Solved Multiple instances of iexplore.exe running and multiplying

Mephistopheles

Posts: 9   +0
Hello

I've been noticing multiple instances of iexplore.exe running without me actually using Internet Explorer. They keep increasing with time. Also, sometimes when I click on a link, some other random website opens instead of the intended link. I've observed this on Firefox.

My logs:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.09.14

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Shivam :: SHIVAM-PC [administrator]

09/07/2012 6:52:57 PM
mbam-log-2012-07-09 (18-52-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211939
Time elapsed: 3 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-09 19:18:24
Windows 6.1.7601 Service Pack 1
Running: tpk8cyus.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\d0df9ab0ec64
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\d0df9ab0ec64 (not active ControlSet)

---- EOF - GMER 1.0.15 ----


>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by Shivam at 19:29:24 on 2012-07-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8140.5382 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\AlienRespawn\sftservice.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AlienRespawn\TOASTER.EXE
C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://AlienwareArena.com
uDefault_Page_URL = hxxp://AlienwareArena.com
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [WinRAR SFX] RUNDLL32.EXE "C:\Users\Shivam\AppData\Local\WinRAR SFX\wjwgphgl.dll",AtiQueryMgpuCount
uRun: [AdobeUpdater6] "C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{C2984D33-2047-4F24-8271-9FC9AAA4D130} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{C2984D33-2047-4F24-8271-9FC9AAA4D130}\5436374716479636D41676E6F6C69616D27657563747 : DhcpNameServer = 64.71.255.198
TCP: Interfaces\{C2984D33-2047-4F24-8271-9FC9AAA4D130}\84F6D656E4564734 : DhcpNameServer = 192.168.10.1
TCP: Interfaces\{EACBEF26-2F25-417B-8C1D-2F4E95C2F98E} : DhcpNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO-X64: uTorrentControl2 - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [(Default)]
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Shivam\AppData\Roaming\Mozilla\Firefox\Profiles\s6u7p11m.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\Shivam\AppData\Roaming\Mozilla\Firefox\Profiles\s6u7p11m.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;C:\WINDOWS\System32\drivers\EMSC.sys [2009-6-26 13680]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-9-7 89600]
R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-11-10 15296]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-7 13336]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\AlienRespawn\SftService.exe [2011-9-7 1692480]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-4 250056]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-4 113120]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-09 23:18:46 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{67AEAA78-594A-4681-9792-68A687B97B26}\mpengine.dll
2012-07-09 22:52:14 -------- d-----w- C:\Users\Shivam\AppData\Roaming\Malwarebytes
2012-07-09 22:51:55 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-09 22:51:52 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-09 22:51:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-09 22:37:37 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-08 15:28:29 9013136 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-04 15:14:34 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-07-04 15:14:34 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FB1EBC30-8BFE-41C2-8681-2057268DE6F2}\gapaengine.dll
2012-06-22 21:54:15 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-22 21:54:05 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-22 21:53:55 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-22 21:53:55 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-21 18:18:13 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BA312120-DBF2-4C72-9BFE-0C6DEAF0ACFB}\gapaengine.dll
2012-06-21 18:15:42 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-06-21 18:15:33 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-06-19 18:08:33 -------- d-----w- C:\DCIM
2012-06-19 18:08:22 -------- d-----w- C:\New folder
2012-06-14 12:38:10 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-06-14 12:38:10 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-06-13 14:41:32 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-13 14:41:31 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-13 14:41:31 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-13 14:41:09 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-13 14:41:06 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-13 14:41:05 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-13 14:41:04 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-13 14:41:01 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-13 14:40:57 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-13 14:40:55 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-13 14:40:54 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-13 14:40:43 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-13 14:40:42 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-13 14:40:42 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-13 14:40:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-13 14:40:41 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-13 14:40:41 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-12 17:23:12 -------- d-----w- C:\Dell
2012-06-11 19:22:20 -------- d-----w- C:\Music
.
==================== Find3M ====================
.
2012-06-24 13:54:12 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-24 13:54:11 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-04 22:29:34 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-04 22:29:34 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-04 21:30:00 955848 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-05-04 21:30:00 839112 ----a-w- C:\Windows\System32\deployJava1.dll
.
============= FINISH: 19:30:10.78 ===============

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 04/05/2012 6:15:36 PM
System Uptime: 01/07/2012 7:20:01 PM (192 hours ago)
.
Motherboard: Alienware | | M17xR3
Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz | CPU1 | 780/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 89.45 GiB free.
D: is FIXED (NTFS) - 39 GiB total, 1.661 GiB free.
E: is FIXED (NTFS) - 10 GiB total, 0.22 GiB free.
F: is FIXED (NTFS) - 88 GiB total, 2.592 GiB free.
G: is FIXED (NTFS) - 161 GiB total, 3.028 GiB free.
H: is CDROM ()
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP21: 21/06/2012 2:17:15 PM - Windows Update
RP22: 22/06/2012 5:53:31 PM - Windows Update
RP23: 23/06/2012 12:02:51 PM - Windows Update
RP24: 27/06/2012 10:29:24 PM - Windows Update
RP25: 01/07/2012 7:33:50 PM - Windows Update
RP26: 06/07/2012 10:46:47 AM - Windows Update
RP27: 09/07/2012 6:42:27 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.1.2
Advanced Audio FX Engine
AlienRespawn
AlienRespawn - Support Software
Alienware M17x Manual
Alienware On-Screen Display
µTorrent
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
Command Center
DirectX 9 Runtime
Dota 2
EMSC
ESET Online Scanner v3
IDT Audio
Integrated Webcam Live! Central
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 32
K-Lite Codec Pack 8.7.0 (Full)
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PhotoShowExpress
PowerXpressHybrid
PX Profile Update
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype™ 5.9
Sonic CinePlayer Decoder Pack
Steam
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
uTorrentControl2 Toolbar
VLC media player 2.0.1
.
==== Event Viewer Messages From Past Week ========
.
09/07/2012 6:46:14 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.129.1102.0).
03/07/2012 1:20:59 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.2.23. The computer with the IP address 192.168.2.2 did not allow the name to be claimed by this computer.
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===========================================

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=======================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Thanks for the swift reply. The first time I ran aswMBR I got a BSOD. Here are the details of it:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 4105

Additional information about the problem:
BCCode: 109
BCP1: A3A039D8A4E3E70A
BCP2: B3B7465EF76223C8
BCP3: FFFFF880033706C0
BCP4: 0000000000000002
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

Files that help describe the problem:
C:\WINDOWS\Minidump\070912-17846-01.dmp
C:\Users\Shivam\AppData\Local\Temp\WER-43321-0.sysdata.xml

Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Logs:

RogueKiller V7.6.3 [07/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Shivam [Admin rights]
Mode: Scan -- Date: 07/09/2012 20:29:25

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 9 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : WinRAR SFX (RUNDLL32.EXE "C:\Users\Shivam\AppData\Local\WinRAR SFX\wjwgphgl.dll",AtiQueryMgpuCount) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-2656897177-3677736646-1579547197-1000[...]\Run : WinRAR SFX (RUNDLL32.EXE "C:\Users\Shivam\AppData\Local\WinRAR SFX\wjwgphgl.dll",AtiQueryMgpuCount) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[SUSP PATH] [ON_D:]HKLM\Software[...]\Run : xvepigfm (C:\Documents and Settings\Compaq\Local Settings\Application Data\uveruajfq\lgpxdpatssd.exe) -> FOUND
[SUSP PATH] [ON_D:]HKLM\Software[...]\Run : oyhbbedx (C:\Documents and Settings\Compaq\Local Settings\Application Data\qwurujjns\lwrksvftssd.exe) -> FOUND
[SUSP PATH] [ON_D:Compaq]HKCU[...]\Run : xvepigfm (C:\Documents and Settings\Compaq\Local Settings\Application Data\uveruajfq\lgpxdpatssd.exe) -> FOUND
[SUSP PATH] [ON_D:Compaq]HKCU[...]\Run : oyhbbedx (C:\Documents and Settings\Compaq\Local Settings\Application Data\qwurujjns\lwrksvftssd.exe) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

+++++ PhysicalDrive0: ST320LT007-9ZV142 +++++
--- User ---
[MBR] c677a5260538eb45eff0ac0b73910d1b
[BSP] 60cb20245e9cce53bcff3b7146c827e1 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 10468 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 21520384 | Size: 294736 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD3200BEKT-00F3T0 +++++
--- User ---
[MBR] 18f837238baacf3cd33f1793b9a53664
[BSP] db7da14d8b2baec21644e94ac803d24d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 39997 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 81915435 | Size: 265245 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: SD Card +++++
--- User ---
[MBR] 2dd27a2bd9b0b305e974b4defc45b985
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8192 | Size: 15189 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-09 20:44:49
-----------------------------
20:44:49.813 OS Version: Windows x64 6.1.7601 Service Pack 1
20:44:49.813 Number of processors: 8 586 0x2A07
20:44:49.813 ComputerName: SHIVAM-PC UserName: Shivam
20:44:51.003 Initialize success
20:45:05.567 AVAST engine defs: 12070901
20:47:04.096 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:47:04.106 Disk 0 Vendor: ST320LT0 0003 Size: 305245MB BusType: 8
20:47:04.116 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
20:47:04.116 Disk 1 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 8
20:47:04.146 Disk 0 MBR read successfully
20:47:04.146 Disk 0 MBR scan
20:47:04.166 Disk 0 Windows 7 default MBR code
20:47:04.166 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
20:47:04.206 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10468 MB offset 81920
20:47:04.286 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 294736 MB offset 21520384
20:47:04.426 Disk 0 scanning C:\Windows\system32\drivers
20:47:24.878 Service scanning
20:48:16.992 Modules scanning
20:48:17.002 Disk 0 trace - called modules:
20:48:17.042 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
20:48:17.052 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009c6d790]
20:48:17.062 3 CLASSPNP.SYS[fffff88001dc543f] -> nt!IofCallDriver -> [0xfffffa8009b81cb0]
20:48:17.082 5 stdcfltn.sys[fffff88001d05c52] -> nt!IofCallDriver -> [0xfffffa8007d93470]
20:48:17.092 7 ACPI.sys[fffff88000f3c7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007de7050]
20:48:18.442 AVAST engine scan C:\Windows
20:48:21.152 AVAST engine scan C:\Windows\system32
20:55:06.515 AVAST engine scan C:\Windows\system32\drivers
20:55:28.395 AVAST engine scan C:\Users\Shivam
21:02:58.696 AVAST engine scan C:\ProgramData
21:03:31.660 Scan finished successfully
23:00:52.462 Disk 0 MBR has been saved successfully to "C:\Users\Shivam\Desktop\New folder\MBR.dat"
23:00:52.622 The log file has been saved successfully to "C:\Users\Shivam\Desktop\New folder\aswMBR.txt"
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
No threat was found:


10:34:00.0360 1140 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
10:34:00.0650 1140 ============================================================
10:34:00.0650 1140 Current date / time: 2012/07/10 10:34:00.0650
10:34:00.0650 1140 SystemInfo:
10:34:00.0650 1140
10:34:00.0650 1140 OS Version: 6.1.7601 ServicePack: 1.0
10:34:00.0650 1140 Product type: Workstation
10:34:00.0650 1140 ComputerName: SHIVAM-PC
10:34:00.0650 1140 UserName: Shivam
10:34:00.0650 1140 Windows directory: C:\Windows
10:34:00.0650 1140 System windows directory: C:\Windows
10:34:00.0650 1140 Running under WOW64
10:34:00.0650 1140 Processor architecture: Intel x64
10:34:00.0650 1140 Number of processors: 8
10:34:00.0650 1140 Page size: 0x1000
10:34:00.0650 1140 Boot type: Normal boot
10:34:00.0650 1140 ============================================================
10:34:02.0302 1140 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:34:02.0614 1140 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:34:02.0645 1140 Drive \Device\Harddisk2\DR2 - Size: 0x3B5980000 (14.84 Gb), SectorSize: 0x200, Cylinders: 0x790, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:34:02.0645 1140 ============================================================
10:34:02.0645 1140 \Device\Harddisk0\DR0:
10:34:02.0645 1140 MBR partitions:
10:34:02.0645 1140 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1472000
10:34:02.0645 1140 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1486000, BlocksNum 0x23FA8000
10:34:02.0645 1140 \Device\Harddisk1\DR1:
10:34:02.0645 1140 MBR partitions:
10:34:02.0645 1140 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E1EDEC
10:34:02.0661 1140 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x4E1EE6A, BlocksNum 0x1388AFC
10:34:02.0661 1140 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x61A79A5, BlocksNum 0xAFC6752
10:34:02.0676 1140 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x1116E136, BlocksNum 0x142BF58B
10:34:02.0676 1140 \Device\Harddisk2\DR2:
10:34:02.0676 1140 MBR partitions:
10:34:02.0676 1140 \Device\Harddisk2\DR2\Partition0: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x1DAAC00
10:34:02.0676 1140 ============================================================
10:34:02.0696 1140 C: <-> \Device\Harddisk0\DR0\Partition1
10:34:02.0716 1140 D: <-> \Device\Harddisk1\DR1\Partition0
10:34:02.0736 1140 E: <-> \Device\Harddisk1\DR1\Partition1
10:34:02.0766 1140 F: <-> \Device\Harddisk1\DR1\Partition2
10:34:02.0796 1140 G: <-> \Device\Harddisk1\DR1\Partition3
10:34:02.0796 1140 ============================================================
10:34:02.0796 1140 Initialize success
10:34:02.0796 1140 ============================================================
10:34:18.0948 5312 ============================================================
10:34:18.0948 5312 Scan started
10:34:18.0948 5312 Mode: Manual;
10:34:18.0948 5312 ============================================================
10:34:19.0447 5312 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:34:19.0463 5312 1394ohci - ok
10:34:19.0494 5312 Acceler (7a505465bbb1eb8b5ad4d76e8749383b) C:\Windows\system32\DRIVERS\Accelern.sys
10:34:19.0494 5312 Acceler - ok
10:34:19.0556 5312 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:34:19.0572 5312 ACPI - ok
10:34:19.0572 5312 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:34:19.0587 5312 AcpiPmi - ok
10:34:19.0712 5312 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:34:19.0728 5312 AdobeFlashPlayerUpdateSvc - ok
10:34:19.0790 5312 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
10:34:19.0806 5312 adp94xx - ok
10:34:19.0853 5312 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
10:34:19.0853 5312 adpahci - ok
10:34:19.0899 5312 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
10:34:19.0915 5312 adpu320 - ok
10:34:19.0977 5312 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:34:19.0977 5312 AeLookupSvc - ok
10:34:20.0055 5312 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
10:34:20.0055 5312 AESTFilters - ok
10:34:20.0133 5312 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:34:20.0149 5312 AFD - ok
10:34:20.0196 5312 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:34:20.0196 5312 agp440 - ok
10:34:20.0211 5312 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:34:20.0227 5312 ALG - ok
10:34:20.0274 5312 AlienFusionService (4cfc72ae6c0ed4a04cb6042ae94024a9) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
10:34:20.0274 5312 AlienFusionService - ok
10:34:20.0289 5312 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:34:20.0289 5312 aliide - ok
10:34:20.0321 5312 AMD External Events Utility (0a9eb584d4d4f1593ce74684fec4b76f) C:\Windows\system32\atiesrxx.exe
10:34:20.0336 5312 AMD External Events Utility - ok
10:34:20.0352 5312 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:34:20.0352 5312 amdide - ok
10:34:20.0367 5312 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
10:34:20.0367 5312 AmdK8 - ok
10:34:20.0882 5312 amdkmdag (47590d41920d68c5ec79370311446041) C:\Windows\system32\DRIVERS\atikmdag.sys
10:34:21.0116 5312 amdkmdag - ok
10:34:21.0288 5312 amdkmdap (06bc34448c9efd9a8e5bbba64c50249b) C:\Windows\system32\DRIVERS\atikmpag.sys
10:34:21.0319 5312 amdkmdap - ok
10:34:21.0350 5312 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
10:34:21.0350 5312 AmdPPM - ok
10:34:21.0381 5312 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:34:21.0381 5312 amdsata - ok
10:34:21.0397 5312 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
10:34:21.0413 5312 amdsbs - ok
10:34:21.0428 5312 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:34:21.0444 5312 amdxata - ok
10:34:21.0475 5312 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:34:21.0475 5312 AppID - ok
10:34:21.0506 5312 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:34:21.0506 5312 AppIDSvc - ok
10:34:21.0537 5312 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:34:21.0553 5312 Appinfo - ok
10:34:21.0569 5312 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
10:34:21.0569 5312 arc - ok
10:34:21.0584 5312 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
10:34:21.0584 5312 arcsas - ok
10:34:21.0693 5312 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:34:21.0693 5312 aspnet_state - ok
10:34:21.0709 5312 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:34:21.0709 5312 AsyncMac - ok
10:34:21.0725 5312 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:34:21.0725 5312 atapi - ok
10:34:21.0787 5312 AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\Windows\system32\drivers\AtihdW76.sys
10:34:21.0787 5312 AtiHDAudioService - ok
10:34:21.0881 5312 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:34:21.0912 5312 AudioEndpointBuilder - ok
10:34:21.0927 5312 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:34:21.0943 5312 AudioSrv - ok
10:34:21.0990 5312 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:34:21.0990 5312 AxInstSV - ok
10:34:22.0052 5312 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
10:34:22.0083 5312 b06bdrv - ok
10:34:22.0130 5312 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:34:22.0161 5312 b57nd60a - ok
10:34:22.0380 5312 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys
10:34:22.0473 5312 BCM43XX - ok
10:34:22.0614 5312 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:34:22.0614 5312 BDESVC - ok
10:34:22.0661 5312 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:34:22.0661 5312 Beep - ok
10:34:22.0739 5312 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
