Virus causing system start up problems not allowing access to Internet

Solved
By Gowtham83
Apr 11, 2012
  1. Hi,

    I have new laptop around 25 Day old and i got a virus from past 10 days.
    Here is the Issue.
    When I turn on My Computer It says,

    Your computer was not able to start. Start up Repair is checking for Problems.
    This runs for around 5 to 7 Minutes and Says windows cannot Repair your computer automatically.
    When I hit the finish button the Laptop restarts. This time the Laptop starts up.

    Once in windows starts up and I try to search something on Google and open it in new tab it trows error saying 404 Not found.

    I contacted Dell they sent me a Pen drive to Restore and Recover windows but it doesn't help.

    I tried Malwarebytes, Spyboot and I have Mcafee Installed.

    Please help.

    Thanks,
    Gowtham
  2. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. Gowtham83

    Gowtham83 Newcomer, in training Topic Starter Posts: 32

    mbam-log-2012-04-11 (22-53-23)


    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.04.12.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Ashu&Gowthu :: MYGOODY [administrator]

    Protection: Disabled

    4/11/2012 10:53:23 PM
    mbam-log-2012-04-11 (22-53-23).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 230364
    Time elapsed: 1 minute(s), 27 second(s)

    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 4756 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

    (end)


    GMER log

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-04-11 23:34:01
    Windows 6.1.7601 Service Pack 1
    Running: l26ubbpg.exe


    ---- Files - GMER 1.0.15 ----

    File C:\Windows\System32\config\COMPONENTS{6ea3a5eb-6d2d-11e1-ba94-848f69c9e9a2}.TxR.0.regtrans-ms 0 bytes
    File C:\Windows\System32\config\COMPONENTS{6ea3a5eb-6d2d-11e1-ba94-848f69c9e9a2}.TxR.1.regtrans-ms 0 bytes
    File C:\Windows\System32\config\COMPONENTS{6ea3a5eb-6d2d-11e1-ba94-848f69c9e9a2}.TxR.2.regtrans-ms 0 bytes
    File C:\Windows\System32\config\COMPONENTS{6ea3a5eb-6d2d-11e1-ba94-848f69c9e9a2}.TxR.blf 0 bytes

    ---- EOF - GMER 1.0.15 ----


    I am not getting any attchment from DDS
  4. Gowtham83

    Gowtham83 Newcomer, in training Topic Starter Posts: 32

    I tried everything to run DDS.. I turned off Mcafee Antivirus(I don't think this is working).. I turned of Windows Defender, Firewall and also Malwarebytes
  5. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =========================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  6. Gowtham83

    Gowtham83 Newcomer, in training Topic Starter Posts: 32

    I was Witing for you :)

    Here is rhe aswMBR log. I am running Bootkit Remover will post it once done

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-12 20:22:03
    -----------------------------
    20:22:03.853 OS Version: Windows x64 6.1.7601 Service Pack 1
    20:22:03.853 Number of processors: 4 586 0x2A07
    20:22:03.853 ComputerName: MYGOODY UserName:
    20:22:07.535 Initialize success
    20:23:27.477 AVAST engine defs: 12041201
    20:23:41.954 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    20:23:41.954 Disk 0 Vendor: ST975042 0002 Size: 715404MB BusType: 3
    20:23:41.954 Device \Driver\iaStor -> MajorFunction fffffa800860e5c4
    20:23:41.970 Disk 0 MBR read successfully
    20:23:41.970 Disk 0 MBR scan
    20:23:41.985 Disk 0 Windows VISTA default MBR code
    20:23:41.985 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
    20:23:42.001 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 20000 MB offset 212992
    20:23:42.016 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 695299 MB offset 41172992
    20:23:42.048 Disk 0 scanning C:\Windows\system32\drivers
    20:23:48.381 Service scanning
    20:24:05.196 Modules scanning
    20:24:05.212 Disk 0 trace - called modules:
    20:24:05.727 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys >>UNKNOWN [0xfffffa800860e5c4]<<
    20:24:05.742 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e47060]
    20:24:05.742 3 CLASSPNP.SYS[fffff88001dd043f] -> nt!IofCallDriver -> [0xfffffa8006403cb0]
    20:24:05.742 5 stdcfltn.sys[fffff88001d10c52] -> nt!IofCallDriver -> [0xfffffa80062d3e40]
    20:24:05.742 7 ACPI.sys[fffff88000edf7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80062d7050]
    20:24:05.758 \Driver\iaStor[0xfffffa800855b2f0] -> IRP_MJ_CREATE -> 0xfffffa800860e5c4
    20:24:10.157 AVAST engine scan C:\Windows
    20:24:12.825 AVAST engine scan C:\Windows\system32
    20:26:07.766 AVAST engine scan C:\Windows\system32\drivers
    20:26:14.287 AVAST engine scan C:\Users\Ashu&Gowthu
    20:27:11.227 AVAST engine scan C:\ProgramData
    20:27:22.178 Scan finished successfully
    20:28:57.915 Disk 0 MBR has been saved successfully to "C:\Users\Ashu&Gowthu\Desktop\MBR.dat"
    20:28:57.915 The log file has been saved successfully to "C:\Users\Ashu&Gowthu\Desktop\aswMBR.txt"
  7. Gowtham83

    Gowtham83 Newcomer, in training Topic Starter Posts: 32

    Here is the bootkit log

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
    , 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000004`e8800000

    Size Device Name MBR Status
    --------------------------------------------
    698 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
  8. Gowtham83

    Gowtham83 Newcomer, in training Topic Starter Posts: 32

    Broni

    The other thing I want to let you know is even though I have Mcafee securitycenter. It is not working. My windows action center doesn't detect the Antivirus it say now antivirus installed.

    I also will need your help to Disinfect my USB flash drive and External hard disk as i have taken backup in both of these
  9. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Leave those external devices alone for now.
    Remind me later.

