Removing help of virus "gesellschaft zur verfügung von urheberrechtsverletzungen"

[ashash]

When I access hitman pro kickstart from USB drive it cannot access my Internet connection also if I run it in safemode with command prompt there is no Internet connection. When I start in safemode with networking still blank ransom virus screen comes but not displayed any content.

Thank you
Gunjan ash

 

[Fiery]

hi and welcome to MalwareTips!

Download Farbar Recovery Scan Tool from the below link:
<ul><li>For 64 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST64.exe" rel="nofollow external"><>Farbar Recovery Scan Tool x64</></a> and save it to a USB/flash drive.</li>

<li>Plug the flashdrive into the infected PC.</li>

<li>Enter <>System Recovery Options</>.</li>

<>To enter System Recovery Options from the Advanced Boot Options:</>
<ul>
<li>Restart the computer.</li>
<li>As soon as the BIOS is loaded begin tapping the<> F8</> key until Advanced Boot Options appears.</li>
<li>Use the arrow keys to select the <>Repair your computer</> menu item.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account an click <>Next</>.</li>
</ul>

<li>On the System Recovery Options menu you will get the following options:</span>
<pre>Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt</pre>
<ol>
<li>Select <>Command Prompt</></li>
<li>In the command window type in <>notepad</> and press <>Enter</>.</li>
<li>The notepad opens. Under File menu select <>Open</>.</li>
<li>Select "Computer" and find your flash drive letter and close the notepad.</li>
<li>In the command window type <><span style="color: #ff0000;">e</span>:\frst64</> and press <>Enter</>
<>Note:</><span style="color: #ff0000;"> Replace letter <>e</> with the drive letter of your flash drive.</span></li>
<li>The tool will start to run.</li>
<li>When the tool opens click <>Yes</> to disclaimer.</li>
<li>Press <>Scan</> button.</li>
<li><>FRST</> will let you know when the scan is complete and has written the <>FRST.txt</> to file, close the message.
<li>Type exit</li>
<li>Please copy and paste FRST.txt in your next reply</li></li>
</ol>
</ul>

 

[ashash]

Hi,

Thanks a lot for reply ... Below is the content of FRST.txt file. Please help me to remove virus.

FRST.txt
---------
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-04-2013 (ATTENTION: FRST version is 6 days old)
Ran by Sanchit at 17-04-2013 13:41:23
Running from E:\
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.
ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


==================== One Month Created Files and Folders ========

2013-04-17 13:41 - 2013-04-17 13:41 - 00000000 ____D C:\FRST
2013-04-10 14:01 - 2013-04-10 14:01 - 00000000 ____D C:\Windows\pss
2013-04-09 21:50 - 2013-04-14 10:33 - 00001823 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2013-04-09 21:50 - 2013-04-09 21:50 - 00032152 ____A C:\Windows\System32\Drivers\hitmanpro37.sys
2013-04-09 21:50 - 2013-04-09 21:50 - 00000000 ____D C:\Program Files\HitmanPro
2013-04-09 21:49 - 2013-04-09 21:49 - 00000000 ____D C:\ProgramData\HitmanPro
2013-04-09 21:11 - 2013-04-09 21:11 - 00000000 __SHD C:\found.001
2013-04-09 20:41 - 2013-04-09 20:42 - 09741664 ____A (SurfRight B.V.) C:\Users\Sanchit\Downloads\HitmanPro_x64.exe
2013-04-09 10:40 - 2013-04-09 10:40 - 00006768 ____N C:\bootsqm.dat
2013-04-09 10:37 - 2013-04-09 10:37 - 00000000 __SHD C:\found.000
2013-04-09 08:03 - 2013-04-09 08:03 - 00000000 ____D C:\ProgramData\ltmrj
2013-04-09 00:45 - 2013-04-09 00:45 - 00141080 ____A (Hilgraeve, Inc.) C:\Users\Sanchit\Desktop\jfgb.tmp
2013-04-03 19:16 - 2013-04-08 09:29 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Riom
2013-04-03 19:16 - 2013-04-03 19:16 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Saqivu
2013-04-03 19:16 - 2013-04-03 19:16 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Essybe
2013-04-03 14:19 - 2013-04-03 14:19 - 00012737 ____A C:\Users\Sanchit\Desktop\hs_err_pid12100.log
2013-03-31 10:33 - 2013-03-31 10:33 - 00000000 ____D C:\Users\Sanchit\AppData\Local\{56247787-5527-4C84-AFF1-526BFB67A65B}
2013-03-30 15:57 - 2013-03-30 15:57 - 00000000 ____D C:\Users\Sanchit\AppData\Local\{FD858EF5-6B23-403E-A310-157FA49C236D}
2013-03-29 11:47 - 2013-03-30 02:10 - 00000000 ____D C:\Users\Sanchit\.android
2013-03-26 22:24 - 2013-03-26 22:24 - 00000000 ____D C:\Users\Public\Juniper Networks
2013-03-26 22:24 - 2012-05-05 03:17 - 00590472 ____A (Juniper Networks) C:\Windows\System32\dsNcSmartCardProv.dll
2013-03-26 22:24 - 2012-05-05 03:17 - 00422024 ____A (Juniper Networks) C:\Windows\System32\dsNcCredProv.dll
2013-03-26 21:29 - 2013-03-26 21:29 - 00262144 ____A C:\Windows\Minidump\032613-30997-01.dmp
2013-03-26 21:25 - 2013-03-26 21:25 - 00200531 ____A C:\Users\Sanchit\Downloads\Sanchit (1).rar
2013-03-26 21:25 - 2013-03-26 19:11 - 00205247 ____A C:\Users\Sanchit\Downloads\Sanchit.apk
2013-03-26 21:23 - 2013-03-26 21:23 - 00200531 ____A C:\Users\Sanchit\Downloads\Sanchit.rar
2013-03-26 01:09 - 2013-03-26 01:09 - 00000018 ____A C:\pending.un
2013-03-26 01:09 - 2012-05-05 03:27 - 00099152 ____A (Juniper Networks) C:\Windows\System32\Drivers\NEOFLTR_719_20893.SYS
2013-03-23 00:27 - 2013-03-23 00:27 - 01633280 ____A C:\Users\Sanchit\Downloads\NGIN SNEC40 Multidomain ATP for TDE(For TMS import)V0.3.xls
2013-03-20 22:48 - 2013-02-12 06:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-03-20 22:28 - 2013-03-20 22:28 - 00000096 ____A C:\Users\Sanchit\Downloads\Menu.txt
2013-03-20 13:08 - 2013-03-20 13:08 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Google
2013-03-19 18:42 - 2013-03-19 18:42 - 00262144 ____A C:\Windows\Minidump\031913-30123-01.dmp
2013-03-19 18:41 - 2013-03-26 21:29 - 572101397 ____A C:\Windows\MEMORY.DMP
2013-03-19 00:07 - 2013-03-19 00:07 - 08151705 ____A C:\Users\Sanchit\Downloads\com.goldron.bbfree-1.0.apk

==================== One Month Modified Files and Folders =======

2013-04-17 10:32 - 2011-06-12 13:52 - 00000000 ____D C:\ProgramData\Sonic
2013-04-14 10:34 - 2009-07-14 06:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-14 10:34 - 2009-07-14 06:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-14 10:33 - 2013-04-09 21:50 - 00001823 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2013-04-14 10:22 - 2013-04-10 14:01 - 00000000 ____D C:\Windows\pss
2013-04-10 14:57 - 2012-08-24 23:48 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-04-10 14:57 - 2011-06-17 21:15 - 00000000 ____D C:\Program Files (x86)\Giraffic
2013-04-10 14:57 - 2011-06-12 14:02 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-04-10 14:56 - 2013-01-19 15:43 - 00007284 ____A C:\Windows\setupact.log
2013-04-10 14:56 - 2011-06-18 13:48 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-04-10 14:56 - 2011-06-12 14:13 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-04-10 14:56 - 2011-06-12 14:13 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-04-10 14:56 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-10 14:51 - 2011-06-12 13:27 - 01171389 ____A C:\Windows\WindowsUpdate.log
2013-04-10 14:19 - 2009-07-14 07:13 - 00006732 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-09 21:50 - 2013-04-09 21:50 - 00032152 ____A C:\Windows\System32\Drivers\hitmanpro37.sys
2013-04-09 21:50 - 2013-04-09 21:50 - 00000000 ____D C:\Program Files\HitmanPro
2013-04-09 21:49 - 2013-04-09 21:49 - 00000000 ____D C:\ProgramData\HitmanPro
2013-04-09 21:11 - 2013-04-09 21:11 - 00000000 __SHD C:\found.001
2013-04-09 20:42 - 2013-04-09 20:41 - 09741664 ____A (SurfRight B.V.) C:\Users\Sanchit\Downloads\HitmanPro_x64.exe
2013-04-09 19:28 - 2011-11-19 20:25 - 00000936 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2092152589-3654524724-1465183675-1000UA.job
2013-04-09 19:28 - 2011-06-18 13:48 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-04-09 19:28 - 2011-06-15 20:07 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2092152589-3654524724-1465183675-1000UA.job
2013-04-09 10:40 - 2013-04-09 10:40 - 00006768 ____N C:\bootsqm.dat
2013-04-09 10:37 - 2013-04-09 10:37 - 00000000 __SHD C:\found.000
2013-04-09 08:08 - 2011-11-19 20:25 - 00000914 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2092152589-3654524724-1465183675-1000Core.job
2013-04-09 08:03 - 2013-04-09 08:03 - 00000000 ____D C:\ProgramData\ltmrj
2013-04-09 08:01 - 2011-06-18 13:47 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Skype
2013-04-09 00:45 - 2013-04-09 00:45 - 00141080 ____A (Hilgraeve, Inc.) C:\Users\Sanchit\Desktop\jfgb.tmp
2013-04-09 00:45 - 2011-06-15 13:01 - 00000000 ____D C:\users\Sanchit
2013-04-08 23:31 - 2011-06-15 20:07 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2092152589-3654524724-1465183675-1000Core.job
2013-04-08 17:32 - 2011-06-15 14:17 - 00022016 ____A C:\Users\Sanchit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-08 09:29 - 2013-04-03 19:16 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Riom
2013-04-07 08:22 - 2012-07-10 22:54 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-04-07 08:22 - 2011-06-12 13:57 - 00000000 ____D C:\ProgramData\Skype
2013-04-03 19:16 - 2013-04-03 19:16 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Saqivu
2013-04-03 19:16 - 2013-04-03 19:16 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Essybe
2013-04-03 14:19 - 2013-04-03 14:19 - 00012737 ____A C:\Users\Sanchit\Desktop\hs_err_pid12100.log
2013-04-02 23:21 - 2011-08-05 19:39 - 00000000 ____D C:\Sandeep
2013-04-02 14:31 - 2011-06-15 19:25 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Mozilla
2013-03-31 15:32 - 2011-11-06 18:34 - 00002384 ____A C:\Users\Sanchit\Desktop\Google Chrome.lnk
2013-03-31 10:33 - 2013-03-31 10:33 - 00000000 ____D C:\Users\Sanchit\AppData\Local\{56247787-5527-4C84-AFF1-526BFB67A65B}
2013-03-30 15:57 - 2013-03-30 15:57 - 00000000 ____D C:\Users\Sanchit\AppData\Local\{FD858EF5-6B23-403E-A310-157FA49C236D}
2013-03-30 02:10 - 2013-03-29 11:47 - 00000000 ____D C:\Users\Sanchit\.android
2013-03-30 01:14 - 2011-11-17 01:20 - 00000000 ____D C:\Users\Sanchit\workspace
2013-03-29 01:07 - 2012-08-24 23:23 - 00000000 ____D C:\Users\Sanchit\Documents\Software
2013-03-28 17:25 - 2011-10-26 23:00 - 00000000 ____D C:\Users\Sanchit\AppData\Local\Windows Live
2013-03-26 22:24 - 2013-03-26 22:24 - 00000000 ____D C:\Users\Public\Juniper Networks
2013-03-26 22:24 - 2011-11-20 14:22 - 00000000 ____D C:\Program Files (x86)\Juniper Networks
2013-03-26 22:24 - 2011-11-20 14:21 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Juniper Networks
2013-03-26 21:29 - 2013-03-26 21:29 - 00262144 ____A C:\Windows\Minidump\032613-30997-01.dmp
2013-03-26 21:29 - 2013-03-19 18:41 - 572101397 ____A C:\Windows\MEMORY.DMP
2013-03-26 21:29 - 2011-09-15 02:41 - 00000000 ____D C:\Windows\Minidump
2013-03-26 21:25 - 2013-03-26 21:25 - 00200531 ____A C:\Users\Sanchit\Downloads\Sanchit (1).rar
2013-03-26 21:23 - 2013-03-26 21:23 - 00200531 ____A C:\Users\Sanchit\Downloads\Sanchit.rar
2013-03-26 19:11 - 2013-03-26 21:25 - 00205247 ____A C:\Users\Sanchit\Downloads\Sanchit.apk
2013-03-26 01:09 - 2013-03-26 01:09 - 00000018 ____A C:\pending.un
2013-03-23 00:27 - 2013-03-23 00:27 - 01633280 ____A C:\Users\Sanchit\Downloads\NGIN SNEC40 Multidomain ATP for TDE(For TMS import)V0.3.xls
2013-03-20 22:28 - 2013-03-20 22:28 - 00000096 ____A C:\Users\Sanchit\Downloads\Menu.txt
2013-03-20 13:08 - 2013-03-20 13:08 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Google
2013-03-20 13:08 - 2011-06-15 20:07 - 00000000 ____D C:\Users\Sanchit\AppData\Local\Google
2013-03-20 00:59 - 2011-11-21 22:21 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\vlc
2013-03-19 18:42 - 2013-03-19 18:42 - 00262144 ____A C:\Windows\Minidump\031913-30123-01.dmp
2013-03-19 00:07 - 2013-03-19 00:07 - 08151705 ____A C:\Users\Sanchit\Downloads\com.goldron.bbfree-1.0.apk


ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2092152589-3654524724-1465183675-1000\$3b99f81f31d5dbab1bcf87d0107a285a

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$3b99f81f31d5dbab1bcf87d0107a285a

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 4003.18 MB
Available physical RAM: 3535.78 MB
Total Pagefile: 8004.54 MB
Available Pagefile: 7546.76 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:45.04 GB) NTFS
3 Drive e: () (Removable) (Total:29.8 GB) (Free:12.95 GB) FAT32

See the System Event Log for more information.