10:34:22.0770 5312 BFE - ok
10:34:22.0832 5312 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
10:34:22.0863 5312 BITS - ok
10:34:22.0910 5312 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:34:22.0910 5312 blbdrive - ok
10:34:22.0941 5312 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:34:22.0941 5312 bowser - ok
10:34:22.0973 5312 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
10:34:22.0973 5312 BrFiltLo - ok
10:34:22.0988 5312 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
10:34:22.0988 5312 BrFiltUp - ok
10:34:23.0019 5312 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
10:34:23.0019 5312 Browser - ok
10:34:23.0066 5312 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:34:23.0082 5312 Brserid - ok
10:34:23.0097 5312 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:34:23.0097 5312 BrSerWdm - ok
10:34:23.0113 5312 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:34:23.0113 5312 BrUsbMdm - ok
10:34:23.0129 5312 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:34:23.0129 5312 BrUsbSer - ok
10:34:23.0160 5312 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
10:34:23.0160 5312 BthEnum - ok
10:34:23.0191 5312 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
10:34:23.0191 5312 BTHMODEM - ok
10:34:23.0222 5312 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
10:34:23.0222 5312 BthPan - ok
10:34:23.0285 5312 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
10:34:23.0316 5312 BTHPORT - ok
10:34:23.0347 5312 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:34:23.0347 5312 bthserv - ok
10:34:23.0378 5312 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
10:34:23.0378 5312 BTHUSB - ok
10:34:23.0425 5312 btwampfl (7a2ce8c1bf4daa1f2766e21e9ca11078) C:\Windows\system32\drivers\btwampfl.sys
10:34:23.0441 5312 btwampfl - ok
10:34:23.0472 5312 btwavdt (d895dc213edbda5fcc53aad1f1e0e63b) C:\Windows\system32\drivers\btwavdt.sys
10:34:23.0487 5312 btwavdt - ok
10:34:23.0503 5312 btwrchid (6d7aa2bde0135599c5f230d69db3b420) C:\Windows\system32\drivers\btwrchid.sys
10:34:23.0503 5312 btwrchid - ok
10:34:23.0534 5312 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:34:23.0550 5312 cdfs - ok
10:34:23.0581 5312 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
10:34:23.0597 5312 cdrom - ok
10:34:23.0643 5312 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:34:23.0659 5312 CertPropSvc - ok
10:34:23.0675 5312 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
10:34:23.0675 5312 circlass - ok
10:34:23.0706 5312 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:34:23.0737 5312 CLFS - ok
10:34:23.0799 5312 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:34:23.0815 5312 clr_optimization_v2.0.50727_32 - ok
10:34:23.0862 5312 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:34:23.0862 5312 clr_optimization_v2.0.50727_64 - ok
10:34:23.0924 5312 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:34:23.0940 5312 clr_optimization_v4.0.30319_32 - ok
10:34:24.0002 5312 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:34:24.0002 5312 clr_optimization_v4.0.30319_64 - ok
10:34:24.0049 5312 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:34:24.0049 5312 CmBatt - ok
10:34:24.0080 5312 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:34:24.0080 5312 cmdide - ok
10:34:24.0143 5312 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
10:34:24.0174 5312 CNG - ok
10:34:24.0205 5312 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:34:24.0205 5312 Compbatt - ok
10:34:24.0236 5312 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
10:34:24.0236 5312 CompositeBus - ok
10:34:24.0236 5312 COMSysApp - ok
10:34:24.0252 5312 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
10:34:24.0267 5312 crcdisk - ok
10:34:24.0314 5312 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
10:34:24.0330 5312 CryptSvc - ok
10:34:24.0361 5312 CtClsFlt (bc3d4f90978cd7c8eabd1baf3bf7873a) C:\Windows\system32\DRIVERS\CtClsFlt.sys
10:34:24.0377 5312 CtClsFlt - ok
10:34:24.0439 5312 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:34:24.0470 5312 DcomLaunch - ok
10:34:24.0517 5312 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:34:24.0533 5312 defragsvc - ok
10:34:24.0548 5312 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:34:24.0564 5312 DfsC - ok
10:34:24.0611 5312 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:34:24.0626 5312 Dhcp - ok
10:34:24.0642 5312 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:34:24.0657 5312 discache - ok
10:34:24.0689 5312 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
10:34:24.0689 5312 Disk - ok
10:34:24.0735 5312 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
10:34:24.0751 5312 Dnscache - ok
10:34:24.0782 5312 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:34:24.0798 5312 dot3svc - ok
10:34:24.0829 5312 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:34:24.0829 5312 DPS - ok
10:34:24.0860 5312 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:34:24.0860 5312 drmkaud - ok
10:34:24.0954 5312 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:34:25.0001 5312 DXGKrnl - ok
10:34:25.0032 5312 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:34:25.0032 5312 EapHost - ok
10:34:25.0250 5312 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
10:34:25.0359 5312 ebdrv - ok
10:34:25.0453 5312 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
10:34:25.0453 5312 EFS - ok
10:34:25.0547 5312 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:34:25.0578 5312 ehRecvr - ok
10:34:25.0609 5312 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:34:25.0609 5312 ehSched - ok
10:34:25.0703 5312 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
10:34:25.0734 5312 elxstor - ok
10:34:25.0765 5312 EMSC (e47d9d7e6e53892fc97282482f4ae307) C:\Windows\system32\DRIVERS\EMSC.SYS
10:34:25.0765 5312 EMSC - ok
10:34:25.0781 5312 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:34:25.0781 5312 ErrDev - ok
10:34:25.0843 5312 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:34:25.0859 5312 EventSystem - ok
10:34:25.0905 5312 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:34:25.0921 5312 exfat - ok
10:34:25.0952 5312 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:34:25.0968 5312 fastfat - ok
10:34:26.0061 5312 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
10:34:26.0077 5312 Fax - ok
10:34:26.0093 5312 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
10:34:26.0093 5312 fdc - ok
10:34:26.0108 5312 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:34:26.0124 5312 fdPHost - ok
10:34:26.0139 5312 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:34:26.0139 5312 FDResPub - ok
10:34:26.0155 5312 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:34:26.0171 5312 FileInfo - ok
10:34:26.0186 5312 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:34:26.0186 5312 Filetrace - ok
10:34:26.0202 5312 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
10:34:26.0202 5312 flpydisk - ok
10:34:26.0249 5312 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:34:26.0264 5312 FltMgr - ok
10:34:26.0389 5312 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
10:34:26.0436 5312 FontCache - ok
10:34:26.0514 5312 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:34:26.0514 5312 FontCache3.0.0.0 - ok
10:34:26.0561 5312 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:34:26.0561 5312 FsDepends - ok
10:34:26.0592 5312 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