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  10. Gowtham83

    Gowtham83 Newcomer, in training Topic Starter Posts: 32

    TDSS Log :- Split into two post since it is more than 50000 characters

    22:14:29.0949 1520 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
    22:14:30.0168 1520 ============================================================
    22:14:30.0168 1520 Current date / time: 2012/04/12 22:14:30.0168
    22:14:30.0168 1520 SystemInfo:
    22:14:30.0168 1520
    22:14:30.0168 1520 OS Version: 6.1.7601 ServicePack: 1.0
    22:14:30.0168 1520 Product type: Workstation
    22:14:30.0168 1520 ComputerName: MYGOODY
    22:14:30.0168 1520 UserName: Ashu&Gowthu
    22:14:30.0168 1520 Windows directory: C:\Windows
    22:14:30.0168 1520 System windows directory: C:\Windows
    22:14:30.0168 1520 Running under WOW64
    22:14:30.0168 1520 Processor architecture: Intel x64
    22:14:30.0168 1520 Number of processors: 4
    22:14:30.0168 1520 Page size: 0x1000
    22:14:30.0168 1520 Boot type: Normal boot
    22:14:30.0168 1520 ============================================================
    22:14:30.0480 1520 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    22:14:30.0480 1520 \Device\Harddisk0\DR0:
    22:14:30.0480 1520 MBR used
    22:14:30.0480 1520 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x34000, BlocksNum 0x2710000
    22:14:30.0480 1520 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2744000, BlocksNum 0x54E01EF0
    22:14:30.0511 1520 Initialize success
    22:14:30.0511 1520 ============================================================
    22:14:32.0274 6216 ============================================================
    22:14:32.0274 6216 Scan started
    22:14:32.0274 6216 Mode: Manual;
    22:14:32.0274 6216 ============================================================
    22:14:32.0742 6216 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    22:14:32.0757 6216 1394ohci - ok
    22:14:32.0804 6216 Acceler (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys
    22:14:32.0804 6216 Acceler - ok
    22:14:32.0835 6216 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    22:14:32.0835 6216 ACPI - ok
    22:14:32.0867 6216 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    22:14:32.0867 6216 AcpiPmi - ok
    22:14:32.0882 6216 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
    22:14:32.0898 6216 adp94xx - ok
    22:14:32.0929 6216 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
    22:14:32.0929 6216 adpahci - ok
    22:14:32.0960 6216 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
    22:14:32.0960 6216 adpu320 - ok
    22:14:32.0991 6216 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    22:14:32.0991 6216 AeLookupSvc - ok
    22:14:33.0054 6216 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    22:14:33.0054 6216 AERTFilters - ok
    22:14:33.0116 6216 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    22:14:33.0116 6216 AFD - ok
    22:14:33.0147 6216 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    22:14:33.0147 6216 agp440 - ok
    22:14:33.0163 6216 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    22:14:33.0179 6216 ALG - ok
    22:14:33.0194 6216 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    22:14:33.0194 6216 aliide - ok
    22:14:33.0210 6216 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    22:14:33.0210 6216 amdide - ok
    22:14:33.0241 6216 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
    22:14:33.0241 6216 AmdK8 - ok
    22:14:33.0257 6216 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
    22:14:33.0257 6216 AmdPPM - ok
    22:14:33.0257 6216 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    22:14:33.0257 6216 amdsata - ok
    22:14:33.0288 6216 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
    22:14:33.0288 6216 amdsbs - ok
    22:14:33.0303 6216 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    22:14:33.0303 6216 amdxata - ok
    22:14:33.0350 6216 AMPPAL (12e7a43a3c6840a063a82b04f7ef47c0) C:\Windows\system32\DRIVERS\AMPPAL.sys
    22:14:33.0350 6216 AMPPAL - ok
    22:14:33.0381 6216 AMPPALP (12e7a43a3c6840a063a82b04f7ef47c0) C:\Windows\system32\DRIVERS\amppal.sys
    22:14:33.0381 6216 AMPPALP - ok
    22:14:33.0428 6216 AMPPALR3 (2cc0cbf2707be4d5b6ce6b87d9da2f97) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    22:14:33.0444 6216 AMPPALR3 - ok
    22:14:33.0475 6216 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    22:14:33.0475 6216 AppID - ok
    22:14:33.0491 6216 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    22:14:33.0491 6216 AppIDSvc - ok
    22:14:33.0522 6216 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    22:14:33.0522 6216 Appinfo - ok
    22:14:33.0537 6216 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
    22:14:33.0537 6216 arc - ok
    22:14:33.0553 6216 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
    22:14:33.0553 6216 arcsas - ok
    22:14:33.0615 6216 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    22:14:33.0615 6216 aspnet_state - ok
    22:14:33.0647 6216 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    22:14:33.0647 6216 AsyncMac - ok
    22:14:33.0678 6216 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    22:14:33.0678 6216 atapi - ok
    22:14:33.0709 6216 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    22:14:33.0709 6216 AudioEndpointBuilder - ok
    22:14:33.0725 6216 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    22:14:33.0725 6216 AudioSrv - ok
    22:14:33.0818 6216 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    22:14:33.0818 6216 AxInstSV - ok
    22:14:33.0849 6216 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
    22:14:33.0849 6216 b06bdrv - ok
    22:14:33.0896 6216 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    22:14:33.0896 6216 b57nd60a - ok
    22:14:33.0974 6216 BBSvc (87f3bcf82a63e900af896cd930bf7e05) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
    22:14:33.0974 6216 BBSvc - ok
    22:14:34.0005 6216 BBUpdate (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    22:14:34.0021 6216 BBUpdate - ok
    22:14:34.0099 6216 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    22:14:34.0099 6216 BDESVC - ok
    22:14:34.0161 6216 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    22:14:34.0161 6216 Beep - ok
    22:14:34.0208 6216 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
    22:14:34.0224 6216 BFE - ok
    22:14:34.0271 6216 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
    22:14:34.0302 6216 BITS - ok
    22:14:34.0302 6216 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    22:14:34.0302 6216 blbdrive - ok
    22:14:34.0364 6216 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
    22:14:34.0364 6216 bowser - ok
    22:14:34.0380 6216 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
    22:14:34.0380 6216 BrFiltLo - ok
    22:14:34.0395 6216 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
    22:14:34.0395 6216 BrFiltUp - ok
    22:14:34.0442 6216 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    22:14:34.0442 6216 Browser - ok
    22:14:34.0458 6216 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    22:14:34.0473 6216 Brserid - ok
    22:14:34.0489 6216 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    22:14:34.0489 6216 BrSerWdm - ok
    22:14:34.0505 6216 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    22:14:34.0505 6216 BrUsbMdm - ok
    22:14:34.0520 6216 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    22:14:34.0520 6216 BrUsbSer - ok
    22:14:34.0536 6216 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
    22:14:34.0536 6216 BTHMODEM - ok
    22:14:34.0583 6216 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    22:14:34.0583 6216 bthserv - ok
    22:14:34.0645 6216 BTHSSecurityMgr (d6ceec2f878149e4db9fe93fa5d8fe60) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    22:14:34.0645 6216 BTHSSecurityMgr - ok
    22:14:34.0692 6216 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    22:14:34.0692 6216 cdfs - ok
    22:14:34.0723 6216 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    22:14:34.0723 6216 cdrom - ok
    22:14:34.0785 6216 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    22:14:34.0785 6216 CertPropSvc - ok
    22:14:34.0848 6216 cfwids (e8ddaaf635a4ea6f24927544e97c6de8) C:\Windows\system32\drivers\cfwids.sys
    22:14:34.0848 6216 cfwids - ok
    22:14:34.0863 6216 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
    22:14:34.0879 6216 circlass - ok
    22:14:34.0895 6216 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    22:14:34.0910 6216 CLFS - ok
    22:14:34.0957 6216 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    22:14:34.0973 6216 clr_optimization_v2.0.50727_32 - ok
    22:14:35.0004 6216 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    22:14:35.0004 6216 clr_optimization_v2.0.50727_64 - ok
    22:14:35.0066 6216 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    22:14:35.0066 6216 clr_optimization_v4.0.30319_32 - ok
    22:14:35.0129 6216 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    22:14:35.0129 6216 clr_optimization_v4.0.30319_64 - ok
    22:14:35.0175 6216 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    22:14:35.0175 6216 CmBatt - ok
    22:14:35.0207 6216 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    22:14:35.0207 6216 cmdide - ok
    22:14:35.0238 6216 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    22:14:35.0238 6216 CNG - ok
    22:14:35.0253 6216 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    22:14:35.0253 6216 Compbatt - ok
    22:14:35.0269 6216 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
    22:14:35.0269 6216 CompositeBus - ok
    22:14:35.0285 6216 COMSysApp - ok
    22:14:35.0300 6216 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
    22:14:35.0300 6216 crcdisk - ok
    22:14:35.0347 6216 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
    22:14:35.0363 6216 CryptSvc - ok
    22:14:35.0394 6216 CtClsFlt (bc3d4f90978cd7c8eabd1baf3bf7873a) C:\Windows\system32\DRIVERS\CtClsFlt.sys
    22:14:35.0409 6216 CtClsFlt - ok
    22:14:35.0441 6216 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    22:14:35.0456 6216 DcomLaunch - ok
    22:14:35.0487 6216 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    22:14:35.0487 6216 defragsvc - ok
    22:14:35.0581 6216 DellDigitalDelivery (2050309bab03dfcee455dbf913bf91b1) c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
    22:14:35.0581 6216 DellDigitalDelivery - ok
    22:14:35.0628 6216 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    22:14:35.0643 6216 DfsC - ok
    22:14:35.0690 6216 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    22:14:35.0706 6216 Dhcp - ok
    22:14:35.0706 6216 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    22:14:35.0721 6216 discache - ok
    22:14:35.0737 6216 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
    22:14:35.0753 6216 Disk - ok
    22:14:35.0784 6216 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    22:14:35.0784 6216 Dnscache - ok
    22:14:35.0815 6216 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    22:14:35.0815 6216 dot3svc - ok
    22:14:35.0862 6216 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    22:14:35.0862 6216 DPS - ok
    22:14:35.0909 6216 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    22:14:35.0909 6216 drmkaud - ok
    22:14:35.0940 6216 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    22:14:35.0971 6216 DXGKrnl - ok
    22:14:36.0002 6216 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    22:14:36.0002 6216 EapHost - ok
    22:14:36.0096 6216 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
    22:14:36.0174 6216 ebdrv - ok
    22:14:36.0205 6216 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    22:14:36.0205 6216 EFS - ok
    22:14:36.0267 6216 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    22:14:36.0283 6216 ehRecvr - ok
    22:14:36.0314 6216 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    22:14:36.0314 6216 ehSched - ok
    22:14:36.0392 6216 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
    22:14:36.0408 6216 elxstor - ok
    22:14:36.0423 6216 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    22:14:36.0423 6216 ErrDev - ok
    22:14:36.0470 6216 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    22:14:36.0486 6216 EventSystem - ok
    22:14:36.0611 6216 EvtEng (532b8ff8e07f3772b086620377654f95) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    22:14:36.0642 6216 EvtEng - ok
    22:14:36.0720 6216 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    22:14:36.0720 6216 exfat - ok
    22:14:36.0735 6216 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    22:14:36.0735 6216 fastfat - ok
    22:14:36.0782 6216 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    22:14:36.0798 6216 Fax - ok
    22:14:36.0813 6216 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
    22:14:36.0813 6216 fdc - ok
    22:14:36.0829 6216 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    22:14:36.0829 6216 fdPHost - ok
    22:14:36.0860 6216 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    22:14:36.0860 6216 FDResPub - ok
    22:14:36.0891 6216 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    22:14:36.0891 6216 FileInfo - ok
    22:14:36.0907 6216 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    22:14:36.0907 6216 Filetrace - ok
    22:14:36.0923 6216 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
    22:14:36.0923 6216 flpydisk - ok
    22:14:36.0938 6216 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    22:14:36.0954 6216 FltMgr - ok
    22:14:37.0001 6216 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    22:14:37.0032 6216 FontCache - ok
    22:14:37.0094 6216 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    22:14:37.0094 6216 FontCache3.0.0.0 - ok
    22:14:37.0110 6216 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    22:14:37.0110 6216 FsDepends - ok
    22:14:37.0141 6216 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    22:14:37.0141 6216 Fs_Rec - ok
    22:14:37.0172 6216 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    22:14:37.0172 6216 fvevol - ok
    22:14:37.0203 6216 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
    22:14:37.0203 6216 gagp30kx - ok
    22:14:37.0250 6216 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    22:14:37.0281 6216 gpsvc - ok
    22:14:37.0313 6216 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    22:14:37.0313 6216 hcw85cir - ok
    22:14:37.0328 6216 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    22:14:37.0328 6216 HDAudBus - ok
    22:14:37.0344 6216 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
    22:14:37.0344 6216 HidBatt - ok
    22:14:37.0359 6216 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
    22:14:37.0359 6216 HidBth - ok
    22:14:37.0406 6216 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
    22:14:37.0406 6216 HidIr - ok
    22:14:37.0422 6216 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
    22:14:37.0422 6216 hidserv - ok
    22:14:37.0469 6216 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
    22:14:37.0469 6216 HidUsb - ok
    22:14:37.0500 6216 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    22:14:37.0500 6216 hkmsvc - ok
    22:14:37.0515 6216 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    22:14:37.0515 6216 HomeGroupListener - ok
    22:14:37.0562 6216 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    22:14:37.0562 6216 HomeGroupProvider - ok
    22:14:37.0625 6216 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    22:14:37.0625 6216 HpSAMD - ok
    22:14:37.0656 6216 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    22:14:37.0671 6216 HTTP - ok
    22:14:37.0687 6216 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    22:14:37.0687 6216 hwpolicy - ok
    22:14:37.0718 6216 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    22:14:37.0718 6216 i8042prt - ok
    22:14:37.0781 6216 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\drivers\iaStor.sys
    22:14:37.0796 6216 iaStor - ok
    22:14:37.0812 6216 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    22:14:37.0827 6216 iaStorV - ok
    22:14:37.0905 6216 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    22:14:37.0937 6216 idsvc - ok
    22:14:38.0264 6216 igfx (0bd58366c86ef9ddc4f61afed0cada99) C:\Windows\system32\DRIVERS\igdkmd64.sys
    22:14:38.0483 6216 igfx - ok
    22:14:38.0529 6216 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
    22:14:38.0529 6216 iirsp - ok
    22:14:38.0592 6216 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    22:14:38.0607 6216 IKEEXT - ok
    22:14:38.0639 6216 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys
    22:14:38.0639 6216 Impcd - ok
    22:14:38.0717 6216 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\Windows\system32\drivers\intelaud.sys
    22:14:38.0717 6216 intaud_WaveExtensible - ok
    22:14:38.0810 6216 IntcAzAudAddService (8fed6428fde53d7f4c105095f22524be) C:\Windows\system32\drivers\RTKVHD64.sys
    22:14:38.0888 6216 IntcAzAudAddService - ok
    22:14:38.0935 6216 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
    22:14:38.0935 6216 IntcDAud - ok
    22:14:38.0966 6216 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    22:14:38.0966 6216 intelide - ok
    22:14:38.0982 6216 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    22:14:38.0982 6216 intelppm - ok
    22:14:39.0029 6216 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    22:14:39.0029 6216 IPBusEnum - ok
    22:14:39.0044 6216 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    22:14:39.0044 6216 IpFilterDriver - ok
    22:14:39.0075 6216 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
    22:14:39.0075 6216 iphlpsvc - ok
    22:14:39.0091 6216 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    22:14:39.0091 6216 IPMIDRV - ok
    22:14:39.0107 6216 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    22:14:39.0107 6216 IPNAT - ok
    22:14:39.0122 6216 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    22:14:39.0122 6216 IRENUM - ok
    22:14:39.0138 6216 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    22:14:39.0138 6216 isapnp - ok
    22:14:39.0169 6216 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    22:14:39.0185 6216 iScsiPrt - ok
    22:14:39.0216 6216 iwdbus (716f66336f10885d935b08174dc54242) C:\Windows\system32\DRIVERS\iwdbus.sys
    22:14:39.0231 6216 iwdbus - ok
    22:14:39.0278 6216 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    22:14:39.0278 6216 kbdclass - ok
    22:14:39.0309 6216 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    22:14:39.0325 6216 kbdhid - ok
    22:14:39.0356 6216 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    22:14:39.0356 6216 KeyIso - ok
    22:14:39.0372 6216 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    22:14:39.0372 6216 KSecDD - ok
    22:14:39.0387 6216 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    22:14:39.0387 6216 KSecPkg - ok
    22:14:39.0403 6216 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    22:14:39.0403 6216 ksthunk - ok
    22:14:39.0450 6216 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    22:14:39.0465 6216 KtmRm - ok
    22:14:39.0528 6216 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
    22:14:39.0543 6216 LanmanServer - ok
    22:14:39.0559 6216 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    22:14:39.0575 6216 LanmanWorkstation - ok
    22:14:39.0637 6216 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    22:14:39.0637 6216 lltdio - ok
    22:14:39.0684 6216 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    22:14:39.0699 6216 lltdsvc - ok
    22:14:39.0715 6216 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    22:14:39.0715 6216 lmhosts - ok
    22:14:39.0777 6216 LMS (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    22:14:39.0793 6216 LMS - ok
    22:14:39.0824 6216 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
    22:14:39.0824 6216 LSI_FC - ok
    22:14:39.0855 6216 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
    22:14:39.0855 6216 LSI_SAS - ok
    22:14:39.0871 6216 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
    22:14:39.0887 6216 LSI_SAS2 - ok
    22:14:39.0949 6216 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
    22:14:39.0949 6216 LSI_SCSI - ok
    22:14:39.0965 6216 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    22:14:39.0965 6216 luafv - ok
    22:14:39.0996 6216 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
    22:14:39.0996 6216 MBAMProtector - ok
    22:14:40.0089 6216 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    22:14:40.0105 6216 MBAMService - ok
    22:14:40.0183 6216 McAWFwk (9504f1dda1b67fb8d526fd4f8cc882f3) c:\PROGRA~1\mcafee\msc\mcawfwk.exe
    22:14:40.0183 6216 McAWFwk - ok
    22:14:40.0230 6216 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    22:14:40.0230 6216 McMPFSvc - ok
    22:14:40.0245 6216 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    22:14:40.0245 6216 mcmscsvc - ok
    22:14:40.0261 6216 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    22:14:40.0261 6216 McNaiAnn - ok
    22:14:40.0261 6216 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    22:14:40.0261 6216 McNASvc - ok
    22:14:40.0308 6216 McODS (c6232488cdbf063ce077fc7f8f8c248c) C:\Program Files\mcafee\VirusScan\mcods.exe
    22:14:40.0308 6216 McODS - ok
    22:14:40.0323 6216 McOobeSv (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    22:14:40.0339 6216 McOobeSv - ok
    22:14:40.0355 6216 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    22:14:40.0355 6216 McProxy - ok
    22:14:40.0370 6216 McShield (82128f909cd5148556f6deb77b340532) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    22:14:40.0386 6216 McShield - ok
    22:14:40.0464 6216 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    22:14:40.0464 6216 Mcx2Svc - ok
    22:14:40.0511 6216 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
    22:14:40.0511 6216 megasas - ok
    22:14:40.0526 6216 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
    22:14:40.0542 6216 MegaSR - ok
    22:14:40.0604 6216 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
    22:14:40.0604 6216 MEIx64 - ok
    22:14:40.0651 6216 mfeapfk (fb752feb1ed4e660ff51712892905c04) C:\Windows\system32\drivers\mfeapfk.sys
    22:14:40.0651 6216 mfeapfk - ok
    22:14:40.0698 6216 mfeavfk (3257cf681999a47d8c552dfbbeb7844e) C:\Windows\system32\drivers\mfeavfk.sys
    22:14:40.0713 6216 mfeavfk - ok
    22:14:40.0760 6216 mfefire (a6cdfc6300e214d19da765253e3e3d20) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    22:14:40.0760 6216 mfefire - ok
    22:14:40.0791 6216 mfefirek (00016d7ed29a95d6f7e7b6a3f591fd2d) C:\Windows\system32\drivers\mfefirek.sys
    22:14:40.0791 6216 mfefirek - ok
    22:14:40.0854 6216 mfehidk (39030c98198f02a2f3a1c3166bf56253) C:\Windows\system32\drivers\mfehidk.sys
    22:14:40.0869 6216 mfehidk - ok
    22:14:40.0916 6216 mfenlfk (217fa02439de74844b6a39aebeed24e1) C:\Windows\system32\DRIVERS\mfenlfk.sys
    22:14:40.0916 6216 mfenlfk - ok
    22:14:40.0947 6216 mferkdet (8474e6ee0b5eab108cf005c6c4956e75) C:\Windows\system32\drivers\mferkdet.sys
    22:14:40.0947 6216 mferkdet - ok
    22:14:40.0963 6216 mfevtp (bfcdf65f8513e396889a62dc1397273f) C:\Windows\system32\mfevtps.exe
    22:14:40.0979 6216 mfevtp - ok
    22:14:40.0994 6216 mfewfpk (d4cf36f1eba374fcc35903ae4f4e46bc) C:\Windows\system32\drivers\mfewfpk.sys
    22:14:41.0010 6216 mfewfpk - ok
    22:14:41.0025 6216 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    22:14:41.0025 6216 MMCSS - ok
    22:14:41.0057 6216 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    22:14:41.0057 6216 Modem - ok
    22:14:41.0088 6216 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    22:14:41.0088 6216 monitor - ok
    22:14:41.0103 6216 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    22:14:41.0103 6216 mouclass - ok
    22:14:41.0119 6216 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
    22:14:41.0135 6216 mouhid - ok
    22:14:41.0135 6216 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    22:14:41.0135 6216 mountmgr - ok
    22:14:41.0166 6216 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    22:14:41.0166 6216 mpio - ok
    22:14:41.0181 6216 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    22:14:41.0181 6216 mpsdrv - ok
    22:14:41.0228 6216 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
    22:14:41.0244 6216 MpsSvc - ok
    22:14:41.0259 6216 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    22:14:41.0275 6216 MRxDAV - ok
    22:14:41.0291 6216 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    22:14:41.0291 6216 mrxsmb - ok
    22:14:41.0306 6216 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    22:14:41.0322 6216 mrxsmb10 - ok
    22:14:41.0322 6216 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
  11. Gowtham83

