TechSpot

Slow performance and in-game (online) FPS lag

Inactive
By bentor79
Jul 27, 2012
  1. Hi,
    Recently my laptop has been experiencing delays in processing tasks, has blue screened a couple of times and is now slow running online games (fps drops to 4-6). As I believe that is has the necessary hardware to perform adequately in online settings (including streaming HD video) , I suspect that there may be another lurking problem. Copied below are the required preliminary components...

    ***************************************************************************************
    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.27.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    USER :: USER-PC [administrator]

    7/27/2012 1:03:39 AM
    mbam-log-2012-07-27 (01-03-39).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 212637
    Time elapsed: 20 minute(s), 38 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    ************************************************************************************************
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.1
    Run by USER at 1:59:59 on 2012-07-27
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6132.4658 [GMT -4:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe
    C:\Program Files (x86)\Stardock\MyColors\WBVista.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Alienware\Command Center\AlienFusionService.exe
    C:\Program Files (x86)\OSD\OSD_Service.exe
    C:\Windows\system32\IProsetMonitor.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Windows\system32\mfevtps.exe
    C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
    c:\app\user\product\112~1.0\dbhome_3\ccr\bin\nmz.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
    C:\Program Files\Alienware\Command Center\AlienFusionController.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\UI0Detect.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
    C:\Program Files (x86)\OSD\OSD_Main.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    C:\Program Files\Common Files\McAfee\Core\mchost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120622063804.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    BHO: SSOIEAddonBHO Class: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    uRun: [Google Update] "C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [OSD_LAUNCH] c:\Program Files (x86)\OSD\Launch.exe
    mRun: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
    mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [FAStartup]
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\MyColors\SDDelayedLaunch.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
    TCP: Interfaces\{C57D747C-B4FA-46A5-AA29-282668B02570}\15D4169647C616E646 : DhcpNameServer = 65.32.5.74 65.32.5.75
    TCP: Interfaces\{C57D747C-B4FA-46A5-AA29-282668B02570}\4523632423 : DhcpNameServer = 192.168.1.1 68.238.112.12
    TCP: Interfaces\{C57D747C-B4FA-46A5-AA29-282668B02570}\533424D475 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{C57D747C-B4FA-46A5-AA29-282668B02570}\553564 : DhcpNameServer = 131.247.1.1 131.247.1.2
    TCP: Interfaces\{C57D747C-B4FA-46A5-AA29-282668B02570}\E4544574541425 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{D5979464-27F9-4C7A-A78F-9578BB5D36AB} : DhcpNameServer = 65.32.5.111 65.32.5.112
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    LSA: Notification Packages = scecli FAPassSync
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120622063804.dll
    BHO-X64: scriptproxy - No File
    BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    BHO-X64: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
    BHO-X64: SSOIEAddonBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [OSD_LAUNCH] c:\Program Files (x86)\OSD\Launch.exe
    mRun-x64: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
    mRun-x64: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun-x64: [FAStartup]
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
    R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdflt.sys --> C:\Windows\system32\DRIVERS\stdflt.sys [?]
    R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);C:\Windows\system32\DRIVERS\tdrpm251.sys --> C:\Windows\system32\DRIVERS\tdrpm251.sys [?]
    R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Program Files\HWiNFO64\HWiNFO64A.SYS [2012-7-22 30592]
    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
    R2 afcdpsrv;Acronis Nonstop Backup service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-5-16 2326920]
    R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-5-21 14648]
    R2 FAService;FAService;C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2010-4-4 2409800]
    R2 HappyOSD;HappyOSD;C:\Program Files (x86)\OSD\OSD_Service.exe [2010-1-4 16384]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-13 13336]
    R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-10-16 249936]
    R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-10-16 249936]
    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-10-16 249936]
    R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-10-16 249936]
    R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-10-16 199272]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-10-16 210584]
    R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-9 2348352]
    R2 Oraclec_app_user_product_112~1.0_dbhome_3ConfigurationManager;Oraclec_app_user_product_112~1.0_dbhome_3ConfigurationManager;c:\app\user\product\112~1.0\dbhome_3\ccr\bin\nmz.exe c:\app\user\product\112~1.0\dbhome_3\ccr\hosts\user-pc --> c:\app\user\product\112~1.0\dbhome_3\ccr\bin\nmz.exe c:\app\user\product\112~1.0\dbhome_3\ccr\hosts\user-pc [?]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
    R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]
    R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
    R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\system32\DRIVERS\nvoclk64.sys --> C:\Windows\system32\DRIVERS\nvoclk64.sys [?]
    R3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\OSD\WinRing0x64.sys [2008-7-26 14544]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-23 250056]
    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
    S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-5-16 1038088]
    S3 ITECIRfilter;ITECIR Filter Driver;C:\Windows\system32\DRIVERS\ITECIRfilter.sys --> C:\Windows\system32\DRIVERS\ITECIRfilter.sys [?]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
    S3 Razerlow;Razer Pro|Solutions;C:\Windows\system32\drivers\DB3G.sys --> C:\Windows\system32\drivers\DB3G.sys [?]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
    S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys --> C:\Windows\system32\DRIVERS\ssadserd.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    S4 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe [2011-5-13 89600]
    S4 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2011-5-13 59904]
    S4 OracleDBConsoleAlien;OracleDBConsoleAlien;C:\app\USER\product\11.2.0\dbhome_3\BIN\nmesrvc.exe [2012-2-24 35328]
    S4 OracleJobSchedulerALIEN;OracleJobSchedulerALIEN;c:\app\user\product\11.2.0\dbhome_3\Bin\extjob.exe ALIEN --> c:\app\user\product\11.2.0\dbhome_3\Bin\extjob.exe ALIEN [?]
    S4 OracleJobSchedulerCGS2541;OracleJobSchedulerCGS2541;c:\app\user\product\11.2.0\dbhome_3\Bin\extjob.exe CGS2541 --> c:\app\user\product\11.2.0\dbhome_3\Bin\extjob.exe CGS2541 [?]
    S4 OracleOraDb11g_home1ClrAgent;OracleOraDb11g_home1ClrAgent;C:\app\USER\product\11.2.0\dbhome_3\bin\OraClrAgnt.exe agent_sid=CLRExtProc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 ENVS="EXTPROC_DLLS=ONLY:C:\app\USER\product\11.2.0\dbhome_3\bin\oraclr11.dll" --> C:\app\USER\product\11.2.0\dbhome_3\bin\OraClrAgnt.exe agent_sid=CLRExtProc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 ENVS=EXTPROC_DLLS=ONLY:C:\app\USER\product\11.2.0\dbhome_3\bin\oraclr11.dll [?]
    S4 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;C:\app\USER\product\11.2.0\dbhome_3\BIN\TNSLSNR --> C:\app\USER\product\11.2.0\dbhome_3\BIN\TNSLSNR [?]
    S4 OracleServiceALIEN;OracleServiceALIEN;c:\app\user\product\11.2.0\dbhome_3\bin\ORACLE.EXE ALIEN --> c:\app\user\product\11.2.0\dbhome_3\bin\ORACLE.EXE ALIEN [?]
    S4 OracleServiceCGS2541;OracleServiceCGS2541;c:\app\user\product\11.2.0\dbhome_3\bin\ORACLE.EXE CGS2541 --> c:\app\user\product\11.2.0\dbhome_3\bin\ORACLE.EXE CGS2541 [?]
    S4 OracleVssWriterALIEN;Oracle ALIEN VSS Writer Service;c:\app\user\product\11.2.0\dbhome_3\bin\OraVSSW.exe ALIEN --> c:\app\user\product\11.2.0\dbhome_3\bin\OraVSSW.exe ALIEN [?]
    S4 OracleVssWriterCGS2541;Oracle CGS2541 VSS Writer Service;c:\app\user\product\11.2.0\dbhome_3\bin\OraVSSW.exe CGS2541 --> c:\app\user\product\11.2.0\dbhome_3\bin\OraVSSW.exe CGS2541 [?]
    .
    =============== File Associations ===============
    .
    vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
    vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
    jsefile\shell\open2\command=C:\Windows\System32\CScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2012-07-27 05:02:13--------d-----w-C:\Users\USER\AppData\Roaming\Malwarebytes
    2012-07-27 05:01:26--------d-----w-C:\ProgramData\Malwarebytes
    2012-07-27 05:01:1624904----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-07-27 05:01:15--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-23 18:17:1170344----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-23 18:17:11426184----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-07-22 14:33:03--------d-----w-C:\Program Files\HWiNFO64
    2012-07-22 04:35:32--------d-----w-C:\Program Files (x86)\MSI Afterburner
    2012-07-22 03:57:46--------d-----w-C:\Users\USER\AppData\Local\NVIDIA Corporation
    2012-07-21 19:55:59--------d-----w-C:\Program Files (x86)\Oracle
    2012-07-21 19:53:23772544----a-w-C:\Windows\SysWow64\npDeployJava1.dll
    2012-07-12 07:15:553148800----a-w-C:\Windows\System32\win32k.sys
    .
    ==================== Find3M ====================
    .
    2012-07-24 04:13:00955888----a-w-C:\Windows\System32\npdeployJava1.dll
    2012-07-24 04:13:00839152----a-w-C:\Windows\System32\deployJava1.dll
    2012-07-06 02:06:20687544----a-w-C:\Windows\SysWow64\deployJava1.dll
    2012-06-06 06:06:162004480----a-w-C:\Windows\System32\msxml6.dll
    2012-06-06 06:06:161881600----a-w-C:\Windows\System32\msxml3.dll
    2012-06-06 06:02:541133568----a-w-C:\Windows\System32\cdosys.dll
    2012-06-06 05:05:521390080----a-w-C:\Windows\SysWow64\msxml6.dll
    2012-06-06 05:05:521236992----a-w-C:\Windows\SysWow64\msxml3.dll
    2012-06-06 05:03:06805376----a-w-C:\Windows\SysWow64\cdosys.dll
    2012-06-02 22:15:312622464----a-w-C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:0899840----a-w-C:\Windows\System32\wudriver.dll
    2012-06-02 19:19:42186752----a-w-C:\Windows\System32\wuwebv.dll
    2012-06-02 19:15:1236864----a-w-C:\Windows\System32\wuapp.exe
    2012-06-02 05:50:10458704----a-w-C:\Windows\System32\drivers\cng.sys
    2012-06-02 05:48:1695600----a-w-C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 05:48:16151920----a-w-C:\Windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:45:31340992----a-w-C:\Windows\System32\schannel.dll
    2012-06-02 05:44:21307200----a-w-C:\Windows\System32\ncrypt.dll
    2012-06-02 04:40:4222016----a-w-C:\Windows\SysWow64\secur32.dll
    2012-06-02 04:40:39225280----a-w-C:\Windows\SysWow64\schannel.dll
    2012-06-02 04:39:10219136----a-w-C:\Windows\SysWow64\ncrypt.dll
    2012-06-02 04:34:0996768----a-w-C:\Windows\SysWow64\sspicli.dll
    2012-05-15 04:01:311188864----a-w-C:\Windows\System32\wininet.dll
    2012-05-15 03:03:54981504----a-w-C:\Windows\SysWow64\wininet.dll
    2012-05-04 11:06:225559664----a-w-C:\Windows\System32\ntoskrnl.exe
    2012-05-04 10:03:533968368----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:503913072----a-w-C:\Windows\SysWow64\ntoskrnl.exe
    2012-05-02 02:19:0374703----a-w-C:\Windows\SysWow64\mfc45.dll
    2012-05-01 05:40:20209920----a-w-C:\Windows\System32\profsvc.dll
    .
    ============= FINISH: 2:03:03.36 ===============
  2. bentor79