10:34:26.0592 5312 Fs_Rec - ok
10:34:26.0639 5312 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:34:26.0654 5312 fvevol - ok
10:34:26.0685 5312 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
10:34:26.0685 5312 gagp30kx - ok
10:34:26.0779 5312 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:34:26.0810 5312 gpsvc - ok
10:34:26.0826 5312 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:34:26.0826 5312 hcw85cir - ok
10:34:26.0888 5312 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:34:26.0904 5312 HdAudAddService - ok
10:34:26.0935 5312 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:34:26.0951 5312 HDAudBus - ok
10:34:26.0966 5312 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
10:34:26.0966 5312 HidBatt - ok
10:34:26.0997 5312 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
10:34:26.0997 5312 HidBth - ok
10:34:27.0013 5312 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
10:34:27.0013 5312 HidIr - ok
10:34:27.0029 5312 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
10:34:27.0029 5312 hidserv - ok
10:34:27.0060 5312 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:34:27.0060 5312 HidUsb - ok
10:34:27.0107 5312 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:34:27.0107 5312 hkmsvc - ok
10:34:27.0153 5312 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:34:27.0169 5312 HomeGroupListener - ok
10:34:27.0200 5312 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:34:27.0216 5312 HomeGroupProvider - ok
10:34:27.0247 5312 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:34:27.0247 5312 HpSAMD - ok
10:34:27.0309 5312 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:34:27.0341 5312 HTTP - ok
10:34:27.0356 5312 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:34:27.0356 5312 hwpolicy - ok
10:34:27.0387 5312 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
10:34:27.0403 5312 i8042prt - ok
10:34:27.0450 5312 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
10:34:27.0450 5312 iaStor - ok
10:34:27.0528 5312 IAStorDataMgrSvc (b25f192ea1f84a316eb7c19efcccf33d) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
10:34:27.0543 5312 IAStorDataMgrSvc - ok
10:34:27.0590 5312 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:34:27.0621 5312 iaStorV - ok
10:34:27.0684 5312 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
10:34:27.0684 5312 IDriverT - ok
10:34:27.0824 5312 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:34:27.0840 5312 idsvc - ok
10:34:27.0965 5312 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
10:34:27.0980 5312 iirsp - ok
10:34:28.0074 5312 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:34:28.0105 5312 IKEEXT - ok
10:34:28.0121 5312 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:34:28.0121 5312 intelide - ok
10:34:28.0854 5312 intelkmd (58e04d9412f8668863a391232035cbe8) C:\Windows\system32\DRIVERS\igdpmd64.sys
10:34:29.0135 5312 intelkmd - ok
10:34:29.0259 5312 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:34:29.0275 5312 intelppm - ok
10:34:29.0291 5312 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:34:29.0306 5312 IPBusEnum - ok
10:34:29.0322 5312 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:34:29.0322 5312 IpFilterDriver - ok
10:34:29.0384 5312 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
10:34:29.0400 5312 iphlpsvc - ok
10:34:29.0415 5312 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:34:29.0431 5312 IPMIDRV - ok
10:34:29.0447 5312 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:34:29.0447 5312 IPNAT - ok
10:34:29.0493 5312 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:34:29.0493 5312 IRENUM - ok
10:34:29.0509 5312 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:34:29.0509 5312 isapnp - ok
10:34:29.0556 5312 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:34:29.0571 5312 iScsiPrt - ok
10:34:29.0603 5312 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:34:29.0603 5312 kbdclass - ok
10:34:29.0634 5312 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
10:34:29.0634 5312 kbdhid - ok
10:34:29.0665 5312 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:34:29.0681 5312 KeyIso - ok
10:34:29.0696 5312 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
10:34:29.0712 5312 KSecDD - ok
10:34:29.0743 5312 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
10:34:29.0759 5312 KSecPkg - ok
10:34:29.0759 5312 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:34:29.0774 5312 ksthunk - ok
10:34:29.0837 5312 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:34:29.0852 5312 KtmRm - ok
10:34:29.0883 5312 L1C (ebed8b3ff4a823c1a6eebeed7b29353f) C:\Windows\system32\DRIVERS\L1C62x64.sys
10:34:29.0899 5312 L1C - ok
10:34:29.0930 5312 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
10:34:29.0946 5312 LanmanServer - ok
10:34:29.0993 5312 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:34:30.0008 5312 LanmanWorkstation - ok
10:34:30.0039 5312 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:34:30.0039 5312 lltdio - ok
10:34:30.0086 5312 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:34:30.0117 5312 lltdsvc - ok
10:34:30.0133 5312 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:34:30.0133 5312 lmhosts - ok
10:34:30.0195 5312 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
10:34:30.0195 5312 LSI_FC - ok
10:34:30.0211 5312 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
10:34:30.0227 5312 LSI_SAS - ok
10:34:30.0242 5312 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
10:34:30.0242 5312 LSI_SAS2 - ok
10:34:30.0273 5312 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
10:34:30.0273 5312 LSI_SCSI - ok
10:34:30.0289 5312 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:34:30.0305 5312 luafv - ok
10:34:30.0320 5312 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:34:30.0336 5312 Mcx2Svc - ok
10:34:30.0351 5312 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
10:34:30.0351 5312 megasas - ok
10:34:30.0398 5312 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
10:34:30.0414 5312 MegaSR - ok
10:34:30.0445 5312 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
10:34:30.0461 5312 MEIx64 - ok
10:34:30.0476 5312 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:34:30.0492 5312 MMCSS - ok
10:34:30.0507 5312 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:34:30.0507 5312 Modem - ok
10:34:30.0507 5312 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:34:30.0507 5312 monitor - ok
10:34:30.0539 5312 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:34:30.0539 5312 mouclass - ok
10:34:30.0570 5312 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:34:30.0570 5312 mouhid - ok
10:34:30.0601 5312 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:34:30.0617 5312 mountmgr - ok
10:34:30.0695 5312 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:34:30.0710 5312 MozillaMaintenance - ok
10:34:30.0773 5312 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
10:34:30.0788 5312 MpFilter - ok
10:34:30.0819 5312 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:34:30.0835 5312 mpio - ok
10:34:30.0866 5312 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:34:30.0866 5312 mpsdrv - ok
10:34:30.0960 5312 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
10:34:31.0007 5312 MpsSvc - ok
10:34:31.0022 5312 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:34:31.0022 5312 MRxDAV - ok
10:34:31.0053 5312 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:34:31.0069 5312 mrxsmb - ok