    Gowtham83 Newcomer, in training Topic Starter Posts: 32

    TDSS Log continued

    22:14:41.0322 6216 mrxsmb20 - ok
    22:14:41.0337 6216 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    22:14:41.0337 6216 msahci - ok
    22:14:41.0353 6216 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    22:14:41.0353 6216 msdsm - ok
    22:14:41.0415 6216 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    22:14:41.0431 6216 MSDTC - ok
    22:14:41.0447 6216 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    22:14:41.0447 6216 Msfs - ok
    22:14:41.0462 6216 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    22:14:41.0462 6216 mshidkmdf - ok
    22:14:41.0478 6216 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    22:14:41.0478 6216 msisadrv - ok
    22:14:41.0525 6216 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    22:14:41.0525 6216 MSiSCSI - ok
    22:14:41.0540 6216 msiserver - ok
    22:14:41.0587 6216 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    22:14:41.0603 6216 MSK80Service - ok
    22:14:41.0634 6216 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    22:14:41.0634 6216 MSKSSRV - ok
    22:14:41.0649 6216 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    22:14:41.0649 6216 MSPCLOCK - ok
    22:14:41.0665 6216 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    22:14:41.0665 6216 MSPQM - ok
    22:14:41.0681 6216 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    22:14:41.0681 6216 MsRPC - ok
    22:14:41.0696 6216 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    22:14:41.0696 6216 mssmbios - ok
    22:14:41.0712 6216 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    22:14:41.0712 6216 MSTEE - ok
    22:14:41.0712 6216 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
    22:14:41.0712 6216 MTConfig - ok
    22:14:41.0727 6216 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    22:14:41.0727 6216 Mup - ok
    22:14:41.0821 6216 MyWiFiDHCPDNS (265937bc59819df1dab65e27c60f94c0) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    22:14:41.0821 6216 MyWiFiDHCPDNS - ok
    22:14:41.0837 6216 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    22:14:41.0852 6216 napagent - ok
    22:14:41.0899 6216 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    22:14:41.0899 6216 NativeWifiP - ok
    22:14:41.0993 6216 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files (x86)\Nero\Update\NASvc.exe
    22:14:42.0008 6216 NAUpdate - ok
    22:14:42.0086 6216 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
    22:14:42.0117 6216 NDIS - ok
    22:14:42.0149 6216 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    22:14:42.0149 6216 NdisCap - ok
    22:14:42.0164 6216 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    22:14:42.0164 6216 NdisTapi - ok
    22:14:42.0180 6216 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    22:14:42.0195 6216 Ndisuio - ok
    22:14:42.0211 6216 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    22:14:42.0211 6216 NdisWan - ok
    22:14:42.0227 6216 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    22:14:42.0227 6216 NDProxy - ok
    22:14:42.0242 6216 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    22:14:42.0242 6216 NetBIOS - ok
    22:14:42.0258 6216 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    22:14:42.0273 6216 NetBT - ok
    22:14:42.0305 6216 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    22:14:42.0305 6216 Netlogon - ok
    22:14:42.0367 6216 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    22:14:42.0383 6216 Netman - ok
    22:14:42.0445 6216 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    22:14:42.0461 6216 NetMsmqActivator - ok
    22:14:42.0461 6216 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    22:14:42.0461 6216 NetPipeActivator - ok
    22:14:42.0492 6216 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    22:14:42.0492 6216 netprofm - ok
    22:14:42.0507 6216 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    22:14:42.0507 6216 NetTcpActivator - ok
    22:14:42.0507 6216 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    22:14:42.0507 6216 NetTcpPortSharing - ok
    22:14:42.0726 6216 NETwNs64 (774c9eccef83ab8a3d1466f19809c95f) C:\Windows\system32\DRIVERS\NETwNs64.sys
    22:14:42.0851 6216 NETwNs64 - ok
    22:14:42.0913 6216 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
    22:14:42.0913 6216 nfrd960 - ok
    22:14:42.0960 6216 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    22:14:42.0975 6216 NlaSvc - ok
    22:14:43.0116 6216 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    22:14:43.0163 6216 NOBU - ok
    22:14:43.0225 6216 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    22:14:43.0225 6216 Npfs - ok
    22:14:43.0272 6216 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    22:14:43.0272 6216 nsi - ok
    22:14:43.0287 6216 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    22:14:43.0303 6216 nsiproxy - ok
    22:14:43.0365 6216 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    22:14:43.0412 6216 Ntfs - ok
    22:14:43.0428 6216 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    22:14:43.0428 6216 Null - ok
    22:14:43.0475 6216 nusb3hub (d584abb6a308933a5f72b46c9e5a783f) C:\Windows\system32\DRIVERS\nusb3hub.sys
    22:14:43.0475 6216 nusb3hub - ok
    22:14:43.0490 6216 nusb3xhc (345b9c04e2036da4346e3249a5bdfd06) C:\Windows\system32\DRIVERS\nusb3xhc.sys
    22:14:43.0490 6216 nusb3xhc - ok
    22:14:43.0537 6216 nvkflt (d980b1551dd0c8bdc3b07d617b4d42a6) C:\Windows\system32\DRIVERS\nvkflt.sys
    22:14:43.0553 6216 nvkflt - ok
    22:14:43.0740 6216 nvlddmkm (386fb2e1ef51495629089231957b7d9a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    22:14:43.0943 6216 nvlddmkm - ok
    22:14:43.0958 6216 nvpciflt (e0cabfd2564cb064eaa5789cd6960c4a) C:\Windows\system32\DRIVERS\nvpciflt.sys
    22:14:43.0958 6216 nvpciflt - ok
    22:14:43.0989 6216 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    22:14:43.0989 6216 nvraid - ok
    22:14:44.0021 6216 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    22:14:44.0021 6216 nvstor - ok
    22:14:44.0052 6216 NvStUSB (4dc87cda61d7b185e79618581f46b85a) C:\Windows\system32\drivers\nvstusb.sys
    22:14:44.0067 6216 NvStUSB - ok
    22:14:44.0145 6216 nvsvc (3947ad5d03e6abcce037801162fdb90d) C:\Windows\system32\nvvsvc.exe
    22:14:44.0192 6216 nvsvc - ok
    22:14:44.0317 6216 nvUpdatusService (c5b3bb5dc9c62700c4a72c2a89ca1d58) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    22:14:44.0333 6216 nvUpdatusService - ok
    22:14:44.0379 6216 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    22:14:44.0379 6216 nv_agp - ok
    22:14:44.0395 6216 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    22:14:44.0395 6216 ohci1394 - ok
    22:14:44.0442 6216 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    22:14:44.0442 6216 p2pimsvc - ok
    22:14:44.0473 6216 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    22:14:44.0489 6216 p2psvc - ok
    22:14:44.0504 6216 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
    22:14:44.0504 6216 Parport - ok
    22:14:44.0520 6216 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    22:14:44.0520 6216 partmgr - ok
    22:14:44.0535 6216 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    22:14:44.0535 6216 PcaSvc - ok
    22:14:44.0551 6216 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    22:14:44.0551 6216 pci - ok
    22:14:44.0567 6216 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    22:14:44.0582 6216 pciide - ok
    22:14:44.0598 6216 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
    22:14:44.0598 6216 pcmcia - ok
    22:14:44.0613 6216 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    22:14:44.0613 6216 pcw - ok
    22:14:44.0645 6216 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    22:14:44.0660 6216 PEAUTH - ok
    22:14:44.0707 6216 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    22:14:44.0707 6216 PerfHost - ok
    22:14:44.0785 6216 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    22:14:44.0832 6216 pla - ok
    22:14:44.0879 6216 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    22:14:44.0894 6216 PlugPlay - ok
    22:14:44.0910 6216 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    22:14:44.0910 6216 PNRPAutoReg - ok
    22:14:44.0925 6216 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    22:14:44.0941 6216 PNRPsvc - ok
    22:14:44.0988 6216 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    22:14:45.0003 6216 PolicyAgent - ok
    22:14:45.0035 6216 Power (a2cca4fb273e6050f17a0a416cff2fcd) C:\Windows\system32\umpo.dll
    22:14:45.0050 6216 Power - ok
    22:14:45.0097 6216 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    22:14:45.0097 6216 PptpMiniport - ok
    22:14:45.0128 6216 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
    22:14:45.0128 6216 Processor - ok
    22:14:45.0159 6216 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
    22:14:45.0175 6216 ProfSvc - ok
    22:14:45.0206 6216 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    22:14:45.0206 6216 ProtectedStorage - ok
    22:14:45.0237 6216 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    22:14:45.0253 6216 Psched - ok
    22:14:45.0300 6216 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
    22:14:45.0300 6216 PxHlpa64 - ok
    22:14:45.0362 6216 qicflt (0928bd20273625622722fe1de5bbde57) C:\Windows\system32\DRIVERS\qicflt.sys
    22:14:45.0362 6216 qicflt - ok
    22:14:45.0440 6216 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
    22:14:45.0471 6216 ql2300 - ok
    22:14:45.0487 6216 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
    22:14:45.0487 6216 ql40xx - ok
    22:14:45.0518 6216 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    22:14:45.0534 6216 QWAVE - ok
    22:14:45.0549 6216 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    22:14:45.0549 6216 QWAVEdrv - ok
    22:14:45.0565 6216 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    22:14:45.0565 6216 RasAcd - ok
    22:14:45.0596 6216 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    22:14:45.0612 6216 RasAgileVpn - ok
    22:14:45.0627 6216 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    22:14:45.0627 6216 RasAuto - ok
    22:14:45.0659 6216 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    22:14:45.0659 6216 Rasl2tp - ok
    22:14:45.0690 6216 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    22:14:45.0705 6216 RasMan - ok
    22:14:45.0752 6216 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    22:14:45.0768 6216 RasPppoe - ok
    22:14:45.0783 6216 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    22:14:45.0783 6216 RasSstp - ok
    22:14:45.0815 6216 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    22:14:45.0815 6216 rdbss - ok
    22:14:45.0830 6216 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
    22:14:45.0830 6216 rdpbus - ok
    22:14:45.0846 6216 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    22:14:45.0846 6216 RDPCDD - ok
    22:14:45.0846 6216 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    22:14:45.0846 6216 RDPENCDD - ok
    22:14:45.0861 6216 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    22:14:45.0861 6216 RDPREFMP - ok
    22:14:45.0924 6216 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    22:14:45.0924 6216 RDPWD - ok
    22:14:45.0955 6216 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    22:14:45.0955 6216 rdyboost - ok
    22:14:46.0049 6216 RegSrvc (7196be857e29007470ff9b689c7f29a7) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    22:14:46.0064 6216 RegSrvc - ok
    22:14:46.0142 6216 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    22:14:46.0142 6216 RemoteAccess - ok
    22:14:46.0189 6216 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    22:14:46.0189 6216 RemoteRegistry - ok
    22:14:46.0298 6216 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
    22:14:46.0345 6216 RoxMediaDB12OEM - ok
    22:14:46.0361 6216 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
    22:14:46.0361 6216 RoxWatch12 - ok
    22:14:46.0392 6216 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    22:14:46.0392 6216 RpcEptMapper - ok
    22:14:46.0439 6216 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    22:14:46.0439 6216 RpcLocator - ok
    22:14:46.0501 6216 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    22:14:46.0501 6216 RpcSs - ok
    22:14:46.0548 6216 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    22:14:46.0548 6216 rspndr - ok
    22:14:46.0610 6216 RTL8167 (9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys
    22:14:46.0626 6216 RTL8167 - ok
    22:14:46.0657 6216 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    22:14:46.0657 6216 SamSs - ok
    22:14:46.0673 6216 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    22:14:46.0673 6216 sbp2port - ok
    22:14:46.0704 6216 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    22:14:46.0704 6216 SCardSvr - ok
    22:14:46.0719 6216 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    22:14:46.0719 6216 scfilter - ok
    22:14:46.0751 6216 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    22:14:46.0782 6216 Schedule - ok
    22:14:46.0813 6216 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    22:14:46.0813 6216 SCPolicySvc - ok
    22:14:46.0829 6216 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    22:14:46.0844 6216 SDRSVC - ok
    22:14:46.0875 6216 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    22:14:46.0891 6216 secdrv - ok
    22:14:46.0907 6216 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    22:14:46.0922 6216 seclogon - ok
    22:14:46.0953 6216 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
    22:14:46.0969 6216 SENS - ok
    22:14:46.0985 6216 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    22:14:46.0985 6216 SensrSvc - ok
    22:14:47.0016 6216 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
    22:14:47.0016 6216 Serenum - ok
    22:14:47.0016 6216 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
    22:14:47.0031 6216 Serial - ok
    22:14:47.0063 6216 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
    22:14:47.0063 6216 sermouse - ok
    22:14:47.0094 6216 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    22:14:47.0109 6216 SessionEnv - ok
    22:14:47.0125 6216 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    22:14:47.0125 6216 sffdisk - ok
    22:14:47.0141 6216 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    22:14:47.0141 6216 sffp_mmc - ok
    22:14:47.0156 6216 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    22:14:47.0156 6216 sffp_sd - ok
    22:14:47.0156 6216 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
    22:14:47.0156 6216 sfloppy - ok
    22:14:47.0375 6216 SftService (29ddea72c5bdf61d62f4d438dc0e497c) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    22:14:47.0390 6216 SftService - ok
    22:14:47.0468 6216 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    22:14:47.0484 6216 SharedAccess - ok
    22:14:47.0499 6216 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    22:14:47.0515 6216 ShellHWDetection - ok
    22:14:47.0562 6216 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
    22:14:47.0577 6216 SiSRaid2 - ok
    22:14:47.0593 6216 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
    22:14:47.0593 6216 SiSRaid4 - ok
    22:14:47.0609 6216 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    22:14:47.0624 6216 Smb - ok
    22:14:47.0655 6216 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    22:14:47.0655 6216 SNMPTRAP - ok
    22:14:47.0671 6216 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    22:14:47.0671 6216 spldr - ok
    22:14:47.0733 6216 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    22:14:47.0749 6216 Spooler - ok
    22:14:47.0858 6216 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    22:14:47.0936 6216 sppsvc - ok
    22:14:47.0952 6216 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    22:14:47.0952 6216 sppuinotify - ok
    22:14:47.0983 6216 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    22:14:47.0999 6216 srv - ok
    22:14:48.0014 6216 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    22:14:48.0014 6216 srv2 - ok
    22:14:48.0030 6216 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    22:14:48.0030 6216 srvnet - ok
    22:14:48.0092 6216 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    22:14:48.0108 6216 SSDPSRV - ok
    22:14:48.0123 6216 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    22:14:48.0123 6216 SstpSvc - ok
    22:14:48.0170 6216 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
    22:14:48.0170 6216 stdcfltn - ok
    22:14:48.0342 6216 Stereo Service (b69e79470474a8bef06be2130d0210a8) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    22:14:48.0357 6216 Stereo Service - ok
    22:14:48.0389 6216 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
    22:14:48.0389 6216 stexstor - ok
    22:14:48.0435 6216 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    22:14:48.0467 6216 stisvc - ok
    22:14:48.0513 6216 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    22:14:48.0513 6216 stllssvr - ok
    22:14:48.0545 6216 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    22:14:48.0545 6216 swenum - ok
    22:14:48.0576 6216 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    22:14:48.0591 6216 swprv - ok
    22:14:48.0685 6216 SynTP (b0c7d4dcf4800df2f2145b500d0161e8) C:\Windows\system32\DRIVERS\SynTP.sys
    22:14:48.0716 6216 SynTP - ok
    22:14:48.0747 6216 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    22:14:48.0810 6216 SysMain - ok
    22:14:48.0825 6216 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    22:14:48.0825 6216 TabletInputService - ok
    22:14:48.0857 6216 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    22:14:48.0872 6216 TapiSrv - ok
    22:14:48.0888 6216 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    22:14:48.0903 6216 TBS - ok
    22:14:48.0981 6216 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    22:14:49.0013 6216 Tcpip - ok
    22:14:49.0075 6216 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    22:14:49.0075 6216 TCPIP6 - ok
    22:14:49.0091 6216 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    22:14:49.0091 6216 tcpipreg - ok
    22:14:49.0106 6216 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    22:14:49.0106 6216 TDPIPE - ok
    22:14:49.0137 6216 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    22:14:49.0137 6216 TDTCP - ok
    22:14:49.0153 6216 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    22:14:49.0153 6216 tdx - ok
    22:14:49.0184 6216 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
    22:14:49.0184 6216 TermDD - ok
    22:14:49.0231 6216 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    22:14:49.0247 6216 TermService - ok
    22:14:49.0278 6216 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    22:14:49.0278 6216 Themes - ok
    22:14:49.0309 6216 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    22:14:49.0309 6216 THREADORDER - ok
    22:14:49.0356 6216 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    22:14:49.0356 6216 TrkWks - ok
    22:14:49.0403 6216 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    22:14:49.0403 6216 TrustedInstaller - ok
    22:14:49.0449 6216 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    22:14:49.0449 6216 tssecsrv - ok
    22:14:49.0481 6216 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    22:14:49.0481 6216 TsUsbFlt - ok
    22:14:49.0512 6216 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
    22:14:49.0512 6216 TsUsbGD - ok
    22:14:49.0559 6216 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    22:14:49.0559 6216 tunnel - ok
    22:14:49.0605 6216 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
    22:14:49.0621 6216 TurboB - ok
    22:14:49.0652 6216 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    22:14:49.0652 6216 TurboBoost - ok
    22:14:49.0668 6216 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
    22:14:49.0668 6216 uagp35 - ok
    22:14:49.0699 6216 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    22:14:49.0715 6216 udfs - ok
    22:14:49.0746 6216 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    22:14:49.0746 6216 UI0Detect - ok
    22:14:49.0761 6216 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    22:14:49.0777 6216 uliagpkx - ok
    22:14:49.0808 6216 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
    22:14:49.0808 6216 umbus - ok
    22:14:49.0839 6216 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
    22:14:49.0839 6216 UmPass - ok
    22:14:49.0933 6216 UNS (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    22:14:49.0995 6216 UNS - ok
    22:14:50.0027 6216 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    22:14:50.0027 6216 upnphost - ok
    22:14:50.0042 6216 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
    22:14:50.0042 6216 usbccgp - ok
    22:14:50.0058 6216 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    22:14:50.0073 6216 usbcir - ok
    22:14:50.0073 6216 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    22:14:50.0073 6216 usbehci - ok
    22:14:50.0105 6216 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    22:14:50.0120 6216 usbhub - ok
    22:14:50.0136 6216 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    22:14:50.0136 6216 usbohci - ok
    22:14:50.0151 6216 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
    22:14:50.0151 6216 usbprint - ok
    22:14:50.0198 6216 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    22:14:50.0198 6216 USBSTOR - ok
    22:14:50.0229 6216 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    22:14:50.0229 6216 usbuhci - ok
    22:14:50.0245 6216 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
    22:14:50.0245 6216 usbvideo - ok
    22:14:50.0292 6216 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    22:14:50.0292 6216 UxSms - ok
    22:14:50.0323 6216 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    22:14:50.0323 6216 VaultSvc - ok
    22:14:50.0339 6216 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    22:14:50.0354 6216 vdrvroot - ok
    22:14:50.0385 6216 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    22:14:50.0401 6216 vds - ok
    22:14:50.0417 6216 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    22:14:50.0417 6216 vga - ok
    22:14:50.0432 6216 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    22:14:50.0432 6216 VgaSave - ok
    22:14:50.0448 6216 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    22:14:50.0448 6216 vhdmp - ok
    22:14:50.0463 6216 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    22:14:50.0463 6216 viaide - ok
    22:14:50.0463 6216 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    22:14:50.0463 6216 volmgr - ok
    22:14:50.0479 6216 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    22:14:50.0495 6216 volmgrx - ok
    22:14:50.0526 6216 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    22:14:50.0526 6216 volsnap - ok
    22:14:50.0557 6216 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
    22:14:50.0557 6216 vsmraid - ok
    22:14:50.0619 6216 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    22:14:50.0651 6216 VSS - ok
    22:14:50.0666 6216 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    22:14:50.0666 6216 vwifibus - ok
    22:14:50.0682 6216 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    22:14:50.0682 6216 vwififlt - ok
    22:14:50.0713 6216 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    22:14:50.0713 6216 vwifimp - ok
    22:14:50.0729 6216 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    22:14:50.0744 6216 W32Time - ok
    22:14:50.0760 6216 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
    22:14:50.0760 6216 WacomPen - ok
    22:14:50.0760 6216 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    22:14:50.0760 6216 WANARP - ok
    22:14:50.0775 6216 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    22:14:50.0775 6216 Wanarpv6 - ok
    22:14:50.0822 6216 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    22:14:50.0869 6216 wbengine - ok
    22:14:50.0900 6216 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    22:14:50.0900 6216 WbioSrvc - ok
    22:14:50.0916 6216 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    22:14:50.0916 6216 wcncsvc - ok
    22:14:50.0931 6216 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    22:14:50.0931 6216 WcsPlugInService - ok
    22:14:50.0947 6216 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
    22:14:50.0947 6216 Wd - ok
    22:14:50.0963 6216 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    22:14:50.0978 6216 Wdf01000 - ok
    22:14:51.0009 6216 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    22:14:51.0009 6216 WdiServiceHost - ok
    22:14:51.0009 6216 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    22:14:51.0009 6216 WdiSystemHost - ok
    22:14:51.0041 6216 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    22:14:51.0056 6216 WebClient - ok
    22:14:51.0087 6216 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    22:14:51.0087 6216 Wecsvc - ok
    22:14:51.0119 6216 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    22:14:51.0119 6216 wercplsupport - ok
    22:14:51.0150 6216 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    22:14:51.0165 6216 WerSvc - ok
    22:14:51.0197 6216 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    22:14:51.0212 6216 WfpLwf - ok
    22:14:51.0259 6216 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
    22:14:51.0259 6216 WimFltr - ok
    22:14:51.0275 6216 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    22:14:51.0275 6216 WIMMount - ok
    22:14:51.0306 6216 WinDefend - ok
    22:14:51.0321 6216 WinHttpAutoProxySvc - ok
    22:14:51.0368 6216 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    22:14:51.0384 6216 Winmgmt - ok
    22:14:51.0462 6216 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    22:14:51.0509 6216 WinRM - ok
    22:14:51.0540 6216 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    22:14:51.0555 6216 Wlansvc - ok
    22:14:51.0602 6216 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    22:14:51.0602 6216 wlcrasvc - ok
    22:14:51.0711 6216 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    22:14:51.0743 6216 wlidsvc - ok
    22:14:51.0836 6216 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    22:14:51.0836 6216 WmiAcpi - ok
    22:14:51.0883 6216 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    22:14:51.0883 6216 wmiApSrv - ok
    22:14:51.0914 6216 WMPNetworkSvc - ok
    22:14:51.0945 6216 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    22:14:51.0961 6216 WPCSvc - ok
    22:14:51.0977 6216 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    22:14:51.0977 6216 WPDBusEnum - ok
    22:14:51.0977 6216 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    22:14:51.0977 6216 ws2ifsl - ok
    22:14:52.0008 6216 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
    22:14:52.0008 6216 wscsvc - ok
    22:14:52.0023 6216 WSearch - ok
    22:14:52.0117 6216 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
    22:14:52.0195 6216 wuauserv - ok
    22:14:52.0195 6216 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    22:14:52.0211 6216 WudfPf - ok
    22:14:52.0242 6216 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    22:14:52.0242 6216 WUDFRd - ok
    22:14:52.0257 6216 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    22:14:52.0273 6216 wudfsvc - ok
    22:14:52.0289 6216 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    22:14:52.0289 6216 WwanSvc - ok
    22:14:52.0320 6216 MBR (0x1B8) (e9f67288208d53ef770f82e186904857) \Device\Harddisk0\DR0
    22:14:52.0335 6216 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
    22:14:52.0335 6216 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
    22:14:52.0367 6216 Boot (0x1200) (3bf92101405899cb61424978d03b5e22) \Device\Harddisk0\DR0\Partition0
    22:14:52.0382 6216 \Device\Harddisk0\DR0\Partition0 - ok
    22:14:52.0382 6216 Boot (0x1200) (7775be5db74af4a2a252311b834fb435) \Device\Harddisk0\DR0\Partition1
    22:14:52.0398 6216 \Device\Harddisk0\DR0\Partition1 - ok
    22:14:52.0398 6216 ============================================================
    22:14:52.0398 6216 Scan finished
    22:14:52.0398 6216 ============================================================
    22:14:52.0413 5492 Detected object count: 1
    22:14:52.0413 5492 Actual detected object count: 1
    22:15:18.0509 5492 \Device\Harddisk0\DR0\# - copied to quarantine
    22:15:18.0509 5492 \Device\Harddisk0\DR0 - copied to quarantine
    22:15:18.0587 5492 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    22:15:18.0603 5492 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
    22:15:18.0603 5492 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    22:15:18.0618 5492 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    22:15:18.0665 5492 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
    22:15:18.0681 5492 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
    22:15:18.0681 5492 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
    22:15:18.0681 5492 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
    22:15:18.0681 5492 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
    22:15:18.0696 5492 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
    22:15:18.0696 5492 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
    22:15:18.0696 5492 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
    22:15:18.0759 5492 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    22:15:18.0759 5492 \Device\Harddisk0\DR0 - ok
    22:15:18.0868 5492 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
    22:16:21.0408 6304 Deinitialize success
  12. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Good.
    Re-run TDSSKiller one more time.
  13. Gowtham83