    bentor79 Newcomer, in training Topic Starter

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume2
    Install Date: 5/12/2011 7:14:30 PM
    System Uptime: 7/27/2012 1:48:23 AM (1 hours ago)
    .
    Motherboard: Alienware | |
    Processor: Intel(R) Core(TM) i7 CPU Q 740 @ 1.73GHz | CPU 1 | 1729/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 447 GiB total, 348.848 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: facap, FastAccess Video Capture
    Device ID: ROOT\IMAGE\0000
    Manufacturer: Sensible Vision
    Name: facap, FastAccess Video Capture
    PNP Device ID: ROOT\IMAGE\0000
    Service: FACAP
    .
    ==== System Restore Points ===================
    .
    RP145: 7/21/2012 3:53:35 PM - Installed JavaFX 2.1.1
    RP147: 7/21/2012 8:53:09 PM - Removed service pack backup files
    RP148: 7/21/2012 11:55:56 PM - Installed NVIDIA Performance
    RP149: 7/21/2012 11:58:15 PM - Installed NVIDIA System Monitor
    RP150: 7/22/2012 12:00:10 AM - Installed NVIDIA System Update
    RP151: 7/24/2012 12:07:55 AM - Installed Java(TM) 7 Update 5 (64-bit)
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    µTorrent
    Accelerometer
    Acronis True Image Home
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Drive CS4
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Fonts All
    Adobe Linguistics CS4
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Reader X (10.1.3)
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Shockwave Player 11.6
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Advertising Center
    Citrix online plug-in - web
    Citrix online plug-in (DV)
    Citrix online plug-in (HDX)
    Citrix online plug-in (USB)
    Citrix online plug-in (Web)
    Combined Community Codec Pack 2011-11-11
    Command Center
    Connect
    CyberLink YouCam
    DAEMON Tools Lite
    Glary Utilities 2.41.0.1358
    Google Chrome
    IDT Audio
    ImagXpress
    Intel(R) Control Center
    Intel(R) Rapid Storage Technology
    IrfanView (remove only)
    Java Auto Updater
    Java(TM) 6 Update 31
    Java(TM) 7 Update 5
    JavaFX 2.1.1
    kuler
    League of Legends
    Malwarebytes Anti-Malware version 1.62.0.1300
    McAfee AntiVirus Plus
    McAfee Virtual Technician
    Microsoft Application Compatibility Toolkit 5.6
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    MSI Afterburner 2.2.1
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 9 Essentials
    Nero BurnRights
    Nero BurnRights Help
    Nero ControlCenter
    Nero CoverDesigner
    Nero CoverDesigner Help
    Nero Disc Copy Gadget
    Nero Disc Copy Gadget Help
    Nero DiscSpeed
    Nero DiscSpeed Help
    Nero DriveSpeed
    Nero DriveSpeed Help
    Nero Express Help
    Nero InfoTool
    Nero InfoTool Help
    Nero Installer
    Nero Online Upgrade
    Nero Rescue Agent
    Nero RescueAgent Help
    Nero StartSmart
    Nero StartSmart Help
    NeroExpress
    neroxml
    NVIDIA 3D Vision Controller Driver
    NVIDIA Performance
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    NVIDIA System Monitor
    NVIDIA System Update
    OSD Setup
    PDF Settings CS4
    Photoshop Camera Raw
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.57.01
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Skype™ 5.10
    Stardock MyColors
    StreamTorrent 1.0
    Suite Shared Configuration CS4
    swMSM
    TI Connect 1.6
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VC90_CRT_x64
    Vuze
    Windows Media Player Firefox Plugin
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/27/2012 1:50:29 AM, Error: Service Control Manager [7022] - The Windows Audio service hung on starting.
    7/27/2012 1:47:24 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    7/27/2012 1:45:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    7/27/2012 1:45:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    7/27/2012 1:45:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    7/27/2012 1:45:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    7/27/2012 1:45:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    7/27/2012 1:45:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    7/27/2012 1:45:14 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC ctxusbm DfsC discache HWiNFO32 mfehidk mfenlfk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
    7/27/2012 1:45:14 AM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
    7/27/2012 1:45:14 AM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    7/27/2012 1:45:14 AM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    7/27/2012 1:45:13 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    7/27/2012 1:45:13 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    7/27/2012 1:45:13 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    7/27/2012 1:45:13 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    7/27/2012 1:45:13 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    7/27/2012 1:45:13 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    7/27/2012 1:45:13 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    7/27/2012 1:45:13 AM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
    7/27/2012 1:45:13 AM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.
    7/27/2012 1:45:13 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    7/27/2012 1:45:13 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    7/27/2012 1:45:13 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    7/22/2012 10:42:14 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Alienware Fusion Service service to connect.
    7/22/2012 10:42:14 AM, Error: Service Control Manager [7000] - The Alienware Fusion Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/20/2012 5:17:58 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    7/20/2012 5:17:29 PM, Error: Service Control Manager [7034] - The OracleOraDb11g_home1TNSListener service terminated unexpectedly. It has done this 1 time(s).
    7/20/2012 5:17:23 PM, Error: Service Control Manager [7034] - The OracleMTSRecoveryService service terminated unexpectedly. It has done this 1 time(s).
    7/20/2012 5:15:51 PM, Error: Service Control Manager [7034] - The OracleServiceCGS2541 service terminated unexpectedly. It has done this 1 time(s).
    7/20/2012 5:15:51 PM, Error: Service Control Manager [7034] - The OracleServiceALIEN service terminated unexpectedly. It has done this 1 time(s).
    7/20/2012 5:15:45 PM, Error: Service Control Manager [7024] - The OracleDBConsoleAlien service terminated with service-specific error The system cannot find the file specified..
    .
    ==== End Of File ===========================
  3. bentor79

    bentor79 Newcomer, in training Topic Starter

    gmer did not produce any log results.

    Thank you for your help.
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
    Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  5. bentor79

    bentor79 Newcomer, in training Topic Starter

    Thanks for the prompt response! The results of TDSKiller as below:





    11:40:05.0027 7624TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
    11:40:06.0121 7624============================================================
    11:40:06.0121 7624Current date / time: 2012/07/27 11:40:06.0120
    11:40:06.0121 7624SystemInfo:
    11:40:06.0121 7624
    11:40:06.0122 7624OS Version: 6.1.7601 ServicePack: 1.0
    11:40:06.0122 7624Product type: Workstation
    11:40:06.0123 7624ComputerName: USER-PC
    11:40:06.0124 7624UserName: USER
    11:40:06.0124 7624Windows directory: C:\Windows
    11:40:06.0124 7624System windows directory: C:\Windows
    11:40:06.0124 7624Running under WOW64
    11:40:06.0124 7624Processor architecture: Intel x64
    11:40:06.0124 7624Number of processors: 8
    11:40:06.0125 7624Page size: 0x1000
    11:40:06.0125 7624Boot type: Normal boot
    11:40:06.0125 7624============================================================
    11:40:08.0629 7624Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    11:40:08.0669 7624============================================================
    11:40:08.0669 7624\Device\Harddisk0\DR0:
    11:40:08.0669 7624MBR partitions:
    11:40:08.0670 7624\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x27800, BlocksNum 0x256B000
    11:40:08.0670 7624\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2592800, BlocksNum 0x37DF3000
    11:40:08.0670 7624============================================================
    11:40:08.0691 7624C: <-> \Device\Harddisk0\DR0\Partition1
    11:40:08.0692 7624============================================================
    11:40:08.0692 7624Initialize success
    11:40:08.0692 7624============================================================
    11:40:30.0700 6176============================================================
    11:40:30.0701 6176Scan started
    11:40:30.0701 6176Mode: Manual; SigCheck; TDLFS;
    11:40:30.0701 6176============================================================
    11:40:33.0514 61761394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    11:40:34.0509 61761394ohci - ok
    11:40:34.0562 6176Acceler (e388503069001f0797ec200ce19b265e) C:\Windows\system32\DRIVERS\Acceler.sys
    11:40:35.0091 6176Acceler - ok
    11:40:35.0173 6176ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    11:40:35.0326 6176ACPI - ok
    11:40:35.0382 6176AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    11:40:36.0005 6176AcpiPmi - ok
    11:40:36.0193 6176AcrSch2Svc (2582060d70153b4ab12ff226b6ed7146) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    11:40:36.0393 6176AcrSch2Svc - ok
    11:40:36.0456 6176adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
    11:40:36.0957 6176adfs - ok
    11:40:37.0067 6176AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    11:40:37.0174 6176AdobeARMservice - ok
    11:40:37.0391 6176AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    11:40:37.0515 6176AdobeFlashPlayerUpdateSvc - ok
    11:40:37.0607 6176adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    11:40:37.0821 6176adp94xx - ok
    11:40:37.0886 6176adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    11:40:38.0089 6176adpahci - ok
    11:40:38.0130 6176adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    11:40:38.0295 6176adpu320 - ok
    11:40:38.0349 6176AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    11:40:38.0863 6176AeLookupSvc - ok
    11:40:38.0982 6176AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe
    11:40:39.0578 6176AESTFilters - ok
    11:40:39.0640 6176afcdp (3426a6eaa09077f3ab946fb9ceb85d8e) C:\Windows\system32\DRIVERS\afcdp.sys
    11:40:39.0744 6176afcdp - ok
    11:40:40.0064 6176afcdpsrv (986a134b1a1770599b7af9354cbb066f) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    11:40:40.0870 6176afcdpsrv - ok
    11:40:41.0061 6176AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    11:40:41.0602 6176AFD - ok
    11:40:41.0654 6176agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    11:40:41.0800 6176agp440 - ok
    11:40:41.0844 6176ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    11:40:42.0057 6176ALG - ok
    11:40:42.0142 6176AlienFusionService (a99e57669390f265d25288c8ba042d78) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
    11:40:42.0219 6176AlienFusionService - ok
    11:40:42.0268 6176aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    11:40:42.0410 6176aliide - ok
    11:40:42.0437 6176amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    11:40:42.0560 6176amdide - ok
    11:40:42.0592 6176AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    11:40:42.0776 6176AmdK8 - ok
    11:40:42.0810 6176AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    11:40:42.0978 6176AmdPPM - ok
    11:40:43.0046 6176amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    11:40:43.0562 6176amdsata - ok
    11:40:43.0618 6176amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    11:40:43.0796 6176amdsbs - ok
    11:40:43.0821 6176amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    11:40:43.0923 6176amdxata - ok
    11:40:43.0974 6176androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
    11:40:44.0581 6176androidusb - ok
    11:40:44.0645 6176AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    11:40:45.0429 6176AppID - ok
    11:40:45.0474 6176AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    11:40:45.0809 6176AppIDSvc - ok
    11:40:45.0860 6176Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    11:40:46.0532 6176Appinfo - ok
    11:40:46.0592 6176AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
    11:40:46.0766 6176AppMgmt - ok
    11:40:46.0821 6176arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    11:40:46.0949 6176arc - ok
    11:40:46.0978 6176arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    11:40:47.0141 6176arcsas - ok
    11:40:47.0247 6176aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    11:40:47.0342 6176aspnet_state - ok
    11:40:47.0395 6176AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    11:40:47.0733 6176AsyncMac - ok
    11:40:47.0782 6176atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    11:40:47.0890 6176atapi - ok
    11:40:48.0011 6176AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    11:40:48.0735 6176AudioEndpointBuilder - ok
    11:40:48.0771 6176AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    11:40:49.0088 6176AudioSrv - ok
    11:40:49.0166 6176AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    11:40:49.0724 6176AxInstSV - ok
    11:40:49.0795 6176b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    11:40:50.0029 6176b06bdrv - ok
    11:40:50.0090 6176b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    11:40:50.0259 6176b57nd60a - ok
    11:40:50.0312 6176BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    11:40:50.0504 6176BDESVC - ok
    11:40:50.0527 6176Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    11:40:50.0849 6176Beep - ok
    11:40:50.0966 6176BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
    11:40:51.0761 6176BFE - ok
    11:40:51.0875 6176BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
    11:40:53.0039 6176BITS - ok
    11:40:53.0105 6176blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    11:40:53.0286 6176blbdrive - ok
    11:40:53.0364 6176bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    11:40:53.0573 6176bowser - ok
    11:40:53.0602 6176BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    11:40:53.0850 6176BrFiltLo - ok
    11:40:53.0879 6176BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    11:40:54.0053 6176BrFiltUp - ok
    11:40:54.0112 6176Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    11:40:54.0743 6176Browser - ok
    11:40:54.0796 6176Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    11:40:55.0006 6176Brserid - ok
    11:40:55.0035 6176BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    11:40:55.0214 6176BrSerWdm - ok
    11:40:55.0259 6176BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    11:40:55.0424 6176BrUsbMdm - ok
    11:40:55.0447 6176BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    11:40:55.0621 6176BrUsbSer - ok
    11:40:55.0656 6176BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    11:40:55.0806 6176BTHMODEM - ok
    11:40:55.0870 6176bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    11:40:56.0218 6176bthserv - ok
    11:40:56.0271 6176cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    11:40:56.0925 6176cdfs - ok
    11:40:57.0000 6176cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    11:40:57.0571 6176cdrom - ok
    11:40:57.0643 6176CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    11:40:58.0273 6176CertPropSvc - ok
    11:40:58.0346 6176cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys
    11:40:58.0814 6176cfwids - ok
    11:40:58.0852 6176circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    11:40:59.0009 6176circlass - ok
    11:40:59.0072 6176CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    11:40:59.0212 6176CLFS - ok
    11:40:59.0299 6176clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    11:40:59.0422 6176clr_optimization_v2.0.50727_32 - ok
    11:40:59.0499 6176clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    11:40:59.0642 6176clr_optimization_v2.0.50727_64 - ok
    11:40:59.0731 6176clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    11:40:59.0831 6176clr_optimization_v4.0.30319_32 - ok
    11:40:59.0889 6176clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    11:40:59.0979 6176clr_optimization_v4.0.30319_64 - ok
    11:41:00.0040 6176CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    11:41:00.0229 6176CmBatt - ok
    11:41:00.0286 6176cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    11:41:00.0432 6176cmdide - ok
    11:41:00.0526 6176CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
    11:41:00.0746 6176CNG - ok
    11:41:00.0781 6176Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    11:41:00.0898 6176Compbatt - ok
    11:41:00.0943 6176CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    11:41:01.0564 6176CompositeBus - ok
    11:41:01.0595 6176COMSysApp - ok
    11:41:01.0658 6176crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    11:41:01.0798 6176crcdisk - ok
    11:41:01.0873 6176CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
    11:41:02.0445 6176CryptSvc - ok
    11:41:02.0534 6176CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
    11:41:03.0142 6176CSC - ok
    11:41:03.0234 6176CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
    11:41:03.0444 6176CscService - ok
    11:41:03.0528 6176ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys
    11:41:04.0042 6176ctxusbm - ok
    11:41:04.0101 6176dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
    11:41:04.0741 6176dc3d - ok
    11:41:04.0854 6176DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    11:41:05.0186 6176DcomLaunch - ok
    11:41:05.0270 6176defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    11:41:05.0742 6176defragsvc - ok
    11:41:05.0795 6176DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    11:41:06.0140 6176DfsC - ok
    11:41:06.0223 6176Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    11:41:06.0956 6176Dhcp - ok
    11:41:06.0994 6176discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    11:41:07.0329 6176discache - ok
    11:41:07.0385 6176Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    11:41:07.0493 6176Disk - ok
    11:41:07.0555 6176Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    11:41:08.0071 6176Dnscache - ok
    11:41:08.0159 6176dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    11:41:08.0799 6176dot3svc - ok
    11:41:08.0870 6176DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    11:41:09.0549 6176DPS - ok
    11:41:09.0596 6176drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    11:41:09.0780 6176drmkaud - ok
    11:41:09.0864 6176dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    11:41:10.0446 6176dtsoftbus01 - ok
    11:41:10.0596 6176DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    11:41:11.0370 6176DXGKrnl - ok
    11:41:11.0470 6176e1kexpress (324fcd2dd8a4229ddef3cc954ff12fa5) C:\Windows\system32\DRIVERS\e1k62x64.sys
    11:41:12.0107 6176e1kexpress - ok
    11:41:12.0173 6176EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    11:41:12.0574 6176EapHost - ok
    11:41:12.0936 6176ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    11:41:13.0402 6176ebdrv - ok
    11:41:13.0543 6176EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    11:41:14.0195 6176EFS - ok
    11:41:14.0333 6176ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    11:41:15.0044 6176ehRecvr - ok
    11:41:15.0084 6176ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    11:41:15.0261 6176ehSched - ok
    11:41:15.0407 6176elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    11:41:15.0595 6176elxstor - ok
    11:41:15.0633 6176ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    11:41:15.0791 6176ErrDev - ok
    11:41:15.0895 6176EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    11:41:16.0255 6176EventSystem - ok
    11:41:16.0304 6176exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    11:41:16.0707 6176exfat - ok
    11:41:16.0787 6176FACAP (2c1d443e14f376e8331f52f135dca9ef) C:\Windows\system32\DRIVERS\facap.sys
    11:41:17.0325 6176FACAP - ok
    11:41:17.0661 6176FAService (53e30a6e86aa93c0ffc0bc0439e3e636) C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
    11:41:18.0033 6176FAService - ok
    11:41:18.0182 6176fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    11:41:18.0478 6176fastfat - ok
    11:41:18.0585 6176Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    11:41:19.0177 6176Fax - ok
    11:41:19.0221 6176fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    11:41:19.0384 6176fdc - ok
    11:41:19.0435 6176fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    11:41:19.0778 6176fdPHost - ok
    11:41:19.0808 6176FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    11:41:20.0125 6176FDResPub - ok
    11:41:20.0164 6176FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    11:41:20.0286 6176FileInfo - ok
    11:41:20.0319 6176Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    11:41:20.0619 6176Filetrace - ok
    11:41:20.0770 6176FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    11:41:21.0544 6176FLEXnet Licensing Service - ok
    11:41:21.0683 6176FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    11:41:22.0426 6176FLEXnet Licensing Service 64 - ok
    11:41:22.0559 6176flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    11:41:22.0705 6176flpydisk - ok
