Malware in SVCHOST.exe not being removed

Solved
By LonnieD
Oct 17, 2012
Topic Status:
Not open for further replies.
  1. I am in need of help removing malware from my SVChost.exe file. I think this is also related to the fact that I can no longer do Windows Updates.

    About 3 days ago I was infected by the FBI Fake MoneyPak virus and used Malwarebytes to try to remove it. I can now boot my system normally but Malwarebytes finds the 2 trojans and blocks them. McAfee reports no infections.

    I would greatly appreciated any help you can give. Thank you.

    I have included the requested reports. GMER did not produce a log and I could not find an Attach.txt log.

    Malwarebytes Anti-Malware (Trial) 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.17.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Lonnie Dawkins :: LONNIEDAWKINS [administrator]

    Protection: Enabled

    10/17/2012 12:36:25 PM
    mbam-log-2012-10-17 (12-36-25).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 236727
    Time elapsed: 1 minute(s), 54 second(s)

    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 4024 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

    (end)
    GMER.exe did not produce any log
    DDS (Ver_2012-10-14.05) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16421
    Run by Lonnie Dawkins at 13:07:58 on 2012-10-17
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7990.6002 [GMT -4:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\vcsFPService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\DigitalPersona\Bin\DpHostW.exe
    C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Windows\system32\mfevtps.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    -netsvcs
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\vVX6000.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe
    C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\DigitalPersona\Bin\DPAgent.exe
    C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\Common Files\AOL\1334659535\ee\aolsoftware.exe
    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Program Files\McAfee\MAT\McPvTray.exe
    C:\Program Files\Common Files\McAfee\Core\mchost.exe
    C:\Program Files (x86)\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://lonniedawkins.com/
    uWindow Title = Internet Explorer, optimized for Bing and MSN
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mStart Page = about:blank
    uProxyOverride = 127.0.0.1;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    uRun: [ZumoDrive] C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk
    uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
    uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    uRun: [Google Update] "C:\Users\Lonnie Dawkins\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Facebook Update] "C:\Users\Lonnie Dawkins\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    uRun: [AdobeBridge] "C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe" -stealth
    uRun: [SPMTray] "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe"
    uRun: [EPSON Stylus Photo R340 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIAJA.EXE /FU "C:\Users\LONNIE~1\AppData\Local\Temp\E_SE0BD.tmp" /EF "HKCU"
    uRun: [EPSON Stylus Photo R340 Series (Copy 1)] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIAJA.EXE /FU "C:\Windows\TEMP\E_SD7AE.tmp" /EF "HKCU"
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup
    mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
    mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
    mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1334659535\ee\AOLSoftware.exe
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
    mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
    mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
    StartupFolder: C:\Users\LONNIE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGOCA~1.LNK - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PROFIL~1.LNK - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    uPolicies-Explorer: HideSCAHealth = dword:1
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    Trusted Zone: wordpress.com
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
    DPF: {62AEFF80-16AD-4AC4-B812-E70EB5F37301} - hxxp://www.zenfolio.com/zf/code/upload-ie-win-x86.cab
    DPF: {7DD62E58-5FA8-11D2-AFB7-00104B64F126} - hxxps://www.svharbor.com/epass/swiftview/svinstall_a.8.0.2.0.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} - hxxps://www36.verizon.com/FiOSVoice/UnProtected/FiosVoiceVMUtil.CAB
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {D00CB680-081D-4F94-97D5-75DEDDC374ED} - hxxps://www36.verizon.com/fiosvoice/Downloads/FiosVoiceWebCntrl.CAB
    TCP: NameServer = 192.168.1.1 71.252.0.12
    TCP: Interfaces\{2C72860A-BB5A-4A90-95F0-C3250D048A5E} : DHCPNameServer = 192.168.1.1 71.252.0.12
    TCP: Interfaces\{2C72860A-BB5A-4A90-95F0-C3250D048A5E}\144616D637D27657563747 : DHCPNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{2C72860A-BB5A-4A90-95F0-C3250D048A5E}\14C6F66647841627C656D6 : DHCPNameServer = 8.8.8.8 207.59.153.242 66.251.35.130
    TCP: Interfaces\{2C72860A-BB5A-4A90-95F0-C3250D048A5E}\C696E6B6379737 : DHCPNameServer = 207.69.188.171 207.69.188.172 207.69.188.185
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    LSA: Notification Packages = DPPassFilter scecli
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    x64-mSearchAssistant = hxxp://www.google.com/ie
    x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe,
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
    x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Run: [VX6000] C:\Windows\vVX6000.exe
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
    x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - <orphaned>
    x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
    x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll
    x64-Notify: igfxcui - igfxdev.dll
    x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences Pro\FencesMenu64.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 McPvDrv;McPvDrv Driver;C:\Windows\System32\drivers\McPvDrv.sys [2012-9-29 73096]
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-6-22 752672]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-10-15 30568]
    R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-6-22 335784]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-10-25 89600]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-9 203264]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
    R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-8-5 681528]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-7-5 227384]
    R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2010-7-16 30520]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-6-14 26680]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-15 399432]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-15 676936]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-5 201304]
    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-5 201304]
    R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-5 201304]
    R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-7-31 237920]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-7-31 218320]
    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-7-31 177144]
    R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
    R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-25 2533400]
    R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 2192176]
    R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-9-9 7767552]
    R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-9-9 279040]
    R3 clwvd;HP Webcam Splitter;C:\Windows\System32\drivers\clwvd.sys [2010-9-3 31088]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-5-1 56344]
    R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-10-27 151936]
    R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2010-7-28 10610400]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-15 25928]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-7-31 300392]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-7-31 513456]
    S2 CLKMSVC10_C6F09094;CyberLink Product - 2010/10/25 01:49:41;C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-10-25 245232]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-16 116648]
    S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-5 201304]
    S2 MOBCleanup;MOBCleanup;C:\Users\Lonnie Dawkins\AppData\Local\Temp\MOBCleanup.exe [2012-10-5 294440]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-30 250808]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
    S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-7-31 69672]
    S3 Droppix Service;Droppix Service;C:\Program Files (x86)\Common Files\Droppix\DxService.exe [2011-4-8 151552]
    S3 EyeOneDisplay;EyeOneDisplay;C:\Windows\System32\drivers\i1display_x64.sys [2011-4-2 7808]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-16 116648]
    S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-9-26 196440]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2012-7-31 106112]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    S3 rcmirror;rcmirror;C:\Windows\System32\drivers\rcmirror.sys [2010-1-18 4608]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-10-25 232992]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-10-25 344680]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-4 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
    S3 VX6000;Microsoft LifeCam VX-6000;C:\Windows\System32\drivers\VX6000Xp.sys [2010-5-20 2143600]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-3 1255736]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    .
    =============== Created Last 30 ================
    .
    2012-10-17 13:42:1520480------w-C:\Windows\svchost.exe
    2012-10-15 17:52:29--------d-----w-C:\Users\Lonnie Dawkins\AppData\Roaming\Malwarebytes
    2012-10-15 17:52:17--------d-----w-C:\ProgramData\Malwarebytes
    2012-10-15 17:52:1325928----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-10-15 17:52:13--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-10-15 16:19:17--------d-----w-C:\Users\Lonnie Dawkins\AppData\Local\McAfee Anti-Theft
    2012-10-15 12:43:04--------d-----w-C:\Users\Lonnie Dawkins\AppData\Roaming\TuneUp Software
    2012-10-15 12:42:5730568----a-w-C:\Windows\System32\drivers\avgtpx64.sys
    2012-10-15 12:33:05--------d-----w-C:\Users\Lonnie Dawkins\AppData\Local\MFAData
    2012-10-15 06:16:48--------d-----w-C:\Users\Lonnie Dawkins\AppData\Local\NPE
    2012-10-15 06:07:49--------d-----w-C:\Program Files\Symantec
    2012-10-15 06:07:03--------d-----w-C:\Windows\System32\drivers\N360x64\1401010.002
    2012-10-15 06:07:03--------d-----w-C:\Windows\System32\drivers\N360x64
    2012-10-15 06:07:02--------d-----w-C:\Program Files (x86)\Norton 360
    2012-10-15 05:50:22--------d-----w-C:\Program Files (x86)\NortonInstaller
    2012-10-15 04:00:29--------d-----w-C:\sh4ldr
    2012-10-15 04:00:29--------d-----w-C:\Program Files\Enigma Software Group
    2012-10-15 03:59:37--------d-----w-C:\Windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
    2012-10-15 03:59:34--------d-----w-C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2012-10-08 21:44:23--------d-----w-C:\Users\Lonnie Dawkins\AppData\Local\{A5EE4F96-CEE1-400A-A8FA-1C8B569B4D2E}
    2012-10-05 21:35:4851032----a-r-C:\Windows\System32\AdobePDF.dll
    2012-10-05 21:35:4824416----a-r-C:\Windows\System32\AdobePDFUI.dll
    2012-10-02 12:45:54--------d-----w-C:\Program Files (x86)\Common Files\xing shared
    2012-09-30 19:01:02--------d-----w-C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-09-29 05:37:0473096----a-w-C:\Windows\System32\drivers\McPvDrv.sys
    2012-09-26 21:02:27196440----a-w-C:\Windows\System32\drivers\HipShieldK.sys
    2012-09-24 15:35:26--------d-----w-C:\Users\Lonnie Dawkins\AppData\Local\{5C921DDE-589E-49A6-B2BB-A6EBC07CCA58}
    2012-09-24 03:34:50--------d-----w-C:\Users\Lonnie Dawkins\AppData\Local\{55734F5B-E13A-4DDA-AC28-FFEF58ED99F2}
    2012-09-24 03:17:5533240----a-w-C:\Windows\System32\drivers\GEARAspiWDM.sys
    2012-09-24 03:16:44--------d-----w-C:\Program Files\iPod
    2012-09-24 03:16:43--------d-----w-C:\Program Files\iTunes
    2012-09-24 03:16:43--------d-----w-C:\Program Files (x86)\iTunes
    2012-09-24 02:57:26159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2012-09-24 02:57:26159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2012-09-24 02:57:26159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2012-09-24 02:57:26159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2012-09-24 02:57:26159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2012-09-24 02:57:26159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2012-09-24 02:57:26159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    .
    ==================== Find3M ====================
    .
    2012-10-09 00:11:1173656----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-09 00:11:11696760----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-10-02 12:45:17499712----a-w-C:\Windows\SysWow64\msvcp71.dll
    2012-09-15 04:06:26210458----a-w-C:\ProgramData\1347681819.bdinstall.bin
    2012-09-10 05:23:5582384----a-w-C:\Windows\System32\drivers\bdsandbox.sys
    2012-08-21 17:01:20125872----a-w-C:\Windows\System32\GEARAspi64.dll
    2012-08-21 17:01:20106928----a-w-C:\Windows\SysWow64\GEARAspi.dll
    2012-08-14 00:22:26379086----a-w-C:\ProgramData\1344903346.bdinstall.bin
    2012-08-13 23:48:47234095----a-w-C:\ProgramData\1344900948.bdinstall.bin
    2012-08-13 22:54:50285196----a-w-C:\ProgramData\1344896445.bdinstall.bin
    2012-08-02 16:55:34103784----a-w-C:\Users\Lonnie Dawkins\GoToAssistDownloadHelper.exe
    .
    ============= FINISH: 13:08:27.91 ===============
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    TDSSKiller Scan

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
    Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  3. LonnieD

    LonnieD Newcomer, in training Topic Starter Posts: 28

    Jay, Thanks for the fast response. I ran KDSSKiller and it found one malicious object and took action.