    Gowtham83 Newcomer, in training Topic Starter Posts: 32

    TDDSKiller 2nd run Log:- Part 1

    22:30:00.0010 5128 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
    22:30:00.0322 5128 ============================================================
    22:30:00.0322 5128 Current date / time: 2012/04/12 22:30:00.0322
    22:30:00.0322 5128 SystemInfo:
    22:30:00.0322 5128
    22:30:00.0322 5128 OS Version: 6.1.7601 ServicePack: 1.0
    22:30:00.0322 5128 Product type: Workstation
    22:30:00.0322 5128 ComputerName: MYGOODY
    22:30:00.0322 5128 UserName: Ashu&Gowthu
    22:30:00.0322 5128 Windows directory: C:\Windows
    22:30:00.0322 5128 System windows directory: C:\Windows
    22:30:00.0322 5128 Running under WOW64
    22:30:00.0322 5128 Processor architecture: Intel x64
    22:30:00.0322 5128 Number of processors: 4
    22:30:00.0322 5128 Page size: 0x1000
    22:30:00.0322 5128 Boot type: Normal boot
    22:30:00.0322 5128 ============================================================
    22:30:00.0821 5128 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    22:30:00.0836 5128 \Device\Harddisk0\DR0:
    22:30:00.0836 5128 MBR used
    22:30:00.0836 5128 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x34000, BlocksNum 0x2710000
    22:30:00.0836 5128 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2744000, BlocksNum 0x54E01EF0
    22:30:00.0868 5128 Initialize success
    22:30:00.0868 5128 ============================================================
    22:30:03.0270 0368 ============================================================
    22:30:03.0270 0368 Scan started
    22:30:03.0270 0368 Mode: Manual;
    22:30:03.0270 0368 ============================================================
    22:30:04.0066 0368 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    22:30:04.0081 0368 1394ohci - ok
    22:30:04.0128 0368 Acceler (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys
    22:30:04.0128 0368 Acceler - ok
    22:30:04.0175 0368 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    22:30:04.0190 0368 ACPI - ok
    22:30:04.0206 0368 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    22:30:04.0222 0368 AcpiPmi - ok
    22:30:04.0253 0368 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
    22:30:04.0268 0368 adp94xx - ok
    22:30:04.0284 0368 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
    22:30:04.0284 0368 adpahci - ok
    22:30:04.0315 0368 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
    22:30:04.0315 0368 adpu320 - ok
    22:30:04.0346 0368 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    22:30:04.0346 0368 AeLookupSvc - ok
    22:30:04.0424 0368 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    22:30:04.0424 0368 AERTFilters - ok
    22:30:04.0487 0368 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    22:30:04.0502 0368 AFD - ok
    22:30:04.0534 0368 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    22:30:04.0534 0368 agp440 - ok
    22:30:04.0580 0368 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    22:30:04.0596 0368 ALG - ok
    22:30:04.0612 0368 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    22:30:04.0612 0368 aliide - ok
    22:30:04.0627 0368 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    22:30:04.0627 0368 amdide - ok
    22:30:04.0658 0368 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
    22:30:04.0658 0368 AmdK8 - ok
    22:30:04.0674 0368 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
    22:30:04.0674 0368 AmdPPM - ok
    22:30:04.0705 0368 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    22:30:04.0705 0368 amdsata - ok
    22:30:04.0721 0368 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
    22:30:04.0736 0368 amdsbs - ok
    22:30:04.0752 0368 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    22:30:04.0752 0368 amdxata - ok
    22:30:04.0814 0368 AMPPAL (12e7a43a3c6840a063a82b04f7ef47c0) C:\Windows\system32\DRIVERS\AMPPAL.sys
    22:30:04.0814 0368 AMPPAL - ok
    22:30:04.0846 0368 AMPPALP (12e7a43a3c6840a063a82b04f7ef47c0) C:\Windows\system32\DRIVERS\amppal.sys
    22:30:04.0846 0368 AMPPALP - ok
    22:30:04.0908 0368 AMPPALR3 (2cc0cbf2707be4d5b6ce6b87d9da2f97) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    22:30:04.0924 0368 AMPPALR3 - ok
    22:30:04.0939 0368 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    22:30:04.0939 0368 AppID - ok
    22:30:04.0970 0368 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    22:30:04.0970 0368 AppIDSvc - ok
    22:30:05.0017 0368 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    22:30:05.0017 0368 Appinfo - ok
    22:30:05.0064 0368 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
    22:30:05.0064 0368 arc - ok
    22:30:05.0080 0368 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
    22:30:05.0080 0368 arcsas - ok
    22:30:05.0158 0368 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    22:30:05.0158 0368 aspnet_state - ok
    22:30:05.0189 0368 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    22:30:05.0189 0368 AsyncMac - ok
    22:30:05.0204 0368 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    22:30:05.0204 0368 atapi - ok
    22:30:05.0267 0368 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    22:30:05.0282 0368 AudioEndpointBuilder - ok
    22:30:05.0314 0368 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    22:30:05.0314 0368 AudioSrv - ok
    22:30:05.0345 0368 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    22:30:05.0345 0368 AxInstSV - ok
    22:30:05.0407 0368 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
    22:30:05.0423 0368 b06bdrv - ok
    22:30:05.0454 0368 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    22:30:05.0454 0368 b57nd60a - ok
    22:30:05.0532 0368 BBSvc (87f3bcf82a63e900af896cd930bf7e05) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
    22:30:05.0548 0368 BBSvc - ok
    22:30:05.0579 0368 BBUpdate (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    22:30:05.0594 0368 BBUpdate - ok
    22:30:05.0626 0368 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    22:30:05.0626 0368 BDESVC - ok
    22:30:05.0672 0368 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    22:30:05.0672 0368 Beep - ok
    22:30:05.0735 0368 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
    22:30:05.0750 0368 BFE - ok
    22:30:05.0797 0368 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
    22:30:05.0828 0368 BITS - ok
    22:30:05.0844 0368 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    22:30:05.0860 0368 blbdrive - ok
    22:30:05.0906 0368 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
    22:30:05.0906 0368 bowser - ok
    22:30:05.0938 0368 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
    22:30:05.0938 0368 BrFiltLo - ok
    22:30:05.0938 0368 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
    22:30:05.0938 0368 BrFiltUp - ok
    22:30:06.0000 0368 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    22:30:06.0000 0368 Browser - ok
    22:30:06.0047 0368 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    22:30:06.0047 0368 Brserid - ok
    22:30:06.0078 0368 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    22:30:06.0078 0368 BrSerWdm - ok
    22:30:06.0094 0368 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    22:30:06.0094 0368 BrUsbMdm - ok
    22:30:06.0109 0368 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    22:30:06.0109 0368 BrUsbSer - ok
    22:30:06.0125 0368 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
    22:30:06.0125 0368 BTHMODEM - ok
    22:30:06.0156 0368 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    22:30:06.0156 0368 bthserv - ok
    22:30:06.0234 0368 BTHSSecurityMgr (d6ceec2f878149e4db9fe93fa5d8fe60) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    22:30:06.0234 0368 BTHSSecurityMgr - ok
    22:30:06.0281 0368 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    22:30:06.0281 0368 cdfs - ok
    22:30:06.0328 0368 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    22:30:06.0328 0368 cdrom - ok
    22:30:06.0374 0368 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    22:30:06.0374 0368 CertPropSvc - ok
    22:30:06.0421 0368 cfwids (e8ddaaf635a4ea6f24927544e97c6de8) C:\Windows\system32\drivers\cfwids.sys
    22:30:06.0421 0368 cfwids - ok
    22:30:06.0452 0368 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
    22:30:06.0452 0368 circlass - ok
    22:30:06.0484 0368 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    22:30:06.0499 0368 CLFS - ok
    22:30:06.0546 0368 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    22:30:06.0546 0368 clr_optimization_v2.0.50727_32 - ok
    22:30:06.0577 0368 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    22:30:06.0593 0368 clr_optimization_v2.0.50727_64 - ok
    22:30:06.0640 0368 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    22:30:06.0640 0368 clr_optimization_v4.0.30319_32 - ok
    22:30:06.0686 0368 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    22:30:06.0702 0368 clr_optimization_v4.0.30319_64 - ok
    22:30:06.0749 0368 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    22:30:06.0749 0368 CmBatt - ok
    22:30:06.0764 0368 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    22:30:06.0764 0368 cmdide - ok
    22:30:06.0827 0368 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    22:30:06.0842 0368 CNG - ok
    22:30:06.0858 0368 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    22:30:06.0858 0368 Compbatt - ok
    22:30:06.0889 0368 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
    22:30:06.0889 0368 CompositeBus - ok
    22:30:06.0905 0368 COMSysApp - ok
    22:30:06.0920 0368 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
    22:30:06.0936 0368 crcdisk - ok
    22:30:06.0967 0368 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
    22:30:06.0967 0368 CryptSvc - ok
    22:30:07.0030 0368 CtClsFlt (bc3d4f90978cd7c8eabd1baf3bf7873a) C:\Windows\system32\DRIVERS\CtClsFlt.sys
    22:30:07.0045 0368 CtClsFlt - ok
    22:30:07.0092 0368 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    22:30:07.0108 0368 DcomLaunch - ok
    22:30:07.0139 0368 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    22:30:07.0154 0368 defragsvc - ok
    22:30:07.0217 0368 DellDigitalDelivery (2050309bab03dfcee455dbf913bf91b1) c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
    22:30:07.0217 0368 DellDigitalDelivery - ok
    22:30:07.0279 0368 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    22:30:07.0279 0368 DfsC - ok
    22:30:07.0310 0368 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    22:30:07.0326 0368 Dhcp - ok
    22:30:07.0342 0368 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    22:30:07.0342 0368 discache - ok
    22:30:07.0388 0368 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
    22:30:07.0388 0368 Disk - ok
    22:30:07.0420 0368 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    22:30:07.0420 0368 Dnscache - ok
    22:30:07.0435 0368 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    22:30:07.0451 0368 dot3svc - ok
    22:30:07.0466 0368 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    22:30:07.0466 0368 DPS - ok
    22:30:07.0513 0368 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    22:30:07.0513 0368 drmkaud - ok
    22:30:07.0544 0368 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    22:30:07.0560 0368 DXGKrnl - ok
    22:30:07.0591 0368 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    22:30:07.0591 0368 EapHost - ok
    22:30:07.0685 0368 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
    22:30:07.0763 0368 ebdrv - ok
    22:30:07.0794 0368 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    22:30:07.0810 0368 EFS - ok
    22:30:07.0841 0368 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    22:30:07.0856 0368 ehRecvr - ok
    22:30:07.0872 0368 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    22:30:07.0888 0368 ehSched - ok
    22:30:07.0934 0368 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
    22:30:07.0950 0368 elxstor - ok
    22:30:07.0966 0368 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    22:30:07.0966 0368 ErrDev - ok
    22:30:08.0028 0368 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    22:30:08.0028 0368 EventSystem - ok
    22:30:08.0153 0368 EvtEng (532b8ff8e07f3772b086620377654f95) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    22:30:08.0200 0368 EvtEng - ok
    22:30:08.0309 0368 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    22:30:08.0309 0368 exfat - ok
    22:30:08.0324 0368 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    22:30:08.0340 0368 fastfat - ok
    22:30:08.0402 0368 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    22:30:08.0418 0368 Fax - ok
    22:30:08.0465 0368 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
    22:30:08.0465 0368 fdc - ok
    22:30:08.0496 0368 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    22:30:08.0496 0368 fdPHost - ok
    22:30:08.0512 0368 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    22:30:08.0527 0368 FDResPub - ok
    22:30:08.0543 0368 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    22:30:08.0558 0368 FileInfo - ok
    22:30:08.0574 0368 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    22:30:08.0574 0368 Filetrace - ok
    22:30:08.0590 0368 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
    22:30:08.0605 0368 flpydisk - ok
    22:30:08.0621 0368 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    22:30:08.0621 0368 FltMgr - ok
    22:30:08.0683 0368 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    22:30:08.0714 0368 FontCache - ok
    22:30:08.0777 0368 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    22:30:08.0777 0368 FontCache3.0.0.0 - ok
    22:30:08.0808 0368 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    22:30:08.0824 0368 FsDepends - ok
    22:30:08.0855 0368 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    22:30:08.0855 0368 Fs_Rec - ok
    22:30:08.0902 0368 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    22:30:08.0902 0368 fvevol - ok
    22:30:08.0917 0368 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
    22:30:08.0933 0368 gagp30kx - ok
    22:30:08.0980 0368 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    22:30:09.0011 0368 gpsvc - ok
    22:30:09.0042 0368 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    22:30:09.0042 0368 hcw85cir - ok
    22:30:09.0073 0368 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    22:30:09.0073 0368 HDAudBus - ok
    22:30:09.0089 0368 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
    22:30:09.0089 0368 HidBatt - ok
    22:30:09.0120 0368 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
    22:30:09.0120 0368 HidBth - ok
    22:30:09.0136 0368 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
    22:30:09.0136 0368 HidIr - ok
    22:30:09.0167 0368 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