10:34:31.0131 5312 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:34:31.0147 5312 mrxsmb10 - ok
10:34:31.0163 5312 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:34:31.0178 5312 mrxsmb20 - ok
10:34:31.0209 5312 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:34:31.0209 5312 msahci - ok
10:34:31.0225 5312 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:34:31.0241 5312 msdsm - ok
10:34:31.0256 5312 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:34:31.0272 5312 MSDTC - ok
10:34:31.0303 5312 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:34:31.0303 5312 Msfs - ok
10:34:31.0319 5312 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:34:31.0319 5312 mshidkmdf - ok
10:34:31.0334 5312 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:34:31.0334 5312 msisadrv - ok
10:34:31.0381 5312 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:34:31.0397 5312 MSiSCSI - ok
10:34:31.0397 5312 msiserver - ok
10:34:31.0428 5312 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:34:31.0428 5312 MSKSSRV - ok
10:34:31.0506 5312 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
10:34:31.0506 5312 MsMpSvc - ok
10:34:31.0521 5312 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:34:31.0521 5312 MSPCLOCK - ok
10:34:31.0537 5312 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:34:31.0537 5312 MSPQM - ok
10:34:31.0568 5312 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:34:31.0584 5312 MsRPC - ok
10:34:31.0615 5312 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
10:34:31.0615 5312 mssmbios - ok
10:34:31.0631 5312 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:34:31.0631 5312 MSTEE - ok
10:34:31.0646 5312 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
10:34:31.0646 5312 MTConfig - ok
10:34:31.0677 5312 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:34:31.0677 5312 Mup - ok
10:34:31.0755 5312 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
10:34:31.0771 5312 napagent - ok
10:34:31.0833 5312 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:34:31.0849 5312 NativeWifiP - ok
10:34:31.0943 5312 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
10:34:31.0974 5312 NDIS - ok
10:34:31.0989 5312 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:34:31.0989 5312 NdisCap - ok
10:34:32.0036 5312 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:34:32.0036 5312 NdisTapi - ok
10:34:32.0052 5312 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:34:32.0067 5312 Ndisuio - ok
10:34:32.0099 5312 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:34:32.0114 5312 NdisWan - ok
10:34:32.0130 5312 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:34:32.0130 5312 NDProxy - ok
10:34:32.0161 5312 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:34:32.0161 5312 NetBIOS - ok
10:34:32.0192 5312 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:34:32.0208 5312 NetBT - ok
10:34:32.0255 5312 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:34:32.0255 5312 Netlogon - ok
10:34:32.0317 5312 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:34:32.0348 5312 Netman - ok
10:34:32.0426 5312 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:34:32.0426 5312 NetMsmqActivator - ok
10:34:32.0442 5312 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:34:32.0442 5312 NetPipeActivator - ok
10:34:32.0489 5312 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:34:32.0535 5312 netprofm - ok
10:34:32.0535 5312 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:34:32.0535 5312 NetTcpActivator - ok
10:34:32.0551 5312 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:34:32.0551 5312 NetTcpPortSharing - ok
10:34:32.0613 5312 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
10:34:32.0613 5312 nfrd960 - ok
10:34:32.0645 5312 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:34:32.0660 5312 NisDrv - ok
10:34:32.0723 5312 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
10:34:32.0738 5312 NisSrv - ok
10:34:32.0785 5312 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
10:34:32.0832 5312 NlaSvc - ok
10:34:32.0847 5312 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:34:32.0863 5312 Npfs - ok
10:34:32.0879 5312 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:34:32.0879 5312 nsi - ok
10:34:32.0894 5312 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:34:32.0910 5312 nsiproxy - ok
10:34:33.0050 5312 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:34:33.0097 5312 Ntfs - ok
10:34:33.0191 5312 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:34:33.0206 5312 Null - ok
10:34:33.0237 5312 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys
10:34:33.0253 5312 nusb3hub - ok
10:34:33.0284 5312 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys
10:34:33.0284 5312 nusb3xhc - ok
10:34:33.0331 5312 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:34:33.0347 5312 nvraid - ok
10:34:33.0362 5312 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:34:33.0378 5312 nvstor - ok
10:34:33.0409 5312 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:34:33.0409 5312 nv_agp - ok
10:34:33.0425 5312 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:34:33.0425 5312 ohci1394 - ok
10:34:33.0487 5312 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:34:33.0503 5312 p2pimsvc - ok
10:34:33.0549 5312 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:34:33.0565 5312 p2psvc - ok
10:34:33.0596 5312 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
10:34:33.0612 5312 Parport - ok
10:34:33.0643 5312 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
10:34:33.0643 5312 partmgr - ok
10:34:33.0674 5312 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:34:33.0690 5312 PcaSvc - ok
10:34:33.0721 5312 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:34:33.0737 5312 pci - ok
10:34:33.0737 5312 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:34:33.0752 5312 pciide - ok
10:34:33.0783 5312 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
10:34:33.0799 5312 pcmcia - ok
10:34:33.0830 5312 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:34:33.0830 5312 pcw - ok
10:34:33.0908 5312 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:34:33.0924 5312 PEAUTH - ok
10:34:34.0017 5312 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:34:34.0017 5312 PerfHost - ok
10:34:34.0205 5312 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
10:34:34.0251 5312 pla - ok
10:34:34.0407 5312 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
10:34:34.0423 5312 PlugPlay - ok
10:34:34.0439 5312 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:34:34.0454 5312 PNRPAutoReg - ok
10:34:34.0485 5312 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:34:34.0501 5312 PNRPsvc - ok
10:34:34.0563 5312 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
10:34:34.0579 5312 PolicyAgent - ok
10:34:34.0610 5312 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:34:34.0626 5312 Power - ok
10:34:34.0688 5312 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:34:34.0688 5312 PptpMiniport - ok
10:34:34.0719 5312 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
10:34:34.0719 5312 Processor - ok
10:34:34.0766 5312 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
10:34:34.0782 5312 ProfSvc - ok
10:34:34.0813 5312 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:34:34.0813 5312 ProtectedStorage - ok
10:34:34.0844 5312 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:34:34.0860 5312 Psched - ok
10:34:34.0907 5312 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
10:34:34.0907 5312 PxHlpa64 - ok
 