    15:16:30.0976 3700 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
    15:16:31.0243 3700 ============================================================
    15:16:31.0243 3700 Current date / time: 2012/10/17 15:16:31.0243
    15:16:31.0243 3700 SystemInfo:
    15:16:31.0243 3700
    15:16:31.0243 3700 OS Version: 6.1.7601 ServicePack: 1.0
    15:16:31.0243 3700 Product type: Workstation
    15:16:31.0243 3700 ComputerName: LONNIEDAWKINS
    15:16:31.0243 3700 UserName: Lonnie Dawkins
    15:16:31.0243 3700 Windows directory: C:\Windows
    15:16:31.0243 3700 System windows directory: C:\Windows
    15:16:31.0243 3700 Running under WOW64
    15:16:31.0243 3700 Processor architecture: Intel x64
    15:16:31.0243 3700 Number of processors: 4
    15:16:31.0243 3700 Page size: 0x1000
    15:16:31.0243 3700 Boot type: Normal boot
    15:16:31.0243 3700 ============================================================
    15:16:31.0979 3700 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    15:16:31.0986 3700 Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    15:16:31.0990 3700 ============================================================
    15:16:31.0991 3700 \Device\Harddisk0\DR0:
    15:16:31.0991 3700 MBR partitions:
    15:16:31.0991 3700 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
    15:16:31.0991 3700 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x5380F800
    15:16:31.0991 3700 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x53873800, BlocksNum 0x3C9F000
    15:16:31.0991 3700 \Device\Harddisk1\DR1:
    15:16:31.0991 3700 MBR partitions:
    15:16:31.0992 3700 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAEA86702
    15:16:31.0992 3700 ============================================================
    15:16:32.0061 3700 C: <-> \Device\Harddisk0\DR0\Partition2
    15:16:32.0112 3700 D: <-> \Device\Harddisk0\DR0\Partition3
    15:16:32.0121 3700 I: <-> \Device\Harddisk1\DR1\Partition1
    15:16:32.0121 3700 ============================================================
    15:16:32.0121 3700 Initialize success
    15:16:32.0121 3700 ============================================================
    15:16:59.0775 4844 ============================================================
    15:16:59.0775 4844 Scan started
    15:16:59.0775 4844 Mode: Manual; SigCheck; TDLFS;
    15:16:59.0775 4844 ============================================================
    15:17:00.0318 4844 ================ Scan system memory ========================
    15:17:00.0318 4844 System memory - ok
    15:17:00.0319 4844 ================ Scan services =============================
    15:17:00.0599 4844 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    15:17:00.0841 4844 1394ohci - ok
    15:17:00.0982 4844 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
    15:17:01.0019 4844 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
    15:17:01.0073 4844 [ 3E2427D4966C7606097341E55AB4E105 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
    15:17:01.0109 4844 Accelerometer - ok
    15:17:01.0170 4844 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    15:17:01.0198 4844 ACPI - ok
    15:17:01.0259 4844 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    15:17:01.0339 4844 AcpiPmi - ok
    15:17:01.0434 4844 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    15:17:01.0457 4844 AdobeARMservice - ok
    15:17:01.0604 4844 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    15:17:01.0629 4844 AdobeFlashPlayerUpdateSvc - ok
    15:17:01.0712 4844 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    15:17:01.0744 4844 adp94xx - ok
    15:17:01.0791 4844 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    15:17:01.0809 4844 adpahci - ok
    15:17:01.0832 4844 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    15:17:01.0846 4844 adpu320 - ok
    15:17:01.0874 4844 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    15:17:02.0060 4844 AeLookupSvc - ok
    15:17:02.0199 4844 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
    15:17:02.0293 4844 AESTFilters - ok
    15:17:02.0358 4844 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    15:17:02.0453 4844 AFD - ok
    15:17:02.0515 4844 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    15:17:02.0542 4844 agp440 - ok
    15:17:02.0605 4844 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    15:17:02.0676 4844 ALG - ok
    15:17:02.0732 4844 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    15:17:02.0757 4844 aliide - ok
    15:17:02.0813 4844 [ 48619A29F9C9C3CFEB66718DD03D8057 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    15:17:02.0907 4844 AMD External Events Utility - ok
    15:17:02.0961 4844 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    15:17:02.0973 4844 amdide - ok
    15:17:03.0018 4844 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    15:17:03.0096 4844 AmdK8 - ok
    15:17:03.0329 4844 [ 06BF0785DE714637EBA9BB1084B28626 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    15:17:03.0458 4844 amdkmdag - ok
    15:17:03.0485 4844 [ 2DEC3274589FF6889AB05ADCEEB0F642 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
    15:17:03.0532 4844 amdkmdap - ok
    15:17:03.0583 4844 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    15:17:03.0630 4844 AmdPPM - ok
    15:17:03.0660 4844 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    15:17:03.0684 4844 amdsata - ok
    15:17:03.0701 4844 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    15:17:03.0718 4844 amdsbs - ok
    15:17:03.0730 4844 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    15:17:03.0743 4844 amdxata - ok
    15:17:03.0854 4844 [ 85180CF88C5EBAD73B452A43A004CA51 ] AOL ACS C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
    15:17:03.0875 4844 AOL ACS - ok
    15:17:03.0936 4844 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    15:17:04.0087 4844 AppID - ok
    15:17:04.0146 4844 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    15:17:04.0233 4844 AppIDSvc - ok
    15:17:04.0290 4844 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    15:17:04.0391 4844 Appinfo - ok
    15:17:04.0503 4844 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    15:17:04.0524 4844 Apple Mobile Device - ok
    15:17:04.0616 4844 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    15:17:04.0643 4844 arc - ok
    15:17:04.0674 4844 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    15:17:04.0689 4844 arcsas - ok
    15:17:04.0760 4844 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    15:17:04.0840 4844 AsyncMac - ok
    15:17:04.0886 4844 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    15:17:04.0899 4844 atapi - ok
    15:17:04.0953 4844 [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
    15:17:04.0966 4844 AtiHdmiService - ok
    15:17:05.0018 4844 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    15:17:05.0112 4844 AudioEndpointBuilder - ok
    15:17:05.0121 4844 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    15:17:05.0162 4844 AudioSrv - ok
    15:17:05.0236 4844 [ A3B21D3CD9185734698AB4C5D7D8F182 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
    15:17:05.0255 4844 avgtp - ok
    15:17:05.0320 4844 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    15:17:05.0421 4844 AxInstSV - ok
    15:17:05.0484 4844 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    15:17:05.0563 4844 b06bdrv - ok
    15:17:05.0619 4844 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    15:17:05.0672 4844 b57nd60a - ok
    15:17:05.0785 4844 [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
    15:17:05.0815 4844 BBSvc - ok
    15:17:05.0934 4844 [ 0E7A9264576B40638A3FBC804DE1FF76 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
    15:17:05.0988 4844 BCM43XX - ok
    15:17:06.0082 4844 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    15:17:06.0155 4844 BDESVC - ok
    15:17:06.0243 4844 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    15:17:06.0318 4844 Beep - ok
    15:17:06.0369 4844 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    15:17:06.0413 4844 blbdrive - ok
    15:17:06.0526 4844 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    15:17:06.0558 4844 Bonjour Service - ok
    15:17:06.0619 4844 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    15:17:06.0665 4844 bowser - ok
    15:17:06.0714 4844 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    15:17:06.0803 4844 BrFiltLo - ok
    15:17:06.0833 4844 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    15:17:06.0866 4844 BrFiltUp - ok
    15:17:06.0923 4844 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
    15:17:07.0027 4844 Browser - ok
    15:17:07.0060 4844 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    15:17:07.0139 4844 Brserid - ok
    15:17:07.0211 4844 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    15:17:07.0265 4844 BrSerWdm - ok
    15:17:07.0291 4844 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    15:17:07.0334 4844 BrUsbMdm - ok
    15:17:07.0359 4844 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    15:17:07.0394 4844 BrUsbSer - ok
    15:17:07.0436 4844 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    15:17:07.0496 4844 BTHMODEM - ok
    15:17:07.0558 4844 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    15:17:07.0632 4844 bthserv - ok
    15:17:07.0654 4844 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    15:17:07.0737 4844 cdfs - ok
    15:17:07.0782 4844 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
    15:17:07.0824 4844 cdrom - ok
    15:17:07.0879 4844 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    15:17:07.0962 4844 CertPropSvc - ok
    15:17:08.0041 4844 [ 45B5A89DC41577282E5BF41B1165EA71 ] cfwids C:\Windows\system32\drivers\cfwids.sys
    15:17:08.0064 4844 cfwids - ok
    15:17:08.0109 4844 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    15:17:08.0164 4844 circlass - ok
    15:17:08.0240 4844 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    15:17:08.0271 4844 CLFS - ok
    15:17:08.0399 4844 [ DEDE5EC7DC09D840D5D74E06FF4DE127 ] CLKMSVC10_C6F09094 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe
    15:17:08.0411 4844 CLKMSVC10_C6F09094 - ok
    15:17:08.0500 4844 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    15:17:08.0523 4844 clr_optimization_v2.0.50727_32 - ok
    15:17:08.0573 4844 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    15:17:08.0598 4844 clr_optimization_v2.0.50727_64 - ok
    15:17:08.0689 4844 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    15:17:08.0711 4844 clr_optimization_v4.0.30319_32 - ok
    15:17:08.0752 4844 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    15:17:08.0775 4844 clr_optimization_v4.0.30319_64 - ok
    15:17:08.0827 4844 [ D68D9F4D53010B7E84D4E80A2E485554 ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
    15:17:08.0846 4844 clwvd - ok
    15:17:08.0888 4844 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    15:17:08.0940 4844 CmBatt - ok
    15:17:08.0980 4844 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    15:17:09.0001 4844 cmdide - ok
    15:17:09.0046 4844 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    15:17:09.0086 4844 CNG - ok
    15:17:09.0136 4844 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    15:17:09.0149 4844 Compbatt - ok
    15:17:09.0189 4844 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    15:17:09.0232 4844 CompositeBus - ok
    15:17:09.0267 4844 COMSysApp - ok
    15:17:09.0297 4844 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    15:17:09.0315 4844 crcdisk - ok
    15:17:09.0386 4844 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    15:17:09.0460 4844 CryptSvc - ok
    15:17:09.0510 4844 [ 7AF9DAC504FBD047CBC3E64AE52C92BF ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
  4. LonnieD