    22:30:09.0182 0368 hidserv - ok
    22:30:09.0198 0368 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
    22:30:09.0214 0368 HidUsb - ok
    22:30:09.0229 0368 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    22:30:09.0245 0368 hkmsvc - ok
    22:30:09.0276 0368 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    22:30:09.0276 0368 HomeGroupListener - ok
    22:30:09.0307 0368 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    22:30:09.0307 0368 HomeGroupProvider - ok
    22:30:09.0354 0368 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    22:30:09.0354 0368 HpSAMD - ok
    22:30:09.0401 0368 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    22:30:09.0416 0368 HTTP - ok
    22:30:09.0432 0368 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    22:30:09.0432 0368 hwpolicy - ok
    22:30:09.0463 0368 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    22:30:09.0479 0368 i8042prt - ok
    22:30:09.0526 0368 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\drivers\iaStor.sys
    22:30:09.0541 0368 iaStor - ok
    22:30:09.0604 0368 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    22:30:09.0604 0368 iaStorV - ok
    22:30:09.0682 0368 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    22:30:09.0713 0368 idsvc - ok
    22:30:09.0978 0368 igfx (0bd58366c86ef9ddc4f61afed0cada99) C:\Windows\system32\DRIVERS\igdkmd64.sys
    22:30:10.0165 0368 igfx - ok
    22:30:10.0212 0368 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
    22:30:10.0212 0368 iirsp - ok
    22:30:10.0259 0368 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    22:30:10.0290 0368 IKEEXT - ok
    22:30:10.0337 0368 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys
    22:30:10.0337 0368 Impcd - ok
    22:30:10.0399 0368 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\Windows\system32\drivers\intelaud.sys
    22:30:10.0399 0368 intaud_WaveExtensible - ok
    22:30:10.0493 0368 IntcAzAudAddService (8fed6428fde53d7f4c105095f22524be) C:\Windows\system32\drivers\RTKVHD64.sys
    22:30:10.0493 0368 IntcAzAudAddService - ok
    22:30:10.0540 0368 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
    22:30:10.0540 0368 IntcDAud - ok
    22:30:10.0571 0368 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    22:30:10.0571 0368 intelide - ok
    22:30:10.0586 0368 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    22:30:10.0602 0368 intelppm - ok
    22:30:10.0649 0368 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    22:30:10.0649 0368 IPBusEnum - ok
    22:30:10.0664 0368 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    22:30:10.0680 0368 IpFilterDriver - ok
    22:30:10.0711 0368 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
    22:30:10.0727 0368 iphlpsvc - ok
    22:30:10.0758 0368 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    22:30:10.0758 0368 IPMIDRV - ok
    22:30:10.0774 0368 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    22:30:10.0774 0368 IPNAT - ok
    22:30:10.0805 0368 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    22:30:10.0805 0368 IRENUM - ok
    22:30:10.0805 0368 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    22:30:10.0820 0368 isapnp - ok
    22:30:10.0836 0368 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    22:30:10.0836 0368 iScsiPrt - ok
    22:30:10.0867 0368 iwdbus (716f66336f10885d935b08174dc54242) C:\Windows\system32\DRIVERS\iwdbus.sys
    22:30:10.0883 0368 iwdbus - ok
    22:30:10.0898 0368 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    22:30:10.0898 0368 kbdclass - ok
    22:30:10.0945 0368 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    22:30:10.0945 0368 kbdhid - ok
    22:30:11.0008 0368 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    22:30:11.0008 0368 KeyIso - ok
    22:30:11.0039 0368 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    22:30:11.0039 0368 KSecDD - ok
    22:30:11.0070 0368 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    22:30:11.0070 0368 KSecPkg - ok
    22:30:11.0086 0368 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    22:30:11.0086 0368 ksthunk - ok
    22:30:11.0117 0368 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    22:30:11.0132 0368 KtmRm - ok
    22:30:11.0195 0368 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
    22:30:11.0210 0368 LanmanServer - ok
    22:30:11.0273 0368 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    22:30:11.0273 0368 LanmanWorkstation - ok
    22:30:11.0335 0368 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    22:30:11.0351 0368 lltdio - ok
    22:30:11.0382 0368 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    22:30:11.0382 0368 lltdsvc - ok
    22:30:11.0413 0368 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    22:30:11.0413 0368 lmhosts - ok
    22:30:11.0507 0368 LMS (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    22:30:11.0507 0368 LMS - ok
    22:30:11.0585 0368 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
    22:30:11.0600 0368 LSI_FC - ok
    22:30:11.0616 0368 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
    22:30:11.0616 0368 LSI_SAS - ok
    22:30:11.0632 0368 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
    22:30:11.0632 0368 LSI_SAS2 - ok
    22:30:11.0678 0368 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
    22:30:11.0678 0368 LSI_SCSI - ok
    22:30:11.0694 0368 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    22:30:11.0694 0368 luafv - ok
    22:30:11.0756 0368 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
    22:30:11.0756 0368 MBAMProtector - ok
    22:30:11.0850 0368 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    22:30:11.0866 0368 MBAMService - ok
    22:30:11.0944 0368 McAWFwk (9504f1dda1b67fb8d526fd4f8cc882f3) c:\PROGRA~1\mcafee\msc\mcawfwk.exe
    22:30:11.0944 0368 McAWFwk - ok
    22:30:11.0990 0368 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    22:30:11.0990 0368 McMPFSvc - ok
    22:30:12.0022 0368 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    22:30:12.0022 0368 mcmscsvc - ok
    22:30:12.0022 0368 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    22:30:12.0022 0368 McNaiAnn - ok
    22:30:12.0037 0368 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    22:30:12.0037 0368 McNASvc - ok
    22:30:12.0084 0368 McODS (c6232488cdbf063ce077fc7f8f8c248c) C:\Program Files\mcafee\VirusScan\mcods.exe
    22:30:12.0100 0368 McODS - ok
    22:30:12.0115 0368 McOobeSv (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    22:30:12.0115 0368 McOobeSv - ok
    22:30:12.0131 0368 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    22:30:12.0131 0368 McProxy - ok
    22:30:12.0162 0368 McShield (82128f909cd5148556f6deb77b340532) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    22:30:12.0178 0368 McShield - ok
    22:30:12.0256 0368 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    22:30:12.0256 0368 Mcx2Svc - ok
    22:30:12.0302 0368 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
    22:30:12.0302 0368 megasas - ok
    22:30:12.0349 0368 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
    22:30:12.0349 0368 MegaSR - ok
    22:30:12.0396 0368 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
    22:30:12.0396 0368 MEIx64 - ok
    22:30:12.0443 0368 mfeapfk (fb752feb1ed4e660ff51712892905c04) C:\Windows\system32\drivers\mfeapfk.sys
    22:30:12.0458 0368 mfeapfk - ok
    22:30:12.0490 0368 mfeavfk (3257cf681999a47d8c552dfbbeb7844e) C:\Windows\system32\drivers\mfeavfk.sys
    22:30:12.0490 0368 mfeavfk - ok
    22:30:12.0552 0368 mfefire (a6cdfc6300e214d19da765253e3e3d20) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    22:30:12.0552 0368 mfefire - ok
    22:30:12.0583 0368 mfefirek (00016d7ed29a95d6f7e7b6a3f591fd2d) C:\Windows\system32\drivers\mfefirek.sys
    22:30:12.0599 0368 mfefirek - ok
    22:30:12.0646 0368 mfehidk (39030c98198f02a2f3a1c3166bf56253) C:\Windows\system32\drivers\mfehidk.sys
    22:30:12.0661 0368 mfehidk - ok
    22:30:12.0692 0368 mfenlfk (217fa02439de74844b6a39aebeed24e1) C:\Windows\system32\DRIVERS\mfenlfk.sys
    22:30:12.0692 0368 mfenlfk - ok
    22:30:12.0724 0368 mferkdet (8474e6ee0b5eab108cf005c6c4956e75) C:\Windows\system32\drivers\mferkdet.sys
    22:30:12.0739 0368 mferkdet - ok
    22:30:12.0755 0368 mfevtp (bfcdf65f8513e396889a62dc1397273f) C:\Windows\system32\mfevtps.exe
    22:30:12.0755 0368 mfevtp - ok
    22:30:12.0770 0368 mfewfpk (d4cf36f1eba374fcc35903ae4f4e46bc) C:\Windows\system32\drivers\mfewfpk.sys
    22:30:12.0786 0368 mfewfpk - ok
    22:30:12.0817 0368 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    22:30:12.0817 0368 MMCSS - ok
    22:30:12.0848 0368 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    22:30:12.0864 0368 Modem - ok
    22:30:12.0880 0368 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    22:30:12.0880 0368 monitor - ok
    22:30:12.0911 0368 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    22:30:12.0911 0368 mouclass - ok
    22:30:12.0942 0368 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
    22:30:12.0942 0368 mouhid - ok
    22:30:12.0958 0368 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    22:30:12.0973 0368 mountmgr - ok
    22:30:12.0989 0368 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    22:30:12.0989 0368 mpio - ok
    22:30:13.0020 0368 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    22:30:13.0020 0368 mpsdrv - ok
    22:30:13.0067 0368 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
    22:30:13.0114 0368 MpsSvc - ok
    22:30:13.0129 0368 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    22:30:13.0129 0368 MRxDAV - ok
    22:30:13.0145 0368 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    22:30:13.0160 0368 mrxsmb - ok
    22:30:13.0160 0368 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    22:30:13.0176 0368 mrxsmb10 - ok
    22:30:13.0192 0368 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    22:30:13.0192 0368 mrxsmb20 - ok
    22:30:13.0207 0368 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    22:30:13.0207 0368 msahci - ok
    22:30:13.0238 0368 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    22:30:13.0238 0368 msdsm - ok
    22:30:13.0254 0368 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    22:30:13.0270 0368 MSDTC - ok
    22:30:13.0285 0368 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    22:30:13.0285 0368 Msfs - ok
    22:30:13.0301 0368 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    22:30:13.0301 0368 mshidkmdf - ok
    22:30:13.0301 0368 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    22:30:13.0301 0368 msisadrv - ok
    22:30:13.0363 0368 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    22:30:13.0363 0368 MSiSCSI - ok
    22:30:13.0379 0368 msiserver - ok
    22:30:13.0410 0368 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    22:30:13.0410 0368 MSK80Service - ok
    22:30:13.0472 0368 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    22:30:13.0472 0368 MSKSSRV - ok
    22:30:13.0488 0368 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    22:30:13.0488 0368 MSPCLOCK - ok
    22:30:13.0504 0368 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    22:30:13.0504 0368 MSPQM - ok
    22:30:13.0550 0368 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    22:30:13.0550 0368 MsRPC - ok
    22:30:13.0566 0368 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    22:30:13.0566 0368 mssmbios - ok
    22:30:13.0582 0368 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    22:30:13.0597 0368 MSTEE - ok
    22:30:13.0613 0368 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
    22:30:13.0613 0368 MTConfig - ok
    22:30:13.0628 0368 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    22:30:13.0628 0368 Mup - ok
    22:30:13.0722 0368 MyWiFiDHCPDNS (265937bc59819df1dab65e27c60f94c0) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    22:30:13.0738 0368 MyWiFiDHCPDNS - ok
    22:30:13.0784 0368 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    22:30:13.0800 0368 napagent - ok
    22:30:13.0862 0368 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    22:30:13.0878 0368 NativeWifiP - ok
    22:30:13.0956 0368 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files (x86)\Nero\Update\NASvc.exe
    22:30:13.0972 0368 NAUpdate - ok
    22:30:14.0081 0368 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
    22:30:14.0112 0368 NDIS - ok
    22:30:14.0143 0368 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    22:30:14.0143 0368 NdisCap - ok
    22:30:14.0174 0368 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    22:30:14.0174 0368 NdisTapi - ok
    22:30:14.0190 0368 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    22:30:14.0190 0368 Ndisuio - ok
    22:30:14.0221 0368 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    22:30:14.0221 0368 NdisWan - ok
    22:30:14.0237 0368 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    22:30:14.0237 0368 NDProxy - ok
    22:30:14.0252 0368 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    22:30:14.0252 0368 NetBIOS - ok
    22:30:14.0284 0368 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    22:30:14.0284 0368 NetBT - ok
    22:30:14.0330 0368 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    22:30:14.0330 0368 Netlogon - ok
    22:30:14.0377 0368 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    22:30:14.0393 0368 Netman - ok
    22:30:14.0455 0368 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    22:30:14.0471 0368 NetMsmqActivator - ok
    22:30:14.0471 0368 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    22:30:14.0471 0368 NetPipeActivator - ok
    22:30:14.0502 0368 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    22:30:14.0518 0368 netprofm - ok
    22:30:14.0533 0368 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    22:30:14.0533 0368 NetTcpActivator - ok
    22:30:14.0549 0368 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    22:30:14.0549 0368 NetTcpPortSharing - ok
    22:30:14.0752 0368 NETwNs64 (774c9eccef83ab8a3d1466f19809c95f) C:\Windows\system32\DRIVERS\NETwNs64.sys
    22:30:14.0892 0368 NETwNs64 - ok
    22:30:14.0954 0368 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
    22:30:14.0954 0368 nfrd960 - ok
    22:30:15.0017 0368 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    22:30:15.0017 0368 NlaSvc - ok
    22:30:15.0142 0368 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    22:30:15.0235 0368 NOBU - ok
    22:30:15.0313 0368 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    22:30:15.0313 0368 Npfs - ok
    22:30:15.0344 0368 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    22:30:15.0344 0368 nsi - ok
    22:30:15.0360 0368 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    22:30:15.0360 0368 nsiproxy - ok
    22:30:15.0454 0368 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    22:30:15.0485 0368 Ntfs - ok
     