10:34:35.0047 5312 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
10:34:35.0078 5312 ql2300 - ok
10:34:35.0203 5312 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
10:34:35.0203 5312 ql40xx - ok
10:34:35.0250 5312 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:34:35.0265 5312 QWAVE - ok
10:34:35.0281 5312 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:34:35.0297 5312 QWAVEdrv - ok
10:34:35.0312 5312 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:34:35.0312 5312 RasAcd - ok
10:34:35.0359 5312 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:34:35.0359 5312 RasAgileVpn - ok
10:34:35.0375 5312 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:34:35.0390 5312 RasAuto - ok
10:34:35.0421 5312 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:34:35.0437 5312 Rasl2tp - ok
10:34:35.0484 5312 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:34:35.0499 5312 RasMan - ok
10:34:35.0531 5312 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:34:35.0546 5312 RasPppoe - ok
10:34:35.0562 5312 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:34:35.0577 5312 RasSstp - ok
10:34:35.0609 5312 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:34:35.0624 5312 rdbss - ok
10:34:35.0655 5312 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
10:34:35.0655 5312 rdpbus - ok
10:34:35.0671 5312 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:34:35.0671 5312 RDPCDD - ok
10:34:35.0687 5312 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:34:35.0687 5312 RDPENCDD - ok
10:34:35.0718 5312 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:34:35.0718 5312 RDPREFMP - ok
10:34:35.0765 5312 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
10:34:35.0780 5312 RDPWD - ok
10:34:35.0811 5312 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:34:35.0827 5312 rdyboost - ok
10:34:35.0874 5312 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:34:35.0874 5312 RemoteAccess - ok
10:34:35.0921 5312 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:34:35.0936 5312 RemoteRegistry - ok
10:34:35.0967 5312 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
10:34:35.0983 5312 RFCOMM - ok
10:34:36.0170 5312 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
10:34:36.0217 5312 RoxMediaDB12OEM - ok
10:34:36.0248 5312 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
10:34:36.0264 5312 RoxWatch12 - ok
10:34:36.0389 5312 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:34:36.0389 5312 RpcEptMapper - ok
10:34:36.0420 5312 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:34:36.0435 5312 RpcLocator - ok
10:34:36.0482 5312 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:34:36.0498 5312 RpcSs - ok
10:34:36.0576 5312 RSPCIESTOR (85b325723f67ef80927326fd7eb1cc10) C:\Windows\system32\DRIVERS\RtsPStor.sys
10:34:36.0607 5312 RSPCIESTOR - ok
10:34:36.0654 5312 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:34:36.0669 5312 rspndr - ok
10:34:36.0685 5312 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:34:36.0701 5312 SamSs - ok
10:34:36.0716 5312 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:34:36.0732 5312 sbp2port - ok
10:34:36.0763 5312 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:34:36.0779 5312 SCardSvr - ok
10:34:36.0794 5312 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:34:36.0794 5312 scfilter - ok
10:34:36.0903 5312 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:34:36.0966 5312 Schedule - ok
10:34:36.0997 5312 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:34:36.0997 5312 SCPolicySvc - ok
10:34:37.0044 5312 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
10:34:37.0059 5312 sdbus - ok
10:34:37.0091 5312 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:34:37.0106 5312 SDRSVC - ok
10:34:37.0137 5312 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:34:37.0137 5312 secdrv - ok
10:34:37.0153 5312 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:34:37.0169 5312 seclogon - ok
10:34:37.0184 5312 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
10:34:37.0184 5312 SENS - ok
10:34:37.0200 5312 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:34:37.0200 5312 SensrSvc - ok
10:34:37.0231 5312 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
10:34:37.0231 5312 Serenum - ok
10:34:37.0278 5312 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
10:34:37.0278 5312 Serial - ok
10:34:37.0293 5312 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
10:34:37.0293 5312 sermouse - ok
10:34:37.0340 5312 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:34:37.0356 5312 SessionEnv - ok
10:34:37.0356 5312 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:34:37.0356 5312 sffdisk - ok
10:34:37.0371 5312 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:34:37.0371 5312 sffp_mmc - ok
10:34:37.0387 5312 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:34:37.0387 5312 sffp_sd - ok
10:34:37.0403 5312 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
10:34:37.0403 5312 sfloppy - ok
10:34:37.0574 5312 SftService (1968e6ebbeecf61d5f7d8603467e2ad0) C:\Program Files (x86)\AlienRespawn\sftservice.EXE
10:34:37.0621 5312 SftService - ok
10:34:37.0777 5312 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:34:37.0793 5312 SharedAccess - ok
10:34:37.0839 5312 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:34:37.0855 5312 ShellHWDetection - ok
10:34:37.0902 5312 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
10:34:37.0917 5312 SiSRaid2 - ok
10:34:37.0933 5312 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
10:34:37.0933 5312 SiSRaid4 - ok
10:34:38.0011 5312 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
10:34:38.0027 5312 SkypeUpdate - ok
10:34:38.0058 5312 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:34:38.0058 5312 Smb - ok
10:34:38.0105 5312 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:34:38.0105 5312 SNMPTRAP - ok
10:34:38.0120 5312 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:34:38.0120 5312 spldr - ok
10:34:38.0183 5312 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
10:34:38.0214 5312 Spooler - ok
10:34:38.0432 5312 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:34:38.0541 5312 sppsvc - ok
10:34:38.0651 5312 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:34:38.0666 5312 sppuinotify - ok
10:34:38.0744 5312 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:34:38.0760 5312 srv - ok
10:34:38.0807 5312 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:34:38.0822 5312 srv2 - ok
10:34:38.0853 5312 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:34:38.0869 5312 srvnet - ok
10:34:38.0916 5312 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:34:38.0931 5312 SSDPSRV - ok
10:34:38.0963 5312 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:34:38.0978 5312 SstpSvc - ok
10:34:39.0056 5312 STacSV (e82994866a370a480607637f28b82835) C:\Program Files\IDT\WDM\STacSV64.exe
10:34:39.0072 5312 STacSV - ok
10:34:39.0087 5312 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
10:34:39.0103 5312 stdcfltn - ok
10:34:39.0150 5312 Steam Client Service - ok
10:34:39.0181 5312 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
10:34:39.0181 5312 stexstor - ok
10:34:39.0243 5312 STHDA (3ad0ed8b19cd76d2254de5fb298e3c26) C:\Windows\system32\DRIVERS\stwrt64.sys
10:34:39.0275 5312 STHDA - ok
10:34:39.0353 5312 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:34:39.0384 5312 stisvc - ok
10:34:39.0415 5312 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
10:34:39.0493 5312 stllssvr - ok
10:34:39.0524 5312 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
10:34:39.0540 5312 swenum - ok
10:34:39.0602 5312 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:34:39.0633 5312 swprv - ok
10:34:39.0774 5312 SynTP (d8205430cfd64fdb7d691d3bb74fd18f) C:\Windows\system32\DRIVERS\SynTP.sys
10:34:39.0821 5312 SynTP - ok
10:34:40.0023 5312 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:34:40.0070 5312 SysMain - ok
10:34:40.0195 5312 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:34:40.0211 5312 TabletInputService - ok
10:34:40.0257 5312 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:34:40.0289 5312 TapiSrv - ok
10:34:40.0304 5312 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:34:40.0320 5312 TBS - ok
10:34:40.0523 5312 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
10:34:40.0585 5312 Tcpip - ok
10:34:40.0850 5312 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
10:34:40.0881 5312 TCPIP6 - ok
10:34:41.0037 5312 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:34:41.0037 5312 tcpipreg - ok