    LonnieD Newcomer, in training Topic Starter Posts: 28

    15:17:09.0588 4844 dc3d - ok
    15:17:09.0667 4844 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    15:17:09.0761 4844 DcomLaunch - ok
    15:17:09.0798 4844 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    15:17:09.0879 4844 defragsvc - ok
    15:17:09.0923 4844 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    15:17:10.0001 4844 DfsC - ok
    15:17:10.0066 4844 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    15:17:10.0137 4844 Dhcp - ok
    15:17:10.0186 4844 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    15:17:10.0248 4844 discache - ok
    15:17:10.0306 4844 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    15:17:10.0331 4844 Disk - ok
    15:17:10.0390 4844 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    15:17:10.0466 4844 Dnscache - ok
    15:17:10.0492 4844 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    15:17:10.0574 4844 dot3svc - ok
    15:17:10.0650 4844 [ EAC9D9868D37C8785D12475A9BB65A11 ] DpHost C:\Program Files\DigitalPersona\Bin\DpHostW.exe
    15:17:10.0679 4844 DpHost - ok
    15:17:10.0710 4844 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    15:17:10.0788 4844 DPS - ok
    15:17:10.0838 4844 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    15:17:10.0896 4844 drmkaud - ok
    15:17:10.0966 4844 [ B5DE58992657D9B96E4AA5F7610D48DD ] Droppix Service C:\Program Files (x86)\Common Files\Droppix\DxService.exe
    15:17:10.0995 4844 Droppix Service ( UnsignedFile.Multi.Generic ) - warning
    15:17:10.0995 4844 Droppix Service - detected UnsignedFile.Multi.Generic (1)
    15:17:11.0053 4844 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    15:17:11.0099 4844 DXGKrnl - ok
    15:17:11.0148 4844 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    15:17:11.0218 4844 EapHost - ok
    15:17:11.0367 4844 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    15:17:11.0432 4844 ebdrv - ok
    15:17:11.0472 4844 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    15:17:11.0535 4844 EFS - ok
    15:17:11.0642 4844 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    15:17:11.0706 4844 ehRecvr - ok
    15:17:11.0765 4844 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    15:17:11.0838 4844 ehSched - ok
    15:17:11.0888 4844 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    15:17:11.0918 4844 elxstor - ok
    15:17:11.0986 4844 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
    15:17:12.0021 4844 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
    15:17:12.0021 4844 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
    15:17:12.0128 4844 [ 000598EAA293D5139F3DBC68516F901E ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    15:17:12.0195 4844 EPSON_PM_RPCV4_01 - ok
    15:17:12.0231 4844 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    15:17:12.0282 4844 ErrDev - ok
    15:17:12.0315 4844 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    15:17:12.0377 4844 EventSystem - ok
    15:17:12.0427 4844 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    15:17:12.0472 4844 exfat - ok
    15:17:12.0531 4844 [ A33E0921D0C256E348E0F6D66C77B7F7 ] EyeOneDisplay C:\Windows\system32\Drivers\i1display_x64.sys
    15:17:12.0587 4844 EyeOneDisplay - ok
    15:17:12.0611 4844 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    15:17:12.0696 4844 fastfat - ok
    15:17:12.0752 4844 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    15:17:12.0826 4844 Fax - ok
    15:17:12.0840 4844 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    15:17:12.0871 4844 fdc - ok
    15:17:12.0916 4844 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    15:17:12.0988 4844 fdPHost - ok
    15:17:13.0030 4844 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    15:17:13.0099 4844 FDResPub - ok
    15:17:13.0123 4844 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    15:17:13.0136 4844 FileInfo - ok
    15:17:13.0175 4844 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    15:17:13.0251 4844 Filetrace - ok
    15:17:13.0343 4844 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    15:17:13.0386 4844 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
    15:17:13.0386 4844 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
    15:17:13.0457 4844 [ 7A7F1D1C598C5C8B21CEAAAB892B9FB8 ] FlipShare Service C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
    15:17:13.0505 4844 FlipShare Service - ok
    15:17:13.0523 4844 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    15:17:13.0548 4844 flpydisk - ok
    15:17:13.0588 4844 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    15:17:13.0620 4844 FltMgr - ok
    15:17:13.0671 4844 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    15:17:13.0757 4844 FontCache - ok
    15:17:13.0809 4844 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    15:17:13.0818 4844 FontCache3.0.0.0 - ok
    15:17:13.0855 4844 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    15:17:13.0866 4844 FsDepends - ok
    15:17:13.0922 4844 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    15:17:13.0946 4844 Fs_Rec - ok
    15:17:14.0009 4844 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    15:17:14.0040 4844 fvevol - ok
    15:17:14.0078 4844 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    15:17:14.0091 4844 gagp30kx - ok
    15:17:14.0186 4844 [ D154305DE6090E6E84E525F84BB08A06 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    15:17:14.0211 4844 GameConsoleService - ok
    15:17:14.0270 4844 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    15:17:14.0289 4844 GEARAspiWDM - ok
    15:17:14.0402 4844 [ 8F6AE606EB0CC884EE12C41948424422 ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe
    15:17:14.0420 4844 GoToAssist - ok
    15:17:14.0499 4844 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    15:17:14.0558 4844 gpsvc - ok
    15:17:14.0688 4844 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    15:17:14.0707 4844 gupdate - ok
    15:17:14.0750 4844 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    15:17:14.0769 4844 gupdatem - ok
    15:17:14.0800 4844 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    15:17:14.0865 4844 hcw85cir - ok
    15:17:14.0919 4844 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    15:17:14.0955 4844 HdAudAddService - ok
    15:17:15.0007 4844 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    15:17:15.0062 4844 HDAudBus - ok
    15:17:15.0102 4844 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    15:17:15.0119 4844 HECIx64 - ok
    15:17:15.0140 4844 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    15:17:15.0188 4844 HidBatt - ok
    15:17:15.0210 4844 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    15:17:15.0251 4844 HidBth - ok
    15:17:15.0277 4844 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    15:17:15.0294 4844 HidIr - ok
    15:17:15.0324 4844 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    15:17:15.0387 4844 hidserv - ok
    15:17:15.0435 4844 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    15:17:15.0464 4844 HidUsb - ok
    15:17:15.0523 4844 [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys
    15:17:15.0547 4844 HipShieldK - ok
    15:17:15.0606 4844 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    15:17:15.0691 4844 hkmsvc - ok
    15:17:15.0757 4844 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    15:17:15.0842 4844 HomeGroupListener - ok
    15:17:15.0879 4844 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    15:17:15.0931 4844 HomeGroupProvider - ok
    15:17:16.0032 4844 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    15:17:16.0042 4844 HP Support Assistant Service - ok
    15:17:16.0161 4844 [ C930128C8F8FF03D8F8C42B570920D56 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    15:17:16.0182 4844 HP Wireless Assistant Service - ok
    15:17:16.0256 4844 [ DA075126F867727810EE9B98B3041C4C ] HPAuto C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
    15:17:16.0289 4844 HPAuto - ok
    15:17:16.0341 4844 [ 3DC11A802353401332D49C3CBFBBE5FC ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    15:17:16.0366 4844 HPClientSvc - ok
    15:17:16.0433 4844 [ D17F9E527F01770BD04A9223BC40EC22 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    15:17:16.0458 4844 HPDrvMntSvc.exe - ok
    15:17:16.0505 4844 [ CCBE758967CC0F53F5BA3B271653C4E6 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
    15:17:16.0525 4844 hpdskflt - ok
    15:17:16.0599 4844 [ 0955C23C041451FB4E7099D6B2CF1C06 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    15:17:16.0656 4844 hpqwmiex - ok
    15:17:16.0715 4844 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    15:17:16.0739 4844 HpSAMD - ok
    15:17:16.0766 4844 [ E2223A37896A76861D7F79FD81A2A193 ] hpsrv C:\Windows\system32\Hpservice.exe
    15:17:16.0780 4844 hpsrv - ok
    15:17:16.0860 4844 [ 171000873EB522E5EA3DD4C4E0B689B2 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    15:17:16.0879 4844 HPWMISVC - ok
    15:17:16.0929 4844 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    15:17:17.0029 4844 HTTP - ok
    15:17:17.0075 4844 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    15:17:17.0086 4844 hwpolicy - ok
    15:17:17.0143 4844 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    15:17:17.0156 4844 i8042prt - ok
    15:17:17.0178 4844 [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
    15:17:17.0195 4844 iaStor - ok
    15:17:17.0230 4844 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    15:17:17.0247 4844 iaStorV - ok
    15:17:17.0353 4844 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    15:17:17.0385 4844 IDriverT ( UnsignedFile.Multi.Generic ) - warning
    15:17:17.0385 4844 IDriverT - detected UnsignedFile.Multi.Generic (1)
    15:17:17.0475 4844 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    15:17:17.0517 4844 idsvc - ok
    15:17:17.0769 4844 [ 1BE8D9CA4F2363B8E8015621878E0043 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    15:17:17.0921 4844 igfx - ok
    15:17:17.0948 4844 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    15:17:17.0962 4844 iirsp - ok
    15:17:18.0053 4844 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    15:17:18.0132 4844 IKEEXT - ok
    15:17:18.0191 4844 [ 36FDF367A1DABFF903E2214023D71368 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
    15:17:18.0270 4844 Impcd - ok
    15:17:18.0308 4844 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    15:17:18.0323 4844 intelide - ok
    15:17:18.0591 4844 [ 1BE8D9CA4F2363B8E8015621878E0043 ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys
    15:17:18.0729 4844 intelkmd - ok
    15:17:18.0790 4844 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    15:17:18.0837 4844 intelppm - ok
    15:17:18.0891 4844 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    15:17:18.0971 4844 IPBusEnum - ok
    15:17:19.0016 4844 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    15:17:19.0086 4844 IpFilterDriver - ok
    15:17:19.0120 4844 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    15:17:19.0161 4844 IPMIDRV - ok
    15:17:19.0180 4844 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    15:17:19.0232 4844 IPNAT - ok
    15:17:19.0309 4844 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    15:17:19.0348 4844 iPod Service - ok
    15:17:19.0397 4844 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    15:17:19.0471 4844 IRENUM - ok
    15:17:19.0514 4844 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    15:17:19.0531 4844 isapnp - ok
    15:17:19.0550 4844 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    15:17:19.0572 4844 iScsiPrt - ok
    15:17:19.0622 4844 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    15:17:19.0647 4844 kbdclass - ok
    15:17:19.0707 4844 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    15:17:19.0751 4844 kbdhid - ok
    15:17:19.0762 4844 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    15:17:19.0777 4844 KeyIso - ok
    15:17:19.0826 4844 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    15:17:19.0854 4844 KSecDD - ok
    15:17:19.0893 4844 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    15:17:19.0907 4844 KSecPkg - ok
    15:17:19.0951 4844 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    15:17:20.0032 4844 ksthunk - ok
    15:17:20.0077 4844 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    15:17:20.0164 4844 KtmRm - ok
    15:17:20.0232 4844 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    15:17:20.0298 4844 LanmanServer - ok
    15:17:20.0357 4844 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    15:17:20.0445 4844 LanmanWorkstation - ok
    15:17:20.0616 4844 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    15:17:20.0642 4844 LBTServ - ok
    15:17:20.0711 4844 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
    15:17:20.0731 4844 LHidFilt - ok
    15:17:20.0813 4844 [ C34411A244029F1C08687F7C752C4563 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    15:17:20.0822 4844 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