  14. Gowtham83

    Gowtham83 Newcomer, in training Topic Starter Posts: 32

    TDSSKillert 2nd run log:- Part 2

    22:30:15.0500 0368 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    22:30:15.0516 0368 Null - ok
    22:30:15.0547 0368 nusb3hub (d584abb6a308933a5f72b46c9e5a783f) C:\Windows\system32\DRIVERS\nusb3hub.sys
    22:30:15.0563 0368 nusb3hub - ok
    22:30:15.0578 0368 nusb3xhc (345b9c04e2036da4346e3249a5bdfd06) C:\Windows\system32\DRIVERS\nusb3xhc.sys
    22:30:15.0594 0368 nusb3xhc - ok
    22:30:15.0625 0368 nvkflt (d980b1551dd0c8bdc3b07d617b4d42a6) C:\Windows\system32\DRIVERS\nvkflt.sys
    22:30:15.0625 0368 nvkflt - ok
    22:30:15.0844 0368 nvlddmkm (386fb2e1ef51495629089231957b7d9a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    22:30:15.0890 0368 nvlddmkm - ok
    22:30:15.0906 0368 nvpciflt (e0cabfd2564cb064eaa5789cd6960c4a) C:\Windows\system32\DRIVERS\nvpciflt.sys
    22:30:15.0906 0368 nvpciflt - ok
    22:30:15.0937 0368 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    22:30:15.0937 0368 nvraid - ok
    22:30:15.0968 0368 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    22:30:15.0968 0368 nvstor - ok
    22:30:16.0000 0368 NvStUSB (4dc87cda61d7b185e79618581f46b85a) C:\Windows\system32\drivers\nvstusb.sys
    22:30:16.0015 0368 NvStUSB - ok
    22:30:16.0093 0368 nvsvc (3947ad5d03e6abcce037801162fdb90d) C:\Windows\system32\nvvsvc.exe
    22:30:16.0124 0368 nvsvc - ok
    22:30:16.0234 0368 nvUpdatusService (c5b3bb5dc9c62700c4a72c2a89ca1d58) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    22:30:16.0296 0368 nvUpdatusService - ok
    22:30:16.0374 0368 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    22:30:16.0374 0368 nv_agp - ok
    22:30:16.0390 0368 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    22:30:16.0405 0368 ohci1394 - ok
    22:30:16.0452 0368 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    22:30:16.0452 0368 p2pimsvc - ok
    22:30:16.0483 0368 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    22:30:16.0499 0368 p2psvc - ok
    22:30:16.0530 0368 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
    22:30:16.0530 0368 Parport - ok
    22:30:16.0546 0368 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    22:30:16.0546 0368 partmgr - ok
    22:30:16.0561 0368 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    22:30:16.0561 0368 PcaSvc - ok
    22:30:16.0592 0368 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    22:30:16.0592 0368 pci - ok
    22:30:16.0624 0368 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    22:30:16.0624 0368 pciide - ok
    22:30:16.0639 0368 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
    22:30:16.0655 0368 pcmcia - ok
    22:30:16.0670 0368 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    22:30:16.0670 0368 pcw - ok
    22:30:16.0702 0368 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    22:30:16.0702 0368 PEAUTH - ok
    22:30:16.0764 0368 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    22:30:16.0764 0368 PerfHost - ok
    22:30:16.0842 0368 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    22:30:16.0873 0368 pla - ok
    22:30:16.0920 0368 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    22:30:16.0936 0368 PlugPlay - ok
    22:30:16.0951 0368 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    22:30:16.0967 0368 PNRPAutoReg - ok
    22:30:16.0982 0368 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    22:30:16.0998 0368 PNRPsvc - ok
    22:30:17.0045 0368 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    22:30:17.0060 0368 PolicyAgent - ok
    22:30:17.0092 0368 Power (a2cca4fb273e6050f17a0a416cff2fcd) C:\Windows\system32\umpo.dll
    22:30:17.0092 0368 Power - ok
    22:30:17.0138 0368 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    22:30:17.0138 0368 PptpMiniport - ok
    22:30:17.0170 0368 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
    22:30:17.0170 0368 Processor - ok
    22:30:17.0216 0368 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
    22:30:17.0216 0368 ProfSvc - ok
    22:30:17.0248 0368 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    22:30:17.0248 0368 ProtectedStorage - ok
    22:30:17.0294 0368 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    22:30:17.0294 0368 Psched - ok
    22:30:17.0341 0368 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
    22:30:17.0357 0368 PxHlpa64 - ok
    22:30:17.0404 0368 qicflt (0928bd20273625622722fe1de5bbde57) C:\Windows\system32\DRIVERS\qicflt.sys
    22:30:17.0404 0368 qicflt - ok
    22:30:17.0482 0368 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
    22:30:17.0497 0368 ql2300 - ok
    22:30:17.0513 0368 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
    22:30:17.0528 0368 ql40xx - ok
    22:30:17.0560 0368 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    22:30:17.0575 0368 QWAVE - ok
    22:30:17.0575 0368 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    22:30:17.0591 0368 QWAVEdrv - ok
    22:30:17.0606 0368 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    22:30:17.0606 0368 RasAcd - ok
    22:30:17.0638 0368 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    22:30:17.0653 0368 RasAgileVpn - ok
    22:30:17.0684 0368 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    22:30:17.0700 0368 RasAuto - ok
    22:30:17.0716 0368 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    22:30:17.0716 0368 Rasl2tp - ok
    22:30:17.0762 0368 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    22:30:17.0762 0368 RasMan - ok
    22:30:17.0794 0368 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    22:30:17.0794 0368 RasPppoe - ok
    22:30:17.0809 0368 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    22:30:17.0809 0368 RasSstp - ok
    22:30:17.0825 0368 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    22:30:17.0825 0368 rdbss - ok
    22:30:17.0840 0368 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
    22:30:17.0840 0368 rdpbus - ok
    22:30:17.0856 0368 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    22:30:17.0856 0368 RDPCDD - ok
    22:30:17.0872 0368 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    22:30:17.0872 0368 RDPENCDD - ok
    22:30:17.0887 0368 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    22:30:17.0887 0368 RDPREFMP - ok
    22:30:17.0950 0368 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    22:30:17.0950 0368 RDPWD - ok
    22:30:17.0981 0368 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    22:30:17.0996 0368 rdyboost - ok
    22:30:18.0074 0368 RegSrvc (7196be857e29007470ff9b689c7f29a7) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    22:30:18.0090 0368 RegSrvc - ok
    22:30:18.0121 0368 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    22:30:18.0137 0368 RemoteAccess - ok
    22:30:18.0184 0368 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    22:30:18.0184 0368 RemoteRegistry - ok
    22:30:18.0293 0368 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
    22:30:18.0324 0368 RoxMediaDB12OEM - ok
    22:30:18.0340 0368 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
    22:30:18.0340 0368 RoxWatch12 - ok
    22:30:18.0418 0368 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    22:30:18.0418 0368 RpcEptMapper - ok
    22:30:18.0449 0368 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    22:30:18.0464 0368 RpcLocator - ok
    22:30:18.0496 0368 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    22:30:18.0496 0368 RpcSs - ok
    22:30:18.0558 0368 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    22:30:18.0558 0368 rspndr - ok
    22:30:18.0605 0368 RTL8167 (9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys
    22:30:18.0620 0368 RTL8167 - ok
    22:30:18.0652 0368 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    22:30:18.0652 0368 SamSs - ok
    22:30:18.0667 0368 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    22:30:18.0683 0368 sbp2port - ok
    22:30:18.0714 0368 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    22:30:18.0714 0368 SCardSvr - ok
    22:30:18.0730 0368 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    22:30:18.0745 0368 scfilter - ok
    22:30:18.0776 0368 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    22:30:18.0808 0368 Schedule - ok
    22:30:18.0839 0368 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    22:30:18.0854 0368 SCPolicySvc - ok
    22:30:18.0870 0368 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    22:30:18.0870 0368 SDRSVC - ok
    22:30:18.0901 0368 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    22:30:18.0901 0368 secdrv - ok
    22:30:18.0932 0368 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    22:30:18.0932 0368 seclogon - ok
    22:30:18.0964 0368 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
    22:30:18.0979 0368 SENS - ok
    22:30:19.0026 0368 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    22:30:19.0026 0368 SensrSvc - ok
    22:30:19.0057 0368 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
    22:30:19.0057 0368 Serenum - ok
    22:30:19.0073 0368 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
    22:30:19.0088 0368 Serial - ok
    22:30:19.0104 0368 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
    22:30:19.0104 0368 sermouse - ok
    22:30:19.0151 0368 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    22:30:19.0151 0368 SessionEnv - ok
    22:30:19.0166 0368 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    22:30:19.0182 0368 sffdisk - ok
    22:30:19.0198 0368 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    22:30:19.0198 0368 sffp_mmc - ok
    22:30:19.0213 0368 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    22:30:19.0213 0368 sffp_sd - ok
    22:30:19.0229 0368 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
    22:30:19.0229 0368 sfloppy - ok
    22:30:19.0354 0368 SftService (29ddea72c5bdf61d62f4d438dc0e497c) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    22:30:19.0400 0368 SftService - ok
    22:30:19.0463 0368 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    22:30:19.0478 0368 SharedAccess - ok
    22:30:19.0525 0368 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    22:30:19.0541 0368 ShellHWDetection - ok
    22:30:19.0572 0368 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
    22:30:19.0572 0368 SiSRaid2 - ok
    22:30:19.0588 0368 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
    22:30:19.0588 0368 SiSRaid4 - ok
    22:30:19.0634 0368 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    22:30:19.0634 0368 Smb - ok
    22:30:19.0681 0368 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    22:30:19.0681 0368 SNMPTRAP - ok
    22:30:19.0697 0368 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    22:30:19.0712 0368 spldr - ok
    22:30:19.0728 0368 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    22:30:19.0759 0368 Spooler - ok
    22:30:19.0822 0368 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    22:30:19.0868 0368 sppsvc - ok
    22:30:19.0884 0368 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    22:30:19.0884 0368 sppuinotify - ok
    22:30:19.0915 0368 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    22:30:19.0931 0368 srv - ok
    22:30:19.0946 0368 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    22:30:19.0946 0368 srv2 - ok
    22:30:19.0962 0368 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    22:30:19.0962 0368 srvnet - ok
    22:30:20.0009 0368 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    22:30:20.0024 0368 SSDPSRV - ok
    22:30:20.0040 0368 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    22:30:20.0040 0368 SstpSvc - ok
    22:30:20.0087 0368 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
    22:30:20.0087 0368 stdcfltn - ok
    22:30:20.0180 0368 Stereo Service (b69e79470474a8bef06be2130d0210a8) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    22:30:20.0180 0368 Stereo Service - ok
    22:30:20.0258 0368 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
    22:30:20.0258 0368 stexstor - ok
    22:30:20.0305 0368 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    22:30:20.0336 0368 stisvc - ok
    22:30:20.0399 0368 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    22:30:20.0399 0368 stllssvr - ok
    22:30:20.0430 0368 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    22:30:20.0430 0368 swenum - ok
    22:30:20.0477 0368 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    22:30:20.0492 0368 swprv - ok
    22:30:20.0570 0368 SynTP (b0c7d4dcf4800df2f2145b500d0161e8) C:\Windows\system32\DRIVERS\SynTP.sys
    22:30:20.0586 0368 SynTP - ok
    22:30:20.0617 0368 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    22:30:20.0664 0368 SysMain - ok
    22:30:20.0695 0368 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    22:30:20.0695 0368 TabletInputService - ok
    22:30:20.0726 0368 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    22:30:20.0742 0368 TapiSrv - ok
    22:30:20.0773 0368 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    22:30:20.0773 0368 TBS - ok
    22:30:20.0851 0368 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    22:30:20.0867 0368 Tcpip - ok
    22:30:20.0945 0368 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    22:30:20.0976 0368 TCPIP6 - ok
    22:30:20.0992 0368 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    22:30:20.0992 0368 tcpipreg - ok
    22:30:21.0007 0368 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    22:30:21.0007 0368 TDPIPE - ok
    22:30:21.0038 0368 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    22:30:21.0038 0368 TDTCP - ok
    22:30:21.0070 0368 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    22:30:21.0070 0368 tdx - ok
    22:30:21.0085 0368 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
    22:30:21.0101 0368 TermDD - ok
    22:30:21.0132 0368 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    22:30:21.0148 0368 TermService - ok
    22:30:21.0179 0368 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    22:30:21.0179 0368 Themes - ok
    22:30:21.0210 0368 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    22:30:21.0210 0368 THREADORDER - ok
    22:30:21.0241 0368 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    22:30:21.0241 0368 TrkWks - ok
    22:30:21.0288 0368 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    22:30:21.0288 0368 TrustedInstaller - ok
    22:30:21.0335 0368 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    22:30:21.0335 0368 tssecsrv - ok
    22:30:21.0366 0368 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    22:30:21.0366 0368 TsUsbFlt - ok
    22:30:21.0382 0368 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
    22:30:21.0382 0368 TsUsbGD - ok
    22:30:21.0413 0368 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    22:30:21.0428 0368 tunnel - ok
    22:30:21.0475 0368 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
    22:30:21.0475 0368 TurboB - ok
    22:30:21.0522 0368 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    22:30:21.0522 0368 TurboBoost - ok
    22:30:21.0538 0368 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
    22:30:21.0538 0368 uagp35 - ok
    22:30:21.0569 0368 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    22:30:21.0569 0368 udfs - ok
    22:30:21.0600 0368 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    22:30:21.0616 0368 UI0Detect - ok
    22:30:21.0631 0368 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    22:30:21.0631 0368 uliagpkx - ok
    22:30:21.0678 0368 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
    22:30:21.0678 0368 umbus - ok
    22:30:21.0725 0368 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
    22:30:21.0725 0368 UmPass - ok
    22:30:21.0834 0368 UNS (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    22:30:21.0834 0368 UNS - ok
    22:30:21.0865 0368 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    22:30:21.0881 0368 upnphost - ok
    22:30:21.0896 0368 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
    22:30:21.0896 0368 usbccgp - ok
    22:30:21.0928 0368 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    22:30:21.0928 0368 usbcir - ok
    22:30:21.0959 0368 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    22:30:21.0959 0368 usbehci - ok
    22:30:21.0990 0368 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    22:30:21.0990 0368 usbhub - ok
    22:30:22.0006 0368 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    22:30:22.0006 0368 usbohci - ok
    22:30:22.0021 0368 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
    22:30:22.0037 0368 usbprint - ok
    22:30:22.0068 0368 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    22:30:22.0068 0368 USBSTOR - ok
    22:30:22.0099 0368 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    22:30:22.0099 0368 usbuhci - ok
    22:30:22.0130 0368 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
    22:30:22.0130 0368 usbvideo - ok
    22:30:22.0162 0368 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    22:30:22.0177 0368 UxSms - ok
    22:30:22.0208 0368 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    22:30:22.0208 0368 VaultSvc - ok
    22:30:22.0240 0368 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    22:30:22.0240 0368 vdrvroot - ok
    22:30:22.0271 0368 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    22:30:22.0286 0368 vds - ok
    22:30:22.0302 0368 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    22:30:22.0302 0368 vga - ok
    22:30:22.0318 0368 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    22:30:22.0318 0368 VgaSave - ok
    22:30:22.0349 0368 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    22:30:22.0349 0368 vhdmp - ok
    22:30:22.0364 0368 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    22:30:22.0380 0368 viaide - ok
    22:30:22.0380 0368 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    22:30:22.0396 0368 volmgr - ok
    22:30:22.0411 0368 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    22:30:22.0427 0368 volmgrx - ok
    22:30:22.0458 0368 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    22:30:22.0474 0368 volsnap - ok
    22:30:22.0489 0368 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
    22:30:22.0505 0368 vsmraid - ok
    22:30:22.0567 0368 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    22:30:22.0598 0368 VSS - ok
    22:30:22.0614 0368 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    22:30:22.0614 0368 vwifibus - ok
    22:30:22.0630 0368 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    22:30:22.0630 0368 vwififlt - ok
    22:30:22.0661 0368 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    22:30:22.0661 0368 vwifimp - ok
    22:30:22.0692 0368 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    22:30:22.0708 0368 W32Time - ok
    22:30:22.0723 0368 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
    22:30:22.0739 0368 WacomPen - ok
    22:30:22.0754 0368 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    22:30:22.0754 0368 WANARP - ok
    22:30:22.0770 0368 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    22:30:22.0786 0368 Wanarpv6 - ok
    22:30:22.0848 0368 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    22:30:22.0879 0368 wbengine - ok
    22:30:22.0895 0368 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    22:30:22.0910 0368 WbioSrvc - ok
    22:30:22.0926 0368 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    22:30:22.0942 0368 wcncsvc - ok
    22:30:22.0942 0368 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    22:30:22.0942 0368 WcsPlugInService - ok
    22:30:22.0973 0368 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
    22:30:22.0973 0368 Wd - ok
    22:30:23.0004 0368 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    22:30:23.0004 0368 Wdf01000 - ok
    22:30:23.0020 0368 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    22:30:23.0035 0368 WdiServiceHost - ok
    22:30:23.0035 0368 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    22:30:23.0035 0368 WdiSystemHost - ok
    22:30:23.0051 0368 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    22:30:23.0066 0368 WebClient - ok
    22:30:23.0082 0368 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    22:30:23.0082 0368 Wecsvc - ok
    22:30:23.0113 0368 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    22:30:23.0113 0368 wercplsupport - ok
    22:30:23.0144 0368 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    22:30:23.0160 0368 WerSvc - ok
    22:30:23.0191 0368 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    22:30:23.0191 0368 WfpLwf - ok
    22:30:23.0254 0368 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
    22:30:23.0269 0368 WimFltr - ok
    22:30:23.0285 0368 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    22:30:23.0285 0368 WIMMount - ok
    22:30:23.0316 0368 WinDefend - ok
    22:30:23.0347 0368 WinHttpAutoProxySvc - ok
    22:30:23.0394 0368 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    22:30:23.0394 0368 Winmgmt - ok
    22:30:23.0488 0368 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    22:30:23.0519 0368 WinRM - ok
    22:30:23.0566 0368 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    22:30:23.0566 0368 Wlansvc - ok
    22:30:23.0644 0368 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    22:30:23.0644 0368 wlcrasvc - ok
    22:30:23.0737 0368 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    22:30:23.0815 0368 wlidsvc - ok
    22:30:23.0893 0368 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    22:30:23.0893 0368 WmiAcpi - ok
    22:30:23.0940 0368 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    22:30:23.0956 0368 wmiApSrv - ok
    22:30:23.0987 0368 WMPNetworkSvc - ok
    22:30:24.0018 0368 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    22:30:24.0034 0368 WPCSvc - ok
    22:30:24.0049 0368 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    22:30:24.0049 0368 WPDBusEnum - ok
    22:30:24.0065 0368 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    22:30:24.0065 0368 ws2ifsl - ok
    22:30:24.0096 0368 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
    22:30:24.0096 0368 wscsvc - ok
    22:30:24.0112 0368 WSearch - ok
    22:30:24.0174 0368 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
    22:30:24.0236 0368 wuauserv - ok
    22:30:24.0252 0368 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    22:30:24.0268 0368 WudfPf - ok
    22:30:24.0283 0368 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    22:30:24.0283 0368 WUDFRd - ok
    22:30:24.0314 0368 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    22:30:24.0330 0368 wudfsvc - ok
    22:30:24.0361 0368 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    22:30:24.0377 0368 WwanSvc - ok
    22:30:24.0408 0368 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
    22:30:24.0455 0368 \Device\Harddisk0\DR0 - ok
    22:30:24.0470 0368 Boot (0x1200) (3bf92101405899cb61424978d03b5e22) \Device\Harddisk0\DR0\Partition0
    22:30:24.0470 0368 \Device\Harddisk0\DR0\Partition0 - ok
    22:30:24.0486 0368 Boot (0x1200) (7775be5db74af4a2a252311b834fb435) \Device\Harddisk0\DR0\Partition1
    22:30:24.0486 0368 \Device\Harddisk0\DR0\Partition1 - ok
    22:30:24.0486 0368 ============================================================
    22:30:24.0486 0368 Scan finished
    22:30:24.0486 0368 ============================================================
    22:30:24.0502 4696 Detected object count: 0
    22:30:24.0502 4696 Actual detected object count: 0
  15. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Very good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  16. Gowtham83