============================== MBR Partition Table ==================


Last Boot: 2013-04-04 08:46

==================== End Of Log =============================

 

[ashash]

Hi,

Sorry I didn't run earlier in recovery mode.

Find below FRST.txt after running on recovery mode
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-04-2013 (ATTENTION: FRST version is 6 days old)
Ran by SYSTEM at 17-04-2013 14:11:24
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1933584 2010-12-17] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10228224 2010-11-03] (Intel Corporation)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3666800 2011-01-21] (Dell Inc.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [524800 2010-11-18] (IDT, Inc.)
HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [483424 2012-02-01] ()
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1527896 2012-06-21] (McAfee, Inc.)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [487562 2010-08-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [Wipro] "C:\Program Files\Settings\WiproRunReg.vbs" [595 2010-05-07] ()
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35768 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [2835443 2012-02-01] ()
HKU\Sanchit\...\Run: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2644992 2011-06-13] (Veoh Networks)
HKU\Sanchit\...\Run: [SmartVoip] "C:\Program Files (x86)\SmartVoip.com\SmartVoip\smartvoip.exe" -nosplash -minimized [19071960 2013-02-06] (SmartVoip)
HKU\Sanchit\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.)
HKU\Sanchit\...\Run: [Seahaxarak] C:\Users\Sanchit\AppData\Roaming\Saqivu\boop.exe [196608 2012-07-26] ()
HKU\Sanchit\...\Run: [Messenger (Yahoo!)] ~"C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet [5252408 2010-06-01] (Yahoo! Inc.)
HKU\Sanchit\...\Run: [Google Update] "C:\Users\Sanchit\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-06-15] (Google Inc.)
HKU\Sanchit\...\Run: [Facebook Update] "C:\Users\Sanchit\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)
HKU\Sanchit\...\Winlogon: [Shell] C:\Users\Sanchit\AppData\Roaming\mcafee.ini,explorer.exe
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-13] (Dell)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$3b99f81f31d5dbab1bcf87d0107a285a\n. ATTENTION! ====> ZeroAccess
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.189\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
ShortcutTarget: Monitor Apache Servers.lnk -> C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe (Apache Software Foundation)

==================== Services (Whitelisted) ===================

4 Apache2.2; "C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice [20549 2012-01-28] (Apache Software Foundation)
4 BrlAPI; C:\cygwin\bin\cygrunsrv.exe [68096 2008-03-18] ()
4 Giraffic; C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [2232504 2012-07-02] (Giraffic)
4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-04-09] (SurfRight B.V.)
4 McAWFwk; C:\PROGRA~1\mcafee\msc\mcawfwk.exe [220528 2010-08-30] (McAfee, Inc.)
4 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe" [227232 2010-09-02] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-10] (McAfee, Inc.)
4 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-10] (McAfee, Inc.)
4 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-10] (McAfee, Inc.)
4 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-10] (McAfee, Inc.)
4 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [383608 2012-08-24] (McAfee, Inc.)
4 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-10] (McAfee, Inc.)
4 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-10] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [237920 2012-06-22] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [218320 2012-06-22] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [177144 2012-06-22] (McAfee, Inc.)
4 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-10] (McAfee, Inc.)
4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()

==================== Drivers (Whitelisted) =====================

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [69672 2012-06-22] (McAfee, Inc.)
3 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
3 hitmanpro37; C:\Windows\System32\Drivers\hitmanpro37.sys [32152 2013-04-09] ()
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [169320 2012-06-22] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [300392 2012-06-22] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [513456 2012-06-22] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [752672 2012-06-22] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [106112 2012-06-22] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [335784 2012-06-22] (McAfee, Inc.)
4 mysql; "C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.5\my.ini" mysql [9171 2012-02-27] ()
1 NEOFLTR_719_20893; C:\Windows\System32\Drivers\NEOFLTR_719_20893.sys [99152 2012-05-04] (Juniper Networks)
3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [x]
3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-04-17 06:41 - 2013-04-17 06:41 - 00000000 ____D C:\FRST
2013-04-10 07:01 - 2013-04-14 03:22 - 00000000 ____D C:\Windows\pss
2013-04-09 14:50 - 2013-04-14 03:33 - 00001823 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2013-04-09 14:50 - 2013-04-14 03:33 - 00001823 ____A C:\ProgramData\Desktop\HitmanPro.lnk
2013-04-09 14:50 - 2013-04-09 14:50 - 00032152 ____A C:\Windows\System32\Drivers\hitmanpro37.sys
2013-04-09 14:50 - 2013-04-09 14:50 - 00000000 ____D C:\Program Files\HitmanPro
2013-04-09 14:49 - 2013-04-09 14:49 - 00000000 ____D C:\ProgramData\HitmanPro
2013-04-09 14:49 - 2013-04-09 14:49 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro
2013-04-09 14:11 - 2013-04-09 14:11 - 00000000 __SHD C:\found.001
2013-04-09 13:41 - 2013-04-09 13:42 - 09741664 ____A (SurfRight B.V.) C:\Users\Sanchit\Downloads\HitmanPro_x64.exe
2013-04-09 03:40 - 2013-04-09 03:40 - 00006768 ____N C:\bootsqm.dat
2013-04-09 03:37 - 2013-04-09 03:37 - 00000000 __SHD C:\found.000
2013-04-09 01:03 - 2013-04-09 01:03 - 00000000 ____D C:\ProgramData\ltmrj
2013-04-09 01:03 - 2013-04-09 01:03 - 00000000 ____D C:\ProgramData\Application Data\ltmrj
2013-04-03 12:16 - 2013-04-08 02:29 - 00000000 ____D C:\Users\Sanchit\Application Data\Riom
2013-04-03 12:16 - 2013-04-08 02:29 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Riom
2013-04-03 12:16 - 2013-04-03 12:16 - 00000000 ____D C:\Users\Sanchit\Application Data\Saqivu
2013-04-03 12:16 - 2013-04-03 12:16 - 00000000 ____D C:\Users\Sanchit\Application Data\Essybe
2013-04-03 12:16 - 2013-04-03 12:16 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Saqivu
2013-04-03 12:16 - 2013-04-03 12:16 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Essybe
2013-04-03 07:19 - 2013-04-03 07:19 - 00012737 ____A C:\Users\Sanchit\Desktop\hs_err_pid12100.log
2013-03-31 03:33 - 2013-03-31 03:33 - 00000000 ____D C:\Users\Sanchit\Local Settings\Application Data\{56247787-5527-4C84-AFF1-526BFB67A65B}
2013-03-31 03:33 - 2013-03-31 03:33 - 00000000 ____D C:\Users\Sanchit\Local Settings\{56247787-5527-4C84-AFF1-526BFB67A65B}
2013-03-31 03:33 - 2013-03-31 03:33 - 00000000 ____D C:\Users\Sanchit\AppData\Local\{56247787-5527-4C84-AFF1-526BFB67A65B}
2013-03-30 08:57 - 2013-03-30 08:57 - 00000000 ____D C:\Users\Sanchit\Local Settings\Application Data\{FD858EF5-6B23-403E-A310-157FA49C236D}
2013-03-30 08:57 - 2013-03-30 08:57 - 00000000 ____D C:\Users\Sanchit\Local Settings\{FD858EF5-6B23-403E-A310-157FA49C236D}
2013-03-30 08:57 - 2013-03-30 08:57 - 00000000 ____D C:\Users\Sanchit\AppData\Local\{FD858EF5-6B23-403E-A310-157FA49C236D}
2013-03-29 04:47 - 2013-03-29 19:10 - 00000000 ____D C:\Users\Sanchit\.android
2013-03-26 15:24 - 2013-03-26 15:24 - 00000000 ____D C:\Users\Public\Juniper Networks
2013-03-26 15:24 - 2012-05-04 20:17 - 00590472 ____A (Juniper Networks) C:\Windows\System32\dsNcSmartCardProv.dll
2013-03-26 15:24 - 2012-05-04 20:17 - 00422024 ____A (Juniper Networks) C:\Windows\System32\dsNcCredProv.dll
2013-03-26 14:29 - 2013-03-26 14:29 - 00262144 ____A C:\Windows\Minidump\032613-30997-01.dmp
2013-03-26 14:25 - 2013-03-26 14:25 - 00200531 ____A C:\Users\Sanchit\Downloads\Sanchit (1).rar
2013-03-26 14:25 - 2013-03-26 12:11 - 00205247 ____A C:\Users\Sanchit\Downloads\Sanchit.apk
2013-03-26 14:23 - 2013-03-26 14:23 - 00200531 ____A C:\Users\Sanchit\Downloads\Sanchit.rar
2013-03-25 18:09 - 2013-03-25 18:09 - 00000018 ____A C:\pending.un
2013-03-25 18:09 - 2012-05-04 20:27 - 00099152 ____A (Juniper Networks) C:\Windows\System32\Drivers\NEOFLTR_719_20893.SYS
2013-03-22 17:27 - 2013-03-22 17:27 - 01633280 ____A C:\Users\Sanchit\Downloads\NGIN SNEC40 Multidomain ATP for TDE(For TMS import)V0.3.xls
2013-03-20 15:48 - 2013-02-11 23:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-03-20 15:28 - 2013-03-20 15:28 - 00000096 ____A C:\Users\Sanchit\Downloads\Menu.txt
2013-03-20 06:08 - 2013-03-20 06:08 - 00000000 ____D C:\Users\Sanchit\Application Data\Google
2013-03-20 06:08 - 2013-03-20 06:08 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Google
2013-03-19 11:42 - 2013-03-19 11:42 - 00262144 ____A C:\Windows\Minidump\031913-30123-01.dmp
2013-03-19 11:41 - 2013-03-26 14:29 - 572101397 ____A C:\Windows\MEMORY.DMP
2013-03-18 17:07 - 2013-03-18 17:07 - 08151705 ____A C:\Users\Sanchit\Downloads\com.goldron.bbfree-1.0.apk