    11:41:22.0779 6176FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    11:41:22.0915 6176FltMgr - ok
    11:41:23.0069 6176FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    11:41:23.0637 6176FontCache - ok
    11:41:23.0722 6176FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    11:41:24.0212 6176FontCache3.0.0.0 - ok
    11:41:24.0270 6176FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    11:41:24.0391 6176FsDepends - ok
    11:41:24.0436 6176Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
    11:41:24.0996 6176Fs_Rec - ok
    11:41:25.0067 6176fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    11:41:25.0216 6176fvevol - ok
    11:41:25.0257 6176gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    11:41:25.0394 6176gagp30kx - ok
    11:41:25.0500 6176gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    11:41:25.0877 6176gpsvc - ok
    11:41:25.0968 6176HappyOSD (8cd92502fec49e837155b9f20e5e2d2c) C:\Program Files (x86)\OSD\OSD_Service.exe
    11:41:27.0255 6176HappyOSD ( UnsignedFile.Multi.Generic ) - warning
    11:41:27.0258 6176HappyOSD - detected UnsignedFile.Multi.Generic (1)
    11:41:27.0296 6176hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    11:41:27.0443 6176hcw85cir - ok
    11:41:27.0544 6176HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    11:41:28.0105 6176HdAudAddService - ok
    11:41:28.0144 6176HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    11:41:28.0753 6176HDAudBus - ok
    11:41:28.0805 6176HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    11:41:28.0953 6176HidBatt - ok
    11:41:28.0996 6176HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    11:41:29.0188 6176HidBth - ok
    11:41:29.0223 6176HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    11:41:29.0390 6176HidIr - ok
    11:41:29.0429 6176hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
    11:41:29.0846 6176hidserv - ok
    11:41:29.0910 6176HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
    11:41:30.0469 6176HidUsb - ok
    11:41:30.0602 6176hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    11:41:31.0264 6176hkmsvc - ok
    11:41:31.0323 6176HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    11:41:31.0868 6176HomeGroupListener - ok
    11:41:31.0963 6176HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    11:41:32.0425 6176HomeGroupProvider - ok
    11:41:32.0494 6176HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    11:41:32.0993 6176HpSAMD - ok
    11:41:33.0117 6176HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    11:41:33.0883 6176HTTP - ok
    11:41:34.0044 6176HWiNFO32 (f78ff50c486d530504b7d2bb36b1ed22) C:\Program Files\HWiNFO64\HWiNFO64A.SYS
    11:41:34.0172 6176HWiNFO32 - ok
    11:41:34.0221 6176hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    11:41:34.0332 6176hwpolicy - ok
    11:41:34.0464 6176i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    11:41:34.0636 6176i8042prt - ok
    11:41:34.0731 6176iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
    11:41:34.0876 6176iaStor - ok
    11:41:34.0980 6176IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    11:41:35.0065 6176IAStorDataMgrSvc - ok
    11:41:35.0177 6176iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    11:41:35.0839 6176iaStorV - ok
    11:41:36.0145 6176idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    11:41:36.0772 6176idsvc - ok
    11:41:36.0856 6176iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    11:41:37.0020 6176iirsp - ok
    11:41:37.0155 6176IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    11:41:37.0865 6176IKEEXT - ok
    11:41:37.0983 6176InstallFilterService (cb8e52c468d674324260d1102955d42e) C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
    11:41:38.0035 6176InstallFilterService ( UnsignedFile.Multi.Generic ) - warning
    11:41:38.0035 6176InstallFilterService - detected UnsignedFile.Multi.Generic (1)
    11:41:38.0174 6176Intel(R) PROSet Monitoring Service (4a9eb8ac8959c580adcaddbdbbebe033) C:\Windows\system32\IProsetMonitor.exe
    11:41:38.0692 6176Intel(R) PROSet Monitoring Service - ok
    11:41:38.0732 6176intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    11:41:38.0854 6176intelide - ok
    11:41:38.0902 6176intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    11:41:39.0100 6176intelppm - ok
    11:41:39.0145 6176IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    11:41:39.0499 6176IPBusEnum - ok
    11:41:39.0673 6176IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    11:41:40.0347 6176IpFilterDriver - ok
    11:41:40.0441 6176iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
    11:41:40.0810 6176iphlpsvc - ok
    11:41:40.0915 6176IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    11:41:41.0433 6176IPMIDRV - ok
    11:41:41.0480 6176IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    11:41:41.0870 6176IPNAT - ok
    11:41:41.0901 6176IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    11:41:42.0106 6176IRENUM - ok
    11:41:42.0149 6176isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    11:41:42.0267 6176isapnp - ok
    11:41:42.0316 6176iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    11:41:42.0856 6176iScsiPrt - ok
    11:41:42.0930 6176itecir (9291643b494f87bfdac95a524f69e737) C:\Windows\system32\DRIVERS\itecir.sys
    11:41:43.0470 6176itecir - ok
    11:41:43.0496 6176ITECIRfilter (e5aac07b053d15ba8f67ba7d49c20971) C:\Windows\system32\DRIVERS\ITECIRfilter.sys
    11:41:43.0983 6176ITECIRfilter - ok
    11:41:44.0036 6176kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    11:41:44.0170 6176kbdclass - ok
    11:41:44.0244 6176kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    11:41:44.0864 6176kbdhid - ok
    11:41:44.0910 6176KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    11:41:45.0038 6176KeyIso - ok
    11:41:45.0093 6176KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
    11:41:45.0214 6176KSecDD - ok
    11:41:45.0262 6176KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
    11:41:45.0377 6176KSecPkg - ok
    11:41:45.0427 6176ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    11:41:45.0753 6176ksthunk - ok
    11:41:45.0869 6176KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    11:41:46.0272 6176KtmRm - ok
    11:41:46.0375 6176LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
    11:41:46.0977 6176LanmanServer - ok
    11:41:47.0056 6176LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    11:41:47.0729 6176LanmanWorkstation - ok
    11:41:47.0833 6176lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    11:41:48.0177 6176lltdio - ok
    11:41:48.0271 6176lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    11:41:48.0654 6176lltdsvc - ok
    11:41:48.0715 6176lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    11:41:49.0049 6176lmhosts - ok
    11:41:49.0108 6176LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    11:41:49.0248 6176LSI_FC - ok
    11:41:49.0323 6176LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    11:41:49.0448 6176LSI_SAS - ok
    11:41:49.0482 6176LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    11:41:49.0597 6176LSI_SAS2 - ok
    11:41:49.0645 6176LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    11:41:49.0807 6176LSI_SCSI - ok
    11:41:49.0857 6176luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    11:41:50.0202 6176luafv - ok
    11:41:50.0450 6176McAfee SiteAdvisor Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    11:41:50.0560 6176McAfee SiteAdvisor Service - ok
    11:41:50.0585 6176McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    11:41:50.0695 6176McMPFSvc - ok
    11:41:50.0732 6176mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    11:41:50.0833 6176mcmscsvc - ok
    11:41:50.0865 6176McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    11:41:50.0991 6176McNaiAnn - ok
    11:41:51.0035 6176McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    11:41:51.0132 6176McNASvc - ok
    11:41:51.0438 6176McODS (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\McAfee\VirusScan\mcods.exe
    11:41:51.0581 6176McODS - ok
    11:41:51.0617 6176McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    11:41:51.0718 6176McProxy - ok
    11:41:51.0827 6176McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    11:41:52.0393 6176McShield - ok
    11:41:52.0461 6176Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    11:41:52.0929 6176Mcx2Svc - ok
    11:41:52.0968 6176megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    11:41:53.0102 6176megasas - ok
    11:41:53.0190 6176MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    11:41:53.0360 6176MegaSR - ok
    11:41:53.0446 6176mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys
    11:41:53.0975 6176mfeapfk - ok
    11:41:54.0085 6176mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys
    11:41:54.0691 6176mfeavfk - ok
    11:41:54.0736 6176mfeavfk01 - ok
    11:41:54.0787 6176mfeavfk02 - ok
    11:41:54.0872 6176mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    11:41:55.0381 6176mfefire - ok
    11:41:55.0505 6176mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys
    11:41:56.0004 6176mfefirek - ok
    11:41:56.0156 6176mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys
    11:41:56.0317 6176mfehidk - ok
    11:41:56.0423 6176mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys
    11:41:56.0905 6176mfenlfk - ok
    11:41:57.0038 6176mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys
    11:41:57.0134 6176mferkdet - ok
    11:41:57.0209 6176mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe
    11:41:57.0759 6176mfevtp - ok
    11:41:57.0822 6176mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys
    11:41:57.0945 6176mfewfpk - ok
    11:41:58.0057 6176Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
    11:41:58.0176 6176Microsoft Office Groove Audit Service - ok
    11:41:58.0257 6176MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    11:41:58.0609 6176MMCSS - ok
    11:41:58.0641 6176Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    11:41:58.0960 6176Modem - ok
    11:41:59.0006 6176monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    11:41:59.0168 6176monitor - ok
    11:41:59.0229 6176mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    11:41:59.0382 6176mouclass - ok
    11:41:59.0437 6176mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    11:41:59.0580 6176mouhid - ok
    11:41:59.0636 6176mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    11:41:59.0755 6176mountmgr - ok
    11:41:59.0872 6176mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    11:42:00.0392 6176mpio - ok
    11:42:00.0435 6176mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    11:42:00.0787 6176mpsdrv - ok
    11:42:00.0907 6176MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
    11:42:01.0591 6176MpsSvc - ok
    11:42:01.0645 6176MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    11:42:02.0273 6176MRxDAV - ok
    11:42:02.0379 6176mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    11:42:02.0540 6176mrxsmb - ok
    11:42:02.0613 6176mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    11:42:02.0770 6176mrxsmb10 - ok
    11:42:02.0832 6176mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    11:42:02.0974 6176mrxsmb20 - ok
    11:42:03.0020 6176msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    11:42:03.0130 6176msahci - ok
    11:42:03.0189 6176msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    11:42:03.0882 6176msdsm - ok
    11:42:03.0962 6176MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    11:42:04.0139 6176MSDTC - ok
    11:42:04.0205 6176Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    11:42:04.0517 6176Msfs - ok
    11:42:04.0542 6176mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    11:42:04.0893 6176mshidkmdf - ok
    11:42:04.0939 6176msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    11:42:05.0048 6176msisadrv - ok
    11:42:05.0117 6176MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    11:42:05.0466 6176MSiSCSI - ok
    11:42:05.0485 6176msiserver - ok
    11:42:05.0554 6176MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    11:42:05.0932 6176MSKSSRV - ok
    11:42:05.0973 6176MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    11:42:06.0365 6176MSPCLOCK - ok
    11:42:06.0396 6176MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    11:42:06.0685 6176MSPQM - ok
    11:42:06.0858 6176MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    11:42:06.0994 6176MsRPC - ok
    11:42:07.0054 6176mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    11:42:07.0204 6176mssmbios - ok
    11:42:07.0249 6176MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    11:42:07.0587 6176MSTEE - ok
    11:42:07.0617 6176MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    11:42:07.0790 6176MTConfig - ok
    11:42:07.0842 6176Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    11:42:07.0951 6176Mup - ok
    11:42:08.0061 6176napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    11:42:08.0379 6176napagent - ok
    11:42:08.0522 6176NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    11:42:08.0792 6176NativeWifiP - ok
    11:42:08.0956 6176NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    11:42:09.0201 6176NDIS - ok
    11:42:09.0271 6176NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    11:42:09.0636 6176NdisCap - ok
    11:42:09.0674 6176NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    11:42:09.0989 6176NdisTapi - ok
    11:42:10.0035 6176Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    11:42:10.0806 6176Ndisuio - ok
    11:42:10.0879 6176NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    11:42:11.0646 6176NdisWan - ok
    11:42:11.0706 6176NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    11:42:12.0385 6176NDProxy - ok
    11:42:12.0584 6176Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    11:42:13.0343 6176Nero BackItUp Scheduler 4.0 - ok
    11:42:13.0411 6176NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    11:42:13.0750 6176NetBIOS - ok
    11:42:13.0820 6176NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    11:42:14.0562 6176NetBT - ok
    11:42:14.0610 6176Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    11:42:14.0714 6176Netlogon - ok
    11:42:14.0798 6176Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    11:42:15.0177 6176Netman - ok
    11:42:15.0285 6176NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    11:42:15.0406 6176NetMsmqActivator - ok
    11:42:15.0423 6176NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d)
  6. bentor79