    Gowtham83 Newcomer, in training Topic Starter Posts: 32

    ComboFix 12-04-12.03 - Ashu&Gowthu 04/12/2012 22:40:09.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6038.4473 [GMT -5:00]
    Running from: c:\users\Ashu&Gowthu\Downloads\ComboFix.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\ZeoBIT
    c:\programdata\Roaming
    c:\programdata\ZeoBIT
    c:\programdata\ZeoBIT\PCKeeper\history.xml
    c:\programdata\ZeoBIT\PCKeeper\PCKeeper.exe0.log
    c:\programdata\ZeoBIT\PCKeeper\ZeoService.exe0.log
    c:\programdata\ZeoBIT\PCKeeper\ZeoService.exe1.log
    c:\programdata\ZeoBIT\PCKeeper\ZeoService.exe2.log
    c:\windows\RPSETUP.EXE.LOG
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-13 to 2012-04-13 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-13 03:15 . 2012-04-13 03:15 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-04-12 11:59 . 2012-04-12 11:59 -------- d-----w- c:\users\Ashu&Gowthu\AppData\Local\Google
    2012-04-12 11:58 . 2012-04-12 11:58 -------- d-----w- c:\users\Ashu&Gowthu\AppData\Local\Apps
    2012-04-12 11:58 . 2012-04-12 11:59 -------- d-----w- c:\users\Ashu&Gowthu\AppData\Local\Deployment
    2012-04-12 03:40 . 2012-04-12 03:40 -------- d-----w- C:\TrustedID IDMonitor Identity Protection
    2012-04-12 02:06 . 2012-04-12 02:06 -------- d-----w- c:\program files (x86)\MSXML 4.0
    2012-04-12 01:53 . 2012-03-20 08:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DB323D13-0698-4939-842B-1AC6E041DFD6}\mpengine.dll
    2012-04-12 01:50 . 2012-04-12 01:50 -------- d-----w- c:\users\Ashu&Gowthu\AppData\Roaming\GlarySoft
    2012-04-12 01:49 . 2012-04-12 21:19 -------- d-----w- c:\program files (x86)\Glary Utilities
    2012-04-12 01:21 . 2012-04-12 01:21 -------- d-----w- c:\users\Ashu&Gowthu\AppData\Roaming\Malwarebytes
    2012-04-12 01:21 . 2012-04-12 01:21 -------- d-----w- c:\programdata\Malwarebytes
    2012-04-12 01:21 . 2012-04-12 21:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-04-12 01:21 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-12 00:42 . 2012-04-12 00:42 -------- d-----w- c:\users\Ashu&Gowthu\AppData\Local\VirtualStore
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-12 00:44 . 2010-06-24 16:33 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-03-13 17:27 . 2012-03-13 17:27 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-03-13 17:27 . 2012-03-13 17:27 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-03-13 17:27 . 2012-03-13 17:27 2309120 ----a-w- c:\windows\system32\jscript9.dll
    2012-03-13 17:27 . 2012-03-13 17:27 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-03-13 17:27 . 2012-03-13 17:27 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-03-13 17:27 . 2012-03-13 17:27 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-03-13 17:27 . 2012-03-13 17:27 1390080 ----a-w- c:\windows\system32\wininet.dll
    2012-03-13 17:27 . 2012-03-13 17:27 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-03-13 17:27 . 2012-03-13 17:27 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
    2012-03-13 17:27 . 2012-03-13 17:27 778752 ----a-w- c:\windows\system32\mssvp.dll
    2012-03-13 17:27 . 2012-03-13 17:27 75264 ----a-w- c:\windows\system32\msscntrs.dll
    2012-03-13 17:27 . 2012-03-13 17:27 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
    2012-03-13 17:27 . 2012-03-13 17:27 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
    2012-03-13 17:27 . 2012-03-13 17:27 591872 ----a-w- c:\windows\system32\SearchIndexer.exe
    2012-03-13 17:27 . 2012-03-13 17:27 491520 ----a-w- c:\windows\system32\mssph.dll
    2012-03-13 17:27 . 2012-03-13 17:27 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2012-03-13 17:27 . 2012-03-13 17:27 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
    2012-03-13 17:27 . 2012-03-13 17:27 337408 ----a-w- c:\windows\SysWow64\mssph.dll
    2012-03-13 17:27 . 2012-03-13 17:27 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
    2012-03-13 17:27 . 2012-03-13 17:27 31232 ----a-w- c:\windows\system32\prevhost.exe
    2012-03-13 17:27 . 2012-03-13 17:27 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
    2012-03-13 17:27 . 2012-03-13 17:27 288256 ----a-w- c:\windows\system32\mssphtb.dll
    2012-03-13 17:27 . 2012-03-13 17:27 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
    2012-03-13 17:27 . 2012-03-13 17:27 2315776 ----a-w- c:\windows\system32\tquery.dll
    2012-03-13 17:27 . 2012-03-13 17:27 2223616 ----a-w- c:\windows\system32\mssrch.dll
    2012-03-13 17:27 . 2012-03-13 17:27 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
    2012-03-13 17:27 . 2012-03-13 17:27 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
    2012-03-13 17:27 . 2012-03-13 17:27 1549312 ----a-w- c:\windows\SysWow64\tquery.dll
    2012-03-13 17:27 . 2012-03-13 17:27 1401344 ----a-w- c:\windows\SysWow64\mssrch.dll
    2012-03-13 17:27 . 2012-03-13 17:27 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
    2012-03-13 17:27 . 2012-03-13 17:27 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-03-13 17:27 . 2012-03-13 17:27 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-03-13 17:27 . 2012-03-13 17:27 1731920 ----a-w- c:\windows\system32\ntdll.dll
    2012-03-13 17:27 . 2012-03-13 17:27 1572864 ----a-w- c:\windows\system32\quartz.dll
    2012-03-13 17:27 . 2012-03-13 17:27 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
    2012-03-13 17:27 . 2012-03-13 17:27 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
    2012-03-13 17:27 . 2012-03-13 17:27 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2012-03-13 17:27 . 2012-03-13 17:27 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-03-13 17:27 . 2012-03-13 17:27 459232 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-03-13 17:27 . 2012-03-13 17:27 395776 ----a-w- c:\windows\system32\webio.dll
    2012-03-13 17:27 . 2012-03-13 17:27 340992 ----a-w- c:\windows\system32\schannel.dll
    2012-03-13 17:27 . 2012-03-13 17:27 314880 ----a-w- c:\windows\SysWow64\webio.dll
    2012-03-13 17:27 . 2012-03-13 17:27 31232 ----a-w- c:\windows\system32\lsass.exe
    2012-03-13 17:27 . 2012-03-13 17:27 29184 ----a-w- c:\windows\system32\sspisrv.dll
    2012-03-13 17:27 . 2012-03-13 17:27 28160 ----a-w- c:\windows\system32\secur32.dll
    2012-03-13 17:27 . 2012-03-13 17:27 224768 ----a-w- c:\windows\SysWow64\schannel.dll
    2012-03-13 17:27 . 2012-03-13 17:27 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2012-03-13 17:27 . 2012-03-13 17:27 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-03-13 17:27 . 2012-03-13 17:27 1447936 ----a-w- c:\windows\system32\lsasrv.dll
    2012-03-13 17:27 . 2012-03-13 17:27 136192 ----a-w- c:\windows\system32\sspicli.dll
    2012-03-13 17:27 . 2012-03-13 17:27 77312 ----a-w- c:\windows\system32\packager.dll
    2012-03-13 17:27 . 2012-03-13 17:27 67072 ----a-w- c:\windows\SysWow64\packager.dll
    2012-03-13 17:27 . 2012-03-13 17:27 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-03-13 17:27 . 2012-03-13 17:27 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-03-13 17:27 . 2012-03-13 17:27 723456 ----a-w- c:\windows\system32\EncDec.dll
    2012-03-13 17:27 . 2012-03-13 17:27 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
    2012-03-13 17:27 . 2012-03-13 17:27 43520 ----a-w- c:\windows\system32\csrsrv.dll
    2012-03-13 17:27 . 2012-03-13 17:27 3145216 ----a-w- c:\windows\system32\win32k.sys
    2012-03-13 17:27 . 2012-03-13 17:27 12872704 ----a-w- c:\windows\SysWow64\shell32(155).dll
    2012-03-13 17:27 . 2012-03-13 17:27 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-03-13 17:27 . 2012-03-13 17:27 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2012-03-13 17:27 . 2012-03-13 17:27 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
    2012-03-13 17:27 . 2012-03-13 17:27 613888 ----a-w- c:\windows\system32\psisdecd.dll
    2012-03-13 17:27 . 2012-03-13 17:27 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2012-03-13 17:27 . 2012-03-13 17:27 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
    2012-03-13 17:27 . 2012-03-13 17:27 331776 ----a-w- c:\windows\system32\oleacc.dll
    2012-03-13 17:27 . 2012-03-13 17:27 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
    2012-03-13 17:27 . 2012-03-13 17:27 108032 ----a-w- c:\windows\system32\psisrndr.ax
    2012-03-13 17:27 . 2012-03-13 17:27 86016 ----a-w- c:\windows\SysWow64\odbccu32.dll
    2012-03-13 17:27 . 2012-03-13 17:27 81920 ----a-w- c:\windows\SysWow64\odbccr32.dll
    2012-03-13 17:27 . 2012-03-13 17:27 319488 ----a-w- c:\windows\SysWow64\odbcjt32.dll
    2012-03-13 17:27 . 2012-03-13 17:27 212992 ----a-w- c:\windows\system32\odbctrac.dll
    2012-03-13 17:27 . 2012-03-13 17:27 163840 ----a-w- c:\windows\SysWow64\odbctrac.dll
    2012-03-13 17:27 . 2012-03-13 17:27 163840 ----a-w- c:\windows\system32\odbccp32.dll
    2012-03-13 17:27 . 2012-03-13 17:27 122880 ----a-w- c:\windows\SysWow64\odbccp32.dll
    2012-03-13 17:27 . 2012-03-13 17:27 106496 ----a-w- c:\windows\system32\odbccu32.dll
    2012-03-13 17:27 . 2012-03-13 17:27 106496 ----a-w- c:\windows\system32\odbccr32.dll
    2012-03-13 17:27 . 2012-03-13 17:27 7680 ----a-w- c:\windows\SysWow64\instnm.exe
    2012-03-13 17:27 . 2012-03-13 17:27 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-03-13 17:27 . 2012-03-13 17:27 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-03-13 17:27 . 2012-03-13 17:27 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    2012-03-13 17:27 . 2012-03-13 17:27 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2012-03-13 17:27 . 2012-03-13 17:27 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2012-03-13 17:27 . 2012-03-13 17:27 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-03-13 17:27 . 2012-03-13 17:27 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-03-13 17:27 . 2012-03-13 17:27 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-03-13 17:27 . 2012-03-13 17:27 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-03-13 17:27 . 2012-03-13 17:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-03-13 17:27 . 2012-03-13 17:27 421888 ----a-w- c:\windows\system32\KernelBase.dll
    2012-03-13 17:27 . 2012-03-13 17:27 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-03-13 17:27 . 2012-03-13 17:27 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    2012-03-13 17:27 . 2012-03-13 17:27 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    2012-03-13 17:27 . 2012-03-13 17:27 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-03-13 17:27 . 2012-03-13 17:27 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    2012-03-13 17:27 . 2012-03-13 17:27 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-03-13 17:27 . 2012-03-13 17:27 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2012-03-13 17:27 . 2012-03-13 17:27 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-03-13 17:27 . 2012-03-13 17:27 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2012-03-13 17:27 . 2012-03-13 17:27 362496 ----a-w- c:\windows\system32\wow64win.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
    "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
    "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-03-13 1658440]
    "NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2011-12-31 66872]
    "AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-11-03 957440]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Intel(R) Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer3"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
    R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
    R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
    R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240]
    R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [x]
    R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
    S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
    S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
    S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
    S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]
    S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-10-26 162816]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    S2 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-03-13 208272]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
    S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-04 2253120]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-11-03 381248]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
    S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
    S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-13 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files (x86)\Glary Utilities\initialize.exe [2012-04-12 02:06]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
    "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-11-04 540992]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-05 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-05 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-05 416024]
    "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
    "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120]
    "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-01-25 4479648]
    "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
    "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-11-03 2190704]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-12 22:47:19 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-13 03:47
    .
    Pre-Run: 681,291,915,264 bytes free
    Post-Run: 681,366,192,128 bytes free
    .
    - - End Of File - - 3575930BB87506468E012D309AE3FD0F
  17. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Looks good.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  18. Gowtham83

    Gowtham83 Newcomer, in training Topic Starter Posts: 32

    The System is dooing Good but still I see that Mcafee is not being dected by Windows it says "Windows didn't find antivirus software on this computer
  19. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    At this point it's very minor.
    You may need to reinstall McAfee.
  20. Gowtham83

    Gowtham83 Newcomer, in training Topic Starter Posts: 32

    Here is OTL.txt part1

    OTL logfile created on: 4/12/2012 11:17:54 PM - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Ashu&Gowthu\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.90 Gb Total Physical Memory | 4.33 Gb Available Physical Memory | 73.36% Memory free
    11.79 Gb Paging File | 10.01 Gb Available in Paging File | 84.93% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 679.00 Gb Total Space | 634.67 Gb Free Space | 93.47% Space Free | Partition Type: NTFS

    Computer Name: MYGOODY | User Name: Ashu&Gowthu | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/04/12 23:16:32 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Ashu&Gowthu\Downloads\OTL.exe
    PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/11/04 08:19:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2011/11/03 13:24:06 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2011/09/22 10:14:16 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    PRC - [2011/09/22 10:11:26 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    PRC - [2011/09/22 10:06:12 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    PRC - [2011/09/21 10:30:12 | 004,109,312 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    PRC - [2011/05/12 16:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/04/13 10:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    PRC - [2010/12/20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/12/20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/12/17 10:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    PRC - [2010/11/17 10:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/04/12 17:14:53 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\613ca3fba5bbcf6e9346170c9c2e4e65\System.WorkflowServices.ni.dll
    MOD - [2012/04/12 17:14:11 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\01a1449b79d76e7cf39438cdd55cefbf\System.ServiceModel.Web.ni.dll
    MOD - [2012/04/11 20:31:24 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\88f32d62a8df469e8b9f12a8d3093627\System.Xml.Linq.ni.dll
    MOD - [2012/04/11 20:30:28 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
    MOD - [2012/04/11 20:29:55 | 001,083,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\92422bb40324d57ccd11c1cd9d50d8cf\System.IdentityModel.ni.dll
    MOD - [2012/04/11 20:29:54 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\76692f411b404f1db0c95d81dd537c37\System.Runtime.Serialization.ni.dll
    MOD - [2012/04/11 20:29:52 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\64ef7169e1266b6a98131b82bddd234b\System.ServiceModel.ni.dll
    MOD - [2012/04/11 20:29:52 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6294f61f25c953212b92b7e13a0fd9c1\SMDiagnostics.ni.dll
    MOD - [2012/03/13 12:41:06 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
    MOD - [2012/03/13 10:53:35 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
    MOD - [2012/03/13 10:53:29 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll
    MOD - [2012/03/13 10:53:16 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
    MOD - [2012/03/13 10:53:07 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
    MOD - [2012/03/13 10:53:03 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
    MOD - [2012/03/13 10:53:00 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
    MOD - [2012/03/13 10:52:58 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
    MOD - [2012/03/13 10:52:57 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
    MOD - [2012/03/13 10:52:49 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
    MOD - [2012/03/13 10:52:47 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
    MOD - [2011/09/22 10:14:16 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    MOD - [2010/12/17 10:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    MOD - [2010/11/24 22:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
    MOD - [2010/11/17 10:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/11/01 13:37:56 | 001,518,352 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
    SRV:64bit: - [2011/11/01 13:25:42 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
    SRV:64bit: - [2011/11/01 13:22:28 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
    SRV:64bit: - [2011/10/20 18:33:22 | 000,135,440 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R)
    SRV:64bit: - [2011/10/19 14:25:00 | 000,661,504 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
    SRV:64bit: - [2011/03/17 16:39:40 | 000,501,768 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
    SRV:64bit: - [2011/03/13 11:45:12 | 000,158,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
    SRV:64bit: - [2011/03/13 11:37:22 | 000,208,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
    SRV:64bit: - [2011/03/13 11:37:06 | 000,197,960 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV:64bit: - [2011/03/08 17:00:50 | 000,224,704 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\mcafee\msc\McAWFwk.exe -- (McAWFwk)
    SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
    SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
    SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV:64bit: - [2010/11/29 15:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel(R)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/11/04 08:19:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2011/11/03 13:24:06 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2011/10/26 08:58:10 | 000,162,816 | ---- | M] (Dell Products, LP.) [Auto | Stopped] -- c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)
    SRV - [2011/09/22 10:06:12 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
    SRV - [2011/06/07 12:25:12 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/05/12 16:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
    SRV - [2010/12/20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2010/12/20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2010/11/25 05:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
    SRV - [2010/11/25 05:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
    SRV - [2010/08/25 20:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
    SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
    SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/03/13 12:27:17 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2012/03/13 12:27:17 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/12/01 20:57:06 | 008,615,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
    DRV:64bit: - [2011/11/04 08:19:00 | 000,249,152 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt)
    DRV:64bit: - [2011/11/04 08:19:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
    DRV:64bit: - [2011/10/19 14:19:08 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
    DRV:64bit: - [2011/10/19 14:19:08 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
    DRV:64bit: - [2011/10/15 19:18:08 | 000,291,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
    DRV:64bit: - [2011/09/13 19:14:44 | 000,212,992 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2011/09/13 19:14:42 | 000,095,744 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2011/08/24 00:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/07/20 08:39:58 | 012,287,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/05/17 09:27:52 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
    DRV:64bit: - [2011/05/17 09:27:50 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
    DRV:64bit: - [2011/03/13 11:20:10 | 000,639,216 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
    DRV:64bit: - [2011/03/13 11:20:10 | 000,481,376 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
    DRV:64bit: - [2011/03/13 11:20:10 | 000,281,928 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
    DRV:64bit: - [2011/03/13 11:20:10 | 000,227,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
    DRV:64bit: - [2011/03/13 11:20:10 | 000,156,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
    DRV:64bit: - [2011/03/13 11:20:10 | 000,098,728 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
    DRV:64bit: - [2011/03/13 11:20:10 | 000,075,672 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
    DRV:64bit: - [2011/03/13 11:20:10 | 000,065,128 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
    DRV:64bit: - [2011/01/20 11:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
    DRV:64bit: - [2011/01/12 20:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/12/17 12:06:32 | 001,404,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/12/13 12:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
    DRV:64bit: - [2010/11/29 15:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
    DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
    DRV:64bit: - [2010/10/15 19:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV:64bit: - [2010/08/20 13:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
    DRV:64bit: - [2010/07/12 21:38:06 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt)
    DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2010/02/27 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {81346A8C-9092-432E-9CBE-84110AFD3725}
    IE:64bit: - HKLM\..\SearchScopes\{81346A8C-9092-432E-9CBE-84110AFD3725}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {81346A8C-9092-432E-9CBE-84110AFD3725}
    IE - HKLM\..\SearchScopes\{81346A8C-9092-432E-9CBE-84110AFD3725}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-21-288744853-3946785532-44038473-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-288744853-3946785532-44038473-1002\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
    IE - HKU\S-1-5-21-288744853-3946785532-44038473-1002\..\SearchScopes,DefaultScope = {B004C842-D5FF-48D8-BF4A-B9F304E5913C}
    IE - HKU\S-1-5-21-288744853-3946785532-44038473-1002\..\SearchScopes\{B004C842-D5FF-48D8-BF4A-B9F304E5913C}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKU\S-1-5-21-288744853-3946785532-44038473-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)