==================== One Month Modified Files and Folders =======

2013-04-17 06:41 - 2013-04-17 06:41 - 00000000 ____D C:\FRST
2013-04-17 03:32 - 2011-06-12 06:52 - 00000000 ____D C:\ProgramData\Sonic
2013-04-17 03:32 - 2011-06-12 06:52 - 00000000 ____D C:\ProgramData\Application Data\Sonic
2013-04-14 03:34 - 2009-07-13 23:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-14 03:34 - 2009-07-13 23:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-14 03:33 - 2013-04-09 14:50 - 00001823 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2013-04-14 03:33 - 2013-04-09 14:50 - 00001823 ____A C:\ProgramData\Desktop\HitmanPro.lnk
2013-04-14 03:22 - 2013-04-10 07:01 - 00000000 ____D C:\Windows\pss
2013-04-10 07:57 - 2012-08-24 16:48 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-04-10 07:57 - 2011-06-17 14:15 - 00000000 ____D C:\Program Files (x86)\Giraffic
2013-04-10 07:57 - 2011-06-12 07:02 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-04-10 07:56 - 2013-01-19 08:43 - 00007284 ____A C:\Windows\setupact.log
2013-04-10 07:56 - 2011-06-18 06:48 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-04-10 07:56 - 2011-06-12 07:13 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks
2013-04-10 07:56 - 2011-06-12 07:13 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2013-04-10 07:56 - 2011-06-12 07:13 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-04-10 07:56 - 2011-06-12 07:13 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2013-04-10 07:56 - 2011-06-12 07:13 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2013-04-10 07:56 - 2011-06-12 07:13 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-04-10 07:56 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-10 07:51 - 2011-06-12 06:27 - 01171389 ____A C:\Windows\WindowsUpdate.log
2013-04-10 07:19 - 2009-07-14 00:13 - 00006732 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-09 14:50 - 2013-04-09 14:50 - 00032152 ____A C:\Windows\System32\Drivers\hitmanpro37.sys
2013-04-09 14:50 - 2013-04-09 14:50 - 00000000 ____D C:\Program Files\HitmanPro
2013-04-09 14:49 - 2013-04-09 14:49 - 00000000 ____D C:\ProgramData\HitmanPro
2013-04-09 14:49 - 2013-04-09 14:49 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro
2013-04-09 14:11 - 2013-04-09 14:11 - 00000000 __SHD C:\found.001
2013-04-09 13:42 - 2013-04-09 13:41 - 09741664 ____A (SurfRight B.V.) C:\Users\Sanchit\Downloads\HitmanPro_x64.exe
2013-04-09 12:28 - 2011-11-19 13:25 - 00000936 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2092152589-3654524724-1465183675-1000UA.job
2013-04-09 12:28 - 2011-06-18 06:48 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-04-09 12:28 - 2011-06-15 13:07 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2092152589-3654524724-1465183675-1000UA.job
2013-04-09 03:40 - 2013-04-09 03:40 - 00006768 ____N C:\bootsqm.dat
2013-04-09 03:37 - 2013-04-09 03:37 - 00000000 __SHD C:\found.000
2013-04-09 01:08 - 2011-11-19 13:25 - 00000914 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2092152589-3654524724-1465183675-1000Core.job
2013-04-09 01:03 - 2013-04-09 01:03 - 00000000 ____D C:\ProgramData\ltmrj
2013-04-09 01:03 - 2013-04-09 01:03 - 00000000 ____D C:\ProgramData\Application Data\ltmrj
2013-04-09 01:01 - 2011-06-18 06:47 - 00000000 ____D C:\Users\Sanchit\Application Data\Skype
2013-04-09 01:01 - 2011-06-18 06:47 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Skype
2013-04-08 17:45 - 2011-06-15 06:01 - 00000000 ____D C:\users\Sanchit
2013-04-08 16:31 - 2011-06-15 13:07 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2092152589-3654524724-1465183675-1000Core.job
2013-04-08 10:32 - 2011-06-15 07:17 - 00022016 ____A C:\Users\Sanchit\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-08 10:32 - 2011-06-15 07:17 - 00022016 ____A C:\Users\Sanchit\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-08 10:32 - 2011-06-15 07:17 - 00022016 ____A C:\Users\Sanchit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-08 02:29 - 2013-04-03 12:16 - 00000000 ____D C:\Users\Sanchit\Application Data\Riom
2013-04-08 02:29 - 2013-04-03 12:16 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Riom
2013-04-07 01:22 - 2012-07-10 15:54 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-04-07 01:22 - 2011-06-12 06:57 - 00000000 ____D C:\ProgramData\Skype
2013-04-07 01:22 - 2011-06-12 06:57 - 00000000 ____D C:\ProgramData\Application Data\Skype
2013-04-03 12:16 - 2013-04-03 12:16 - 00000000 ____D C:\Users\Sanchit\Application Data\Saqivu
2013-04-03 12:16 - 2013-04-03 12:16 - 00000000 ____D C:\Users\Sanchit\Application Data\Essybe
2013-04-03 12:16 - 2013-04-03 12:16 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Saqivu
2013-04-03 12:16 - 2013-04-03 12:16 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Essybe
2013-04-03 07:19 - 2013-04-03 07:19 - 00012737 ____A C:\Users\Sanchit\Desktop\hs_err_pid12100.log
2013-04-02 16:21 - 2011-08-05 12:39 - 00000000 ____D C:\Sandeep
2013-04-02 07:31 - 2011-06-15 12:25 - 00000000 ____D C:\Users\Sanchit\Application Data\Mozilla
2013-04-02 07:31 - 2011-06-15 12:25 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Mozilla
2013-03-31 08:32 - 2011-11-06 11:34 - 00002384 ____A C:\Users\Sanchit\Desktop\Google Chrome.lnk
2013-03-31 03:33 - 2013-03-31 03:33 - 00000000 ____D C:\Users\Sanchit\Local Settings\Application Data\{56247787-5527-4C84-AFF1-526BFB67A65B}
2013-03-31 03:33 - 2013-03-31 03:33 - 00000000 ____D C:\Users\Sanchit\Local Settings\{56247787-5527-4C84-AFF1-526BFB67A65B}
2013-03-31 03:33 - 2013-03-31 03:33 - 00000000 ____D C:\Users\Sanchit\AppData\Local\{56247787-5527-4C84-AFF1-526BFB67A65B}
2013-03-30 08:57 - 2013-03-30 08:57 - 00000000 ____D C:\Users\Sanchit\Local Settings\Application Data\{FD858EF5-6B23-403E-A310-157FA49C236D}
2013-03-30 08:57 - 2013-03-30 08:57 - 00000000 ____D C:\Users\Sanchit\Local Settings\{FD858EF5-6B23-403E-A310-157FA49C236D}
2013-03-30 08:57 - 2013-03-30 08:57 - 00000000 ____D C:\Users\Sanchit\AppData\Local\{FD858EF5-6B23-403E-A310-157FA49C236D}
2013-03-29 19:10 - 2013-03-29 04:47 - 00000000 ____D C:\Users\Sanchit\.android
2013-03-29 18:14 - 2011-11-16 18:20 - 00000000 ____D C:\Users\Sanchit\workspace
2013-03-28 18:07 - 2012-08-24 16:23 - 00000000 ____D C:\Users\Sanchit\My Documents\Software
2013-03-28 18:07 - 2012-08-24 16:23 - 00000000 ____D C:\Users\Sanchit\Documents\Software
2013-03-28 10:25 - 2011-10-26 16:00 - 00000000 ____D C:\Users\Sanchit\Local Settings\Windows Live
2013-03-28 10:25 - 2011-10-26 16:00 - 00000000 ____D C:\Users\Sanchit\Local Settings\Application Data\Windows Live
2013-03-28 10:25 - 2011-10-26 16:00 - 00000000 ____D C:\Users\Sanchit\AppData\Local\Windows Live
2013-03-26 15:24 - 2013-03-26 15:24 - 00000000 ____D C:\Users\Public\Juniper Networks
2013-03-26 15:24 - 2011-11-20 07:22 - 00000000 ____D C:\Program Files (x86)\Juniper Networks
2013-03-26 15:24 - 2011-11-20 07:21 - 00000000 ____D C:\Users\Sanchit\Application Data\Juniper Networks
2013-03-26 15:24 - 2011-11-20 07:21 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Juniper Networks
2013-03-26 14:29 - 2013-03-26 14:29 - 00262144 ____A C:\Windows\Minidump\032613-30997-01.dmp
2013-03-26 14:29 - 2013-03-19 11:41 - 572101397 ____A C:\Windows\MEMORY.DMP
2013-03-26 14:29 - 2011-09-14 19:41 - 00000000 ____D C:\Windows\Minidump
2013-03-26 14:25 - 2013-03-26 14:25 - 00200531 ____A C:\Users\Sanchit\Downloads\Sanchit (1).rar
2013-03-26 14:23 - 2013-03-26 14:23 - 00200531 ____A C:\Users\Sanchit\Downloads\Sanchit.rar
2013-03-26 12:11 - 2013-03-26 14:25 - 00205247 ____A C:\Users\Sanchit\Downloads\Sanchit.apk
2013-03-25 18:09 - 2013-03-25 18:09 - 00000018 ____A C:\pending.un
2013-03-22 17:27 - 2013-03-22 17:27 - 01633280 ____A C:\Users\Sanchit\Downloads\NGIN SNEC40 Multidomain ATP for TDE(For TMS import)V0.3.xls
2013-03-20 15:28 - 2013-03-20 15:28 - 00000096 ____A C:\Users\Sanchit\Downloads\Menu.txt
2013-03-20 06:08 - 2013-03-20 06:08 - 00000000 ____D C:\Users\Sanchit\Application Data\Google
2013-03-20 06:08 - 2013-03-20 06:08 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Google
2013-03-20 06:08 - 2011-06-15 13:07 - 00000000 ____D C:\Users\Sanchit\Local Settings\Google
2013-03-20 06:08 - 2011-06-15 13:07 - 00000000 ____D C:\Users\Sanchit\Local Settings\Application Data\Google
2013-03-20 06:08 - 2011-06-15 13:07 - 00000000 ____D C:\Users\Sanchit\AppData\Local\Google
2013-03-19 17:59 - 2011-11-21 15:21 - 00000000 ____D C:\Users\Sanchit\Application Data\vlc
2013-03-19 17:59 - 2011-11-21 15:21 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\vlc
2013-03-19 11:42 - 2013-03-19 11:42 - 00262144 ____A C:\Windows\Minidump\031913-30123-01.dmp
2013-03-18 17:07 - 2013-03-18 17:07 - 08151705 ____A C:\Users\Sanchit\Downloads\com.goldron.bbfree-1.0.apk


ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$3b99f81f31d5dbab1bcf87d0107a285a
C:\$Recycle.Bin\S-1-5-18\$3b99f81f31d5dbab1bcf87d0107a285a\@
C:\$Recycle.Bin\S-1-5-18\$3b99f81f31d5dbab1bcf87d0107a285a\L
C:\$Recycle.Bin\S-1-5-18\$3b99f81f31d5dbab1bcf87d0107a285a\U

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2092152589-3654524724-1465183675-1000\$3b99f81f31d5dbab1bcf87d0107a285a
C:\$Recycle.Bin\S-1-5-21-2092152589-3654524724-1465183675-1000\$3b99f81f31d5dbab1bcf87d0107a285a\@
C:\$Recycle.Bin\S-1-5-21-2092152589-3654524724-1465183675-1000\$3b99f81f31d5dbab1bcf87d0107a285a\L
C:\$Recycle.Bin\S-1-5-21-2092152589-3654524724-1465183675-1000\$3b99f81f31d5dbab1bcf87d0107a285a\U

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$3b99f81f31d5dbab1bcf87d0107a285a

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 4003.18 MB
Available physical RAM: 3276.63 MB
Total Pagefile: 4001.38 MB
Available Pagefile: 3267.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:44.94 GB) NTFS
3 Drive e: (Recovery) (Fixed) (Total:14.65 GB) (Free:7.44 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive g: () (Removable) (Total:29.8 GB) (Free:12.95 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 29 GB 0 B

Partitions of Disk 0:
===============

Disk ID: 825589A0

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 100 MB 1024 KB
Partition 2 Primary 14 GB 101 MB
Partition 3 Primary 451 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 DELLUTILITY FAT Partition 100 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 E Recovery NTFS Partition 14 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 451 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Disk ID: 00000000

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 29 GB 16 KB

==================================================================================

Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 29 GB Healthy

=========================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 825589A0

Partition 1:
=========
Hex: 00202100DEDF130C0008000000200300
Active: NO
Type: DE
Size: 100 MB

Partition 2:
=========
Hex: 80DF140C07FEFFFF0028030000C0D401
Active: YES
Type: 07 (NTFS)
Size: 15 GB

Partition 3:
=========
Hex: 00FEFFFF07FEFFFF00E8D70130706038
Active: NO
Type: 07 (NTFS)
Size: 451 GB

==============================
Partitions of Disk 2:
===============
Disk ID: 00000000

Partition 1:
=========
Hex: 000021000CFEFFFF200000002024BA03
Active: NO
Type: 0C
Size: 30 GB


Last Boot: 2013-04-04 01:46

==================== End Of Log =============================

 

[Fiery]

Hi,

Open notepad and copy & paste the following:

HKU\Sanchit\...\Run: [Seahaxarak] C:\Users\Sanchit\AppData\Roaming\Saqivu\boop.exe [196608 2012-07-26] ()
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$3b99f81f31d5dbab1bcf87d0107a285a\n. ATTENTION! ====> ZeroAccess
2013-04-09 01:03 - 2013-04-09 01:03 - 00000000 ____D C:\ProgramData\ltmrj
2013-04-09 01:03 - 2013-04-09 01:03 - 00000000 ____D C:\ProgramData\Application Data\ltmrj
2013-04-03 12:16 - 2013-04-08 02:29 - 00000000 ____D C:\Users\Sanchit\Application Data\Riom
2013-04-03 12:16 - 2013-04-08 02:29 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Riom
2013-04-03 12:16 - 2013-04-03 12:16 - 00000000 ____D C:\Users\Sanchit\Application Data\Saqivu
2013-04-03 12:16 - 2013-04-03 12:16 - 00000000 ____D C:\Users\Sanchit\Application Data\Essybe
2013-04-03 12:16 - 2013-04-03 12:16 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Saqivu
2013-04-03 12:16 - 2013-04-03 12:16 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Essybe
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$3b99f81f31d5dbab1bcf87d0107a285a
C:\$Recycle.Bin\S-1-5-18\$3b99f81f31d5dbab1bcf87d0107a285a\@
C:\$Recycle.Bin\S-1-5-18\$3b99f81f31d5dbab1bcf87d0107a285a\L
C:\$Recycle.Bin\S-1-5-18\$3b99f81f31d5dbab1bcf87d0107a285a\U
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2092152589-3654524724-1465183675-1000\$3b99f81f31d5dbab1bcf87d0107a285a
C:\$Recycle.Bin\S-1-5-21-2092152589-3654524724-1465183675-1000\$3b99f81f31d5dbab1bcf87d0107a285a\@
C:\$Recycle.Bin\S-1-5-21-2092152589-3654524724-1465183675-1000\$3b99f81f31d5dbab1bcf87d0107a285a\L
C:\$Recycle.Bin\S-1-5-21-2092152589-3654524724-1465183675-1000\$3b99f81f31d5dbab1bcf87d0107a285a\U
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$3b99f81f31d5dbab1bcf87d0107a285a

Folder: C:\Users\Sanchit\Local Settings\Application Data\{56247787-5527-4C84-AFF1-526BFB67A65B}
Folder: C:\Users\Sanchit\Local Settings\{56247787-5527-4C84-AFF1-526BFB67A65B}
Folder: C:\Users\Sanchit\Local Settings\{FD858EF5-6B23-403E-A310-157FA49C236D}

and save it as fixlist.txt onto your flash drive.

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log.

 

[ashash]

Hi,

Thanks for help. Below are the FixLog ... Could you please suggest me next steps.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-04-2013
Ran by SYSTEM at 2013-04-18 10:07:01 Run:1
Running from E:\

==============================================

HKEY_USERS\Sanchit\Software\Microsoft\Windows\CurrentVersion\Run\\Seahaxarak Value deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default value was restored successfully .
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}] should be deleted in normal mode (if present).
C:\ProgramData\ltmrj moved successfully.
C:\ProgramData\Application Data\ltmrj not found.
C:\Users\Sanchit\Application Data\Riom moved successfully.
C:\Users\Sanchit\AppData\Roaming\Riom not found.
C:\Users\Sanchit\Application Data\Saqivu moved successfully.
C:\Users\Sanchit\Application Data\Essybe moved successfully.
C:\Users\Sanchit\AppData\Roaming\Saqivu not found.
C:\Users\Sanchit\AppData\Roaming\Essybe not found.
C:\$Recycle.Bin\S-1-5-18\$3b99f81f31d5dbab1bcf87d0107a285a moved successfully.
C:\$Recycle.Bin\S-1-5-18\$3b99f81f31d5dbab1bcf87d0107a285a\@ not found.
C:\$Recycle.Bin\S-1-5-18\$3b99f81f31d5dbab1bcf87d0107a285a\L not found.
C:\$Recycle.Bin\S-1-5-18\$3b99f81f31d5dbab1bcf87d0107a285a\U not found.
C:\$Recycle.Bin\S-1-5-21-2092152589-3654524724-1465183675-1000\$3b99f81f31d5dbab1bcf87d0107a285a moved successfully.
C:\$Recycle.Bin\S-1-5-21-2092152589-3654524724-1465183675-1000\$3b99f81f31d5dbab1bcf87d0107a285a\@ not found.
C:\$Recycle.Bin\S-1-5-21-2092152589-3654524724-1465183675-1000\$3b99f81f31d5dbab1bcf87d0107a285a\L not found.
C:\$Recycle.Bin\S-1-5-21-2092152589-3654524724-1465183675-1000\$3b99f81f31d5dbab1bcf87d0107a285a\U not found.
C:\$Recycle.Bin\S-1-5-18\$3b99f81f31d5dbab1bcf87d0107a285a not found.

========================= Folder: C:\Users\Sanchit\Local Settings\Application Data\{56247787-5527-4C84-AFF1-526BFB67A65B} ========================


====== End of Folder: ======

========================= Folder: C:\Users\Sanchit\Local Settings\{56247787-5527-4C84-AFF1-526BFB67A65B} ========================


====== End of Folder: ======

========================= Folder: C:\Users\Sanchit\Local Settings\{FD858EF5-6B23-403E-A310-157FA49C236D} ========================


====== End of Folder: ======

==== End of Fixlog ====

 

[Fiery]

Hi,

Can you boot normally now? If so,

Download TDSSkiller from here

• Double-Click on TDSSKiller.exe to run the application
• When TDSSkiller opens, click change parameters , check the box next to Loaded modules . A reboot will be required.
• After reboot, TDSSKiller will run again. Click Change parameters again and make sure everything is checked.
  
  
• click Start scan .
  
• If a suspicious object is detected, the default action will be Skip, click on Continue. (If it saids TDL4/TDSS file system, select delete)
• If malicious objects are found, ensure Cure (default) is selected, then click Continue and Reboot now to finish the cleaning process.