    bentor79 Newcomer, in training Topic Starter

    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    11:42:15.0520 6176NetPipeActivator - ok
    11:42:15.0630 6176netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    11:42:15.0993 6176netprofm - ok
    11:42:16.0015 6176NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    11:42:16.0105 6176NetTcpActivator - ok
    11:42:16.0121 6176NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    11:42:16.0222 6176NetTcpPortSharing - ok
    11:42:16.0986 6176netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
    11:42:17.0697 6176netw5v64 - ok
    11:42:17.0859 6176nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    11:42:18.0002 6176nfrd960 - ok
    11:42:18.0091 6176NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    11:42:18.0801 6176NlaSvc - ok
    11:42:18.0867 6176Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    11:42:19.0184 6176Npfs - ok
    11:42:19.0224 6176nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    11:42:19.0535 6176nsi - ok
    11:42:19.0570 6176nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    11:42:19.0887 6176nsiproxy - ok
    11:42:20.0141 6176Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    11:42:20.0423 6176Ntfs - ok
    11:42:20.0554 6176nTuneService - ok
    11:42:20.0709 6176Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    11:42:21.0098 6176Null - ok
    11:42:21.0182 6176NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
    11:42:21.0778 6176NVHDA - ok
    11:42:23.0148 6176nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    11:42:25.0151 6176nvlddmkm - ok
    11:42:25.0342 6176nvoclk64 (8c1d181480796d7d3366a9381fd7782d) C:\Windows\system32\DRIVERS\nvoclk64.sys
    11:42:25.0898 6176nvoclk64 - ok
    11:42:25.0966 6176nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    11:42:26.0523 6176nvraid - ok
    11:42:26.0566 6176nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    11:42:27.0113 6176nvstor - ok
    11:42:27.0254 6176nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
    11:42:27.0902 6176nvsvc - ok
    11:42:28.0231 6176nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    11:42:29.0109 6176nvUpdatusService - ok
    11:42:29.0276 6176nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    11:42:29.0441 6176nv_agp - ok
    11:42:29.0648 6176odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    11:42:29.0798 6176odserv - ok
    11:42:29.0867 6176ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    11:42:30.0020 6176ohci1394 - ok
    11:42:30.0160 6176Oraclec_app_user_product_112~1.0_dbhome_3ConfigurationManager - ok
    11:42:30.0274 6176OracleDBConsoleAlien (985b95883b5e54d1966ee84ca76085e4) C:\app\USER\product\11.2.0\dbhome_3\bin\nmesrvc.exe
    11:42:30.0729 6176OracleDBConsoleAlien ( UnsignedFile.Multi.Generic ) - warning
    11:42:30.0730 6176OracleDBConsoleAlien - detected UnsignedFile.Multi.Generic (1)
    11:42:30.0759 6176OracleJobSchedulerALIEN - ok
    11:42:30.0795 6176OracleJobSchedulerCGS2541 - ok
    11:42:30.0822 6176OracleMTSRecoveryService - ok
    11:42:30.0849 6176OracleOraDb11g_home1ClrAgent - ok
    11:42:30.0872 6176OracleOraDb11g_home1TNSListener - ok
    11:42:30.0898 6176OracleServiceALIEN - ok
    11:42:30.0930 6176OracleServiceCGS2541 - ok
    11:42:30.0954 6176OracleVssWriterALIEN - ok
    11:42:30.0982 6176OracleVssWriterCGS2541 - ok
    11:42:31.0040 6176ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    11:42:31.0155 6176ose - ok
    11:42:31.0246 6176p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    11:42:31.0465 6176p2pimsvc - ok
    11:42:31.0539 6176p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    11:42:31.0779 6176p2psvc - ok
    11:42:31.0826 6176Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    11:42:31.0985 6176Parport - ok
    11:42:32.0031 6176partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
    11:42:32.0135 6176partmgr - ok
    11:42:32.0194 6176PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    11:42:32.0422 6176PcaSvc - ok
    11:42:32.0476 6176pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    11:42:32.0595 6176pci - ok
    11:42:32.0638 6176pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    11:42:32.0778 6176pciide - ok
    11:42:32.0879 6176pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    11:42:33.0016 6176pcmcia - ok
    11:42:33.0057 6176pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    11:42:33.0178 6176pcw - ok
    11:42:33.0277 6176PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    11:42:33.0697 6176PEAUTH - ok
    11:42:33.0870 6176PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
    11:42:34.0217 6176PeerDistSvc - ok
    11:42:34.0328 6176PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    11:42:34.0493 6176PerfHost - ok
    11:42:34.0768 6176pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    11:42:35.0502 6176pla - ok
    11:42:35.0587 6176PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    11:42:36.0125 6176PlugPlay - ok
    11:42:36.0162 6176PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    11:42:36.0359 6176PNRPAutoReg - ok
    11:42:36.0421 6176PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    11:42:36.0565 6176PNRPsvc - ok
    11:42:36.0664 6176PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    11:42:37.0330 6176PolicyAgent - ok
    11:42:37.0398 6176Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    11:42:37.0776 6176Power - ok
    11:42:37.0864 6176PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    11:42:38.0661 6176PptpMiniport - ok
    11:42:38.0709 6176Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    11:42:38.0848 6176Processor - ok
    11:42:38.0957 6176ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
    11:42:39.0512 6176ProfSvc - ok
    11:42:39.0559 6176ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    11:42:39.0688 6176ProtectedStorage - ok
    11:42:39.0757 6176Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    11:42:40.0480 6176Psched - ok
    11:42:40.0680 6176ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    11:42:41.0048 6176ql2300 - ok
    11:42:41.0195 6176ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    11:42:41.0329 6176ql40xx - ok
    11:42:41.0392 6176QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    11:42:41.0600 6176QWAVE - ok
    11:42:41.0653 6176QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    11:42:41.0840 6176QWAVEdrv - ok
    11:42:41.0871 6176RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    11:42:42.0196 6176RasAcd - ok
    11:42:42.0253 6176RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    11:42:42.0622 6176RasAgileVpn - ok
    11:42:42.0674 6176RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    11:42:43.0064 6176RasAuto - ok
    11:42:43.0120 6176Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    11:42:43.0870 6176Rasl2tp - ok
    11:42:43.0933 6176RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    11:42:44.0565 6176RasMan - ok
    11:42:44.0613 6176RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    11:42:44.0961 6176RasPppoe - ok
    11:42:45.0018 6176RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    11:42:45.0340 6176RasSstp - ok
    11:42:45.0396 6176Razerlow (81ddbf4fe998ef1f4ba230f7e8d8c67e) C:\Windows\system32\drivers\DB3G.sys
    11:42:45.0952 6176Razerlow - ok
    11:42:46.0032 6176rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    11:42:46.0361 6176rdbss - ok
    11:42:46.0408 6176rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    11:42:46.0604 6176rdpbus - ok
    11:42:46.0637 6176RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    11:42:46.0983 6176RDPCDD - ok
    11:42:47.0052 6176RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
    11:42:47.0641 6176RDPDR - ok
    11:42:47.0700 6176RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    11:42:48.0040 6176RDPENCDD - ok
    11:42:48.0091 6176RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    11:42:48.0385 6176RDPREFMP - ok
    11:42:48.0477 6176RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
    11:42:49.0039 6176RdpVideoMiniport - ok
    11:42:49.0120 6176RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
    11:42:49.0707 6176RDPWD - ok
    11:42:49.0777 6176rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    11:42:49.0918 6176rdyboost - ok
    11:42:49.0972 6176RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    11:42:50.0337 6176RemoteAccess - ok
    11:42:50.0380 6176RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    11:42:50.0692 6176RemoteRegistry - ok
    11:42:50.0761 6176rimmptsk (cb7c996f3878e936bfdd9cdfe6a3a987) C:\Windows\system32\DRIVERS\rimmpx64.sys
    11:42:51.0343 6176rimmptsk - ok
    11:42:51.0380 6176rimsptsk (2c543f0e04b5f6fd5c17509d0ece6d1d) C:\Windows\system32\DRIVERS\rimspx64.sys
    11:42:51.0917 6176rimsptsk - ok
    11:42:51.0988 6176RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
    11:42:52.0540 6176RimUsb - ok
    11:42:52.0583 6176rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
    11:42:53.0199 6176rismxdp - ok
    11:42:53.0245 6176RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    11:42:53.0657 6176RpcEptMapper - ok
    11:42:53.0704 6176RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    11:42:53.0880 6176RpcLocator - ok
    11:42:53.0979 6176RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    11:42:54.0329 6176RpcSs - ok
    11:42:54.0384 6176rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    11:42:54.0695 6176rspndr - ok
    11:42:54.0733 6176s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
    11:42:55.0362 6176s3cap - ok
    11:42:55.0408 6176SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    11:42:55.0534 6176SamSs - ok
    11:42:55.0582 6176sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    11:42:56.0189 6176sbp2port - ok
    11:42:56.0246 6176SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    11:42:56.0619 6176SCardSvr - ok
    11:42:56.0662 6176scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    11:42:57.0392 6176scfilter - ok
    11:42:57.0573 6176Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    11:42:58.0292 6176Schedule - ok
    11:42:58.0360 6176SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    11:42:58.0630 6176SCPolicySvc - ok
    11:42:58.0707 6176sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
    11:42:59.0298 6176sdbus - ok
    11:42:59.0352 6176SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    11:42:59.0837 6176SDRSVC - ok
    11:42:59.0919 6176secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    11:43:00.0266 6176secdrv - ok
    11:43:00.0319 6176seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    11:43:00.0885 6176seclogon - ok
    11:43:00.0929 6176SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
    11:43:01.0274 6176SENS - ok
    11:43:01.0317 6176SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    11:43:01.0484 6176SensrSvc - ok
    11:43:01.0545 6176Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    11:43:01.0686 6176Serenum - ok
    11:43:01.0739 6176Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    11:43:01.0883 6176Serial - ok
    11:43:01.0929 6176sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    11:43:02.0071 6176sermouse - ok
    11:43:02.0171 6176SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    11:43:02.0794 6176SessionEnv - ok
    11:43:02.0842 6176sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    11:43:02.0997 6176sffdisk - ok
    11:43:03.0019 6176sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    11:43:03.0222 6176sffp_mmc - ok
    11:43:03.0245 6176sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    11:43:03.0787 6176sffp_sd - ok
    11:43:03.0832 6176sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    11:43:03.0983 6176sfloppy - ok
    11:43:04.0058 6176SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    11:43:04.0474 6176SharedAccess - ok
    11:43:04.0558 6176ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    11:43:05.0254 6176ShellHWDetection - ok
    11:43:05.0355 6176SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    11:43:05.0480 6176SiSRaid2 - ok
    11:43:05.0511 6176SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    11:43:05.0635 6176SiSRaid4 - ok
    11:43:05.0756 6176SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
    11:43:05.0843 6176SkypeUpdate - ok
    11:43:05.0898 6176Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    11:43:06.0170 6176Smb - ok
    11:43:06.0257 6176snapman (446eb38ce4a6d040f548b2f547ca96ff) C:\Windows\system32\DRIVERS\snapman.sys
    11:43:06.0345 6176snapman - ok
    11:43:06.0403 6176SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    11:43:06.0603 6176SNMPTRAP - ok
    11:43:06.0638 6176spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    11:43:06.0732 6176spldr - ok
    11:43:06.0837 6176Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    11:43:07.0616 6176Spooler - ok
    11:43:07.0994 6176sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    11:43:09.0017 6176sppsvc - ok
    11:43:09.0146 6176sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    11:43:09.0475 6176sppuinotify - ok
    11:43:09.0566 6176srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    11:43:09.0771 6176srv - ok
    11:43:09.0860 6176srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    11:43:10.0012 6176srv2 - ok
    11:43:10.0062 6176srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    11:43:10.0189 6176srvnet - ok
    11:43:10.0291 6176ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
    11:43:10.0938 6176ssadbus - ok
    11:43:10.0988 6176ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
    11:43:11.0566 6176ssadmdfl - ok
    11:43:11.0628 6176ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
    11:43:12.0220 6176ssadmdm - ok
    11:43:12.0309 6176ssadserd (d33d1bd3ec0e766211a234f56a12726d) C:\Windows\system32\DRIVERS\ssadserd.sys
    11:43:12.0897 6176ssadserd - ok
    11:43:12.0966 6176SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    11:43:13.0358 6176SSDPSRV - ok