    15:17:20.0822 4844 LightScribeService - detected UnsignedFile.Multi.Generic (1)
    15:17:20.0874 4844 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    15:17:20.0946 4844 lltdio - ok
    15:17:21.0001 4844 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    15:17:21.0079 4844 lltdsvc - ok
    15:17:21.0103 4844 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    15:17:21.0142 4844 lmhosts - ok
    15:17:21.0197 4844 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
    15:17:21.0216 4844 LMouFilt - ok
    15:17:21.0319 4844 [ 6D515466AB8BFE61184092B635AE6EB4 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    15:17:21.0345 4844 LMS - ok
    15:17:21.0393 4844 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    15:17:21.0406 4844 LSI_FC - ok
    15:17:21.0442 4844 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    15:17:21.0468 4844 LSI_SAS - ok
    15:17:21.0485 4844 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    15:17:21.0500 4844 LSI_SAS2 - ok
    15:17:21.0527 4844 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    15:17:21.0565 4844 LSI_SCSI - ok
    15:17:21.0602 4844 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    15:17:21.0667 4844 luafv - ok
    15:17:21.0729 4844 [ 29C733E1DE824670DC9315CFC9BDBCD3 ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
    15:17:21.0749 4844 LUsbFilt - ok
    15:17:21.0805 4844 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    15:17:21.0828 4844 MBAMProtector - ok
    15:17:21.0919 4844 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    15:17:21.0948 4844 MBAMScheduler - ok
    15:17:22.0005 4844 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    15:17:22.0042 4844 MBAMService - ok
    15:17:22.0158 4844 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    15:17:22.0182 4844 McAfee SiteAdvisor Service - ok
    15:17:22.0282 4844 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
    15:17:22.0304 4844 McComponentHostService - ok
    15:17:22.0380 4844 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    15:17:22.0404 4844 McMPFSvc - ok
    15:17:22.0445 4844 [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    15:17:22.0457 4844 mcmscsvc - ok
    15:17:22.0477 4844 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    15:17:22.0489 4844 McNaiAnn - ok
    15:17:22.0547 4844 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    15:17:22.0573 4844 McNASvc - ok
    15:17:22.0687 4844 [ BE7C8C3F8FE52D8F7826E14CF11DE949 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
    15:17:22.0713 4844 McODS - ok
    15:17:22.0757 4844 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    15:17:22.0774 4844 McProxy - ok
    15:17:22.0832 4844 [ 07ADF390306FC00297EE9B2247C0678E ] McPvDrv C:\Windows\system32\drivers\McPvDrv.sys
    15:17:22.0847 4844 McPvDrv - ok
    15:17:22.0957 4844 [ 4DEC9B5BEDAA97B1FF6A3923E1C4F58A ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    15:17:22.0984 4844 McShield - ok
    15:17:23.0017 4844 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    15:17:23.0110 4844 Mcx2Svc - ok
    15:17:23.0158 4844 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    15:17:23.0183 4844 megasas - ok
    15:17:23.0203 4844 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    15:17:23.0223 4844 MegaSR - ok
    15:17:23.0308 4844 [ B574522827D94126C03975FD53F0B26B ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
    15:17:23.0333 4844 mfeapfk - ok
    15:17:23.0392 4844 [ B393753ECE9A9E2307CB1984ACF3DA9D ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
    15:17:23.0418 4844 mfeavfk - ok
    15:17:23.0439 4844 mfeavfk01 - ok
    15:17:23.0487 4844 [ 97C398750C8E80A48EB63999546F796E ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    15:17:23.0513 4844 mfefire - ok
    15:17:23.0585 4844 [ C52A1ABF03DD219375EA0F6A8BE941C3 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
    15:17:23.0601 4844 mfefirek - ok
    15:17:23.0661 4844 [ 7092A6C6158FC4F5AA39EBEB9D5AF03D ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
    15:17:23.0705 4844 mfehidk - ok
    15:17:23.0782 4844 [ D2A941C82A0A9227CD6F47AD40A40F69 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
    15:17:23.0804 4844 mferkdet - ok
    15:17:23.0869 4844 [ 04D48692EFF181DA46DD8EA8BE9FFB2B ] mfevtp C:\Windows\system32\mfevtps.exe
    15:17:23.0896 4844 mfevtp - ok
    15:17:23.0973 4844 [ 1631E2DA6C4B47D97ECA94842836592E ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
    15:17:24.0000 4844 mfewfpk - ok
    15:17:24.0141 4844 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
    15:17:24.0164 4844 Microsoft Office Groove Audit Service - ok
    15:17:24.0193 4844 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    15:17:24.0264 4844 MMCSS - ok
    15:17:24.0524 4844 [ D760B1B5028E9D89FD429AE26CBA8475 ] MOBCleanup C:\Users\Lonnie Dawkins\AppData\Local\Temp\MOBCleanup.exe
    15:17:24.0555 4844 MOBCleanup - ok
    15:17:24.0669 4844 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    15:17:24.0745 4844 Modem - ok
    15:17:24.0779 4844 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    15:17:24.0830 4844 monitor - ok
    15:17:24.0876 4844 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    15:17:24.0902 4844 mouclass - ok
    15:17:24.0964 4844 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    15:17:25.0007 4844 mouhid - ok
    15:17:25.0059 4844 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    15:17:25.0085 4844 mountmgr - ok
    15:17:25.0107 4844 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    15:17:25.0125 4844 mpio - ok
    15:17:25.0143 4844 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    15:17:25.0180 4844 mpsdrv - ok
    15:17:25.0207 4844 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    15:17:25.0259 4844 MRxDAV - ok
    15:17:25.0281 4844 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    15:17:25.0365 4844 mrxsmb - ok
    15:17:25.0393 4844 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    15:17:25.0431 4844 mrxsmb10 - ok
    15:17:25.0468 4844 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    15:17:25.0498 4844 mrxsmb20 - ok
    15:17:25.0515 4844 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    15:17:25.0538 4844 msahci - ok
    15:17:25.0656 4844 [ A592A054D78750B4D73ABAA4C94DECDF ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    15:17:25.0678 4844 MSCamSvc - ok
    15:17:25.0710 4844 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    15:17:25.0722 4844 msdsm - ok
    15:17:25.0753 4844 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    15:17:25.0786 4844 MSDTC - ok
    15:17:25.0835 4844 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    15:17:25.0872 4844 Msfs - ok
    15:17:25.0917 4844 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    15:17:25.0968 4844 mshidkmdf - ok
    15:17:25.0986 4844 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    15:17:25.0998 4844 msisadrv - ok
    15:17:26.0025 4844 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    15:17:26.0117 4844 MSiSCSI - ok
    15:17:26.0121 4844 msiserver - ok
    15:17:26.0269 4844 [ F928E5E72BBA15DD0CE9A26E0413D236 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    15:17:26.0293 4844 MSK80Service - ok
    15:17:26.0363 4844 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    15:17:26.0446 4844 MSKSSRV - ok
    15:17:26.0476 4844 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    15:17:26.0560 4844 MSPCLOCK - ok
    15:17:26.0582 4844 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    15:17:26.0671 4844 MSPQM - ok
    15:17:26.0701 4844 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    15:17:26.0716 4844 MsRPC - ok
    15:17:26.0749 4844 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    15:17:26.0761 4844 mssmbios - ok
    15:17:26.0806 4844 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    15:17:26.0858 4844 MSTEE - ok
    15:17:26.0899 4844 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    15:17:26.0949 4844 MTConfig - ok
    15:17:26.0973 4844 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    15:17:26.0998 4844 Mup - ok
    15:17:27.0031 4844 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    15:17:27.0123 4844 napagent - ok
    15:17:27.0189 4844 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    15:17:27.0255 4844 NativeWifiP - ok
    15:17:27.0316 4844 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
    15:17:27.0365 4844 NDIS - ok
    15:17:27.0417 4844 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    15:17:27.0466 4844 NdisCap - ok
    15:17:27.0510 4844 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    15:17:27.0570 4844 NdisTapi - ok
    15:17:27.0614 4844 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    15:17:27.0687 4844 Ndisuio - ok
    15:17:27.0721 4844 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    15:17:27.0812 4844 NdisWan - ok
    15:17:27.0869 4844 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    15:17:27.0903 4844 NDProxy - ok
    15:17:27.0949 4844 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    15:17:28.0026 4844 NetBIOS - ok
    15:17:28.0066 4844 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    15:17:28.0132 4844 NetBT - ok
    15:17:28.0185 4844 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    15:17:28.0213 4844 Netlogon - ok
    15:17:28.0266 4844 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    15:17:28.0346 4844 Netman - ok
    15:17:28.0376 4844 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    15:17:28.0438 4844 netprofm - ok
    15:17:28.0527 4844 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    15:17:28.0549 4844 NetTcpPortSharing - ok
    15:17:28.0746 4844 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
    15:17:28.0876 4844 netw5v64 - ok
    15:17:28.0911 4844 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    15:17:28.0923 4844 nfrd960 - ok
    15:17:29.0002 4844 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    15:17:29.0085 4844 NlaSvc - ok
    15:17:29.0234 4844 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    15:17:29.0287 4844 NOBU - ok
    15:17:29.0324 4844 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    15:17:29.0359 4844 Npfs - ok
    15:17:29.0392 4844 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    15:17:29.0471 4844 nsi - ok
    15:17:29.0501 4844 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    15:17:29.0585 4844 nsiproxy - ok
    15:17:29.0647 4844 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    15:17:29.0701 4844 Ntfs - ok
    15:17:29.0775 4844 [ 317020D31F1696334679B9D0416EB62E ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
    15:17:29.0795 4844 NuidFltr - ok
    15:17:29.0830 4844 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    15:17:29.0879 4844 Null - ok
    15:17:29.0921 4844 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    15:17:29.0934 4844 nvraid - ok
    15:17:29.0955 4844 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    15:17:29.0970 4844 nvstor - ok
    15:17:30.0012 4844 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    15:17:30.0025 4844 nv_agp - ok
    15:17:30.0132 4844 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    15:17:30.0162 4844 odserv - ok
    15:17:30.0202 4844 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    15:17:30.0255 4844 ohci1394 - ok
    15:17:30.0309 4844 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    15:17:30.0331 4844 ose - ok
    15:17:30.0391 4844 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    15:17:30.0469 4844 p2pimsvc - ok
    15:17:30.0493 4844 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    15:17:30.0515 4844 p2psvc - ok
    15:17:30.0535 4844 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    15:17:30.0554 4844 Parport - ok
    15:17:30.0589 4844 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    15:17:30.0610 4844 partmgr - ok
    15:17:30.0652 4844 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    15:17:30.0716 4844 PcaSvc - ok
    15:17:30.0761 4844 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    15:17:30.0777 4844 pci - ok
    15:17:30.0814 4844 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    15:17:30.0828 4844 pciide - ok
    15:17:30.0851 4844 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    15:17:30.0870 4844 pcmcia - ok
    15:17:30.0888 4844 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    15:17:30.0903 4844 pcw - ok
    15:17:30.0931 4844 PDIHWCTL - ok
    15:17:30.0964 4844 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    15:17:31.0042 4844 PEAUTH - ok
    15:17:31.0143 4844 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    15:17:31.0215 4844 PerfHost - ok
    15:17:31.0297 4844 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    15:17:31.0411 4844 pla - ok
    15:17:31.0455 4844 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    15:17:31.0526 4844 PlugPlay - ok
  5. LonnieD