Post the log after (usually C:\ folder in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt

Next, Download & SAVE to your Desktop RogueKiller or from here

• Quit all programs that you may have started.
• Please disconnect any USB or external drives from the computer before you run this scan!
• For Vista or Windows 7, right-click and select Run as Administrator to start
• Wait until Prescan has finished, then click on "Scan" button
• Wait until the Status box shows "Scan Finished"
• Click delete and wait until it saids deleting finished
• Click on "Report" and copy/paste the content of the Notepad into your next reply.
• The log should be found in RKreport[1].txt on your Desktop
  Exit/Close RogueKiller+

 

[ashash]

Hi,

I can't boot normally. Still the virus screen stops me doing any thing.

Please suggest me some workaround.

Thanks in advance.

 

[Fiery]

Hi,

Can you do a new scan with FRST and post the log.

Fiery

 

[ashash]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-04-2013 (ATTENTION: FRST version is 8 days old)
Ran by SYSTEM at 19-04-2013 16:32:23
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1933584 2010-12-17] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10228224 2010-11-03] (Intel Corporation)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3666800 2011-01-21] (Dell Inc.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [524800 2010-11-18] (IDT, Inc.)
HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [483424 2012-02-01] ()
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1527896 2012-06-21] (McAfee, Inc.)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [487562 2010-08-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [Wipro] "C:\Program Files\Settings\WiproRunReg.vbs" [595 2010-05-07] ()
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35768 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [2835443 2012-02-01] ()
HKU\Sanchit\...\Run: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2644992 2011-06-13] (Veoh Networks)
HKU\Sanchit\...\Run: [SmartVoip] "C:\Program Files (x86)\SmartVoip.com\SmartVoip\smartvoip.exe" -nosplash -minimized [19071960 2013-02-06] (SmartVoip)
HKU\Sanchit\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.)
HKU\Sanchit\...\Run: [Messenger (Yahoo!)] ~"C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet [5252408 2010-06-01] (Yahoo! Inc.)
HKU\Sanchit\...\Run: [Google Update] "C:\Users\Sanchit\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-06-15] (Google Inc.)
HKU\Sanchit\...\Run: [Facebook Update] "C:\Users\Sanchit\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)
HKU\Sanchit\...\Winlogon: [Shell] C:\Users\Sanchit\AppData\Roaming\mcafee.ini,explorer.exe
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-13] (Dell)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.189\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
ShortcutTarget: Monitor Apache Servers.lnk -> C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe (Apache Software Foundation)

==================== Services (Whitelisted) ===================

4 Apache2.2; "C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice [20549 2012-01-28] (Apache Software Foundation)
4 BrlAPI; C:\cygwin\bin\cygrunsrv.exe [68096 2008-03-18] ()
4 Giraffic; C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [2232504 2012-07-02] (Giraffic)
4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-04-09] (SurfRight B.V.)
4 McAWFwk; C:\PROGRA~1\mcafee\msc\mcawfwk.exe [220528 2010-08-30] (McAfee, Inc.)
4 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe" [227232 2010-09-02] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-10] (McAfee, Inc.)
4 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-10] (McAfee, Inc.)
4 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-10] (McAfee, Inc.)
4 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-10] (McAfee, Inc.)
4 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [383608 2012-08-24] (McAfee, Inc.)
4 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-10] (McAfee, Inc.)
4 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-10] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [237920 2012-06-22] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [218320 2012-06-22] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [177144 2012-06-22] (McAfee, Inc.)
4 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-10] (McAfee, Inc.)
4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()

==================== Drivers (Whitelisted) =====================

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [69672 2012-06-22] (McAfee, Inc.)
3 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
3 hitmanpro37; C:\Windows\System32\Drivers\hitmanpro37.sys [32152 2013-04-09] ()
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [169320 2012-06-22] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [300392 2012-06-22] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [513456 2012-06-22] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [752672 2012-06-22] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [106112 2012-06-22] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [335784 2012-06-22] (McAfee, Inc.)
4 mysql; "C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.5\my.ini" mysql [9171 2012-02-27] ()
1 NEOFLTR_719_20893; C:\Windows\System32\Drivers\NEOFLTR_719_20893.sys [99152 2012-05-04] (Juniper Networks)
3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [x]
3 mfeavfk01; [x]
3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-04-18 03:29 - 2013-04-18 03:29 - 00009216 ____N C:\bootex.log
2013-04-17 06:41 - 2013-04-17 06:41 - 00000000 ____D C:\FRST
2013-04-10 07:01 - 2013-04-14 03:22 - 00000000 ____D C:\Windows\pss
2013-04-09 14:50 - 2013-04-14 03:33 - 00001823 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2013-04-09 14:50 - 2013-04-14 03:33 - 00001823 ____A C:\ProgramData\Desktop\HitmanPro.lnk
2013-04-09 14:50 - 2013-04-09 14:50 - 00032152 ____A C:\Windows\System32\Drivers\hitmanpro37.sys
2013-04-09 14:50 - 2013-04-09 14:50 - 00000000 ____D C:\Program Files\HitmanPro
2013-04-09 14:49 - 2013-04-09 14:49 - 00000000 ____D C:\ProgramData\HitmanPro
2013-04-09 14:49 - 2013-04-09 14:49 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro
2013-04-09 14:11 - 2013-04-09 14:11 - 00000000 __SHD C:\found.001
2013-04-09 13:41 - 2013-04-09 13:42 - 09741664 ____A (SurfRight B.V.) C:\Users\Sanchit\Downloads\HitmanPro_x64.exe
2013-04-09 03:40 - 2013-04-09 03:40 - 00010184 ____N C:\bootsqm.dat
2013-04-09 03:37 - 2013-04-09 03:37 - 00000000 __SHD C:\found.000
2013-04-03 07:19 - 2013-04-03 07:19 - 00012737 ____A C:\Users\Sanchit\Desktop\hs_err_pid12100.log
2013-03-31 03:33 - 2013-03-31 03:33 - 00000000 ____D C:\Users\Sanchit\Local Settings\Application Data\{56247787-5527-4C84-AFF1-526BFB67A65B}
2013-03-31 03:33 - 2013-03-31 03:33 - 00000000 ____D C:\Users\Sanchit\Local Settings\{56247787-5527-4C84-AFF1-526BFB67A65B}
2013-03-31 03:33 - 2013-03-31 03:33 - 00000000 ____D C:\Users\Sanchit\AppData\Local\{56247787-5527-4C84-AFF1-526BFB67A65B}
2013-03-30 08:57 - 2013-03-30 08:57 - 00000000 ____D C:\Users\Sanchit\Local Settings\Application Data\{FD858EF5-6B23-403E-A310-157FA49C236D}
2013-03-30 08:57 - 2013-03-30 08:57 - 00000000 ____D C:\Users\Sanchit\Local Settings\{FD858EF5-6B23-403E-A310-157FA49C236D}
2013-03-30 08:57 - 2013-03-30 08:57 - 00000000 ____D C:\Users\Sanchit\AppData\Local\{FD858EF5-6B23-403E-A310-157FA49C236D}
2013-03-29 04:47 - 2013-03-29 19:10 - 00000000 ____D C:\Users\Sanchit\.android
2013-03-26 15:24 - 2013-03-26 15:24 - 00000000 ____D C:\Users\Public\Juniper Networks
2013-03-26 15:24 - 2012-05-04 20:17 - 00590472 ____A (Juniper Networks) C:\Windows\System32\dsNcSmartCardProv.dll
2013-03-26 15:24 - 2012-05-04 20:17 - 00422024 ____A (Juniper Networks) C:\Windows\System32\dsNcCredProv.dll
2013-03-26 14:29 - 2013-03-26 14:29 - 00262144 ____A C:\Windows\Minidump\032613-30997-01.dmp
2013-03-26 14:25 - 2013-03-26 14:25 - 00200531 ____A C:\Users\Sanchit\Downloads\Sanchit (1).rar
2013-03-26 14:25 - 2013-03-26 12:11 - 00205247 ____A C:\Users\Sanchit\Downloads\Sanchit.apk
2013-03-26 14:23 - 2013-03-26 14:23 - 00200531 ____A C:\Users\Sanchit\Downloads\Sanchit.rar
2013-03-25 18:09 - 2013-03-25 18:09 - 00000018 ____A C:\pending.un
2013-03-25 18:09 - 2012-05-04 20:27 - 00099152 ____A (Juniper Networks) C:\Windows\System32\Drivers\NEOFLTR_719_20893.SYS
2013-03-22 17:27 - 2013-03-22 17:27 - 01633280 ____A C:\Users\Sanchit\Downloads\NGIN SNEC40 Multidomain ATP for TDE(For TMS import)V0.3.xls
2013-03-20 15:48 - 2013-02-11 23:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-03-20 15:28 - 2013-03-20 15:28 - 00000096 ____A C:\Users\Sanchit\Downloads\Menu.txt
2013-03-20 06:08 - 2013-03-20 06:08 - 00000000 ____D C:\Users\Sanchit\Application Data\Google
2013-03-20 06:08 - 2013-03-20 06:08 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Google

==================== One Month Modified Files and Folders =======

2013-04-18 03:33 - 2009-07-13 23:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-18 03:33 - 2009-07-13 23:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-18 03:29 - 2013-04-18 03:29 - 00009216 ____N C:\bootex.log
2013-04-17 06:41 - 2013-04-17 06:41 - 00000000 ____D C:\FRST
2013-04-17 03:32 - 2011-06-12 06:52 - 00000000 ____D C:\ProgramData\Sonic
2013-04-17 03:32 - 2011-06-12 06:52 - 00000000 ____D C:\ProgramData\Application Data\Sonic
2013-04-14 03:33 - 2013-04-09 14:50 - 00001823 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2013-04-14 03:33 - 2013-04-09 14:50 - 00001823 ____A C:\ProgramData\Desktop\HitmanPro.lnk
2013-04-14 03:22 - 2013-04-10 07:01 - 00000000 ____D C:\Windows\pss
2013-04-10 07:57 - 2012-08-24 16:48 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-04-10 07:57 - 2011-06-17 14:15 - 00000000 ____D C:\Program Files (x86)\Giraffic
2013-04-10 07:57 - 2011-06-12 07:02 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-04-10 07:56 - 2013-01-19 08:43 - 00007284 ____A C:\Windows\setupact.log
2013-04-10 07:56 - 2011-06-18 06:48 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-04-10 07:56 - 2011-06-12 07:13 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks
2013-04-10 07:56 - 2011-06-12 07:13 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2013-04-10 07:56 - 2011-06-12 07:13 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-04-10 07:56 - 2011-06-12 07:13 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2013-04-10 07:56 - 2011-06-12 07:13 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2013-04-10 07:56 - 2011-06-12 07:13 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-04-10 07:56 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-10 07:51 - 2011-06-12 06:27 - 01171389 ____A C:\Windows\WindowsUpdate.log
2013-04-10 07:19 - 2009-07-14 00:13 - 00006732 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-09 14:50 - 2013-04-09 14:50 - 00032152 ____A C:\Windows\System32\Drivers\hitmanpro37.sys
2013-04-09 14:50 - 2013-04-09 14:50 - 00000000 ____D C:\Program Files\HitmanPro
2013-04-09 14:49 - 2013-04-09 14:49 - 00000000 ____D C:\ProgramData\HitmanPro
2013-04-09 14:49 - 2013-04-09 14:49 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro
2013-04-09 14:11 - 2013-04-09 14:11 - 00000000 __SHD C:\found.001
2013-04-09 13:42 - 2013-04-09 13:41 - 09741664 ____A (SurfRight B.V.) C:\Users\Sanchit\Downloads\HitmanPro_x64.exe
2013-04-09 12:28 - 2011-11-19 13:25 - 00000936 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2092152589-3654524724-1465183675-1000UA.job
2013-04-09 12:28 - 2011-06-18 06:48 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-04-09 12:28 - 2011-06-15 13:07 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2092152589-3654524724-1465183675-1000UA.job
2013-04-09 03:40 - 2013-04-09 03:40 - 00010184 ____N C:\bootsqm.dat
2013-04-09 03:37 - 2013-04-09 03:37 - 00000000 __SHD C:\found.000
2013-04-09 01:08 - 2011-11-19 13:25 - 00000914 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2092152589-3654524724-1465183675-1000Core.job
2013-04-09 01:01 - 2011-06-18 06:47 - 00000000 ____D C:\Users\Sanchit\Application Data\Skype
2013-04-09 01:01 - 2011-06-18 06:47 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Skype
2013-04-08 17:45 - 2011-06-15 06:01 - 00000000 ____D C:\users\Sanchit
2013-04-08 16:31 - 2011-06-15 13:07 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2092152589-3654524724-1465183675-1000Core.job
2013-04-08 10:32 - 2011-06-15 07:17 - 00022016 ____A C:\Users\Sanchit\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-08 10:32 - 2011-06-15 07:17 - 00022016 ____A C:\Users\Sanchit\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-08 10:32 - 2011-06-15 07:17 - 00022016 ____A C:\Users\Sanchit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-07 01:22 - 2012-07-10 15:54 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-04-07 01:22 - 2011-06-12 06:57 - 00000000 ____D C:\ProgramData\Skype
2013-04-07 01:22 - 2011-06-12 06:57 - 00000000 ____D C:\ProgramData\Application Data\Skype
2013-04-03 07:19 - 2013-04-03 07:19 - 00012737 ____A C:\Users\Sanchit\Desktop\hs_err_pid12100.log
2013-04-02 16:21 - 2011-08-05 12:39 - 00000000 ____D C:\Sandeep
2013-04-02 07:31 - 2011-06-15 12:25 - 00000000 ____D C:\Users\Sanchit\Application Data\Mozilla
2013-04-02 07:31 - 2011-06-15 12:25 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Mozilla
2013-03-31 08:32 - 2011-11-06 11:34 - 00002384 ____A C:\Users\Sanchit\Desktop\Google Chrome.lnk
2013-03-31 03:33 - 2013-03-31 03:33 - 00000000 ____D C:\Users\Sanchit\Local Settings\Application Data\{56247787-5527-4C84-AFF1-526BFB67A65B}
2013-03-31 03:33 - 2013-03-31 03:33 - 00000000 ____D C:\Users\Sanchit\Local Settings\{56247787-5527-4C84-AFF1-526BFB67A65B}
2013-03-31 03:33 - 2013-03-31 03:33 - 00000000 ____D C:\Users\Sanchit\AppData\Local\{56247787-5527-4C84-AFF1-526BFB67A65B}
2013-03-30 08:57 - 2013-03-30 08:57 - 00000000 ____D C:\Users\Sanchit\Local Settings\Application Data\{FD858EF5-6B23-403E-A310-157FA49C236D}
2013-03-30 08:57 - 2013-03-30 08:57 - 00000000 ____D C:\Users\Sanchit\Local Settings\{FD858EF5-6B23-403E-A310-157FA49C236D}
2013-03-30 08:57 - 2013-03-30 08:57 - 00000000 ____D C:\Users\Sanchit\AppData\Local\{FD858EF5-6B23-403E-A310-157FA49C236D}
2013-03-29 19:10 - 2013-03-29 04:47 - 00000000 ____D C:\Users\Sanchit\.android
2013-03-29 18:14 - 2011-11-16 18:20 - 00000000 ____D C:\Users\Sanchit\workspace
2013-03-28 18:07 - 2012-08-24 16:23 - 00000000 ____D C:\Users\Sanchit\My Documents\Software
2013-03-28 18:07 - 2012-08-24 16:23 - 00000000 ____D C:\Users\Sanchit\Documents\Software
2013-03-28 10:25 - 2011-10-26 16:00 - 00000000 ____D C:\Users\Sanchit\Local Settings\Windows Live
2013-03-28 10:25 - 2011-10-26 16:00 - 00000000 ____D C:\Users\Sanchit\Local Settings\Application Data\Windows Live
2013-03-28 10:25 - 2011-10-26 16:00 - 00000000 ____D C:\Users\Sanchit\AppData\Local\Windows Live
2013-03-26 15:24 - 2013-03-26 15:24 - 00000000 ____D C:\Users\Public\Juniper Networks
2013-03-26 15:24 - 2011-11-20 07:22 - 00000000 ____D C:\Program Files (x86)\Juniper Networks
2013-03-26 15:24 - 2011-11-20 07:21 - 00000000 ____D C:\Users\Sanchit\Application Data\Juniper Networks
2013-03-26 15:24 - 2011-11-20 07:21 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Juniper Networks
2013-03-26 14:29 - 2013-03-26 14:29 - 00262144 ____A C:\Windows\Minidump\032613-30997-01.dmp
2013-03-26 14:29 - 2013-03-19 11:41 - 572101397 ____A C:\Windows\MEMORY.DMP
2013-03-26 14:29 - 2011-09-14 19:41 - 00000000 ____D C:\Windows\Minidump
2013-03-26 14:25 - 2013-03-26 14:25 - 00200531 ____A C:\Users\Sanchit\Downloads\Sanchit (1).rar
2013-03-26 14:23 - 2013-03-26 14:23 - 00200531 ____A C:\Users\Sanchit\Downloads\Sanchit.rar
2013-03-26 12:11 - 2013-03-26 14:25 - 00205247 ____A C:\Users\Sanchit\Downloads\Sanchit.apk
2013-03-25 18:09 - 2013-03-25 18:09 - 00000018 ____A C:\pending.un
2013-03-22 17:27 - 2013-03-22 17:27 - 01633280 ____A C:\Users\Sanchit\Downloads\NGIN SNEC40 Multidomain ATP for TDE(For TMS import)V0.3.xls
2013-03-20 15:28 - 2013-03-20 15:28 - 00000096 ____A C:\Users\Sanchit\Downloads\Menu.txt
2013-03-20 06:08 - 2013-03-20 06:08 - 00000000 ____D C:\Users\Sanchit\Application Data\Google
2013-03-20 06:08 - 2013-03-20 06:08 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Google
2013-03-20 06:08 - 2011-06-15 13:07 - 00000000 ____D C:\Users\Sanchit\Local Settings\Google
2013-03-20 06:08 - 2011-06-15 13:07 - 00000000 ____D C:\Users\Sanchit\Local Settings\Application Data\Google
2013-03-20 06:08 - 2011-06-15 13:07 - 00000000 ____D C:\Users\Sanchit\AppData\Local\Google