    11:43:13.0410 6176SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    11:43:13.0826 6176SstpSvc - ok
    11:43:13.0976 6176STacSV (1fcaf9c8a17985a28507338f36200320) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\STacSV64.exe
    11:43:14.0588 6176STacSV - ok
    11:43:14.0647 6176stdflt (3d69f5f3beb8aa28d7f46f5548b8d6d7) C:\Windows\system32\DRIVERS\stdflt.sys
    11:43:14.0736 6176stdflt - ok
    11:43:14.0890 6176Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    11:43:15.0032 6176Stereo Service - ok
    11:43:15.0070 6176stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    11:43:15.0207 6176stexstor - ok
    11:43:15.0458 6176STHDA (3c400155894b9caf176eb4f64737050b) C:\Windows\system32\DRIVERS\stwrt64.sys
    11:43:15.0999 6176STHDA - ok
    11:43:16.0117 6176stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    11:43:16.0661 6176stisvc - ok
    11:43:16.0717 6176storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
    11:43:16.0834 6176storflt - ok
    11:43:16.0871 6176storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
    11:43:17.0433 6176storvsc - ok
    11:43:17.0467 6176swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    11:43:17.0620 6176swenum - ok
    11:43:17.0699 6176swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    11:43:18.0059 6176swprv - ok
    11:43:18.0098 6176Synth3dVsc - ok
    11:43:18.0195 6176SynTP (5c9bb68b1f4bbcb85b4f6e675fc523a0) C:\Windows\system32\DRIVERS\SynTP.sys
    11:43:18.0822 6176SynTP - ok
    11:43:19.0026 6176SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    11:43:19.0647 6176SysMain - ok
    11:43:19.0812 6176TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    11:43:20.0356 6176TabletInputService - ok
    11:43:20.0417 6176TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    11:43:21.0106 6176TapiSrv - ok
    11:43:21.0154 6176TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    11:43:21.0515 6176TBS - ok
    11:43:21.0766 6176Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
    11:43:22.0091 6176Tcpip - ok
    11:43:22.0403 6176TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
    11:43:22.0710 6176TCPIP6 - ok
    11:43:22.0883 6176tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    11:43:23.0641 6176tcpipreg - ok
    11:43:23.0703 6176TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    11:43:23.0921 6176TDPIPE - ok
    11:43:24.0128 6176tdrpman251 (df9179b7bdf0c5b71f9c3d93c016bae5) C:\Windows\system32\DRIVERS\tdrpm251.sys
    11:43:24.0374 6176tdrpman251 - ok
    11:43:24.0518 6176TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    11:43:24.0967 6176TDTCP - ok
    11:43:25.0036 6176tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    11:43:25.0720 6176tdx - ok
    11:43:25.0768 6176TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    11:43:26.0232 6176TermDD - ok
    11:43:26.0329 6176TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    11:43:27.0086 6176TermService - ok
    11:43:27.0143 6176Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    11:43:27.0340 6176Themes - ok
    11:43:27.0386 6176THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    11:43:27.0702 6176THREADORDER - ok
    11:43:27.0770 6176TIEHDUSB (199c2e87d9a5ec58d0bcd94e893bf629) C:\Windows\system32\DRIVERS\tiehdusb.sys
    11:43:28.0346 6176TIEHDUSB - ok
    11:43:28.0479 6176timounter (f7546ead58cc3000ac02cf9529b9934e) C:\Windows\system32\DRIVERS\timntr.sys
    11:43:28.0657 6176timounter - ok
    11:43:28.0713 6176TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    11:43:29.0090 6176TrkWks - ok
    11:43:29.0171 6176TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    11:43:29.0902 6176TrustedInstaller - ok
    11:43:29.0990 6176tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    11:43:30.0741 6176tssecsrv - ok
    11:43:30.0806 6176TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    11:43:31.0356 6176TsUsbFlt - ok
    11:43:31.0387 6176tsusbhub - ok
    11:43:31.0476 6176tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    11:43:32.0186 6176tunnel - ok
    11:43:32.0237 6176uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    11:43:32.0374 6176uagp35 - ok
    11:43:32.0458 6176udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    11:43:33.0217 6176udfs - ok
    11:43:33.0299 6176UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    11:43:33.0481 6176UI0Detect - ok
    11:43:33.0542 6176uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    11:43:33.0682 6176uliagpkx - ok
    11:43:33.0734 6176umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
    11:43:34.0341 6176umbus - ok
    11:43:34.0395 6176UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    11:43:34.0520 6176UmPass - ok
    11:43:34.0594 6176UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
    11:43:35.0065 6176UmRdpService - ok
    11:43:35.0197 6176UpdateCenterService - ok
    11:43:35.0289 6176upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    11:43:35.0665 6176upnphost - ok
    11:43:35.0730 6176usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    11:43:36.0376 6176usbccgp - ok
    11:43:36.0445 6176usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    11:43:36.0649 6176usbcir - ok
    11:43:36.0690 6176usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
    11:43:37.0282 6176usbehci - ok
    11:43:37.0367 6176usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    11:43:37.0915 6176usbhub - ok
    11:43:37.0951 6176usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    11:43:38.0529 6176usbohci - ok
    11:43:38.0586 6176usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    11:43:38.0768 6176usbprint - ok
    11:43:38.0826 6176usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    11:43:38.0990 6176usbscan - ok
    11:43:39.0052 6176USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    11:43:39.0617 6176USBSTOR - ok
    11:43:39.0650 6176usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    11:43:40.0203 6176usbuhci - ok
    11:43:40.0278 6176usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
    11:43:40.0827 6176usbvideo - ok
    11:43:40.0889 6176UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    11:43:41.0242 6176UxSms - ok
    11:43:41.0282 6176VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    11:43:41.0402 6176VaultSvc - ok
    11:43:41.0443 6176vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    11:43:41.0558 6176vdrvroot - ok
    11:43:41.0658 6176vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    11:43:42.0479 6176vds - ok
    11:43:42.0541 6176vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    11:43:42.0703 6176vga - ok
    11:43:42.0743 6176VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    11:43:43.0066 6176VgaSave - ok
    11:43:43.0088 6176VGPU - ok
    11:43:43.0159 6176vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    11:43:43.0653 6176vhdmp - ok
    11:43:43.0692 6176viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    11:43:43.0820 6176viaide - ok
    11:43:43.0873 6176vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
    11:43:44.0010 6176vmbus - ok
    11:43:44.0052 6176VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
    11:43:44.0580 6176VMBusHID - ok
    11:43:44.0615 6176volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    11:43:44.0731 6176volmgr - ok
    11:43:44.0822 6176volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    11:43:44.0947 6176volmgrx - ok
    11:43:45.0007 6176volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    11:43:45.0166 6176volsnap - ok
    11:43:45.0318 6176vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    11:43:45.0469 6176vsmraid - ok
    11:43:45.0676 6176VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    11:43:46.0142 6176VSS - ok
    11:43:46.0277 6176vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    11:43:46.0431 6176vwifibus - ok
    11:43:46.0536 6176W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    11:43:46.0926 6176W32Time - ok
    11:43:46.0988 6176WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    11:43:47.0140 6176WacomPen - ok
    11:43:47.0204 6176WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    11:43:47.0938 6176WANARP - ok
    11:43:47.0967 6176Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    11:43:48.0276 6176Wanarpv6 - ok
    11:43:48.0462 6176WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    11:43:49.0134 6176WatAdminSvc - ok
    11:43:49.0315 6176wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    11:43:49.0966 6176wbengine - ok
    11:43:50.0145 6176WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    11:43:50.0375 6176WbioSrvc - ok
    11:43:50.0463 6176wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    11:43:50.0962 6176wcncsvc - ok
    11:43:51.0010 6176WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    11:43:51.0185 6176WcsPlugInService - ok
    11:43:51.0239 6176Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    11:43:51.0394 6176Wd - ok
    11:43:51.0484 6176Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    11:43:51.0672 6176Wdf01000 - ok
    11:43:51.0722 6176WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    11:43:51.0993 6176WdiServiceHost - ok
    11:43:52.0016 6176WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    11:43:52.0184 6176WdiSystemHost - ok
    11:43:52.0254 6176WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    11:43:52.0734 6176WebClient - ok
    11:43:52.0809 6176Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    11:43:53.0201 6176Wecsvc - ok
    11:43:53.0265 6176wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    11:43:53.0652 6176wercplsupport - ok
    11:43:53.0704 6176WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    11:43:54.0047 6176WerSvc - ok
    11:43:54.0111 6176WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    11:43:54.0424 6176WfpLwf - ok
    11:43:54.0456 6176WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    11:43:54.0569 6176WIMMount - ok
    11:43:54.0644 6176WinDefend - ok
    11:43:54.0834 6176WindowBlinds (8258726d076c8fff994f468712ddfbab) C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe
    11:43:54.0946 6176WindowBlinds - ok
    11:43:54.0995 6176WinHttpAutoProxySvc - ok
    11:43:55.0090 6176Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    11:43:55.0468 6176Winmgmt - ok
    11:43:55.0540 6176WinRing0_1_2_0 (0c0195c48b6b8582fa6f6373032118da) C:\Program Files (x86)\OSD\WinRing0x64.sys
    11:43:55.0656 6176WinRing0_1_2_0 - ok
    11:43:55.0892 6176WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    11:43:56.0639 6176WinRM - ok
    11:43:56.0848 6176WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    11:43:57.0442 6176WinUsb - ok
    11:43:57.0582 6176Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    11:43:57.0884 6176Wlansvc - ok
    11:43:57.0950 6176WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
    11:43:58.0503 6176WmBEnum - ok
    11:43:58.0590 6176WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
    11:43:59.0137 6176WmFilter - ok
    11:43:59.0204 6176WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    11:43:59.0368 6176WmiAcpi - ok
    11:43:59.0476 6176wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    11:43:59.0677 6176wmiApSrv - ok
    11:43:59.0749 6176WMPNetworkSvc - ok
    11:43:59.0811 6176WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
    11:44:00.0328 6176WmVirHid - ok
    11:44:00.0385 6176WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
    11:44:00.0891 6176WmXlCore - ok
    11:44:00.0930 6176WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    11:44:01.0117 6176WPCSvc - ok
    11:44:01.0184 6176WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    11:44:01.0645 6176WPDBusEnum - ok
    11:44:01.0690 6176ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    11:44:02.0010 6176ws2ifsl - ok
    11:44:02.0056 6176wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
    11:44:02.0251 6176wscsvc - ok
    11:44:02.0272 6176WSearch - ok
    11:44:02.0573 6176wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
    11:44:02.0975 6176wuauserv - ok
    11:44:03.0142 6176WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    11:44:03.0864 6176WudfPf - ok
    11:44:03.0918 6176WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    11:44:04.0694 6176WUDFRd - ok
    11:44:04.0750 6176wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    11:44:05.0415 6176wudfsvc - ok
    11:44:05.0476 6176WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    11:44:05.0712 6176WwanSvc - ok
    11:44:05.0786 6176xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys
    11:44:06.0282 6176xusb21 - ok
    11:44:06.0342 6176MBR (0x1B8) (a276cd651395257281084752048c27c1) \Device\Harddisk0\DR0
    11:44:09.0207 6176\Device\Harddisk0\DR0 - ok
    11:44:09.0224 6176Boot (0x1200) (d04792d574ea36f90fb7ac3e8d2f9404) \Device\Harddisk0\DR0\Partition0
    11:44:09.0233 6176\Device\Harddisk0\DR0\Partition0 - ok
    11:44:09.0281 6176Boot (0x1200) (f2846d36df232fd3bea12864a650f834) \Device\Harddisk0\DR0\Partition1
    11:44:09.0291 6176\Device\Harddisk0\DR0\Partition1 - ok
    11:44:09.0294 6176============================================================
    11:44:09.0295 6176Scan finished
    11:44:09.0295 6176============================================================
    11:44:09.0355 6684Detected object count: 3
    11:44:09.0355 6684Actual detected object count: 3
    11:45:06.0342 6684HappyOSD ( UnsignedFile.Multi.Generic ) - skipped by user
    11:45:06.0342 6684HappyOSD ( UnsignedFile.Multi.Generic ) - User select action: Skip
    11:45:06.0344 6684InstallFilterService ( UnsignedFile.Multi.Generic ) - skipped by user
    11:45:06.0344 6684InstallFilterService ( UnsignedFile.Multi.Generic ) - User select action: Skip
    11:45:06.0346 6684OracleDBConsoleAlien ( UnsignedFile.Multi.Generic ) - skipped by user
    11:45:06.0346 6684OracleDBConsoleAlien ( UnsignedFile.Multi.Generic ) - User select action: Skip
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    You're welcome..and good job! Now, for this tool:

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop.

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
  8. bentor79

    bentor79 Newcomer, in training Topic Starter

    Hello again,

    here are the results from the last scan but I think that I didnt name it correctly as svchost.exe and will re-run and post those results as well...


    ComboFix 12-07-27.03 - USER 07/28/2012 13:19:50.1.8 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6132.4121 [GMT -4:00]
    Running from: c:\users\USER\Downloads\Combo-Fix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\USER\GoToAssistDownloadHelper.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-28 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-28 17:47 . 2012-07-28 17:47--------d-----w-c:\users\UpdatusUser\AppData\Local\temp
    2012-07-28 17:47 . 2012-07-28 17:47--------d-----w-c:\users\Default\AppData\Local\temp
    2012-07-27 05:02 . 2012-07-27 05:02--------d-----w-c:\users\USER\AppData\Roaming\Malwarebytes
    2012-07-27 05:01 . 2012-07-27 05:01--------d-----w-c:\programdata\Malwarebytes
    2012-07-27 05:01 . 2012-07-03 17:4624904----a-w-c:\windows\system32\drivers\mbam.sys
    2012-07-27 05:01 . 2012-07-27 05:01--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-24 04:14 . 2012-07-24 04:13268784----a-w-c:\windows\system32\javaws.exe
    2012-07-24 04:13 . 2012-07-24 04:13189424----a-w-c:\windows\system32\javaw.exe
    2012-07-24 04:13 . 2012-07-24 04:13188912----a-w-c:\windows\system32\java.exe
    2012-07-24 04:12 . 2012-07-24 04:12--------d-----w-c:\program files\Java
    2012-07-23 18:17 . 2012-07-27 02:34426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-23 18:17 . 2012-07-27 02:3470344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-22 14:33 . 2012-07-22 14:33--------d-----w-c:\program files\HWiNFO64
    2012-07-22 04:35 . 2012-07-22 04:37--------d-----w-c:\program files (x86)\MSI Afterburner
    2012-07-22 03:57 . 2012-07-22 04:03--------d-----w-c:\users\USER\AppData\Local\NVIDIA Corporation
    2012-07-21 19:57 . 2012-07-21 19:57--------d-----w-c:\program files (x86)\Common Files\Java
    2012-07-21 19:55 . 2012-07-21 19:55--------d-----w-c:\program files (x86)\Oracle
    2012-07-21 19:53 . 2012-07-06 02:06772544----a-w-c:\windows\SysWow64\npDeployJava1.dll
    2012-07-12 07:15 . 2012-06-12 03:083148800----a-w-c:\windows\system32\win32k.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-24 04:13 . 2012-02-25 03:07955888----a-w-c:\windows\system32\npdeployJava1.dll
    2012-07-24 04:13 . 2012-02-25 03:07839152----a-w-c:\windows\system32\deployJava1.dll
    2012-07-12 07:06 . 2011-05-16 17:5859701280----a-w-c:\windows\system32\MRT.exe
    2012-07-06 02:06 . 2011-07-20 15:12687544----a-w-c:\windows\SysWow64\deployJava1.dll
    2012-06-02 22:19 . 2012-06-21 10:2638424----a-w-c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 10:272428952----a-w-c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-21 10:2744056----a-w-c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 10:2757880----a-w-c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 10:26701976----a-w-c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-21 10:272622464----a-w-c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-21 10:2699840----a-w-c:\windows\system32\wudriver.dll
    2012-06-02 19:19 . 2012-06-21 10:26186752----a-w-c:\windows\system32\wuwebv.dll
    2012-06-02 19:15 . 2012-06-21 10:2636864----a-w-c:\windows\system32\wuapp.exe
    2012-05-15 04:01 . 2012-06-13 17:141188864----a-w-c:\windows\system32\wininet.dll
    2012-05-15 03:59 . 2012-06-13 17:1364512----a-w-c:\windows\system32\jsproxy.dll
    2012-05-15 03:03 . 2012-06-13 17:14981504----a-w-c:\windows\SysWow64\wininet.dll
    2012-05-04 11:06 . 2012-06-13 17:125559664----a-w-c:\windows\system32\ntoskrnl.exe
    2012-05-04 10:03 . 2012-06-13 17:123968368----a-w-c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03 . 2012-06-13 17:123913072----a-w-c:\windows\SysWow64\ntoskrnl.exe
    2012-05-02 02:19 . 2012-05-02 02:1974703----a-w-c:\windows\SysWow64\mfc45.dll
    2012-05-01 05:40 . 2012-06-13 17:12209920----a-w-c:\windows\system32\profsvc.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
    "OSD_LAUNCH"="c:\program files (x86)\OSD\Launch.exe" [2010-01-04 32768]
    "FATrayAlert"="c:\program files\Alienware\Command Center\AlienSense\FATrayMon.exe" [2010-04-04 95560]
    "TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-09-12 5048488]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Stardock MyColors.lnk - c:\program files (x86)\Stardock\MyColors\SDDelayedLaunch.exe [2009-12-15 11520]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    IconPackager.lnk - c:\program files (x86)\Stardock\MyColors\IconPackager.exe [2009-12-16 1387688]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
    2010-04-04 18:43144712----a-w-c:\program files\Alienware\Command Center\AlienSense\FALogNot.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification PackagesREG_MULTI_SZ scecli FAPassSync
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-05-21 14648]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
    R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
    R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
    R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-05-16 1038088]
    R3 ITECIRfilter;ITECIR Filter Driver;c:\windows\system32\DRIVERS\ITECIRfilter.sys [2011-03-22 28264]
    R3 mfeavfk01;McAfee Inc.;Device\mfeavfk01.sys [x]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
    R3 Razerlow;Razer Pro|Solutions;c:\windows\system32\drivers\DB3G.sys [2005-11-07 21120]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
    R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-13 1255736]
    R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe [2009-03-03 89600]
    R4 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-11-30 59904]
    R4 OracleDBConsoleAlien;OracleDBConsoleAlien;c:\app\USER\product\11.2.0\dbhome_3\bin\nmesrvc.exe [2010-03-02 35328]
    R4 OracleJobSchedulerALIEN;OracleJobSchedulerALIEN;c:\app\user\product\11.2.0\dbhome_3\Bin\extjob.exe ALIEN [x]
    R4 OracleJobSchedulerCGS2541;OracleJobSchedulerCGS2541;c:\app\user\product\11.2.0\dbhome_3\Bin\extjob.exe CGS2541 [x]
    R4 OracleOraDb11g_home1ClrAgent;OracleOraDb11g_home1ClrAgent;c:\app\USER\product\11.2.0\dbhome_3\bin\OraClrAgnt.exe [2010-03-12 83968]
    R4 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;c:\app\USER\product\11.2.0\dbhome_3\BIN\TNSLSNR [x]
    R4 OracleServiceALIEN;OracleServiceALIEN;c:\app\user\product\11.2.0\dbhome_3\bin\ORACLE.EXE ALIEN [x]
    R4 OracleServiceCGS2541;OracleServiceCGS2541;c:\app\user\product\11.2.0\dbhome_3\bin\ORACLE.EXE CGS2541 [x]
    R4 OracleVssWriterALIEN;Oracle ALIEN VSS Writer Service;c:\app\user\product\11.2.0\dbhome_3\bin\OraVSSW.exe ALIEN [x]
    R4 OracleVssWriterCGS2541;Oracle CGS2541 VSS Writer Service;c:\app\user\product\11.2.0\dbhome_3\bin\OraVSSW.exe CGS2541 [x]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
    S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [2009-11-27 19504]
    S0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\DRIVERS\tdrpm251.sys [2011-05-16 1455648]
    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-10-05 87600]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-17 279616]
    S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\HWiNFO64\HWiNFO64A.SYS [2012-05-10 30592]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
    S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-05-16 2326920]
    S2 FAService;FAService;c:\program files\Alienware\Command Center\AlienSense\FAService.exe [2010-04-04 2409800]
    S2 HappyOSD;HappyOSD;c:\program files (x86)\OSD\OSD_Service.exe [2010-01-04 16384]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
    S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-11-09 189608]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
    S2 Oraclec_app_user_product_112~1.0_dbhome_3ConfigurationManager;Oraclec_app_user_product_112~1.0_dbhome_3ConfigurationManager;c:\app\user\product\112~1.0\dbhome_3\ccr\bin\nmz.exe [2012-04-07 77824]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-11-27 25136]
    S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-05-16 250400]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
    S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2012-02-02 509104]
    S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2009-03-09 60416]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
    S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    *Deregistered* - mfeavfk02
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-23 02:34]
    .
    2012-07-28 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files (x86)\Glary Utilities\initialize.exe [2011-07-07 21:09]
    .
    2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-818084476-2355694618-123184659-1000Core.job
    - c:\users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-21 04:15]
    .
    2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-818084476-2355694618-123184659-1000UA.job
    - c:\users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-21 04:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-09-16 487424]
    "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2463232]
    "AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-05-21 63304]
    "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-09-12 357384]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
    .
    .
    ------- File Associations -------
    .
    vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
    vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
    jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %*
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-FAStartup - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-(Default) - (no file)
    AddRemove-McAfee Virtual Technician - c:\program files (x86)\McAfee\Supportability\MVT\MVTInstaller.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\OracleOraDb11g_home1ClrAgent]
    "ImagePath"="c:\app\USER\product\11.2.0\dbhome_3\bin\OraClrAgnt.exe agent_sid=CLRExtProc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 ENVS=\"EXTPROC_DLLS=ONLY:c:\app\USER\product\11.2.0\dbhome_3\bin\oraclr11.dll\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\OracleOraDb11g_home1TNSListener]
    "ImagePath"="c:\app\USER\product\11.2.0\dbhome_3\BIN\TNSLSNR "
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
    "value"="?\05\01\10\0e\12\0d?"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    c:\windows\SysWOW64\rundll32.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-28 14:09:57 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-28 18:09
    .
    Pre-Run: 373,914,996,736 bytes free
    Post-Run: 374,810,742,784 bytes free
    .
    - - End Of File - - 93FCAD0F927EA93FDC31FBE12609F80F
  9. bentor79

    bentor79 Newcomer, in training Topic Starter

    I changed the file name to svchost but it seems to have reverted back to the original naming....


