09 17:42 . 2012-07-09 17:42 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-08-23 22:42 . 2011-10-27 17:34 332144 ----a-w- c:\program files (x86)\Common Files\MediaOrganizer.dll
2011-08-23 22:35 . 2011-10-27 17:34 33136 ----a-w- c:\program files (x86)\Common Files\FlickrProvider.dll
2011-08-23 22:35 . 2011-10-27 17:34 402800 ----a-w- c:\program files (x86)\Common Files\facebook.dll
2011-08-23 22:35 . 2011-10-27 17:34 130416 ----a-w- c:\program files (x86)\Common Files\PluginCommon.dll
2011-08-23 22:34 . 2011-10-27 17:34 465264 ----a-w- c:\program files (x86)\Common Files\AppFramework.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Standby"="c:\program files (x86)\Common Files\Corel\Standby\Standby.exe" [2009-12-17 105632]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]
"Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-08-31 3524536]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-3-31 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 AFS;AFS; [x]
R2 0012211348076592mcinstcleanup;McAfee Application Installer Cleanup (0012211348076592);c:\windows\TEMP\001221~1.EXE [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 NOF;Norton Online;c:\program files (x86)\Norton Online\Engine\2.3.0.7\ccSvcHst.exe [2011-11-30 138248]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-27 250288]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-31 102240]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-23 114656]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-31 203104]
R3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Safety Minder;c:\windows\System32\Drivers\NSMx64\0203000.01A\SymRdrS.SYS [2011-11-17 218232]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 udfpt;udfpt;c:\windows\system32\drivers\udfpt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1255736]
S0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\system32\Drivers\Achernar.sys [2011-10-24 34104]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-06-22 335784]
S1 ccSet_NOF;Norton Online Settings Manager;c:\windows\system32\drivers\NOFx64\0203000.007\ccSetx64.sys [2011-11-04 167048]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-05-25 210616]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-06-22 177144]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [2012-07-03 132056]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.9.24\ccSvcHst.exe [2009-08-24 126392]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 20:03]
.
2012-10-05 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-09-14 23:01]
.
2012-09-18 c:\windows\Tasks\PC Checkup 3 Weekly Scan.job
- c:\program files (x86)\Norton PC Checkup 3.0\NLAppLauncher.exe [2012-09-10 17:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17360210g206p0445v145r4491s247
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17360210g206p0445v145r4491s247
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Yoder\AppData\Roaming\Mozilla\Firefox\Profiles\uof9oweo.default\
FF - prefs.js: browser.startup.homepage - hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17360210g206p0445v145r4491s247
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-Corel File Shell Monitor - c:\program files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
SafeBoot-79862595.sys
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Intel® Integrated Performance Primitives 1.1 - c:\windows\system32\UninstIPP.isu
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NOF]
"ImagePath"="\"c:\program files (x86)\Norton Online\Engine\2.3.0.7\ccSvcHst.exe\" /s \"NOF\" /m \"c:\program files (x86)\Norton Online\Engine\2.3.0.7\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.9.24\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.9.24\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{336D0C35-8A85-403A-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,38,12,5b,0f,7e,
37,b7,c4,54,05,c6,c4,26,82,97,9d,d4,93
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B8E07826-0971-4F16-B133-047B88034E89}"=hex:51,66,7a,6c,4c,1d,38,12,48,7b,f3,
bc,43,47,78,0a,ce,25,47,3b,8d,5d,0a,9d
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:5c,72,97,73,d0,72,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-05 01:36:14
ComboFix-quarantined-files.txt 2012-10-05 05:36
.
Pre-Run: 364,996,386,816 bytes free
Post-Run: 364,733,149,184 bytes free
.
- - End Of File - - 79958748E56EAB62E13F362D10BA8F7D
 
Looks good.

Any current issues?

=============================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
785
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back