    LonnieD Newcomer, in training Topic Starter Posts: 28

    15:17:31.0551 4844 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    15:17:31.0602 4844 PNRPAutoReg - ok
    15:17:31.0634 4844 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    15:17:31.0653 4844 PNRPsvc - ok
    15:17:31.0721 4844 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
    15:17:31.0742 4844 Point64 - ok
    15:17:31.0777 4844 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    15:17:31.0904 4844 PolicyAgent - ok
    15:17:31.0946 4844 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    15:17:32.0034 4844 Power - ok
    15:17:32.0084 4844 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    15:17:32.0172 4844 PptpMiniport - ok
    15:17:32.0199 4844 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    15:17:32.0229 4844 Processor - ok
    15:17:32.0258 4844 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    15:17:32.0314 4844 ProfSvc - ok
    15:17:32.0330 4844 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    15:17:32.0356 4844 ProtectedStorage - ok
    15:17:32.0410 4844 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    15:17:32.0493 4844 Psched - ok
    15:17:32.0557 4844 [ F036CFB275D0C55F4E45FBBF5F98B3C8 ] PSI_SVC_2 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    15:17:32.0580 4844 PSI_SVC_2 - ok
    15:17:32.0654 4844 [ 2631FC0676CC310B2E85FDE46B1560D9 ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    15:17:32.0681 4844 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning
    15:17:32.0681 4844 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)
    15:17:32.0751 4844 [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    15:17:32.0783 4844 QBFCService ( UnsignedFile.Multi.Generic ) - warning
    15:17:32.0783 4844 QBFCService - detected UnsignedFile.Multi.Generic (1)
    15:17:32.0856 4844 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    15:17:32.0905 4844 ql2300 - ok
    15:17:32.0932 4844 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    15:17:32.0945 4844 ql40xx - ok
    15:17:32.0986 4844 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    15:17:33.0024 4844 QWAVE - ok
    15:17:33.0060 4844 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    15:17:33.0116 4844 QWAVEdrv - ok
    15:17:33.0140 4844 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    15:17:33.0202 4844 RasAcd - ok
    15:17:33.0248 4844 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    15:17:33.0282 4844 RasAgileVpn - ok
    15:17:33.0319 4844 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    15:17:33.0391 4844 RasAuto - ok
    15:17:33.0427 4844 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    15:17:33.0495 4844 Rasl2tp - ok
    15:17:33.0523 4844 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    15:17:33.0561 4844 RasMan - ok
    15:17:33.0604 4844 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    15:17:33.0692 4844 RasPppoe - ok
    15:17:33.0714 4844 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    15:17:33.0776 4844 RasSstp - ok
    15:17:33.0809 4844 [ 96597C96D5ACF4A3EF0B24D396853879 ] rcmirror C:\Windows\system32\DRIVERS\rcmirror.sys
    15:17:33.0832 4844 rcmirror - ok
    15:17:33.0849 4844 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    15:17:33.0909 4844 rdbss - ok
    15:17:33.0936 4844 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    15:17:33.0983 4844 rdpbus - ok
    15:17:34.0020 4844 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    15:17:34.0105 4844 RDPCDD - ok
    15:17:34.0123 4844 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    15:17:34.0169 4844 RDPENCDD - ok
    15:17:34.0193 4844 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    15:17:34.0229 4844 RDPREFMP - ok
    15:17:34.0272 4844 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    15:17:34.0303 4844 RDPWD - ok
    15:17:34.0371 4844 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    15:17:34.0385 4844 rdyboost - ok
    15:17:34.0437 4844 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    15:17:34.0518 4844 RemoteAccess - ok
    15:17:34.0570 4844 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    15:17:34.0630 4844 RemoteRegistry - ok
    15:17:34.0728 4844 [ C1568E17039B2EC2B73A4F880DDD51E5 ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    15:17:34.0763 4844 RoxioNow Service - ok
    15:17:34.0806 4844 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    15:17:34.0872 4844 RpcEptMapper - ok
    15:17:34.0903 4844 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    15:17:34.0941 4844 RpcLocator - ok
    15:17:34.0991 4844 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    15:17:35.0052 4844 RpcSs - ok
    15:17:35.0097 4844 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    15:17:35.0147 4844 rspndr - ok
    15:17:35.0185 4844 [ 907C4464381B5EBDFDC60F6C7D0DEDFC ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
    15:17:35.0212 4844 RSUSBSTOR - ok
    15:17:35.0272 4844 [ 4B42BC58294E83A6A92EC8B88C14C4A3 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    15:17:35.0302 4844 RTL8167 - ok
    15:17:35.0319 4844 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    15:17:35.0334 4844 SamSs - ok
    15:17:35.0348 4844 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    15:17:35.0362 4844 sbp2port - ok
    15:17:35.0396 4844 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    15:17:35.0434 4844 SCardSvr - ok
    15:17:35.0474 4844 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    15:17:35.0507 4844 scfilter - ok
    15:17:35.0546 4844 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    15:17:35.0624 4844 Schedule - ok
    15:17:35.0660 4844 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    15:17:35.0710 4844 SCPolicySvc - ok
    15:17:35.0794 4844 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
    15:17:35.0823 4844 sdbus - ok
    15:17:35.0852 4844 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    15:17:35.0924 4844 SDRSVC - ok
    15:17:35.0990 4844 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    15:17:36.0021 4844 SeaPort - ok
    15:17:36.0069 4844 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    15:17:36.0117 4844 secdrv - ok
    15:17:36.0153 4844 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    15:17:36.0228 4844 seclogon - ok
    15:17:36.0260 4844 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    15:17:36.0325 4844 SENS - ok
    15:17:36.0377 4844 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    15:17:36.0448 4844 SensrSvc - ok
    15:17:36.0490 4844 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    15:17:36.0525 4844 Serenum - ok
    15:17:36.0553 4844 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    15:17:36.0567 4844 Serial - ok
    15:17:36.0612 4844 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    15:17:36.0660 4844 sermouse - ok
    15:17:36.0713 4844 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    15:17:36.0787 4844 SessionEnv - ok
    15:17:36.0825 4844 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    15:17:36.0908 4844 sffdisk - ok
    15:17:36.0921 4844 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    15:17:36.0970 4844 sffp_mmc - ok
    15:17:36.0976 4844 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    15:17:37.0003 4844 sffp_sd - ok
    15:17:37.0044 4844 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    15:17:37.0088 4844 sfloppy - ok
    15:17:37.0137 4844 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    15:17:37.0219 4844 ShellHWDetection - ok
    15:17:37.0273 4844 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    15:17:37.0298 4844 SiSRaid2 - ok
    15:17:37.0322 4844 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    15:17:37.0338 4844 SiSRaid4 - ok
    15:17:37.0384 4844 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    15:17:37.0461 4844 Smb - ok
    15:17:37.0525 4844 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    15:17:37.0566 4844 SNMPTRAP - ok
    15:17:37.0605 4844 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    15:17:37.0616 4844 spldr - ok
    15:17:37.0649 4844 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
    15:17:37.0707 4844 Spooler - ok
    15:17:37.0797 4844 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    15:17:37.0907 4844 sppsvc - ok
    15:17:37.0952 4844 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    15:17:38.0069 4844 sppuinotify - ok
    15:17:38.0109 4844 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    15:17:38.0177 4844 srv - ok
    15:17:38.0210 4844 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    15:17:38.0244 4844 srv2 - ok
    15:17:38.0282 4844 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    15:17:38.0301 4844 SrvHsfHDA - ok
    15:17:38.0352 4844 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    15:17:38.0388 4844 SrvHsfV92 - ok
    15:17:38.0414 4844 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    15:17:38.0435 4844 SrvHsfWinac - ok
    15:17:38.0474 4844 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    15:17:38.0489 4844 srvnet - ok
    15:17:38.0516 4844 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    15:17:38.0583 4844 SSDPSRV - ok
    15:17:38.0628 4844 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    15:17:38.0664 4844 SstpSvc - ok
    15:17:38.0792 4844 [ B00068BA94F5F306911B14B425AAEB56 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
    15:17:38.0846 4844 STacSV - ok
    15:17:38.0876 4844 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    15:17:38.0900 4844 stexstor - ok
    15:17:38.0957 4844 [ DA40D9C9CCB9836D6ABD1706935A2277 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
    15:17:39.0005 4844 STHDA - ok
    15:17:39.0070 4844 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    15:17:39.0145 4844 stisvc - ok
    15:17:39.0167 4844 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    15:17:39.0179 4844 swenum - ok
    15:17:39.0273 4844 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    15:17:39.0316 4844 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
    15:17:39.0316 4844 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
    15:17:39.0356 4844 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    15:17:39.0438 4844 swprv - ok
    15:17:39.0498 4844 [ 961CFAC2A5318E212F459D651F28E0A4 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
    15:17:39.0562 4844 SynTP - ok
    15:17:39.0618 4844 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    15:17:39.0683 4844 SysMain - ok
    15:17:39.0731 4844 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    15:17:39.0767 4844 TabletInputService - ok
    15:17:39.0811 4844 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    15:17:39.0927 4844 TapiSrv - ok
    15:17:39.0970 4844 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    15:17:40.0010 4844 TBS - ok
    15:17:40.0105 4844 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    15:17:40.0180 4844 Tcpip - ok
    15:17:40.0219 4844 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    15:17:40.0257 4844 TCPIP6 - ok
    15:17:40.0298 4844 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    15:17:40.0375 4844 tcpipreg - ok
    15:17:40.0422 4844 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    15:17:40.0481 4844 TDPIPE - ok
    15:17:40.0520 4844 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    15:17:40.0558 4844 TDTCP - ok
    15:17:40.0586 4844 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    15:17:40.0637 4844 tdx - ok
    15:17:40.0658 4844 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    15:17:40.0670 4844 TermDD - ok
    15:17:40.0722 4844 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    15:17:40.0783 4844 TermService - ok
    15:17:40.0804 4844 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    15:17:40.0842 4844 Themes - ok
    15:17:40.0872 4844 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    15:17:40.0907 4844 THREADORDER - ok
    15:17:40.0958 4844 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    15:17:41.0042 4844 TrkWks - ok
    15:17:41.0123 4844 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    15:17:41.0209 4844 TrustedInstaller - ok
    15:17:41.0247 4844 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    15:17:41.0358 4844 tssecsrv - ok
    15:17:41.0406 4844 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    15:17:41.0471 4844 TsUsbFlt - ok
    15:17:41.0510 4844 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    15:17:41.0584 4844 tunnel - ok
    15:17:41.0625 4844 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    15:17:41.0640 4844 uagp35 - ok
    15:17:41.0667 4844 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    15:17:41.0732 4844 udfs - ok
    15:17:41.0781 4844 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    15:17:41.0809 4844 UI0Detect - ok
    15:17:41.0833 4844 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    15:17:41.0846 4844 uliagpkx - ok
    15:17:41.0896 4844 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    15:17:41.0929 4844 umbus - ok