    O1 HOSTS File: ([2012/04/12 22:44:39 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120313114629.dll (McAfee, Inc.)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120313114629.dll (McAfee, Inc.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
    O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
    O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
    O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
    O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
    O4 - HKU\S-1-5-21-288744853-3946785532-44038473-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-288744853-3946785532-44038473-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-288744853-3946785532-44038473-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-288744853-3946785532-44038473-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-288744853-3946785532-44038473-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-288744853-3946785532-44038473-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
    O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
    O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{027772C3-BC42-40A5-B4B6-705C41941068}: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26D5D134-18F4-4E47-88A4-7E98C778A581}: DhcpNameServer = 13.36.0.104
    O18:64bit: - Protocol\Handler\cozi - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
    O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
    O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
    O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/04/12 22:47:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/04/12 22:44:43 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/04/12 22:39:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/04/12 22:39:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/04/12 22:39:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/04/12 22:39:21 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/04/12 22:39:18 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/04/12 22:15:18 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/04/12 20:37:21 | 000,000,000 | ---D | C] -- C:\Users\Ashu&Gowthu\Desktop\Virua remove
    [2012/04/12 06:59:53 | 000,000,000 | ---D | C] -- C:\Users\Ashu&Gowthu\AppData\Roaming\Mozilla
    [2012/04/12 06:59:18 | 000,000,000 | ---D | C] -- C:\Users\Ashu&Gowthu\AppData\Local\Google
    [2012/04/12 06:58:55 | 000,000,000 | ---D | C] -- C:\Users\Ashu&Gowthu\AppData\Local\Apps
    [2012/04/12 06:58:54 | 000,000,000 | ---D | C] -- C:\Users\Ashu&Gowthu\AppData\Local\Deployment
    [2012/04/11 22:40:57 | 000,000,000 | ---D | C] -- C:\TrustedID IDMonitor Identity Protection
    [2012/04/11 22:33:25 | 000,000,000 | ---D | C] -- C:\Users\Ashu&Gowthu\Desktop\Gowtham
    [2012/04/11 22:32:43 | 000,000,000 | -HSD | C] -- C:\Users\Ashu&Gowthu\Templates
    [2012/04/11 22:32:43 | 000,000,000 | -HSD | C] -- C:\Users\Ashu&Gowthu\Start Menu
    [2012/04/11 22:32:43 | 000,000,000 | -HSD | C] -- C:\Users\Ashu&Gowthu\SendTo
    [2012/04/11 22:32:43 | 000,000,000 | -HSD | C] -- C:\Users\Ashu&Gowthu\Recent
    [2012/04/11 22:32:43 | 000,000,000 | -HSD | C] -- C:\Users\Ashu&Gowthu\PrintHood
    [2012/04/11 22:32:43 | 000,000,000 | -HSD | C] -- C:\Users\Ashu&Gowthu\NetHood
    [2012/04/11 22:32:43 | 000,000,000 | -HSD | C] -- C:\Users\Ashu&Gowthu\Documents\My Videos
    [2012/04/11 22:32:43 | 000,000,000 | -HSD | C] -- C:\Users\Ashu&Gowthu\Documents\My Pictures
    [2012/04/11 22:32:43 | 000,000,000 | -HSD | C] -- C:\Users\Ashu&Gowthu\Documents\My Music
    [2012/04/11 22:32:43 | 000,000,000 | -HSD | C] -- C:\Users\Ashu&Gowthu\My Documents
    [2012/04/11 22:32:43 | 000,000,000 | -HSD | C] -- C:\Users\Ashu&Gowthu\Local Settings
    [2012/04/11 22:32:42 | 000,000,000 | -HSD | C] -- C:\Users\Ashu&Gowthu\Cookies
    [2012/04/11 22:32:42 | 000,000,000 | -HSD | C] -- C:\Users\Ashu&Gowthu\Application Data
    [2012/04/11 22:32:39 | 000,000,000 | -HSD | C] -- C:\Users\Ashu&Gowthu\AppData\Local\Temporary Internet Files
    [2012/04/11 22:32:37 | 000,000,000 | -HSD | C] -- C:\Users\Ashu&Gowthu\AppData\Local\History
    [2012/04/11 22:32:36 | 000,000,000 | -HSD | C] -- C:\Users\Ashu&Gowthu\AppData\Local\Application Data
    [2012/04/11 22:32:25 | 000,000,000 | ---D | C] -- C:\Windows\Options
    [2012/04/11 21:06:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
    [2012/04/11 20:50:37 | 000,000,000 | ---D | C] -- C:\Users\Ashu&Gowthu\AppData\Roaming\GlarySoft
    [2012/04/11 20:49:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
    [2012/04/11 20:49:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities
    [2012/04/11 20:21:33 | 000,000,000 | ---D | C] -- C:\Users\Ashu&Gowthu\AppData\Roaming\Malwarebytes
    [2012/04/11 20:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/04/11 20:21:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/04/11 20:21:24 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/04/11 20:21:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/04/11 19:45:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    [2012/04/11 19:42:54 | 000,000,000 | ---D | C] -- C:\Users\Ashu&Gowthu\AppData\Local\VirtualStore
    [2012/04/11 19:42:28 | 000,000,000 | -HSD | C] -- C:\System Volume Information

    ========== Files - Modified Within 30 Days ==========

    [2012/04/12 22:59:01 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/04/12 22:59:01 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/04/12 22:51:42 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
    [2012/04/12 22:51:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/04/12 22:51:31 | 453,640,191 | -HS- | M] () -- C:\hiberfil.sys
    [2012/04/12 22:44:39 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/04/12 20:28:57 | 000,000,512 | ---- | M] () -- C:\Users\Ashu&Gowthu\Desktop\MBR.dat
    [2012/04/12 20:25:29 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Ashu&Gowthu\Desktop\boot_cleaner.exe
    [2012/04/12 20:09:15 | 000,778,730 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/04/12 20:09:15 | 000,660,272 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/04/12 20:09:15 | 000,121,168 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/04/12 20:07:56 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2012/04/11 22:42:02 | 000,000,184 | RHS- | M] () -- C:\MSSTBJ.CAT
    [2012/04/11 20:21:26 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

    ========== Files Created - No Company Name ==========

    [2012/04/12 22:39:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/04/12 22:39:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/04/12 22:39:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/04/12 22:39:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/04/12 22:39:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/04/12 20:28:57 | 000,000,512 | ---- | C] () -- C:\Users\Ashu&Gowthu\Desktop\MBR.dat
    [2012/04/12 20:07:56 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2012/04/11 22:42:02 | 000,000,184 | RHS- | C] () -- C:\MSSTBJ.CAT
    [2012/04/11 20:49:35 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
    [2012/04/11 20:21:26 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/04/11 19:42:22 | 453,640,191 | -HS- | C] () -- C:\hiberfil.sys
    [2012/03/13 12:00:38 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
    [2012/03/13 11:59:37 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2012/03/13 11:59:35 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2012/03/13 11:59:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2012/03/13 11:59:33 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2012/03/13 11:59:32 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2011/11/03 13:24:18 | 000,322,880 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2011/02/10 11:10:51 | 000,772,454 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

    ========== LOP Check ==========

    [2012/03/13 11:28:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Blio
    [2012/03/13 12:01:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Fingertapps
    [2012/03/13 11:28:48 | 000,000,000 | ---D | M] -- C:\Users\Ashu&Gowthu\AppData\Roaming\Blio
    [2012/03/13 12:01:28 | 000,000,000 | ---D | M] -- C:\Users\Ashu&Gowthu\AppData\Roaming\Fingertapps
    [2012/04/11 20:50:37 | 000,000,000 | ---D | M] -- C:\Users\Ashu&Gowthu\AppData\Roaming\GlarySoft
    [2012/04/12 22:51:42 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
    [2009/07/14 00:08:49 | 000,007,660 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========
  21. Gowtham83

    Gowtham83 Newcomer, in training Topic Starter Posts: 32

    Here is OTL.txt Part2

    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2012/04/12 22:47:20 | 000,025,814 | ---- | M] () -- C:\ComboFix.txt
    [2012/03/13 11:36:06 | 000,004,575 | RH-- | M] () -- C:\dell.sdr
    [2012/02/27 22:04:08 | 000,000,042 | ---- | M] () -- C:\Download.LOG
    [2012/03/13 11:06:56 | 000,001,159 | ---- | M] () -- C:\freefallprotection.log
    [2012/04/12 22:51:31 | 453,640,191 | -HS- | M] () -- C:\hiberfil.sys
    [2012/04/11 22:42:02 | 000,000,184 | RHS- | M] () -- C:\MSSTBJ.CAT
    [2012/04/12 22:51:35 | 2036,510,719 | -HS- | M] () -- C:\pagefile.sys
    [2012/04/12 22:16:21 | 000,135,180 | ---- | M] () -- C:\TDSSKiller.2.7.28.0_12.04.2012_22.14.29_log.txt
    [2012/04/12 22:37:20 | 000,132,382 | ---- | M] () -- C:\TDSSKiller.2.7.28.0_12.04.2012_22.30.00_log.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/07/13 23:49:38 | 000,000,146 | -HS- | M] () -- C:\Users\Ashu&Gowthu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/04/12 20:25:29 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Ashu&Gowthu\Desktop\boot_cleaner.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/04/12 22:51:42 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
    [2012/04/12 22:51:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2009/07/14 00:08:49 | 000,007,660 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/11/20 22:40:30 | 000,000,402 | -HS- | M] () -- C:\Users\Ashu&Gowthu\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    < End of report >
  22. Gowtham83

    Gowtham83 Newcomer, in training Topic Starter Posts: 32

    Here is Extras.txt from OTL

    OTL Extras logfile created on: 4/12/2012 11:17:54 PM - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Ashu&Gowthu\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.90 Gb Total Physical Memory | 4.33 Gb Available Physical Memory | 73.36% Memory free
    11.79 Gb Paging File | 10.01 Gb Available in Paging File | 84.93% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 679.00 Gb Total Space | 634.67 Gb Free Space | 93.47% Space Free | Partition Type: NTFS

    Computer Name: MYGOODY | User Name: Ashu&Gowthu | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit)
    "{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
    "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.77
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.77
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.77
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.5.21
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}" = Intel(R) PROSet/Wireless WiFi Software
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "Dell Support Center" = Dell Support Center
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "ProInst" = Intel PROSet Wireless
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0DD706AF-B542-438C-999E-B30C7F625C8D}" = Intel(R) WiDi
    "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
    "{0F99CA59-7CB4-4167-A43A-4B1D5E584281}" = Dell Stage
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java(TM) 7 Update 1
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3BD7DD08-991B-4A2F-A165-614ED14EAADD}" = Dell MusicStage
    "{400182B4-CA55-46A9-9D88-F8413DCFB36D}" = Blio
    "{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
    "{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
    "{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
    "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
    "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
    "{AFC08A81-D3C5-46F4-8F08-876E4BA606EA}" = Dell Digital Delivery
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{C16A92EF-017B-4839-9C75-FBADB5A1FA27}" = TrustedID
    "{C28D96C0-6A90-459E-A077-A6706F4EC0FC}" = Bing Bar
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
    "{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
    "{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}" = Cozi
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
    "{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
    "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe AIR" = Adobe AIR
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "Dell Webcam Central" = Dell Webcam Central
    "Glary Utilities_is1" = Glary Utilities 2.44.0.1450
    "InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "MSC" = McAfee SecurityCenter
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "ProInst" = Intel PROSet Wireless
    "WinLiveSuite" = Windows Live Essentials
    "ZinioReader4" = Zinio Reader 4

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 4/11/2012 10:49:08 PM | Computer Name = MYGOODY | Source = WinMgmt | ID = 10
    Description =

    Error - 4/12/2012 12:07:35 AM | Computer Name = MYGOODY | Source = WinMgmt | ID = 10
    Description =

    Error - 4/12/2012 7:57:26 AM | Computer Name = MYGOODY | Source = WinMgmt | ID = 10
    Description =

    Error - 4/12/2012 8:35:23 AM | Computer Name = MYGOODY | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
    stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x000326d1 Faulting process
    id: 0x12cc Faulting application start time: 0x01cd18a381970184 Faulting application
    path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report
    Id: f8997b94-849b-11e1-8719-848f69c9e9a2

    Error - 4/12/2012 5:33:14 PM | Computer Name = MYGOODY | Source = WinMgmt | ID = 10
    Description =

    Error - 4/12/2012 6:19:37 PM | Computer Name = MYGOODY | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
    Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
    version required by the application conflicts with another component version already
    active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error - 4/12/2012 8:28:11 PM | Computer Name = MYGOODY | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
    stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x000326d1 Faulting process
    id: 0x128c Faulting application start time: 0x01cd18f3dfba970e Faulting application
    path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report
    Id: 8c539bb3-84ff-11e1-b1ad-848f69c9e9a2

    Error - 4/12/2012 11:17:22 PM | Computer Name = MYGOODY | Source = WinMgmt | ID = 10
    Description =

    Error - 4/12/2012 11:44:32 PM | Computer Name = MYGOODY | Source = WinMgmt | ID = 10
    Description =

    Error - 4/12/2012 11:51:49 PM | Computer Name = MYGOODY | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 4/12/2012 9:07:54 PM | Computer Name = MYGOODY | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR1.

    Error - 4/12/2012 11:19:28 PM | Computer Name = MYGOODY | Source = Service Control Manager | ID = 7034
    Description = The Dell Digital Delivery Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 4/12/2012 11:19:47 PM | Computer Name = MYGOODY | Source = DCOM | ID = 10010
    Description =

    Error - 4/12/2012 11:41:54 PM | Computer Name = MYGOODY | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 4/12/2012 11:43:22 PM | Computer Name = MYGOODY | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 4/12/2012 11:43:44 PM | Computer Name = MYGOODY | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 4/12/2012 11:44:27 PM | Computer Name = MYGOODY | Source = Service Control Manager | ID = 7023
    Description = The Windows Defender service terminated with the following error:
    %%126

    Error - 4/12/2012 11:46:43 PM | Computer Name = MYGOODY | Source = Service Control Manager | ID = 7034
    Description = The Dell Digital Delivery Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 4/12/2012 11:53:58 PM | Computer Name = MYGOODY | Source = Service Control Manager | ID = 7034
    Description = The Dell Digital Delivery Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 4/12/2012 11:54:34 PM | Computer Name = MYGOODY | Source = DCOM | ID = 10010
    Description =


    < End of report >
  23. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    OTL logs are clean.

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  24. Gowtham83

    Gowtham83 Newcomer, in training Topic Starter Posts: 32

    Checkpoint.txt is blank is that fine. Should I go ahead with next steps or should i rerun it?
  25. Gowtham83

    Gowtham83 Newcomer, in training Topic Starter Posts: 32

    Checkpoint.txt was Blank





    FSS.log

    Farbar Service Scanner Version: 01-03-2012
    Ran by Ashu&Gowthu (administrator) on 12-04-2012 at 23:59:02
    Running from "C:\Users\Ashu&Gowthu\Downloads"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Defender:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****







    I ran Temp File Cleaner (TFC) and it asked for Restart and did that





    ESETScan log


    C:\TDSSKiller_Quarantine\12.04.2012_22.14.30\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\12.04.2012_22.14.30\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\12.04.2012_22.14.30\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\12.04.2012_22.14.30\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AG trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\12.04.2012_22.14.30\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.KS trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\12.04.2012_22.14.30\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AF trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\12.04.2012_22.14.30\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\12.04.2012_22.14.30\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\64PIITID\firstload_com[2].htm HTML/Hoax.FastDownload.C.Gen application cleaned by deleting - quarantined
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\64PIITID\mx_usn_a[1].htm HTML/Iframe.B.Gen virus deleted - quarantined


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.