    ComboFix 12-07-27.03 - USER 07/28/2012 14:28:19.2.8 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6132.4646 [GMT -4:00]
    Running from: c:\users\USER\Downloads\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-28 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-28 18:39 . 2012-07-28 18:39--------d-----w-c:\users\UpdatusUser\AppData\Local\temp
    2012-07-28 18:39 . 2012-07-28 18:39--------d-----w-c:\users\Default\AppData\Local\temp
    2012-07-27 05:02 . 2012-07-27 05:02--------d-----w-c:\users\USER\AppData\Roaming\Malwarebytes
    2012-07-27 05:01 . 2012-07-27 05:01--------d-----w-c:\programdata\Malwarebytes
    2012-07-27 05:01 . 2012-07-03 17:4624904----a-w-c:\windows\system32\drivers\mbam.sys
    2012-07-27 05:01 . 2012-07-27 05:01--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-24 04:14 . 2012-07-24 04:13268784----a-w-c:\windows\system32\javaws.exe
    2012-07-24 04:13 . 2012-07-24 04:13189424----a-w-c:\windows\system32\javaw.exe
    2012-07-24 04:13 . 2012-07-24 04:13188912----a-w-c:\windows\system32\java.exe
    2012-07-24 04:12 . 2012-07-24 04:12--------d-----w-c:\program files\Java
    2012-07-23 18:17 . 2012-07-27 02:34426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-23 18:17 . 2012-07-27 02:3470344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-22 14:33 . 2012-07-22 14:33--------d-----w-c:\program files\HWiNFO64
    2012-07-22 04:35 . 2012-07-22 04:37--------d-----w-c:\program files (x86)\MSI Afterburner
    2012-07-22 03:57 . 2012-07-22 04:03--------d-----w-c:\users\USER\AppData\Local\NVIDIA Corporation
    2012-07-21 19:57 . 2012-07-21 19:57--------d-----w-c:\program files (x86)\Common Files\Java
    2012-07-21 19:55 . 2012-07-21 19:55--------d-----w-c:\program files (x86)\Oracle
    2012-07-21 19:53 . 2012-07-06 02:06772544----a-w-c:\windows\SysWow64\npDeployJava1.dll
    2012-07-12 07:15 . 2012-06-12 03:083148800----a-w-c:\windows\system32\win32k.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-24 04:13 . 2012-02-25 03:07955888----a-w-c:\windows\system32\npdeployJava1.dll
    2012-07-24 04:13 . 2012-02-25 03:07839152----a-w-c:\windows\system32\deployJava1.dll
    2012-07-12 07:06 . 2011-05-16 17:5859701280----a-w-c:\windows\system32\MRT.exe
    2012-07-06 02:06 . 2011-07-20 15:12687544----a-w-c:\windows\SysWow64\deployJava1.dll
    2012-06-02 22:19 . 2012-06-21 10:2638424----a-w-c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 10:272428952----a-w-c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-21 10:2744056----a-w-c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 10:2757880----a-w-c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 10:26701976----a-w-c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-21 10:272622464----a-w-c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-21 10:2699840----a-w-c:\windows\system32\wudriver.dll
    2012-06-02 19:19 . 2012-06-21 10:26186752----a-w-c:\windows\system32\wuwebv.dll
    2012-06-02 19:15 . 2012-06-21 10:2636864----a-w-c:\windows\system32\wuapp.exe
    2012-05-15 04:01 . 2012-06-13 17:141188864----a-w-c:\windows\system32\wininet.dll
    2012-05-15 03:59 . 2012-06-13 17:1364512----a-w-c:\windows\system32\jsproxy.dll
    2012-05-15 03:03 . 2012-06-13 17:14981504----a-w-c:\windows\SysWow64\wininet.dll
    2012-05-04 11:06 . 2012-06-13 17:125559664----a-w-c:\windows\system32\ntoskrnl.exe
    2012-05-04 10:03 . 2012-06-13 17:123968368----a-w-c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03 . 2012-06-13 17:123913072----a-w-c:\windows\SysWow64\ntoskrnl.exe
    2012-05-02 02:19 . 2012-05-02 02:1974703----a-w-c:\windows\SysWow64\mfc45.dll
    2012-05-01 05:40 . 2012-06-13 17:12209920----a-w-c:\windows\system32\profsvc.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-07-28_17.54.46 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-05-13 21:00 . 2012-07-28 18:1854750 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-07-28 18:1841070 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-05-13 18:07 . 2012-07-28 18:1816466 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-818084476-2355694618-123184659-1000_UserData.bin
    - 2011-05-13 02:08 . 2012-07-28 17:0932768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-05-13 02:08 . 2012-07-28 18:1532768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-05-13 02:08 . 2012-07-28 17:0932768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-05-13 02:08 . 2012-07-28 18:1532768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-07-28 17:0916384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-07-28 18:1516384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-05-16 14:10 . 2012-07-27 05:5416384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-05-16 14:10 . 2012-07-28 18:1816384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-05-16 14:10 . 2012-07-28 18:1832768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-05-16 14:10 . 2012-07-27 05:5432768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-05-16 14:10 . 2012-07-27 05:5416384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-05-16 14:10 . 2012-07-28 18:1816384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-05-13 19:07 . 2012-07-28 17:0416384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-05-13 19:07 . 2012-07-28 18:1816384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-05-13 19:07 . 2012-07-28 18:1816384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-05-13 19:07 . 2012-07-28 17:0416384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2012-07-28 17:50 . 2012-07-28 17:502048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-07-28 18:49 . 2012-07-28 18:492048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-07-28 18:49 . 2012-07-28 18:492048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-07-28 17:50 . 2012-07-28 17:502048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-07-14 05:01 . 2012-07-28 18:39475828 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2012-07-28 17:48475828 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
    "OSD_LAUNCH"="c:\program files (x86)\OSD\Launch.exe" [2010-01-04 32768]
    "FATrayAlert"="c:\program files\Alienware\Command Center\AlienSense\FATrayMon.exe" [2010-04-04 95560]
    "TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-09-12 5048488]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    "FAStartup"="" [BU]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Stardock MyColors.lnk - c:\program files (x86)\Stardock\MyColors\SDDelayedLaunch.exe [2009-12-15 11520]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    IconPackager.lnk - c:\program files (x86)\Stardock\MyColors\IconPackager.exe [2009-12-16 1387688]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
    2010-04-04 18:43144712----a-w-c:\program files\Alienware\Command Center\AlienSense\FALogNot.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification PackagesREG_MULTI_SZ scecli FAPassSync
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
    R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
    R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
    R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-05-16 1038088]
    R3 ITECIRfilter;ITECIR Filter Driver;c:\windows\system32\DRIVERS\ITECIRfilter.sys [2011-03-22 28264]
    R3 mfeavfk01;McAfee Inc.;Device\mfeavfk01.sys [x]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
    R3 Razerlow;Razer Pro|Solutions;c:\windows\system32\drivers\DB3G.sys [2005-11-07 21120]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
    R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-13 1255736]
    R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe [2009-03-03 89600]
    R4 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-11-30 59904]
    R4 OracleDBConsoleAlien;OracleDBConsoleAlien;c:\app\USER\product\11.2.0\dbhome_3\bin\nmesrvc.exe [2010-03-02 35328]
    R4 OracleJobSchedulerALIEN;OracleJobSchedulerALIEN;c:\app\user\product\11.2.0\dbhome_3\Bin\extjob.exe ALIEN [x]
    R4 OracleJobSchedulerCGS2541;OracleJobSchedulerCGS2541;c:\app\user\product\11.2.0\dbhome_3\Bin\extjob.exe CGS2541 [x]
    R4 OracleOraDb11g_home1ClrAgent;OracleOraDb11g_home1ClrAgent;c:\app\USER\product\11.2.0\dbhome_3\bin\OraClrAgnt.exe [2010-03-12 83968]
    R4 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;c:\app\USER\product\11.2.0\dbhome_3\BIN\TNSLSNR [x]
    R4 OracleServiceALIEN;OracleServiceALIEN;c:\app\user\product\11.2.0\dbhome_3\bin\ORACLE.EXE ALIEN [x]
    R4 OracleServiceCGS2541;OracleServiceCGS2541;c:\app\user\product\11.2.0\dbhome_3\bin\ORACLE.EXE CGS2541 [x]
    R4 OracleVssWriterALIEN;Oracle ALIEN VSS Writer Service;c:\app\user\product\11.2.0\dbhome_3\bin\OraVSSW.exe ALIEN [x]
    R4 OracleVssWriterCGS2541;Oracle CGS2541 VSS Writer Service;c:\app\user\product\11.2.0\dbhome_3\bin\OraVSSW.exe CGS2541 [x]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
    S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [2009-11-27 19504]
    S0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\DRIVERS\tdrpm251.sys [2011-05-16 1455648]
    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-10-05 87600]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-17 279616]
    S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\HWiNFO64\HWiNFO64A.SYS [2012-05-10 30592]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
    S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-05-16 2326920]
    S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-05-21 14648]
    S2 FAService;FAService;c:\program files\Alienware\Command Center\AlienSense\FAService.exe [2010-04-04 2409800]
    S2 HappyOSD;HappyOSD;c:\program files (x86)\OSD\OSD_Service.exe [2010-01-04 16384]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
    S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-11-09 189608]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
    S2 Oraclec_app_user_product_112~1.0_dbhome_3ConfigurationManager;Oraclec_app_user_product_112~1.0_dbhome_3ConfigurationManager;c:\app\user\product\112~1.0\dbhome_3\ccr\bin\nmz.exe [2012-04-07 77824]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-11-27 25136]
    S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-05-16 250400]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
    S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2012-02-02 509104]
    S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2009-03-09 60416]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
    S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk02
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-23 02:34]
    .
    2012-07-28 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files (x86)\Glary Utilities\initialize.exe [2011-07-07 21:09]
    .
    2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-818084476-2355694618-123184659-1000Core.job
    - c:\users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-21 04:15]
    .
    2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-818084476-2355694618-123184659-1000UA.job
    - c:\users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-21 04:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-09-16 487424]
    "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2463232]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-05-21 63304]
    "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-09-12 357384]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
    .
    .
    ------- File Associations -------
    .
    vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
    vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
    jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %*
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\OracleOraDb11g_home1ClrAgent]
    "ImagePath"="c:\app\USER\product\11.2.0\dbhome_3\bin\OraClrAgnt.exe agent_sid=CLRExtProc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 ENVS=\"EXTPROC_DLLS=ONLY:c:\app\USER\product\11.2.0\dbhome_3\bin\oraclr11.dll\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\OracleOraDb11g_home1TNSListener]
    "ImagePath"="c:\app\USER\product\11.2.0\dbhome_3\BIN\TNSLSNR "
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
    "value"="?\05\01\10\0e\12\0d?"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\program files\Alienware\Command Center\AlienFusionController.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-28 14:57:38 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-28 18:57
    ComboFix2.txt 2012-07-28 18:09
    .
    Pre-Run: 374,645,284,864 bytes free
    Post-Run: 374,539,325,440 bytes free
    .
    - - End Of File - - 52B844A629986092C3B9AC08044F8DBA
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, you may close the window
    • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic
  11. bentor79

    bentor79 Newcomer, in training Topic Starter

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=bdd198208133b04eaec3a26ace06765b
    # end=finished
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2012-07-30 10:10:25
    # local_time=2012-07-30 06:10:25 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=5121 16777213 100 75 4246581 7895570 0 0
    # compatibility_mode=5893 16776574 100 94 35442531 95156724 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=451371
    # found=1
    # cleaned=1
    # scan_time=29752
    C:\Users\USER\Downloads\cnet2_vdm_free_exe.exea variant of Win32/InstallCore.D application (cleaned by deleting - quarantined)00000000000000000000000000000000C
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
  13. bentor79

    bentor79 Newcomer, in training Topic Starter

    The computer has generally begun to run slower than it did initially when I first got it. I am still experiencing severe fps lag and wish to rule out infestations so that I may be able to investigate any incompatibilities. The computer blue screen a few times a couple of weeks ago, but has not acted up since. I'm at a loss to identify where the potential conflicts may be
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

  15. bentor79

    bentor79 Newcomer, in training Topic Starter

    Thank you for your help and continued patience. I am baffled by this issue and have no idea why this particular laptop is experiencing any such issues. It is after all intended as a gaming laptop and is relatively modern

    Speed Test #102285086 by dslreports.com
    Run: 2012-07-31 15:19:20 EST
    Download:
    8790
    (
    Kbps
    )
    Upload:
    994
    (
    Kbps
    )
    In kilobytes per second: 1072.9 down 121.3 up
    Boost: 21333
    Latency: 34 ms
    Tested by server: 68 flash
    User: anonymous
    User's DNS: bhn.net
    Compared to the average of 29 tests from bhn.net:
    * download is 7% better, upload is 64% worse
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Well, your Internet speed could use improvement, for what it's worth!

    Le'ts go ahead and clean up a bit, and see if this boosts the speed/performance...

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create
    Now we can purge the infected ones
    • Go back to the System and Maintenance page
    • Select Performance Information and Tools
    • On the left select Open Disk Cleanup
    • Select Files from all users and accept the warning if you get one
    • In the drop down box select your main drive I.e. C
    • For a few moments the system will make some calculations:
      [​IMG]
    • Select the More Options tab
      [​IMG]
    • In the System Restore and Shadow Backups select Clean up
      [​IMG]
    • Select Delete on the pop up
    • Select OK
    • Select Delete

    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    Download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    * Double-click the CCleaner shortcut on the desktop to start the program.
    * Click on the Options block on the left, then choose Cookies.
    * Under Cookies to Delete, highlight any cookies you would like to retain permanently
    * Click the right arrow > to move them to the Cookies to Keep window.
    * Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
    * Click Cleaner on the left then Run Cleaner on the right to run the program.
    * Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

    Caution: Only use the Registry feature if you are very familiar with the registry.
    Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Tell me in your next reply, if you have completed these tasks:
    • Cleaned System Restore
    • Ran OTC
    • Ran TFC
    • Ran Security Check
    Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.
  17. bentor79

    bentor79 Newcomer, in training Topic Starter

    Hey DMJ,

    I ran all of the necessary steps and the security check log is below...I still get the same in-game lag even with my settings on very low, which shouldn't be happening. I'm beginning to suspect more and more that it may just be an incompatibility issue of some sort, but have no idea where to start. The nvidia forums have been suspended because they got hacked and dell doesn't offer much in the way of support for this kind of problem. All of my drivers are up to date and I have no hardware modifications. Thank you for all of your help to date with trying to diagnose my problem. It has been much appreciated.

    Results of screen317's Security Check version 0.99.43
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 8 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    McAfee Anti-Virus and Anti-Spyware
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.62.0.1300
    JavaFX 2.1.1
    Java(TM) 6 Update 31
    Java(TM) 7 Update 5
    Adobe Reader X (10.1.3)
    Google Chrome 20.0.1132.57
    ````````Process Check: objlist.exe by Laurent````````
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Does the game depend on the internet connection?
  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello. Are you still with us?

    Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

    Thanks.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.