    15:17:41.0960 4844 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    15:17:42.0007 4844 UmPass - ok
    15:17:42.0145 4844 [ 0FADD949576A164B4E51E716F46B6C33 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    15:17:42.0198 4844 UNS - ok
    15:17:42.0226 4844 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    15:17:42.0282 4844 upnphost - ok
    15:17:42.0318 4844 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    15:17:42.0347 4844 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
    15:17:42.0347 4844 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
    15:17:42.0381 4844 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    15:17:42.0435 4844 usbaudio - ok
    15:17:42.0460 4844 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp
  6. LonnieD

    LonnieD Newcomer, in training Topic Starter Posts: 28

    C:\Windows\system32\DRIVERS\usbccgp.sys
    15:17:42.0525 4844 usbccgp - ok
    15:17:42.0570 4844 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    15:17:42.0605 4844 usbcir - ok
    15:17:42.0630 4844 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
    15:17:42.0670 4844 usbehci - ok
    15:17:42.0697 4844 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    15:17:42.0736 4844 usbhub - ok
    15:17:42.0769 4844 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    15:17:42.0810 4844 usbohci - ok
    15:17:42.0839 4844 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    15:17:42.0895 4844 usbprint - ok
    15:17:42.0929 4844 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    15:17:42.0967 4844 usbscan - ok
    15:17:42.0989 4844 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    15:17:43.0059 4844 USBSTOR - ok
    15:17:43.0094 4844 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    15:17:43.0141 4844 usbuhci - ok
    15:17:43.0207 4844 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
    15:17:43.0242 4844 usbvideo - ok
    15:17:43.0281 4844 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    15:17:43.0357 4844 UxSms - ok
    15:17:43.0386 4844 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    15:17:43.0399 4844 VaultSvc - ok
    15:17:43.0470 4844 [ 2662F24C7AEE2A32CEBDEC907A5366F1 ] vcsFPService C:\Windows\system32\vcsFPService.exe
    15:17:43.0570 4844 vcsFPService - ok
    15:17:43.0607 4844 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    15:17:43.0619 4844 vdrvroot - ok
    15:17:43.0662 4844 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    15:17:43.0722 4844 vds - ok
    15:17:43.0752 4844 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    15:17:43.0769 4844 vga - ok
    15:17:43.0782 4844 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    15:17:43.0843 4844 VgaSave - ok
    15:17:43.0883 4844 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    15:17:43.0914 4844 vhdmp - ok
    15:17:43.0938 4844 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    15:17:43.0952 4844 viaide - ok
    15:17:43.0969 4844 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    15:17:43.0984 4844 volmgr - ok
    15:17:44.0035 4844 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    15:17:44.0052 4844 volmgrx - ok
    15:17:44.0095 4844 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    15:17:44.0110 4844 volsnap - ok
    15:17:44.0145 4844 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    15:17:44.0158 4844 vsmraid - ok
    15:17:44.0205 4844 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    15:17:44.0292 4844 VSS - ok
    15:17:44.0336 4844 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    15:17:44.0386 4844 vwifibus - ok
    15:17:44.0431 4844 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    15:17:44.0455 4844 vwififlt - ok
    15:17:44.0551 4844 [ 07E6731FF9399A3B72D64150D4C5F71A ] VX6000 C:\Windows\system32\DRIVERS\VX6000Xp.sys
    15:17:44.0606 4844 VX6000 - ok
    15:17:44.0674 4844 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    15:17:44.0724 4844 W32Time - ok
    15:17:44.0753 4844 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    15:17:44.0780 4844 WacomPen - ok
    15:17:44.0830 4844 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    15:17:44.0910 4844 WANARP - ok
    15:17:44.0914 4844 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    15:17:44.0949 4844 Wanarpv6 - ok
    15:17:44.0990 4844 [ ECEB715BECE47E101DDEC06B11126066 ] wanatw C:\Windows\system32\DRIVERS\wanatw64.sys
    15:17:45.0070 4844 wanatw - ok
    15:17:45.0138 4844 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    15:17:45.0276 4844 WatAdminSvc - ok
    15:17:45.0330 4844 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    15:17:45.0429 4844 wbengine - ok
    15:17:45.0469 4844 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    15:17:45.0493 4844 WbioSrvc - ok
    15:17:45.0531 4844 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    15:17:45.0589 4844 wcncsvc - ok
    15:17:45.0615 4844 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    15:17:45.0648 4844 WcsPlugInService - ok
    15:17:45.0680 4844 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    15:17:45.0702 4844 Wd - ok
    15:17:45.0732 4844 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    15:17:45.0760 4844 Wdf01000 - ok
    15:17:45.0801 4844 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    15:17:45.0929 4844 WdiServiceHost - ok
    15:17:45.0933 4844 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    15:17:45.0959 4844 WdiSystemHost - ok
    15:17:45.0994 4844 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    15:17:46.0026 4844 WebClient - ok
    15:17:46.0055 4844 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    15:17:46.0111 4844 Wecsvc - ok
    15:17:46.0141 4844 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    15:17:46.0204 4844 wercplsupport - ok
    15:17:46.0243 4844 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    15:17:46.0307 4844 WerSvc - ok
    15:17:46.0352 4844 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    15:17:46.0412 4844 WfpLwf - ok
    15:17:46.0432 4844 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    15:17:46.0443 4844 WIMMount - ok
    15:17:46.0448 4844 WinHttpAutoProxySvc - ok
    15:17:46.0519 4844 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    15:17:46.0599 4844 Winmgmt - ok
    15:17:46.0652 4844 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    15:17:46.0805 4844 WinRM - ok
    15:17:46.0883 4844 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
    15:17:46.0929 4844 WinUSB - ok
    15:17:46.0990 4844 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    15:17:47.0061 4844 Wlansvc - ok
    15:17:47.0216 4844 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    15:17:47.0269 4844 wlidsvc - ok
    15:17:47.0325 4844 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    15:17:47.0362 4844 WmiAcpi - ok
    15:17:47.0400 4844 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    15:17:47.0444 4844 wmiApSrv - ok
    15:17:47.0477 4844 WMPNetworkSvc - ok
    15:17:47.0497 4844 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    15:17:47.0527 4844 WPCSvc - ok
    15:17:47.0569 4844 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    15:17:47.0605 4844 WPDBusEnum - ok
    15:17:47.0633 4844 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    15:17:47.0697 4844 ws2ifsl - ok
    15:17:47.0701 4844 WSearch - ok
    15:17:47.0727 4844 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    15:17:47.0783 4844 WudfPf - ok
    15:17:47.0811 4844 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    15:17:47.0870 4844 WUDFRd - ok
    15:17:47.0909 4844 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    15:17:47.0976 4844 wudfsvc - ok
    15:17:47.0999 4844 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    15:17:48.0043 4844 WwanSvc - ok
    15:17:48.0119 4844 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
    15:17:48.0174 4844 yukonw7 - ok
    15:17:48.0200 4844 ================ Scan global ===============================
    15:17:48.0235 4844 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    15:17:48.0273 4844 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    15:17:48.0285 4844 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    15:17:48.0327 4844 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    15:17:48.0368 4844 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    15:17:48.0374 4844 [Global] - ok
    15:17:48.0376 4844 ================ Scan MBR ==================================
    15:17:48.0387 4844 [ 84DCC41F6FE854381F8E672C5038EC0C ] \Device\Harddisk0\DR0
    15:17:48.0387 4844 Suspicious mbr (Forged): \Device\Harddisk0\DR0
    15:17:48.0440 4844 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    15:17:48.0440 4844 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    15:17:49.0084 4844 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
    15:17:49.0084 4844 \Device\Harddisk0\DR0 - detected TDSS File System (1)
    15:17:49.0090 4844 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
    15:17:49.0261 4844 \Device\Harddisk1\DR1 - ok
    15:17:49.0262 4844 ================ Scan VBR ==================================
    15:17:49.0273 4844 [ 5B0076C703E0A2B1772A669F411249CE ] \Device\Harddisk0\DR0\Partition1
    15:17:49.0275 4844 \Device\Harddisk0\DR0\Partition1 - ok
    15:17:49.0291 4844 [ 72C198F39F1BD06475F8EB4B2C5A4864 ] \Device\Harddisk0\DR0\Partition2
    15:17:49.0293 4844 \Device\Harddisk0\DR0\Partition2 - ok
    15:17:49.0322 4844 [ 0EBFB4A82E3E281CC478BA8928C73CDD ] \Device\Harddisk0\DR0\Partition3
    15:17:49.0325 4844 \Device\Harddisk0\DR0\Partition3 - ok
    15:17:49.0330 4844 [ A4203365F25126BCB5D9218D550D4B26 ] \Device\Harddisk1\DR1\Partition1
    15:17:49.0333 4844 \Device\Harddisk1\DR1\Partition1 - ok
    15:17:49.0334 4844 ============================================================
    15:17:49.0334 4844 Scan finished
    15:17:49.0334 4844 ============================================================
    15:17:49.0348 7936 Detected object count: 11
    15:17:49.0348 7936 Actual detected object count: 11
    15:22:04.0107 7936 Droppix Service ( UnsignedFile.Multi.Generic ) - skipped by user
    15:22:04.0107 7936 Droppix Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
    15:22:04.0108 7936 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
    15:22:04.0108 7936 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip
    15:22:04.0110 7936 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
    15:22:04.0110 7936 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
    15:22:04.0112 7936 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
    15:22:04.0113 7936 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
    15:22:04.0114 7936 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
    15:22:04.0114 7936 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
    15:22:04.0116 7936 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user
    15:22:04.0117 7936 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip
    15:22:04.0119 7936 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user
    15:22:04.0119 7936 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
    15:22:04.0121 7936 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
    15:22:04.0121 7936 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
    15:22:04.0122 7936 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
    15:22:04.0122 7936 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    15:22:04.0921 7936 \Device\Harddisk0\DR0\# - copied to quarantine
    15:22:04.0924 7936 \Device\Harddisk0\DR0 - copied to quarantine
    15:22:04.0964 7936 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    15:22:04.0970 7936 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    15:22:04.0976 7936 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    15:22:04.0990 7936 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    15:22:05.0018 7936 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    15:22:05.0021 7936 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    15:22:05.0023 7936 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    15:22:05.0026 7936 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    15:22:05.0029 7936 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    15:22:05.0033 7936 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    15:22:05.0040 7936 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    15:22:05.0043 7936 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    15:22:05.0046 7936 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    15:22:05.0153 7936 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    15:22:05.0203 7936 \Device\Harddisk0\DR0 - ok
    15:22:05.0378 7936 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    15:22:05.0379 7936 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
    15:22:05.0379 7936 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
    15:22:11.0104 5480 Deinitialize success
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Good job!