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 4003.18 MB
Available physical RAM: 3276.72 MB
Total Pagefile: 4001.38 MB
Available Pagefile: 3267.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:44.93 GB) NTFS
3 Drive e: (Recovery) (Fixed) (Total:14.65 GB) (Free:7.44 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive g: () (Removable) (Total:29.8 GB) (Free:12.95 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 29 GB 0 B

Partitions of Disk 0:
===============

Disk ID: 825589A0

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 100 MB 1024 KB
Partition 2 Primary 14 GB 101 MB
Partition 3 Primary 451 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 DELLUTILITY FAT Partition 100 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 E Recovery NTFS Partition 14 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 451 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Disk ID: 00000000

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 29 GB 16 KB

==================================================================================

Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 29 GB Healthy

=========================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 825589A0

Partition 1:
=========
Hex: 00202100DEDF130C0008000000200300
Active: NO
Type: DE
Size: 100 MB

Partition 2:
=========
Hex: 80DF140C07FEFFFF0028030000C0D401
Active: YES
Type: 07 (NTFS)
Size: 15 GB

Partition 3:
=========
Hex: 00FEFFFF07FEFFFF00E8D70130706038
Active: NO
Type: 07 (NTFS)
Size: 451 GB

==============================
Partitions of Disk 2:
===============
Disk ID: 00000000

Partition 1:
=========
Hex: 000021000CFEFFFF200000002024BA03
Active: NO
Type: 0C
Size: 30 GB


Last Boot: 2013-04-04 01:46

==================== End Of Log =============================

 

[Fiery]

Hi,

Make another FRST script.

Open notepad and copy & paste the following:

HKU\Sanchit\...\Winlogon: [Shell] C:\Users\Sanchit\AppData\Roaming\mcafee.ini,explorer.exe
2013-03-31 03:33 - 2013-03-31 03:33 - 00000000 ____D C:\Users\Sanchit\Local Settings\Application Data\{56247787-5527-4C84-AFF1-526BFB67A65B}
2013-03-31 03:33 - 2013-03-31 03:33 - 00000000 ____D C:\Users\Sanchit\Local Settings\{56247787-5527-4C84-AFF1-526BFB67A65B}
2013-03-31 03:33 - 2013-03-31 03:33 - 00000000 ____D C:\Users\Sanchit\AppData\Local\{56247787-5527-4C84-AFF1-526BFB67A65B}
C:\Users\Sanchit\AppData\Roaming\mcafee.ini
Folder: C:\Users\Sanchit\AppData\Local\{FD858EF5-6B23-403E-A310-157FA49C236D}

and save it as fixlist.txt onto your flash drive.

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log. Attempt to reboot normally. If you can, then follow the instructions regarding TDSSKiller on post #7: http://malwaretips.com/Thread-Removing-help-of-virus-gesellschaft-zur-verf%C3%BCgung-von-urheberrechtsverletzungen?pid=117185#pid117185

 

[ashash]

Hi,

Thanks a lot for helping.

Now I can boot normally however still the camera starts after restart and my wifi/internet is not working. Could you please give some input for same.

Following are the logs for TDSSKiller scan:

17:24:33.0008 1392 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:24:33.0897 1392 ============================================================
17:24:33.0897 1392 Current date / time: 2013/04/19 17:24:33.0897
17:24:33.0897 1392 SystemInfo:
17:24:33.0897 1392
17:24:33.0897 1392 OS Version: 6.1.7601 ServicePack: 1.0
17:24:33.0897 1392 Product type: Workstation
17:24:33.0897 1392 ComputerName: SANCHIT-PC
17:24:33.0897 1392 UserName: Sanchit
17:24:33.0897 1392 Windows directory: C:\windows
17:24:33.0897 1392 System windows directory: C:\windows
17:24:33.0897 1392 Running under WOW64
17:24:33.0897 1392 Processor architecture: Intel x64
17:24:33.0897 1392 Number of processors: 4
17:24:33.0897 1392 Page size: 0x1000
17:24:33.0897 1392 Boot type: Normal boot
17:24:33.0897 1392 ============================================================
17:24:34.0350 1392 BG loaded
17:24:35.0847 1392 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:24:35.0847 1392 Drive \Device\Harddisk1\DR1 - Size: 0x774488000 (29.82 Gb), SectorSize: 0x200, Cylinders: 0xF34, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:24:35.0847 1392 ============================================================
17:24:35.0847 1392 \Device\Harddisk0\DR0:
17:24:35.0847 1392 MBR partitions:
17:24:35.0847 1392 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
17:24:35.0847 1392 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030
17:24:35.0847 1392 \Device\Harddisk1\DR1:
17:24:35.0863 1392 MBR partitions:
17:24:35.0863 1392 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x3BA2420
17:24:35.0863 1392 ============================================================
17:24:35.0894 1392 C: <-> \Device\Harddisk0\DR0\Partition2
17:24:35.0894 1392 ============================================================
17:24:35.0894 1392 Initialize success
17:24:35.0894 1392 ============================================================
17:25:08.0853 2272 ============================================================
17:25:08.0854 2272 Scan started
17:25:08.0854 2272 Mode: Manual; SigCheck; TDLFS;
17:25:08.0854 2272 ============================================================
17:25:14.0453 2272 ================ Scan system memory ========================
17:25:14.0453 2272 System memory - ok
17:25:14.0454 2272 ================ Scan services =============================
17:25:17.0705 2272 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
17:25:36.0035 2272 1394ohci - ok
17:25:36.0211 2272 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
17:25:36.0243 2272 ACPI - ok
17:25:36.0320 2272 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
17:25:37.0382 2272 AcpiPmi - ok
17:25:37.0750 2272 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:25:37.0778 2272 AdobeARMservice - ok
17:25:38.0839 2272 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:25:38.0867 2272 AdobeFlashPlayerUpdateSvc - ok
17:25:39.0068 2272 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
17:25:39.0100 2272 adp94xx - ok
17:25:39.0272 2272 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
17:25:39.0299 2272 adpahci - ok
17:25:39.0451 2272 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
17:25:39.0473 2272 adpu320 - ok
17:25:39.0696 2272 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
17:25:41.0794 2272 AeLookupSvc - ok
17:25:41.0951 2272 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
17:25:42.0045 2272 AESTFilters - ok
17:25:42.0257 2272 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
17:25:42.0414 2272 AFD - ok
17:25:42.0505 2272 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
17:25:42.0525 2272 agp440 - ok
17:25:42.0618 2272 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
17:25:42.0718 2272 ALG - ok
17:25:42.0763 2272 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
17:25:42.0781 2272 aliide - ok
17:25:42.0835 2272 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
17:25:42.0860 2272 amdide - ok
17:25:42.0880 2272 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
17:25:42.0969 2272 AmdK8 - ok
17:25:42.0974 2272 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
17:25:43.0022 2272 AmdPPM - ok
17:25:43.0085 2272 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
17:25:43.0109 2272 amdsata - ok
17:25:43.0199 2272 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
17:25:43.0224 2272 amdsbs - ok
17:25:43.0243 2272 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
17:25:43.0262 2272 amdxata - ok
17:25:43.0572 2272 [ EB4E26AD3A0E681C2FAABBACB0691A34 ] Apache2.2 C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
17:25:43.0654 2272 Apache2.2 ( UnsignedFile.Multi.Generic ) - warning
17:25:43.0654 2272 Apache2.2 - detected UnsignedFile.Multi.Generic (1)
17:25:43.0795 2272 [ 24ED0EB2B2558970176ECEE680F8F806 ] ApfiltrService C:\windows\system32\DRIVERS\Apfiltr.sys
17:25:43.0912 2272 ApfiltrService - ok
17:25:43.0997 2272 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
17:25:44.0871 2272 AppID - ok
17:25:44.0910 2272 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
17:25:45.0000 2272 AppIDSvc - ok
17:25:45.0047 2272 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
17:25:45.0115 2272 Appinfo - ok
17:25:45.0166 2272 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
17:25:45.0186 2272 arc - ok
17:25:45.0225 2272 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
17:25:45.0246 2272 arcsas - ok
17:25:45.0404 2272 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:25:45.0476 2272 aspnet_state - ok
17:25:45.0514 2272 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
17:25:45.0616 2272 AsyncMac - ok
17:25:45.0671 2272 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
17:25:45.0689 2272 atapi - ok
17:25:45.0796 2272 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
17:25:45.0895 2272 AudioEndpointBuilder - ok
17:25:45.0930 2272 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
17:25:45.0975 2272 AudioSrv - ok
17:25:46.0087 2272 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
17:25:46.0268 2272 AxInstSV - ok
17:25:46.0435 2272 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
17:25:46.0494 2272 b06bdrv - ok
17:25:46.0602 2272 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
17:25:46.0694 2272 b57nd60a - ok
17:25:46.0744 2272 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
17:25:46.0765 2272 BDESVC - ok
17:25:46.0793 2272 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
17:25:46.0881 2272 Beep - ok
17:25:46.0987 2272 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
17:25:47.0123 2272 BITS - ok
17:25:47.0175 2272 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
17:25:47.0225 2272 blbdrive - ok
17:25:47.0433 2272 [ 093B1B419EF25B15D3A1CA6953F41AFB ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
17:25:47.0468 2272 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - warning
17:25:47.0468 2272 Bluetooth Device Monitor - detected UnsignedFile.Multi.Generic (1)
17:25:47.0605 2272 [ 03A7341E94ACD92E0831336D4F3ACE92 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
17:25:47.0663 2272 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - warning
17:25:47.0663 2272 Bluetooth Media Service - detected UnsignedFile.Multi.Generic (1)
17:25:47.0734 2272 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
17:25:47.0776 2272 bowser - ok
17:25:47.0840 2272 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
17:25:47.0885 2272 BrFiltLo - ok
17:25:47.0896 2272 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
17:25:47.0937 2272 BrFiltUp - ok
17:25:48.0250 2272 [ A61D617F37456D9D32F98BF70EB5D414 ] BrlAPI C:\cygwin\bin\cygrunsrv.exe
17:25:52.0878 2272 BrlAPI ( UnsignedFile.Multi.Generic ) - warning
17:25:52.0878 2272 BrlAPI - detected UnsignedFile.Multi.Generic (1)
17:25:52.0998 2272 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
17:25:53.0060 2272 Browser - ok
17:25:53.0160 2272 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
17:25:53.0215 2272 Brserid - ok
17:25:53.0240 2272 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
17:25:53.0287 2272 BrSerWdm - ok
17:25:53.0299 2272 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
17:25:53.0348 2272 BrUsbMdm - ok
17:25:53.0354 2272 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
17:25:53.0404 2272 BrUsbSer - ok
17:25:53.0474 2272 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
17:25:53.0589 2272 BthEnum - ok
17:25:53.0655 2272 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
17:25:53.0707 2272 BTHMODEM - ok
17:25:53.0765 2272 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
17:25:53.0809 2272 BthPan - ok
17:25:53.0946 2272 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
17:25:54.0025 2272 BTHPORT - ok
17:25:54.0086 2272 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
17:25:54.0149 2272 bthserv - ok
17:25:54.0216 2272 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
17:25:54.0232 2272 BTHUSB - ok
17:25:54.0323 2272 [ C5495CF0261279F08BF942B865E4A55A ] btmaudio C:\windows\system32\drivers\btmaud.sys
17:25:54.0341 2272 btmaudio - ok
17:25:54.0397 2272 [ 16C1BAC9760C9FA85A30F3FA0FBB1B7A ] btmaux C:\windows\system32\DRIVERS\btmaux.sys
17:25:54.0407 2272 btmaux - ok
17:25:54.0451 2272 [ 0C468D8DA95BE16BFDD380BB9DE88259 ] btmhsf C:\windows\system32\DRIVERS\btmhsf.sys
17:25:54.0505 2272 btmhsf - ok
17:25:54.0552 2272 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
17:25:54.0609 2272 cdfs - ok
17:25:54.0704 2272 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
17:25:54.0730 2272 cdrom - ok
17:25:54.0816 2272 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
17:25:54.0881 2272 CertPropSvc - ok
17:25:54.0952 2272 [ 45B5A89DC41577282E5BF41B1165EA71 ] cfwids C:\windows\system32\drivers\cfwids.sys
17:25:54.0972 2272 cfwids - ok
17:25:55.0017 2272 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
17:25:55.0062 2272 circlass - ok
17:25:55.0173 2272 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
17:25:55.0207 2272 CLFS - ok
17:25:55.0331 2272 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:25:55.0351 2272 clr_optimization_v2.0.50727_32 - ok
17:25:55.0473 2272 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:25:55.0497 2272 clr_optimization_v2.0.50727_64 - ok
17:25:55.0638 2272 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:25:56.0101 2272 clr_optimization_v4.0.30319_32 - ok
17:25:56.0175 2272 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:25:56.0332 2272 clr_optimization_v4.0.30319_64 - ok
17:25:56.0385 2272 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
17:25:56.0426 2272 CmBatt - ok
17:25:56.0444 2272 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
17:25:56.0461 2272 cmdide - ok
17:25:56.0574 2272 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
17:25:56.0610 2272 CNG - ok
17:25:56.0687 2272 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
17:25:56.0706 2272 Compbatt - ok
17:25:56.0740 2272 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
17:25:56.0765 2272 CompositeBus - ok
17:25:56.0787 2272 COMSysApp - ok
17:25:56.0825 2272 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
17:25:56.0843 2272 crcdisk - ok
17:25:56.0918 2272 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
17:25:56.0989 2272 CryptSvc - ok
17:25:57.0109 2272 [ FBE228ABEAB2BE13B9C3A3A112D4D8DC ] CtClsFlt C:\windows\system32\DRIVERS\CtClsFlt.sys
17:25:57.0150 2272 CtClsFlt - ok
17:25:57.0415 2272 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:25:57.0576 2272 cvhsvc - ok
17:25:57.0658 2272 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
17:25:57.0722 2272 DcomLaunch - ok
17:25:57.0792 2272 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
17:25:57.0874 2272 defragsvc - ok
17:25:57.0907 2272 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
17:25:57.0984 2272 DfsC - ok
17:25:58.0115 2272 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
17:25:58.0210 2272 Dhcp - ok
17:25:58.0278 2272 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
17:25:58.0345 2272 discache - ok
17:25:58.0415 2272 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
17:25:58.0435 2272 Disk - ok
17:25:58.0611 2272 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
17:25:58.0690 2272 Dnscache - ok
17:25:58.0781 2272 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
17:25:58.0844 2272 dot3svc - ok
17:25:58.0896 2272 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
17:25:58.0969 2272 DPS - ok
17:25:59.0034 2272 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
17:25:59.0086 2272 drmkaud - ok
17:25:59.0138 2272 [ 0040A0132AAC1004E50055F8FBB14C08 ] dsNcAdpt C:\windows\system32\DRIVERS\dsNcAdpt.sys
17:25:59.0166 2272 dsNcAdpt - ok
17:25:59.0350 2272 [ 5B507C8BCA04C7F963221B9494FEF91F ] dsNcService C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
17:25:59.0443 2272 dsNcService - ok
17:25:59.0539 2272 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
17:25:59.0581 2272 DXGKrnl - ok
17:25:59.0649 2272 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
17:25:59.0708 2272 EapHost - ok
17:26:00.0232 2272 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
17:26:00.0613 2272 ebdrv - ok
17:26:00.0671 2272 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
17:26:00.0717 2272 EFS - ok
17:26:00.0851 2272 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
17:26:00.0907 2272 ehRecvr - ok
17:26:00.0923 2272 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
17:26:00.0971 2272 ehSched - ok
17:26:01.0141 2272 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
17:26:01.0174 2272 elxstor - ok
17:26:01.0197 2272 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
17:26:01.0241 2272 ErrDev - ok
17:26:01.0313 2272 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
17:26:01.0371 2272 EventSystem - ok
17:26:01.0717 2272 [ 8B6C9924B0D333DBF76086B8258A0891 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
17:26:01.0846 2272 EvtEng - ok
17:26:01.0916 2272 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
17:26:01.0987 2272 exfat - ok
17:26:02.0032 2272 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
17:26:02.0098 2272 fastfat - ok
17:26:02.0167 2272 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
17:26:02.0210 2272 Fax - ok
17:26:02.0243 2272 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
17:26:02.0268 2272 fdc - ok
17:26:02.0297 2272 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
17:26:02.0355 2272 fdPHost - ok
17:26:02.0373 2272 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
17:26:02.0432 2272 FDResPub - ok
17:26:02.0467 2272 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
17:26:02.0487 2272 FileInfo - ok
17:26:02.0508 2272 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
17:26:02.0582 2272 Filetrace - ok
17:26:02.0634 2272 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
17:26:02.0670 2272 flpydisk - ok
17:26:02.0712 2272 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
17:26:02.0736 2272 FltMgr - ok
17:26:02.0931 2272 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\windows\system32\FntCache.dll
17:26:02.0995 2272 FontCache - ok
17:26:03.0079 2272 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:26:03.0098 2272 FontCache3.0.0.0 - ok
17:26:03.0135 2272 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
17:26:03.0154 2272 FsDepends - ok
17:26:03.0196 2272 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
17:26:03.0215 2272 Fs_Rec - ok
17:26:03.0276 2272 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
17:26:03.0304 2272 fvevol - ok
17:26:03.0368 2272 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
17:26:03.0388 2272 gagp30kx - ok
17:26:03.0472 2272 Giraffic - ok
17:26:03.0571 2272 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
17:26:03.0641 2272 gpsvc - ok
17:26:03.0809 2272 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:26:03.0840 2272 gupdate - ok
17:26:03.0886 2272 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:26:03.0897 2272 gupdatem - ok
17:26:03.0972 2272 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:26:03.0996 2272 gusvc - ok
17:26:04.0057 2272 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
17:26:04.0104 2272 hcw85cir - ok
17:26:04.0197 2272 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
17:26:04.0228 2272 HdAudAddService - ok
17:26:04.0252 2272 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
17:26:04.0305 2272 HDAudBus - ok
17:26:04.0326 2272 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
17:26:04.0381 2272 HidBatt - ok
17:26:04.0406 2272 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
17:26:04.0451 2272 HidBth - ok
17:26:04.0476 2272 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
17:26:04.0529 2272 HidIr - ok
17:26:04.0568 2272 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
17:26:04.0636 2272 hidserv - ok
17:26:04.0694 2272 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
17:26:04.0715 2272 HidUsb - ok
17:26:04.0852 2272 [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK C:\windows\system32\drivers\HipShieldK.sys
17:26:04.0902 2272 HipShieldK - ok
17:26:05.0011 2272 [ DD9C88B116408B30F855A76E09DD2962 ] hitmanpro37 C:\windows\system32\drivers\hitmanpro37.sys
17:26:05.0035 2272 hitmanpro37 - ok
17:26:05.0158 2272 [ 011ECE6EA1B25042FEDACDA4716AE2A1 ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe
17:26:05.0178 2272 HitmanProScheduler - ok
17:26:05.0226 2272 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
17:26:05.0293 2272 hkmsvc - ok
17:26:05.0343 2272 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
17:26:05.0405 2272 HomeGroupListener - ok
17:26:05.0473 2272 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
17:26:05.0519 2272 HomeGroupProvider - ok
17:26:05.0558 2272 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
17:26:05.0578 2272 HpSAMD - ok
17:26:05.0647 2272 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
17:26:05.0706 2272 HTTP - ok
17:26:05.0747 2272 hwdatacard - ok
17:26:05.0765 2272 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
17:26:05.0780 2272 hwpolicy - ok
17:26:05.0903 2272 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
17:26:05.0924 2272 i8042prt - ok
17:26:05.0980 2272 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
17:26:05.0999 2272 iaStor - ok
17:26:06.0131 2272 [ 8FFF9083252C16FE3960173722605E9E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
17:26:06.0150 2272 IAStorDataMgrSvc - ok
17:26:06.0288 2272 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
17:26:06.0317 2272 iaStorV - ok
17:26:06.0346 2272 [ FC85972037815FA7B413E790B426ACB2 ] iBtFltCoex C:\windows\system32\DRIVERS\iBtFltCoex.sys
17:26:06.0389 2272 iBtFltCoex - ok
17:26:06.0588 2272 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:26:06.0648 2272 idsvc - ok
17:26:07.0037 2272 [ 795C99DC4F574C97C03D0BB39CF099EE ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
17:26:07.0252 2272 igfx - ok
17:26:07.0309 2272 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
17:26:07.0329 2272 iirsp - ok
17:26:07.0425 2272 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
17:26:07.0491 2272 IKEEXT - ok
17:26:07.0569 2272 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
17:26:07.0630 2272 IntcDAud - ok
17:26:07.0646 2272 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
17:26:07.0664 2272 intelide - ok
17:26:07.0719 2272 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
17:26:07.0756 2272 intelppm - ok
17:26:07.0795 2272 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
17:26:07.0839 2272 IPBusEnum - ok
17:26:07.0860 2272 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
17:26:07.0918 2272 IpFilterDriver - ok
17:26:07.0942 2272 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
17:26:07.0974 2272 IPMIDRV - ok
17:26:08.0019 2272 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
17:26:08.0065 2272 IPNAT - ok
17:26:08.0090 2272 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
17:26:08.0129 2272 IRENUM - ok
17:26:08.0143 2272 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
17:26:08.0161 2272 isapnp - ok
17:26:08.0182 2272 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
17:26:08.0208 2272 iScsiPrt - ok
17:26:08.0226 2272 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
17:26:08.0245 2272 kbdclass - ok
17:26:08.0265 2272 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
17:26:08.0286 2272 kbdhid - ok
17:26:08.0304 2272 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
17:26:08.0318 2272 KeyIso - ok
17:26:08.0357 2272 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
17:26:08.0376 2272 KSecDD - ok
17:26:08.0396 2272 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
17:26:08.0419 2272 KSecPkg - ok
17:26:08.0433 2272 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
17:26:08.0490 2272 ksthunk - ok
17:26:08.0530 2272 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
17:26:08.0596 2272 KtmRm - ok
17:26:08.0652 2272 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
17:26:08.0711 2272 LanmanServer - ok
17:26:08.0751 2272 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
17:26:08.0812 2272 LanmanWorkstation - ok
17:26:08.0853 2272 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
17:26:08.0914 2272 lltdio - ok
17:26:08.0963 2272 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
17:26:09.0013 2272 lltdsvc - ok
17:26:09.0031 2272 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
17:26:09.0101 2272 lmhosts - ok
17:26:09.0183 2272 [ 0803906D607A9B83184447B75B60ECC2 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:26:09.0215 2272 LMS - ok
17:26:09.0243 2272 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
17:26:09.0264 2272 LSI_FC - ok
17:26:09.0295 2272 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
17:26:09.0317 2272 LSI_SAS - ok
17:26:09.0338 2272 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
17:26:09.0358 2272 LSI_SAS2 - ok
17:26:09.0374 2272 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
17:26:09.0395 2272 LSI_SCSI - ok
17:26:09.0412 2272 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
17:26:09.0473 2272 luafv - ok
17:26:09.0555 2272 [ B6BD99C3E23507A732C474CAA620C0D7 ] McAWFwk c:\PROGRA~1\mcafee\msc\mcawfwk.exe
17:26:09.0583 2272 McAWFwk - ok
17:26:09.0620 2272 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe
17:26:09.0646 2272 McComponentHostService - ok
17:26:09.0728 2272 [ C121367D21599367F2ADB9C11B7BABAA ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:26:09.0756 2272 McMPFSvc - ok
17:26:09.0785 2272 [ C121367D21599367F2ADB9C11B7BABAA ] mcmscsvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
17:26:09.0800 2272 mcmscsvc - ok
17:26:09.0821 2272 [ C121367D21599367F2ADB9C11B7BABAA ] McNaiAnn C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
17:26:09.0837 2272 McNaiAnn - ok
17:26:09.0871 2272 [ C121367D21599367F2ADB9C11B7BABAA ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
17:26:09.0886 2272 McNASvc - ok
17:26:09.0947 2272 [ 9EF2FF066F067C140EB2CB776104C602 ] McODS C:\Program Files\mcafee\VirusScan\mcods.exe
17:26:09.0969 2272 McODS - ok
17:26:09.0975 2272 [ C121367D21599367F2ADB9C11B7BABAA ] McOobeSv C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
17:26:09.0990 2272 McOobeSv - ok
17:26:09.0995 2272 [ C121367D21599367F2ADB9C11B7BABAA ] McProxy C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
17:26:10.0010 2272 McProxy - ok
17:26:10.0072 2272 [ 4DEC9B5BEDAA97B1FF6A3923E1C4F58A ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
17:26:10.0098 2272 McShield - ok
17:26:10.0129 2272 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
17:26:10.0150 2272 Mcx2Svc - ok
17:26:10.0180 2272 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
17:26:10.0199 2272 megasas - ok
17:26:10.0242 2272 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
17:26:10.0268 2272 MegaSR - ok
17:26:10.0327 2272 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
17:26:10.0346 2272 MEIx64 - ok
17:26:10.0376 2272 [ B574522827D94126C03975FD53F0B26B ] mfeapfk C:\windows\system32\drivers\mfeapfk.sys
17:26:10.0391 2272 mfeapfk - ok
17:26:10.0416 2272 [ B393753ECE9A9E2307CB1984ACF3DA9D ] mfeavfk C:\windows\system32\drivers\mfeavfk.sys
17:26:10.0440 2272 mfeavfk - ok
17:26:10.0459 2272 mfeavfk01 - ok
17:26:10.0509 2272 [ 97C398750C8E80A48EB63999546F796E ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
17:26:10.0531 2272 mfefire - ok
17:26:10.0571 2272 [ C52A1ABF03DD219375EA0F6A8BE941C3 ] mfefirek C:\windows\system32\drivers\mfefirek.sys
17:26:10.0600 2272 mfefirek - ok
17:26:10.0644 2272 [ 7092A6C6158FC4F5AA39EBEB9D5AF03D ] mfehidk C:\windows\system32\drivers\mfehidk.sys
17:26:10.0689 2272 mfehidk - ok
17:26:10.0728 2272 [ D2A941C82A0A9227CD6F47AD40A40F69 ] mferkdet C:\windows\system32\drivers\mferkdet.sys
17:26:10.0750 2272 mferkdet - ok
17:26:10.0776 2272 [ 04D48692EFF181DA46DD8EA8BE9FFB2B ] mfevtp C:\Windows\system32\mfevtps.exe
17:26:10.0799 2272 mfevtp - ok
17:26:10.0819 2272 [ 1631E2DA6C4B47D97ECA94842836592E ] mfewfpk C:\windows\system32\drivers\mfewfpk.sys
17:26:10.0848 2272 mfewfpk - ok
17:26:10.0929 2272 Microsoft SharePoint Workspace Audit Service - ok
17:26:10.0961 2272 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
17:26:11.0005 2272 MMCSS - ok
17:26:11.0024 2272 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
17:26:11.0067 2272 Modem - ok
17:26:11.0126 2272 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
17:26:11.0190 2272 monitor - ok
17:26:11.0251 2272 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
17:26:11.0270 2272 mouclass - ok
17:26:11.0350 2272 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
17:26:11.0407 2272 mouhid - ok
17:26:11.0467 2272 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
17:26:11.0488 2272 mountmgr - ok
17:26:11.0510 2272 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
17:26:11.0545 2272 mpio - ok
17:26:11.0570 2272 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
17:26:11.0623 2272 mpsdrv - ok
17:26:11.0679 2272 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
17:26:11.0714 2272 MRxDAV - ok
17:26:11.0734 2272 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
17:26:11.0779 2272 mrxsmb - ok
17:26:11.0837 2272 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
17:26:11.0886 2272 mrxsmb10 - ok
17:26:11.0905 2272 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
17:26:11.0955 2272 mrxsmb20 - ok
17:26:11.0981 2272 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
17:26:12.0002 2272 msahci - ok
17:26:12.0034 2272 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
17:26:12.0064 2272 msdsm - ok
17:26:12.0100 2272 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
17:26:12.0128 2272 MSDTC - ok
17:26:12.0151 2272 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
17:26:12.0194 2272 Msfs - ok
17:26:12.0206 2272 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
17:26:12.0248 2272 mshidkmdf - ok
17:26:12.0266 2272 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
17:26:12.0285 2272 msisadrv - ok
17:26:12.0337 2272 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
17:26:12.0382 2272 MSiSCSI - ok
17:26:12.0386 2272 msiserver - ok
17:26:12.0407 2272 [ C121367D21599367F2ADB9C11B7BABAA ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:26:12.0422 2272 MSK80Service - ok
17:26:12.0447 2272 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
17:26:12.0517 2272 MSKSSRV - ok
17:26:12.0541 2272 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
17:26:12.0590 2272 MSPCLOCK - ok
17:26:12.0605 2272 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
17:26:12.0666 2272 MSPQM - ok
17:26:12.0701 2272 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
17:26:12.0727 2272 MsRPC - ok
17:26:12.0747 2272 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
17:26:12.0765 2272 mssmbios - ok
17:26:12.0768 2272 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
17:26:12.0830 2272 MSTEE - ok
17:26:12.0848 2272 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
17:26:12.0880 2272 MTConfig - ok
17:26:12.0903 2272 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
17:26:12.0922 2272 Mup - ok
17:26:12.0978 2272 mysql - ok
17:26:13.0029 2272 [ 6ED8935257672F4CD04A88A0F3DE093D ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
17:26:13.0055 2272 MyWiFiDHCPDNS - ok
17:26:13.0084 2272 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
17:26:13.0154 2272 napagent - ok
17:26:13.0201 2272 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
17:26:13.0256 2272 NativeWifiP - ok
17:26:13.0324 2272 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
17:26:13.0357 2272 NDIS - ok
17:26:13.0385 2272 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
17:26:13.0429 2272 NdisCap - ok
17:26:13.0461 2272 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
17:26:13.0505 2272 NdisTapi - ok
17:26:13.0535 2272 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
17:26:13.0594 2272 Ndisuio - ok
17:26:13.0609 2272 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
17:26:13.0669 2272 NdisWan - ok
17:26:13.0692 2272 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
17:26:13.0751 2272 NDProxy - ok
17:26:13.0820 2272 [ 54315426DC99D7A42AD498121397FDE5 ] NEOFLTR_719_20893 C:\windows\system32\Drivers\NEOFLTR_719_20893.SYS
17:26:13.0840 2272 NEOFLTR_719_20893 - ok
17:26:13.0866 2272 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
17:26:13.0929 2272 NetBIOS - ok
17:26:13.0953 2272 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
17:26:14.0022 2272 NetBT - ok
17:26:14.0049 2272 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
17:26:14.0062 2272 Netlogon - ok
17:26:14.0090 2272 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
17:26:14.0154 2272 Netman - ok
17:26:14.0184 2272 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:26:14.0233 2272 NetMsmqActivator - ok
17:26:14.0237 2272 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:26:14.0249 2272 NetPipeActivator - ok
17:26:14.0283 2272 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
17:26:14.0336 2272 netprofm - ok
17:26:14.0340 2272 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:26:14.0354 2272 NetTcpActivator - ok
17:26:14.0359 2272 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:26:14.0371 2272 NetTcpPortSharing - ok
17:26:14.0562 2272 [ 5D262402B0634C998F8CBCEAD7DD8676 ] NETwNs64 C:\windows\system32\DRIVERS\NETwNs64.sys
17:26:14.0709 2272 NETwNs64 - ok
17:26:14.0736 2272 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
17:26:14.0755 2272 nfrd960 - ok
17:26:14.0803 2272 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
17:26:14.0861 2272 NlaSvc - ok
17:26:14.0970 2272 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
17:26:15.0144 2272 NOBU - ok
17:26:15.0156 2272 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
17:26:15.0203 2272 Npfs - ok
17:26:15.0219 2272 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
17:26:15.0285 2272 nsi - ok
17:26:15.0316 2272 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
17:26:15.0369 2272 nsiproxy - ok
17:26:15.0446 2272 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
17:26:15.0546 2272 Ntfs - ok
17:26:15.0559 2272 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
17:26:15.0603 2272 Null - ok
17:26:15.0639 2272 [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub C:\windows\system32\DRIVERS\nusb3hub.sys
17:26:15.0676 2272 nusb3hub - ok
17:26:15.0693 2272 [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc C:\windows\system32\DRIVERS\nusb3xhc.sys
17:26:15.0754 2272 nusb3xhc - ok
17:26:15.0802 2272 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
17:26:15.0825 2272 nvraid - ok
17:26:15.0856 2272 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
17:26:15.0880 2272 nvstor - ok
17:26:15.0917 2272 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
17:26:15.0939 2272 nv_agp - ok
17:26:15.0954 2272 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
17:26:15.0975 2272 ohci1394 - ok
17:26:16.0013 2272 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:26:16.0038 2272 ose - ok
17:26:16.0174 2272 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:26:16.0407 2272 osppsvc - ok
17:26:16.0436 2272 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
17:26:16.0466 2272 p2pimsvc - ok
17:26:16.0499 2272 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
17:26:16.0526 2272 p2psvc - ok
17:26:16.0593 2272 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
17:26:16.0640 2272 Parport - ok
17:26:16.0678 2272 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
17:26:16.0699 2272 partmgr - ok
17:26:16.0717 2272 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
17:26:16.0746 2272 PcaSvc - ok
17:26:16.0842 2272 [ 4B5F5774FF1C577B9515FDD2B5C535C5 ] PCDSRVC{1E208CE0-FB7451FF-06020200}_0 c:\program files\dell support center\pcdsrvc_x64.pkms
17:26:17.0073 2272 PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - ok
17:26:17.0110 2272 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
17:26:17.0133 2272 pci - ok
17:26:17.0145 2272 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
17:26:17.0163 2272 pciide - ok
17:26:17.0188 2272 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
17:26:17.0212 2272 pcmcia - ok
17:26:17.0229 2272 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
17:26:17.0249 2272 pcw - ok
17:26:17.0271 2272 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
17:26:17.0324 2272 PEAUTH - ok
17:26:17.0423 2272 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
17:26:17.0459 2272 PerfHost - ok
17:26:17.0523 2272 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
17:26:17.0596 2272 pla - ok
17:26:17.0634 2272 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
17:26:17.0673 2272 PlugPlay - ok
17:26:17.0677 2272 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
17:26:17.0701 2272 PNRPAutoReg - ok
17:26:17.0724 2272 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
17:26:17.0742 2272 PNRPsvc - ok
17:26:17.0773 2272 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
17:26:17.0844 2272 PolicyAgent - ok
17:26:17.0876 2272 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
17:26:17.0918 2272 Power - ok
17:26:17.0966 2272 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
17:26:18.0009 2272 PptpMiniport - ok
17:26:18.0036 2272 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
17:26:18.0078 2272 Processor - ok
17:26:18.0131 2272 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
17:26:18.0162 2272 ProfSvc - ok
17:26:18.0182 2272 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
17:26:18.0195 2272 ProtectedStorage - ok
17:26:18.0225 2272 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
17:26:18.0263 2272 Psched - ok
17:26:18.0303 2272 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys
17:26:18.0323 2272 PxHlpa64 - ok
17:26:18.0381 2272 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
17:26:18.0444 2272 ql2300 - ok
17:26:18.0450 2272 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
17:26:18.0471 2272 ql40xx - ok
17:26:18.0499 2272 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
17:26:18.0528 2272 QWAVE - ok
17:26:18.0557 2272 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
17:26:18.0582 2272 QWAVEdrv - ok
17:26:18.0601 2272 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
17:26:18.0669 2272 RasAcd - ok
17:26:18.0708 2272 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
17:26:18.0764 2272 RasAgileVpn - ok
17:26:18.0790 2272 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
17:26:18.0834 2272 RasAuto - ok
17:26:18.0845 2272 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
17:26:18.0889 2272 Rasl2tp - ok
17:26:18.0909 2272 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
17:26:18.0971 2272 RasMan - ok
17:26:18.0987 2272 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
17:26:19.0042 2272 RasPppoe - ok
17:26:19.0072 2272 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
17:26:19.0139 2272 RasSstp - ok
17:26:19.0172 2272 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
17:26:19.0228 2272 rdbss - ok
17:26:19.0243 2272 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
17:26:19.0289 2272 rdpbus - ok
17:26:19.0311 2272 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
17:26:19.0370 2272 RDPCDD - ok
17:26:19.0409 2272 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
17:26:19.0471 2272 RDPENCDD - ok
17:26:19.0493 2272 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
17:26:19.0558 2272 RDPREFMP - ok
17:26:19.0604 2272 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
17:26:19.0647 2272 RDPWD - ok
17:26:19.0681 2272 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
17:26:19.0706 2272 rdyboost - ok
17:26:19.0804 2272 [ 189C5A8D2098E0AA14FD157A954B34FC ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
17:26:19.0831 2272 RegSrvc - ok
17:26:19.0862 2272 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
17:26:19.0930 2272 RemoteAccess - ok
17:26:19.0973 2272 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
17:26:20.0041 2272 RemoteRegistry - ok
17:26:20.0089 2272 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
17:26:20.0108 2272 RFCOMM - ok
17:26:20.0214 2272 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
17:26:20.0310 2272 RoxMediaDB12OEM - ok
17:26:20.0349 2272 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
17:26:20.0384 2272 RoxWatch12 - ok
17:26:20.0415 2272 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
17:26:20.0476 2272 RpcEptMapper - ok
17:26:20.0513 2272 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
17:26:20.0556 2272 RpcLocator - ok
17:26:20.0590 2272 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
17:26:20.0633 2272 RpcSs - ok
17:26:20.0676 2272 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
17:26:20.0719 2272 rspndr - ok
17:26:20.0769 2272 [ BE29B0A3AC1E8BD02FFAB8CEE86BADFA ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
17:26:20.0794 2272 RSUSBSTOR - ok
17:26:20.0843 2272 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
17:26:20.0873 2272 RTL8167 - ok
17:26:20.0881 2272 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
17:26:20.0895 2272 SamSs - ok
17:26:20.0917 2272 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
17:26:20.0937 2272 sbp2port - ok
17:26:20.0959 2272 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
17:26:21.0025 2272 SCardSvr - ok
17:26:21.0048 2272 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
17:26:21.0112 2272 scfilter - ok
17:26:21.0156 2272 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
17:26:21.0262 2272 Schedule - ok
17:26:21.0291 2272 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
17:26:21.0328 2272 SCPolicySvc - ok
17:26:21.0344 2272 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
17:26:21.0379 2272 SDRSVC - ok
17:26:21.0418 2272 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
17:26:21.0461 2272 secdrv - ok
17:26:21.0477 2272 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
17:26:21.0518 2272 seclogon - ok
17:26:21.0537 2272 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
17:26:21.0599 2272 SENS - ok
17:26:21.0617 2272 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
17:26:21.0637 2272 SensrSvc - ok
17:26:21.0657 2272 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
17:26:21.0699 2272 Serenum - ok
17:26:21.0703 2272 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
17:26:21.0724 2272 Serial - ok
17:26:21.0729 2272 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
17:26:21.0748 2272 sermouse - ok
17:26:21.0772 2272 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
17:26:21.0827 2272 SessionEnv - ok
17:26:21.0831 2272 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
17:26:21.0871 2272 sffdisk - ok
17:26:21.0875 2272 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
17:26:21.0897 2272 sffp_mmc - ok
17:26:21.0901 2272 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
17:26:21.0923 2272 sffp_sd - ok
17:26:21.0926 2272 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
17:26:21.0966 2272 sfloppy - ok
17:26:22.0028 2272 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
17:26:22.0074 2272 Sftfs - ok
17:26:22.0152 2272 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:26:22.0187 2272 sftlist - ok
17:26:22.0200 2272 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
17:26:22.0224 2272 Sftplay - ok
17:26:22.0233 2272 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
17:26:22.0250 2272 Sftredir - ok
17:26:22.0344 2272 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
17:26:22.0443 2272 SftService - ok
17:26:22.0465 2272 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
17:26:22.0482 2272 Sftvol - ok
17:26:22.0501 2272 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:26:22.0526 2272 sftvsa - ok
17:26:22.0566 2272 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
17:26:22.0617 2272 ShellHWDetection - ok
17:26:22.0640 2272 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
17:26:22.0659 2272 SiSRaid2 - ok
17:26:22.0673 2272 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
17:26:22.0694 2272 SiSRaid4 - ok
17:26:22.0798 2272 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:26:25.0276 2272 SkypeUpdate - ok
17:26:25.0287 2272 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
17:26:25.0333 2272 Smb - ok
17:26:25.0360 2272 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
17:26:25.0411 2272 SNMPTRAP - ok
17:26:25.0452 2272 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
17:26:25.0470 2272 spldr - ok
17:26:25.0524 2272 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
17:26:25.0572 2272 Spooler - ok
17:26:25.0655 2272 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
17:26:25.0746 2272 sppsvc - ok
17:26:25.0771 2272 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
17:26:25.0826 2272 sppuinotify - ok
17:26:25.0857 2272 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
17:26:25.0909 2272 srv - ok
17:26:25.0938 2272 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
17:26:25.0986 2272 srv2 - ok
17:26:26.0016 2272 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
17:26:26.0039 2272 srvnet - ok
17:26:26.0057 2272 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
17:26:26.0104 2272 SSDPSRV - ok
17:26:26.0119 2272 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
17:26:26.0162 2272 SstpSvc - ok
17:26:26.0219 2272 [ 7037A7C9BB623BB89662B88C7B0FD883 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
17:26:26.0265 2272 STacSV - ok
17:26:26.0293 2272 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
17:26:26.0312 2272 stexstor - ok
17:26:26.0364 2272 [ 97889D74D9399A2B45108081AF7F720C ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys
17:26:26.0414 2272 STHDA - ok
17:26:26.0459 2272 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
17:26:26.0519 2272 stisvc - ok
17:26:26.0569 2272 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
17:26:26.0594 2272 stllssvr - ok
17:26:26.0615 2272 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
17:26:26.0633 2272 swenum - ok
17:26:26.0671 2272 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
17:26:26.0724 2272 swprv - ok
17:26:26.0766 2272 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
17:26:26.0905 2272 SysMain - ok
17:26:26.0921 2272 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
17:26:26.0961 2272 TabletInputService - ok
17:26:26.0987 2272 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
17:26:27.0048 2272 TapiSrv - ok
17:26:27.0104 2272 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
17:26:27.0145 2272 TBS - ok
17:26:27.0239 2272 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\windows\system32\drivers\tcpip.sys
17:26:27.0362 2272 Tcpip - ok
17:26:27.0397 2272 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
17:26:27.0437 2272 TCPIP6 - ok
17:26:27.0476 2272 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
17:26:27.0495 2272 tcpipreg - ok
17:26:27.0533 2272 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
17:26:27.0554 2272 TDPIPE - ok
17:26:27.0597 2272 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
17:26:27.0635 2272 TDTCP - ok
17:26:27.0656 2272 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
17:26:27.0710 2272 tdx - ok
17:26:27.0727 2272 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
17:26:27.0744 2272 TermDD - ok
17:26:27.0779 2272 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
17:26:27.0854 2272 TermService - ok
17:26:27.0876 2272 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
17:26:27.0900 2272 Themes - ok
17:26:27.0913 2272 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
17:26:27.0954 2272 THREADORDER - ok
17:26:27.0971 2272 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
17:26:28.0029 2272 TrkWks - ok
17:26:28.0093 2272 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
17:26:28.0147 2272 TrustedInstaller - ok
17:26:28.0161 2272 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
17:26:28.0204 2272 tssecsrv - ok
17:26:28.0228 2272 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
17:26:28.0264 2272 TsUsbFlt - ok
17:26:28.0298 2272 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
17:26:28.0318 2272 TsUsbGD - ok
17:26:28.0360 2272 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
17:26:28.0427 2272 tunnel - ok
17:26:28.0463 2272 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
17:26:28.0483 2272 uagp35 - ok
17:26:28.0499 2272 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
17:26:28.0574 2272 udfs - ok
17:26:28.0621 2272 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
17:26:28.0661 2272 UI0Detect - ok
17:26:28.0689 2272 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
17:26:28.0710 2272 uliagpkx - ok
17:26:28.0724 2272 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
17:26:28.0761 2272 umbus - ok
17:26:28.0788 2272 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
17:26:28.0835 2272 UmPass - ok
17:26:28.0950 2272 [ EB79C6C91A99930015EF29AE7FA802D1 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:26:29.0104 2272 UNS - ok
17:26:29.0131 2272 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
17:26:29.0200 2272 upnphost - ok
17:26:29.0231 2272 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
17:26:29.0253 2272 usbccgp - ok
17:26:29.0281 2272 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
17:26:29.0320 2272 usbcir - ok
17:26:29.0358 2272 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
17:26:29.0378 2272 usbehci - ok
17:26:29.0418 2272 [ 8B892002D7B79312821169A14317AB86 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
17:26:29.0443 2272 usbhub - ok
17:26:29.0484 2272 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
17:26:29.0523 2272 usbohci - ok
17:26:29.0537 2272 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys
17:26:29.0587 2272 usbprint - ok
17:26:29.0632 2272 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
17:26:29.0649 2272 USBSTOR - ok
17:26:29.0661 2272 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
17:26:29.0698 2272 usbuhci - ok
17:26:29.0729 2272 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
17:26:29.0778 2272 usbvideo - ok
17:26:29.0810 2272 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
17:26:29.0872 2272 UxSms - ok
17:26:29.0892 2272 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
17:26:29.0906 2272 VaultSvc - ok
17:26:29.0940 2272 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
17:26:29.0959 2272 vdrvroot - ok
17:26:29.0983 2272 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
17:26:30.0047 2272 vds - ok
17:26:30.0071 2272 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
17:26:30.0095 2272 vga - ok
17:26:30.0112 2272 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
17:26:30.0180 2272 VgaSave - ok
17:26:30.0207 2272 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
17:26:30.0231 2272 vhdmp - ok
17:26:30.0236 2272 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
17:26:30.0254 2272 viaide - ok
17:26:30.0270 2272 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
17:26:30.0290 2272 volmgr - ok
17:26:30.0309 2272 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
17:26:30.0337 2272 volmgrx - ok
17:26:30.0361 2272 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
17:26:30.0392 2272 volsnap - ok
17:26:30.0412 2272 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
17:26:30.0435 2272 vsmraid - ok
17:26:30.0477 2272 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
17:26:30.0632 2272 VSS - ok
17:26:30.0648 2272 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
17:26:30.0702 2272 vwifibus - ok
17:26:30.0731 2272 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:

 

[Fiery]

Now I can boot normally however still the camera starts after restart and my wifi/internet is not working. Could you please give some input for same.

Ok.

Download OTL by Old Timer from here and save it to your Desktop.

• Double click on OTL.exe to run it.
• Click the Scan All Users checkbox.
• Check the boxes beside LOP Check and Purity Check
• Click on Quick Scan at the top left hand corner.
• When done, two Notepad files will open.
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
• Please post the contents of these 2 Notepad files in your next reply.

 

[ashash]

Hi,

Thanks for your kind help. Please find attched OTL.txt and Extras.txt file.
[attachment=4220]
[attachment=4219]
Suggest me the next steps to completely removing viruses.

 

[Fiery]

Hi,

Go to Start > type Run in the search box and press Enter > Type msconfig in the popup and press Enter. Click the startup tab. Under the Startup Item column, find Dell Webcam Central and untick the box. Press Ok and your webcam should stop starting up.

Next, start OTL. Under custom scan/fixes, copy and paste the following:

:OTL
[2012/10/24 23:59:38 | 000,003,915 | ---- | M] () -- C:\Users\Sanchit\AppData\Roaming\Mozilla\Firefox\Profiles\chz2jzkr.default\searchplugins\sweetim.xml
[2011/11/21 22:14:51 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
IE - HKU\S-1-5-21-2092152589-3654524724-1465183675-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=100476&babsrc=SP_ss&mntrId=7c4e86d4000000000000bc7737a926d1
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.1.9
[2011/11/21 22:15:07 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Sanchit\AppData\Roaming\Mozilla\Firefox\Profiles\chz2jzkr.default\extensions\ffxtlbr@babylon.com
[2011/11/21 22:14:51 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011/11/21 22:14:39 | 000,000,000 | ---D | M] -- C:\Users\Sanchit\AppData\Roaming\Babylon
CHR - Extension: SweetIM for Facebook = C:\Users\Sanchit\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Sanchit\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)

:Files
C:\Program Files (x86)\SweetIM
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]
[RESETHOSTS]

Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool(For Vista or Windows 7, right-click and select Run as Administrator to start)
• Click delete
• Please post the content of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt

Download & SAVE to your Desktop RogueKiller or from here

• Quit all programs that you may have started.
• Please disconnect any USB or external drives from the computer before you run this scan!
• For Vista or Windows 7, right-click and select Run as Administrator to start
• Wait until Prescan has finished, then click on "Scan" button
• Wait until the Status box shows "Scan Finished"
• Click delete and wait until it saids deleting finished
• Click on "Report" and copy/paste the content of the Notepad into your next reply.
• The log should be found in RKreport[1].txt on your Desktop
  Exit/Close RogueKiller+

 

[ashash]

Hi,

Thanks.

Please find attached all the logs.

[attachment=4222]

[attachment=4221]
Also now there is a beep sound comes during the booting process which stops once thewindows started normally. Could you please helpme on this also.

OTL:
All processes killed
========== OTL ==========
File C:\Users\Sanchit\AppData\Roaming\Mozilla\Firefox\Profiles\chz2jzkr.default\searc​hplugins\sweetim.xml not found.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_USERS\S-1-5-21-2092152589-3654524724-1465183675-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine
Prefs.js: ffxtlbr@babylon.com:1.1.9 removed from extensions.enabledAddons
Folder C:\Users\Sanchit\AppData\Roaming\Mozilla\Firefox\Profiles\chz2jzkr.default\exten​sions\ffxtlbr@babylon.com\ not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml not found.
C:\Users\Sanchit\AppData\Roaming\Babylon folder moved successfully.
C:\Users\Sanchit\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0 folder moved successfully.
File C:\Users\Sanchit\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0 not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ not found.
File C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
File C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SweetIM not found.
File C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Sweetpacks Communicator not found.
File C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe not found.
========== FILES ==========
File\Folder C:\Program Files (x86)\SweetIM not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Sandeep\cmd.bat deleted successfully.
C:\Sandeep\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Sanchit
->Temp folder emptied: 221985819 bytes
->Temporary Internet Files folder emptied: 670944742 bytes
->Java cache emptied: 8948449 bytes
->FireFox cache emptied: 39794178 bytes
->Google Chrome cache emptied: 42278336 bytes
->Flash cache emptied: 33347 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 380090256 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 211941365 bytes

Total Files Cleaned = 1,503.00 mb

C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 04202013_224837

Files\Folders moved on Reboot...
C:\Users\Sanchit\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Sanchit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PNU6ACO1\0[5].htm moved successfully.
C:\Users\Sanchit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PNU6ACO1\bannerCAQOAP00.htm moved successfully.
C:\Users\Sanchit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PNU6ACO1\csc-render[1].htm moved successfully.
C:\Users\Sanchit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PNU6ACO1\ext-render-secure[2].htm moved successfully.
C:\Users\Sanchit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PNU6ACO1\launch[1].htm moved successfully.
C:\Users\Sanchit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MKOQW13X\0[8].htm moved successfully.
C:\Users\Sanchit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MKOQW13X\ad[2].htm moved successfully.
C:\Users\Sanchit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MKOQW13X\fc[2].htm moved successfully.
C:\Users\Sanchit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MKOQW13X\p[2].gif moved successfully.
C:\Users\Sanchit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MKOQW13X\stCACIMNIH moved successfully.
C:\Users\Sanchit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MKOQW13X\stCAE1GL1B moved successfully.
C:\Users\Sanchit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MKOQW13X\tictacSecureXDM[1].htm moved successfully.
C:\Users\Sanchit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MKOQW13X\xcomm[1].htm moved successfully.
C:\Users\Sanchit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWV6FP42\fastbutton[1].htm moved successfully.
C:\Users\Sanchit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\331LOK08\0[5].htm moved successfully.
C:\Users\Sanchit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\331LOK08\banner[5].htm moved successfully.
C:\Users\Sanchit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\331LOK08\tweet_button.1366232305[1].htm moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

[Fiery]

Also now there is a beep sound comes during the booting process which stops once thewindows started normally.

Does the beep sound only occur once during startup or it's continuous?

Also, is your internet still not working? If so,

Please download Complete Internet Repair from here and transfer it to your PC. Make sure you are not running the program from the USB

• Unzip all the files to the desktop
• Double click the Complete Internet Repair folder with the unzipped files on your desktop
• Double click on CIntRep.exe
• Place a checkmark next to the following entries:
  • 
    Reset Internet Protocol (TCP/IP)
    Repair Winsock (Reset Catalog)
    Renew Internet Connections
    Flush DNS Resolver Cache
    Repair Internet Explorer 6.0.2900
    Clear Windows Update History
    Repair Windows / Automatic Updates
    Repair SSL / HTTPS / Cryptography
    Reset Windows Firewall Configuration
    Restore the default hosts file
    Repair Workgroup Computers view
• Click Go!
• Select file to get the log once the program has finished
• Click OK to reboot your computer
• Check your internet access

 

[ashash]

Hi,

Beep sound is continuous. Initially volume is high later it lows down after starting of windows.

 

[Fiery]

Who is the manufacturer of your PC? Also is this a desktop or laptop?

Depending on your BIOS, the beep sound can mean different things. Go here and let me know which situation resembles your case. To see the BIOS software, Go here: http://www.wikihow.com/Check-BIOS-Version

After wards, go here and let me know which is your case: http://www.pchell.com/hardware/beepcodes.shtml