    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  8. LonnieD

    LonnieD Newcomer, in training Topic Starter Posts: 28

    Thanks again for your help.
    Here is the ComboFix.txt log.

    ComboFix 12-10-17.05 - Lonnie Dawkins 10/17/2012 21:42:48.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7990.6037 [GMT -4:00]
    Running from: c:\users\Lonnie Dawkins\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\1344896445.bdinstall.bin
    c:\programdata\1344900948.bdinstall.bin
    c:\programdata\1344903346.bdinstall.bin
    c:\programdata\1347681819.bdinstall.bin
    c:\programdata\e08ac107.pad
    c:\users\Lonnie Dawkins\AppData\Local\Temp\libsqlitejdbc-4028907697543517144.lib
    c:\users\Lonnie Dawkins\AppData\Local\Temp\swt-gdip-win32-3448.dll
    c:\users\Lonnie Dawkins\AppData\Local\Temp\swt-win32-3448.dll
    c:\users\Lonnie Dawkins\AppData\Local\Temp\WindowsAPI.dll6563132759846758631.lib
    c:\users\Lonnie Dawkins\Documents\~WRD1598.tmp
    c:\users\Lonnie Dawkins\Documents\~WRD1768.tmp
    c:\users\Lonnie Dawkins\Documents\~WRD2086.tmp
    c:\users\Lonnie Dawkins\Documents\~WRD2099.tmp
    c:\users\Lonnie Dawkins\Documents\~WRL0108.tmp
    c:\users\Lonnie Dawkins\Documents\~WRL0282.tmp
    c:\users\Lonnie Dawkins\Documents\~WRL0415.tmp
    c:\users\Lonnie Dawkins\Documents\~WRL0622.tmp
    c:\users\Lonnie Dawkins\Documents\~WRL0665.tmp
    c:\users\Lonnie Dawkins\Documents\~WRL1355.tmp
    c:\users\Lonnie Dawkins\Documents\~WRL1615.tmp
    c:\users\Lonnie Dawkins\Documents\~WRL2091.tmp
    c:\users\Lonnie Dawkins\Documents\~WRL2107.tmp
    c:\users\Lonnie Dawkins\Documents\~WRL2191.tmp
    c:\users\Lonnie Dawkins\Documents\~WRL2279.tmp
    c:\users\Lonnie Dawkins\Documents\~WRL2282.tmp
    c:\users\Lonnie Dawkins\Documents\~WRL2671.tmp
    c:\users\Lonnie Dawkins\Documents\~WRL3672.tmp
    c:\users\Lonnie Dawkins\Documents\~WRL3919.tmp
    c:\users\Lonnie Dawkins\Documents\DPE.DUS
    c:\users\Lonnie Dawkins\Documents\pub232.tmp
    c:\users\Lonnie Dawkins\Documents\ZDL03935.TMP
    c:\users\Lonnie Dawkins\g2mdlhlpx.exe
    c:\users\Lonnie Dawkins\GoToAssistDownloadHelper.exe
    c:\users\Lonnie Dawkins\WINDOWS
    c:\users\LONNIE~1\AppData\Local\Temp\libsqlitejdbc-4028907697543517144.lib
    c:\users\LONNIE~1\AppData\Local\Temp\swt-gdip-win32-3448.dll
    c:\users\LONNIE~1\AppData\Local\Temp\swt-win32-3448.dll
    c:\users\LONNIE~1\AppData\Local\Temp\WindowsAPI.dll6563132759846758631.lib
    c:\windows\SysWow64\msstdfmt.dll
    I:\Autorun.inf
    I:\Setup.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-18 to 2012-10-18 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-17 22:47 . 2008-04-07 09:3824416----a-r-c:\windows\system32\AdobePDFUI.dll
    2012-10-17 22:47 . 2008-04-07 09:3851032----a-r-c:\windows\system32\AdobePDF.dll
    2012-10-17 19:22 . 2012-10-17 19:22--------d-----w-C:\TDSSKiller_Quarantine
    2012-10-15 18:04 . 2012-10-15 18:04--------d-----w-c:\users\apple\AppData\Roaming\Malwarebytes
    2012-10-15 17:52 . 2012-10-15 17:52--------d-----w-c:\users\Lonnie Dawkins\AppData\Roaming\Malwarebytes
    2012-10-15 17:52 . 2012-10-15 17:52--------d-----w-c:\programdata\Malwarebytes
    2012-10-15 17:52 . 2012-10-15 17:52--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-10-15 17:52 . 2012-09-07 21:0425928----a-w-c:\windows\system32\drivers\mbam.sys
    2012-10-15 16:19 . 2012-10-15 16:19--------d-----w-c:\users\Lonnie Dawkins\AppData\Local\McAfee Anti-Theft
    2012-10-15 15:35 . 2012-10-15 15:35--------d-----w-c:\users\Default\AppData\Roaming\TuneUp Software
    2012-10-15 12:43 . 2012-10-15 12:43--------d-----w-c:\users\Lonnie Dawkins\AppData\Roaming\TuneUp Software
    2012-10-15 12:42 . 2012-10-15 12:4230568----a-w-c:\windows\system32\drivers\avgtpx64.sys
    2012-10-15 12:33 . 2012-10-15 12:33--------d-----w-c:\users\Lonnie Dawkins\AppData\Local\MFAData
    2012-10-15 11:16 . 2012-10-15 11:16--------d-----w-c:\users\apple\AppData\Local\Diagnostics
    2012-10-15 06:16 . 2012-10-15 06:19--------d-----w-c:\users\Lonnie Dawkins\AppData\Local\NPE
    2012-10-15 06:07 . 2012-10-15 06:07--------d-----w-c:\program files\Symantec
    2012-10-15 06:07 . 2012-10-15 06:07--------d-----w-c:\windows\system32\drivers\N360x64
    2012-10-15 06:07 . 2012-10-15 15:56--------d-----w-c:\program files (x86)\Norton 360
    2012-10-15 05:50 . 2012-10-15 05:50--------d-----w-c:\program files (x86)\NortonInstaller
    2012-10-15 04:00 . 2012-10-15 04:00--------d-----w-C:\sh4ldr
    2012-10-15 04:00 . 2012-10-15 04:00--------d-----w-c:\program files\Enigma Software Group
    2012-10-15 03:59 . 2012-10-15 15:56--------d-----w-c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
    2012-10-15 03:59 . 2012-10-15 03:59--------d-----w-c:\program files (x86)\Common Files\Wise Installation Wizard
    2012-10-15 03:44 . 2012-10-15 03:44--------d-----w-c:\users\apple\AppData\Local\McAfee Anti-Theft
    2012-10-15 03:44 . 2012-10-15 03:44--------d-----w-c:\users\apple\AppData\Roaming\Hewlett-Packard
    2012-10-15 03:33 . 2012-10-15 03:58--------d-----w-c:\users\apple\AppData\Local\Hewlett-Packard
    2012-10-15 02:30 . 2012-10-15 05:57--------d-----w-c:\users\apple\AppData\Local\CrashDumps
    2012-10-15 02:30 . 2012-10-15 02:30--------d-----w-c:\users\apple\AppData\Local\AOL
    2012-10-15 02:29 . 2012-10-15 02:29--------d-----w-c:\users\apple\AppData\Roaming\Logitech
    2012-10-02 12:45 . 2012-10-02 12:45--------d-----w-c:\program files (x86)\Common Files\xing shared
    2012-09-30 19:01 . 2012-09-30 19:01--------d-----w-c:\users\Default\AppData\Roaming\Apple Computer
    2012-09-30 19:01 . 2012-09-30 19:01--------d-----w-c:\users\Default\AppData\Local\Apple Computer
    2012-09-30 19:01 . 2012-09-30 19:01--------d-----w-c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-09-29 05:37 . 2012-09-14 20:2673096----a-w-c:\windows\system32\drivers\McPvDrv.sys
    2012-09-26 21:02 . 2012-04-20 20:40196440----a-w-c:\windows\system32\drivers\HipShieldK.sys
    2012-09-24 03:17 . 2012-08-21 17:0133240----a-w-c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-09-24 03:16 . 2012-09-24 03:16--------d-----w-c:\program files\iPod
    2012-09-24 03:16 . 2012-10-15 15:56--------d-----w-c:\program files (x86)\iTunes
    2012-09-24 03:16 . 2012-09-24 03:17--------d-----w-c:\program files\iTunes
    2012-09-24 02:57 . 2012-09-24 02:57159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2012-09-24 02:57 . 2012-09-24 02:57159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2012-09-24 02:57 . 2012-09-24 02:57159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2012-09-24 02:57 . 2012-09-24 02:57159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2012-09-24 02:57 . 2012-09-24 02:57159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2012-09-24 02:57 . 2012-09-24 02:57159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2012-09-24 02:57 . 2012-09-24 02:57159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2012-09-24 02:53 . 2012-10-15 15:56--------d-----w-c:\program files (x86)\QuickTime
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-09 00:11 . 2012-04-30 10:57696760----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-09 00:11 . 2011-05-15 02:2073656----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-02 12:45 . 2011-11-29 23:43499712----a-w-c:\windows\SysWow64\msvcp71.dll
    2012-09-28 04:18 . 2011-04-05 01:0165309168----a-w-c:\windows\system32\MRT.exe
    2012-09-10 05:23 . 2012-09-10 05:2382384----a-w-c:\windows\system32\drivers\bdsandbox.sys
    2012-08-21 17:01 . 2011-04-02 20:08125872----a-w-c:\windows\system32\GEARAspi64.dll
    2012-08-21 17:01 . 2011-04-02 20:08106928----a-w-c:\windows\SysWow64\GEARAspi.dll
    2012-07-31 17:31 . 2012-07-31 17:3119720----a-w-c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ZumoDrive"="c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2011-04-05 2080]
    "Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
    "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2736128]
    "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280]
    "Facebook Update"="c:\users\Lonnie Dawkins\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
    "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-09-10 59280]
    "AdobeBridge"="c:\program files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe" [2010-03-09 11989960]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-09 98304]
    "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
    "LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2011-04-07 2756864]
    "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
    "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
    "Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-02-22 1497352]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-06-14 587320]
    "HostManager"="c:\program files (x86)\Common Files\AOL\1334659535\ee\AOLSoftware.exe" [2010-03-08 41800]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]
    "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
    "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-10-02 296096]
    .
    c:\users\Lonnie Dawkins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2011-12-2 1000288]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Logo Calibration Loader.lnk - c:\program files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2011-4-2 708608]
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    ProfileReminder.lnk - c:\program files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2011-4-2 954368]
    QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-7-25 1155472]
    Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification PackagesREG_MULTI_SZ DPPassFilter scecli
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 CLKMSVC10_C6F09094;CyberLink Product - 2010/10/25 01:49;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-09-21 245232]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-16 116648]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
    R2 MOBCleanup;MOBCleanup;c:\users\Lonnie Dawkins\AppData\Local\Temp\MOBCleanup.exe [x]
    R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [x]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-06-22 69672]
    R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
    R3 Droppix Service;Droppix Service;c:\program files (x86)\Common Files\Droppix\DxService.exe [2008-02-01 151552]
    R3 EyeOneDisplay;EyeOneDisplay;c:\windows\system32\Drivers\i1display_x64.sys [2005-12-14 7808]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-16 116648]
    R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-06-22 106112]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
    R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
    R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2010-01-18 4608]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-12 232992]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-24 344680]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\DRIVERS\VX6000Xp.sys [2010-05-20 2143600]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-03 1255736]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
    S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2012-09-14 73096]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-10-15 30568]
    S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-06-22 335784]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-04 89600]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-09 203264]
    S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-08-06 681528]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-07-05 227384]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 30520]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-06-14 26680]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-06-22 218320]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-06-22 177144]
    S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
    S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-01 2533400]
    S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 2192176]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-09 7767552]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-09 279040]
    S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-09-04 31088]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-05-01 56344]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-27 151936]
    S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-07-28 10610400]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-06-22 513456]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - CLKMDRV10_C6F09094
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2011-03-04 16:29451872------w-c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-18 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 00:11]
    .
    2012-10-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4019326579-3645861894-181193703-1001Core.job
    - c:\users\Lonnie Dawkins\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-20 22:00]
    .
    2012-10-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4019326579-3645861894-181193703-1001UA.job
    - c:\users\Lonnie Dawkins\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-20 22:00]
    .
    2012-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-16 17:22]
    .
    2012-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-16 17:22]
    .
    2012-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4019326579-3645861894-181193703-1001Core.job
    - c:\users\Lonnie Dawkins\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-14 03:31]
    .
    2012-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4019326579-3645861894-181193703-1001UA.job
    - c:\users\Lonnie Dawkins\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-14 03:31]
    .
    2012-10-15 c:\windows\Tasks\HPCeeScheduleForapple.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    2012-10-07 c:\windows\Tasks\HPCeeScheduleForLonnie Dawkins.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    2012-10-17 c:\windows\Tasks\HPCeeScheduleForLONNIEDAWKINS$.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
    @="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
    [HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
    2010-09-23 04:532210304----a-w-c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
    @="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
    [HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
    2010-09-23 04:532210304----a-w-c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
    @="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
    [HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
    2010-09-23 04:532210304----a-w-c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
    @="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
    [HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
    2010-09-23 04:532210304----a-w-c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
    @="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
    [HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
    2010-09-23 04:532210304----a-w-c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VX6000"="c:\windows\vVX6000.exe" [2010-05-20 764784]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-07-23 487424]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-01 611896]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-28 415256]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-28 161304]
    "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 386584]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences Pro\FencesMenu64.dll" [2010-09-16 464744]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://lonniedawkins.com/
    uLocal Page = c:\windows\system32\blank.htm
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = 127.0.0.1;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    Trusted Zone: secureserver.net\www.email
    Trusted Zone: wordpress.com
    TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
    DPF: {62AEFF80-16AD-4AC4-B812-E70EB5F37301} - hxxp://www.zenfolio.com/zf/code/upload-ie-win-x86.cab
    DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} - hxxps://www36.verizon.com/FiOSVoice/UnProtected/FiosVoiceVMUtil.CAB
    DPF: {D00CB680-081D-4F94-97D5-75DEDDC374ED} - hxxps://www36.verizon.com/fiosvoice/Downloads/FiosVoiceWebCntrl.CAB
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
    Wow6432Node-HKCU-Run-SPMTray - c:\program files (x86)\PC Speed Maximizer\SPMTray.exe
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe
    SafeBoot-94179228.sys
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-zfupload - c:\windows\Downloaded Program Files\zfrun.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
    43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
    "{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
    89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
    "{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,
    0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,
    b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:33,63,16,06,51,79,cd,01
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2012-10-17 22:02:18 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-10-18 02:02
    .
    Pre-Run: 177,024,372,736 bytes free
    Post-Run: 179,034,255,360 bytes free
    .
    - - End Of File - - E7A6E13EB837D599E748EAC3D0F583EE
  9. LonnieD

    LonnieD Newcomer, in training Topic Starter Posts: 28

    I noticed that Windows Updates are now available. I haven't installed any yet but I have the ability to do it. Once I get the all clear I will do so. Thanks.
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    You're welcome. You'll have a chance, after your computer is clean, to install updates.

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe
      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.
  11. LonnieD

    LonnieD Newcomer, in training Topic Starter Posts: 28

    Good evening Jay,
    Here is the new ComboFix.txt log

    ComboFix 12-10-18.03 - Lonnie Dawkins 10/18/2012 19:10:56.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7990.6305 [GMT -4:00]
    Running from: c:\users\Lonnie Dawkins\Downloads\ComboFix.exe
    Command switches used :: c:\users\Lonnie Dawkins\Downloads\CFScript.txt
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Lonnie Dawkins\AppData\Local\Temp\libsqlitejdbc-9146392402834573524.lib
    c:\users\Lonnie Dawkins\AppData\Local\Temp\swt-gdip-win32-3448.dll
    c:\users\Lonnie Dawkins\AppData\Local\Temp\swt-win32-3448.dll
    c:\users\Lonnie Dawkins\AppData\Local\Temp\WindowsAPI.dll4953637134728401760.lib
    c:\users\LONNIE~1\AppData\Local\Temp\libsqlitejdbc-9146392402834573524.lib
    c:\users\LONNIE~1\AppData\Local\Temp\swt-gdip-win32-3448.dll
    c:\users\LONNIE~1\AppData\Local\Temp\swt-win32-3448.dll
    c:\users\LONNIE~1\AppData\Local\Temp\WindowsAPI.dll4953637134728401760.lib
    c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
    c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP\WiseCustomCall.dll
    c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP\WiseCustomCalla.dll
    c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP\WiseCustomCalla2.dll
    c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP\WiseCustomCalla21.dll
    c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP\WiseCustomCalla31.dll
    c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP\WiseCustomCalla32.dll
    c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP\WiseCustomCalla33.dll
    c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP\WiseCustomCalla34.dll
    c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP\WiseCustomCalla36.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-18 to 2012-10-18 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-18 23:21 . 2012-10-18 23:21--------d-----w-c:\users\Default\AppData\Local\temp
    2012-10-18 23:21 . 2012-10-18 23:21--------d-----w-c:\users\apple\AppData\Local\temp
    2012-10-18 11:47 . 2012-07-04 22:1359392----a-w-c:\windows\system32\browcli.dll
    2012-10-18 11:47 . 2012-07-04 22:13136704----a-w-c:\windows\system32\browser.dll
    2012-10-18 11:47 . 2012-07-04 22:1673216----a-w-c:\windows\system32\netapi32.dll
    2012-10-18 11:47 . 2012-07-04 21:1441984----a-w-c:\windows\SysWow64\browcli.dll
    2012-10-18 03:57 . 2012-10-18 03:57--------d-----w-c:\program files (x86)\ESET
    2012-10-18 02:23 . 2012-08-20 18:384608---ha-w-c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-18 02:22 . 2012-09-14 19:192048----a-w-c:\windows\system32\tzres.dll
    2012-10-18 02:22 . 2012-09-14 18:282048----a-w-c:\windows\SysWow64\tzres.dll
    2012-10-18 02:22 . 2012-08-21 21:01245760----a-w-c:\windows\system32\OxpsConverter.exe
    2012-10-18 02:22 . 2012-08-11 00:56715776----a-w-c:\windows\system32\kerberos.dll
    2012-10-18 02:22 . 2012-08-10 23:56542208----a-w-c:\windows\SysWow64\kerberos.dll
    2012-10-18 02:22 . 2012-05-05 08:36503808----a-w-c:\windows\system32\srcore.dll
    2012-10-18 02:22 . 2012-05-05 07:4643008----a-w-c:\windows\SysWow64\srclient.dll
    2012-10-18 02:18 . 2012-05-14 05:26956928----a-w-c:\windows\system32\localspl.dll
    2012-10-18 02:18 . 2012-02-11 06:43751104----a-w-c:\windows\system32\win32spl.dll
    2012-10-18 02:18 . 2012-02-11 06:36559104----a-w-c:\windows\system32\spoolsv.exe
    2012-10-18 02:18 . 2012-02-11 05:43492032----a-w-c:\windows\SysWow64\win32spl.dll
    2012-10-18 02:18 . 2012-02-11 06:3667072----a-w-c:\windows\splwow64.exe
    2012-10-18 02:17 . 2012-06-02 05:411464320----a-w-c:\windows\system32\crypt32.dll
    2012-10-18 02:17 . 2012-06-02 05:41184320----a-w-c:\windows\system32\cryptsvc.dll
    2012-10-18 02:17 . 2012-06-02 05:41140288----a-w-c:\windows\system32\cryptnet.dll
    2012-10-18 02:17 . 2012-06-02 04:361159680----a-w-c:\windows\SysWow64\crypt32.dll
    2012-10-18 02:17 . 2012-06-02 04:36140288----a-w-c:\windows\SysWow64\cryptsvc.dll
    2012-10-18 02:17 . 2012-06-02 04:36103936----a-w-c:\windows\SysWow64\cryptnet.dll
    2012-10-17 22:47 . 2008-04-07 09:3824416----a-r-c:\windows\system32\AdobePDFUI.dll
    2012-10-17 22:47 . 2008-04-07 09:3851032----a-r-c:\windows\system32\AdobePDF.dll
    2012-10-17 19:22 . 2012-10-17 19:22--------d-----w-C:\TDSSKiller_Quarantine
    2012-10-15 18:04 . 2012-10-15 18:04--------d-----w-c:\users\apple\AppData\Roaming\Malwarebytes
    2012-10-15 17:52 . 2012-10-15 17:52--------d-----w-c:\users\Lonnie Dawkins\AppData\Roaming\Malwarebytes
    2012-10-15 17:52 . 2012-10-15 17:52--------d-----w-c:\programdata\Malwarebytes
    2012-10-15 17:52 . 2012-10-18 11:43--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-10-15 17:52 . 2012-09-29 23:5425928----a-w-c:\windows\system32\drivers\mbam.sys
    2012-10-15 16:19 . 2012-10-15 16:19--------d-----w-c:\users\Lonnie Dawkins\AppData\Local\McAfee Anti-Theft
    2012-10-15 15:35 . 2012-10-15 15:35--------d-----w-c:\users\Default\AppData\Roaming\TuneUp Software
    2012-10-15 12:43 . 2012-10-15 12:43--------d-----w-c:\users\Lonnie Dawkins\AppData\Roaming\TuneUp Software
    2012-10-15 12:42 . 2012-10-15 12:4230568----a-w-c:\windows\system32\drivers\avgtpx64.sys
    2012-10-15 12:33 . 2012-10-15 12:33--------d-----w-c:\users\Lonnie Dawkins\AppData\Local\MFAData
    2012-10-15 11:16 . 2012-10-15 11:16--------d-----w-c:\users\apple\AppData\Local\Diagnostics
    2012-10-15 06:16 . 2012-10-15 06:19--------d-----w-c:\users\Lonnie Dawkins\AppData\Local\NPE
    2012-10-15 06:07 . 2012-10-15 06:07--------d-----w-c:\program files\Symantec
    2012-10-15 06:07 . 2012-10-15 06:07--------d-----w-c:\windows\system32\drivers\N360x64
    2012-10-15 06:07 . 2012-10-15 15:56--------d-----w-c:\program files (x86)\Norton 360
    2012-10-15 05:50 . 2012-10-15 05:50--------d-----w-c:\program files (x86)\NortonInstaller
    2012-10-15 04:00 . 2012-10-15 04:00--------d-----w-C:\sh4ldr
    2012-10-15 04:00 . 2012-10-15 04:00--------d-----w-c:\program files\Enigma Software Group
    2012-10-15 03:59 . 2012-10-15 03:59--------d-----w-c:\program files (x86)\Common Files\Wise Installation Wizard
    2012-10-15 03:44 . 2012-10-15 03:44--------d-----w-c:\users\apple\AppData\Local\McAfee Anti-Theft
    2012-10-15 03:44 . 2012-10-15 03:44--------d-----w-c:\users\apple\AppData\Roaming\Hewlett-Packard
    2012-10-15 03:33 . 2012-10-15 03:58--------d-----w-c:\users\apple\AppData\Local\Hewlett-Packard
    2012-10-15 02:30 . 2012-10-15 05:57--------d-----w-c:\users\apple\AppData\Local\CrashDumps
    2012-10-15 02:30 . 2012-10-15 02:30--------d-----w-c:\users\apple\AppData\Local\AOL
    2012-10-15 02:29 . 2012-10-15 02:29--------d-----w-c:\users\apple\AppData\Roaming\Logitech
    2012-10-02 12:45 . 2012-10-02 12:45--------d-----w-c:\program files (x86)\Common Files\xing shared
    2012-09-30 19:01 . 2012-09-30 19:01--------d-----w-c:\users\Default\AppData\Roaming\Apple Computer
    2012-09-30 19:01 . 2012-09-30 19:01--------d-----w-c:\users\Default\AppData\Local\Apple Computer
    2012-09-30 19:01 . 2012-09-30 19:01--------d-----w-c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-09-29 05:37 . 2012-09-14 20:2673096----a-w-c:\windows\system32\drivers\McPvDrv.sys
    2012-09-26 21:02 . 2012-04-20 20:40196440----a-w-c:\windows\system32\drivers\HipShieldK.sys
    2012-09-24 03:17 . 2012-08-21 17:0133240----a-w-c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-09-24 03:16 . 2012-09-24 03:16--------d-----w-c:\program files\iPod
    2012-09-24 03:16 . 2012-10-15 15:56--------d-----w-c:\program files (x86)\iTunes
    2012-09-24 03:16 . 2012-09-24 03:17--------d-----w-c:\program files\iTunes
    2012-09-24 02:57 . 2012-09-24 02:57159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2012-09-24 02:57 . 2012-09-24 02:57159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2012-09-24 02:57 . 2012-09-24 02:57159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2012-09-24 02:57 . 2012-09-24 02:57159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2012-09-24 02:57 . 2012-09-24 02:57159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2012-09-24 02:57 . 2012-09-24 02:57159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2012-09-24 02:57 . 2012-09-24 02:57159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2012-09-24 02:53 . 2012-10-15 15:56--------d-----w-c:\program files (x86)\QuickTime
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-09 00:11 . 2012-04-30 10:57696760----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-09 00:11 . 2011-05-15 02:2073656----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-02 12:45 . 2011-11-29 23:43499712----a-w-c:\windows\SysWow64\msvcp71.dll
    2012-09-28 04:18 . 2011-04-05 01:0165309168----a-w-c:\windows\system32\MRT.exe
    2012-09-10 05:23 . 2012-09-10 05:2382384----a-w-c:\windows\system32\drivers\bdsandbox.sys
    2012-08-21 17:01 . 2011-04-02 20:08125872----a-w-c:\windows\system32\GEARAspi64.dll
    2012-08-21 17:01 . 2011-04-02 20:08106928----a-w-c:\windows\SysWow64\GEARAspi.dll
    2012-08-20 17:38 . 2012-10-18 02:2444032----a-w-c:\windows\apppatch\acwow64.dll
    2012-07-31 17:31 . 2012-07-31 17:3119720----a-w-c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ZumoDrive"="c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2011-04-05 2080]
    "Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
    "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2736128]
    "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280]
    "Facebook Update"="c:\users\Lonnie Dawkins\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
    "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-09-10 59280]
    "AdobeBridge"="c:\program files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe" [2010-03-09 11989960]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-09 98304]
    "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
    "LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2011-04-07 2756864]
    "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
    "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
    "Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-02-22 1497352]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-06-14 587320]
    "HostManager"="c:\program files (x86)\Common Files\AOL\1334659535\ee\AOLSoftware.exe" [2010-03-08 41800]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]
    "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
    "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-10-02 296096]
    .
    c:\users\Lonnie Dawkins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2011-12-2 1000288]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Logo Calibration Loader.lnk - c:\program files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2011-4-2 708608]
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    ProfileReminder.lnk - c:\program files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2011-4-2 954368]
    QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-7-25 1155472]
    Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification PackagesREG_MULTI_SZ DPPassFilter scecli
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 CLKMSVC10_C6F09094;CyberLink Product - 2010/10/25 01:49;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-09-21 245232]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-16 116648]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
    R2 MOBCleanup;MOBCleanup;c:\users\Lonnie Dawkins\AppData\Local\Temp\MOBCleanup.exe [x]
    R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [x]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
    R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
    R3 Droppix Service;Droppix Service;c:\program files (x86)\Common Files\Droppix\DxService.exe [2008-02-01 151552]
    R3 EyeOneDisplay;EyeOneDisplay;c:\windows\system32\Drivers\i1display_x64.sys [2005-12-14 7808]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-16 116648]
    R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-06-22 106112]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
    R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
    R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2010-01-18 4608]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-12 232992]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-24 344680]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\DRIVERS\VX6000Xp.sys [2010-05-20 2143600]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-03 1255736]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
    S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2012-09-14 73096]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-10-15 30568]
    S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-06-22 335784]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-04 89600]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-09 203264]
    S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-08-06 681528]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-07-05 227384]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 30520]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-06-14 26680]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-06-22 218320]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-06-22 177144]
    S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
    S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-01 2533400]
    S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 2192176]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-09 7767552]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-09 279040]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-06-22 69672]
    S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-09-04 31088]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-05-01 56344]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-27 151936]
    S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-07-28 10610400]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-06-22 513456]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - CLKMDRV10_C6F09094
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2011-03-04 16:29451872------w-c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-18 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 00:11]
    .
    2012-10-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4019326579-3645861894-181193703-1001Core.job
    - c:\users\Lonnie Dawkins\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-20 22:00]
    .
    2012-10-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4019326579-3645861894-181193703-1001UA.job
    - c:\users\Lonnie Dawkins\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-20 22:00]
    .
    2012-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-16 17:22]
    .
    2012-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-16 17:22]
    .
    2012-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4019326579-3645861894-181193703-1001Core.job
    - c:\users\Lonnie Dawkins\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-14 03:31]
    .
    2012-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4019326579-3645861894-181193703-1001UA.job
    - c:\users\Lonnie Dawkins\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-14 03:31]
    .
    2012-10-15 c:\windows\Tasks\HPCeeScheduleForapple.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    2012-10-07 c:\windows\Tasks\HPCeeScheduleForLonnie Dawkins.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    2012-10-17 c:\windows\Tasks\HPCeeScheduleForLONNIEDAWKINS$.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
    @="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
    [HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
    2010-09-23 04:532210304----a-w-c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
    @="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
    [HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
    2010-09-23 04:532210304----a-w-c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
    @="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
    [HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
    2010-09-23 04:532210304----a-w-c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
    @="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
    [HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
    2010-09-23 04:532210304----a-w-c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
    @="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
    [HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
    2010-09-23 04:532210304----a-w-c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VX6000"="c:\windows\vVX6000.exe" [2010-05-20 764784]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-07-23 487424]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-01 611896]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-28 415256]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-28 161304]
    "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 386584]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences Pro\FencesMenu64.dll" [2010-09-16 464744]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://lonniedawkins.com/
    uLocal Page = c:\windows\system32\blank.htm
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = 127.0.0.1;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    Trusted Zone: secureserver.net\www.email
    Trusted Zone: wordpress.com
    TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
    DPF: {62AEFF80-16AD-4AC4-B812-E70EB5F37301} - hxxp://www.zenfolio.com/zf/code/upload-ie-win-x86.cab
    DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} - hxxps://www36.verizon.com/FiOSVoice/UnProtected/FiosVoiceVMUtil.CAB
    DPF: {D00CB680-081D-4F94-97D5-75DEDDC374ED} - hxxps://www36.verizon.com/fiosvoice/Downloads/FiosVoiceWebCntrl.CAB
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    AddRemove-zfupload - c:\windows\Downloaded Program Files\zfrun.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
    43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
    "{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
    89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
    "{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,
    0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,
    b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:33,63,16,06,51,79,cd,01
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2012-10-18 19:30:28 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-10-18 23:30
    ComboFix2.txt 2012-10-18 02:02
    .
    Pre-Run: 176,971,309,056 bytes free
    Post-Run: 176,655,863,808 bytes free
    .
    - - End Of File - - B7AB0E0A81E01D83571F3218DDE65FDB
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.

    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
  13. LonnieD

    LonnieD Newcomer, in training Topic Starter Posts: 28

    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXI4BUWB\fpi[1].htmHTML/ScrInject.B.Gen virusdeleted - quarantined
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXI4BUWB\fpi[2].htmHTML/ScrInject.B.Gen virusdeleted - quarantined
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RQ8F2UV8\if[2].htmHTML/ScrInject.B.Gen virusdeleted - quarantined
    C:\Windows\System32\sysprep\CRYPTSP.dll_a variant of Win32/Kryptik.ANDT trojancleaned by deleting - quarantined


    No other issues plaguing computer.

    Thanks!
     
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create
    Now we can purge the infected ones
    • Go back to the System and Maintenance page
    • Select Performance Information and Tools
    • On the left select Open Disk Cleanup
    • Select Files from all users and accept the warning if you get one
    • In the drop down box select your main drive I.e. C
    • For a few moments the system will make some calculations:
      [​IMG]
    • Select the More Options tab
      [​IMG]
    • In the System Restore and Shadow Backups select Clean up
      [​IMG]
    • Select Delete on the pop up
    • Select OK
    • Select Delete
    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    Download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    * Double-click the CCleaner shortcut on the desktop to start the program.
    * Click on the Options block on the left, then choose Cookies.
    * Under Cookies to Delete, highlight any cookies you would like to retain permanently
    * Click the right arrow > to move them to the Cookies to Keep window.
    * Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
    * Click Cleaner on the left then Run Cleaner on the right to run the program.
    * Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

    Caution: Only use the Registry feature if you are very familiar with the registry.
    Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  15. LonnieD

    LonnieD Newcomer, in training Topic Starter Posts: 28

    Thanks Jay
    When I go to disk cleanup, I don't have "System and Maintenance" , just "System". After it calculates space I don't get the "More Options" option. There is no "Restore and Shadow Backups "
  16. LonnieD

    LonnieD Newcomer, in training Topic Starter Posts: 28

    Jay, Thank you very much for your help in cleaning up my system. It is greatly appreciated.

    Results of screen317's Security Check version 0.99.53
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    McAfee Anti-Virus and Anti-Spyware
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.1.1000
    Java(TM) 6 Update 24
    Java version out of Date!
    Adobe Reader X (10.1.4)
    Google Chrome 22.0.1229.94
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    Symantec Norton Online Backup NOBuAgent.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````
  17. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Open CCleaner, click the Tools tab. Then click System Restore. Highlight all active ones, and select Remove. And done. :D


    Java Update!

    Please download the newest version of Java from Java.com.

    Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

    Once old versions are gone, please install the newest version.

    Read more about Java exploit problems


    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.

    Read more about "FAQ: How did Sirefef or ZeroAccess Infect You?"

    Any other questions before I mark this topic solved?
  18. LonnieD

    LonnieD Newcomer, in training Topic Starter Posts: 28

    Jay, I have no other questions
    Thank you for solving my malware issues and for providing the personal tips on preventing Malware. I am most grateful.
  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    You're welcome. :)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.