10:34:41.0069 5312 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:34:41.0069 5312 TDPIPE - ok
10:34:41.0100 5312 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
10:34:41.0115 5312 TDTCP - ok
10:34:41.0147 5312 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:34:41.0162 5312 tdx - ok
10:34:41.0178 5312 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
10:34:41.0178 5312 TermDD - ok
10:34:41.0256 5312 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:34:41.0287 5312 TermService - ok
10:34:41.0303 5312 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:34:41.0318 5312 Themes - ok
10:34:41.0349 5312 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:34:41.0365 5312 THREADORDER - ok
10:34:41.0381 5312 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:34:41.0396 5312 TrkWks - ok
10:34:41.0443 5312 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:34:41.0459 5312 TrustedInstaller - ok
10:34:41.0505 5312 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:34:41.0505 5312 tssecsrv - ok
10:34:41.0537 5312 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:34:41.0537 5312 TsUsbFlt - ok
10:34:41.0552 5312 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
10:34:41.0552 5312 TsUsbGD - ok
10:34:41.0599 5312 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:34:41.0615 5312 tunnel - ok
10:34:41.0630 5312 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
10:34:41.0630 5312 uagp35 - ok
10:34:41.0661 5312 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:34:41.0693 5312 udfs - ok
10:34:41.0724 5312 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:34:41.0724 5312 UI0Detect - ok
10:34:41.0771 5312 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:34:41.0771 5312 uliagpkx - ok
10:34:41.0786 5312 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
10:34:41.0802 5312 umbus - ok
10:34:41.0817 5312 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
10:34:41.0817 5312 UmPass - ok
10:34:41.0864 5312 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:34:41.0880 5312 upnphost - ok
10:34:41.0911 5312 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
10:34:41.0911 5312 usbccgp - ok
10:34:41.0942 5312 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:34:41.0942 5312 usbcir - ok
10:34:41.0958 5312 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
10:34:41.0958 5312 usbehci - ok
10:34:42.0005 5312 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:34:42.0020 5312 usbhub - ok
10:34:42.0036 5312 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
10:34:42.0051 5312 usbohci - ok
10:34:42.0067 5312 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
10:34:42.0067 5312 usbprint - ok
10:34:42.0098 5312 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:34:42.0114 5312 USBSTOR - ok
10:34:42.0114 5312 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:34:42.0129 5312 usbuhci - ok
10:34:42.0192 5312 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
10:34:42.0207 5312 usbvideo - ok
10:34:42.0239 5312 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:34:42.0239 5312 UxSms - ok
10:34:42.0270 5312 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:34:42.0270 5312 VaultSvc - ok
10:34:42.0285 5312 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:34:42.0285 5312 vdrvroot - ok
10:34:42.0348 5312 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:34:42.0379 5312 vds - ok
10:34:42.0395 5312 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:34:42.0395 5312 vga - ok
10:34:42.0410 5312 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:34:42.0426 5312 VgaSave - ok
10:34:42.0457 5312 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:34:42.0473 5312 vhdmp - ok
10:34:42.0488 5312 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:34:42.0488 5312 viaide - ok
10:34:42.0519 5312 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:34:42.0519 5312 volmgr - ok
10:34:42.0566 5312 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:34:42.0582 5312 volmgrx - ok
10:34:42.0629 5312 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:34:42.0644 5312 volsnap - ok
10:34:42.0675 5312 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
10:34:42.0691 5312 vsmraid - ok
10:34:42.0816 5312 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:34:42.0863 5312 VSS - ok
10:34:42.0987 5312 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:34:42.0987 5312 vwifibus - ok
10:34:43.0019 5312 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:34:43.0034 5312 vwififlt - ok
10:34:43.0081 5312 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:34:43.0097 5312 W32Time - ok
10:34:43.0112 5312 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
10:34:43.0112 5312 WacomPen - ok
10:34:43.0143 5312 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:34:43.0159 5312 WANARP - ok
10:34:43.0175 5312 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:34:43.0175 5312 Wanarpv6 - ok
10:34:43.0315 5312 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
10:34:43.0346 5312 WatAdminSvc - ok
10:34:43.0455 5312 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:34:43.0502 5312 wbengine - ok
10:34:43.0627 5312 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:34:43.0643 5312 WbioSrvc - ok
10:34:43.0689 5312 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:34:43.0705 5312 wcncsvc - ok
10:34:43.0721 5312 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:34:43.0736 5312 WcsPlugInService - ok
10:34:43.0783 5312 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
10:34:43.0783 5312 Wd - ok
10:34:43.0845 5312 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:34:43.0877 5312 Wdf01000 - ok
10:34:43.0892 5312 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:34:43.0908 5312 WdiServiceHost - ok
10:34:43.0923 5312 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:34:43.0923 5312 WdiSystemHost - ok
10:34:43.0970 5312 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:34:43.0986 5312 WebClient - ok
10:34:44.0017 5312 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:34:44.0033 5312 Wecsvc - ok
10:34:44.0064 5312 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:34:44.0079 5312 wercplsupport - ok
10:34:44.0111 5312 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:34:44.0126 5312 WerSvc - ok
10:34:44.0157 5312 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:34:44.0157 5312 WfpLwf - ok
10:34:44.0204 5312 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
10:34:44.0220 5312 WimFltr - ok
10:34:44.0251 5312 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:34:44.0251 5312 WIMMount - ok
10:34:44.0282 5312 WinDefend - ok
10:34:44.0298 5312 WinHttpAutoProxySvc - ok
10:34:44.0376 5312 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:34:44.0391 5312 Winmgmt - ok
10:34:44.0532 5312 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:34:44.0610 5312 WinRM - ok
10:34:44.0828 5312 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:34:44.0859 5312 Wlansvc - ok
10:34:44.0906 5312 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:34:44.0906 5312 WmiAcpi - ok
10:34:44.0969 5312 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:34:44.0984 5312 wmiApSrv - ok
10:34:45.0015 5312 WMPNetworkSvc - ok
10:34:45.0031 5312 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:34:45.0047 5312 WPCSvc - ok
10:34:45.0062 5312 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:34:45.0078 5312 WPDBusEnum - ok
10:34:45.0093 5312 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:34:45.0093 5312 ws2ifsl - ok
10:34:45.0125 5312 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
10:34:45.0140 5312 wscsvc - ok
10:34:45.0140 5312 WSearch - ok
10:34:45.0312 5312 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
10:34:45.0390 5312 wuauserv - ok
10:34:45.0515 5312 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:34:45.0530 5312 WudfPf - ok
10:34:45.0577 5312 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:34:45.0593 5312 WUDFRd - ok
10:34:45.0624 5312 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:34:45.0639 5312 wudfsvc - ok
10:34:45.0686 5312 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:34:45.0702 5312 WwanSvc - ok
10:34:45.0733 5312 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:34:46.0123 5312 \Device\Harddisk0\DR0 - ok
10:34:46.0123 5312 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
10:34:47.0059 5312 \Device\Harddisk1\DR1 - ok
10:34:47.0075 5312 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
10:34:47.0090 5312 \Device\Harddisk2\DR2 - ok
10:34:47.0090 5312 Boot (0x1200) (6f960f2f35ad48c2950230489dd13e71) \Device\Harddisk0\DR0\Partition0
10:34:47.0090 5312 \Device\Harddisk0\DR0\Partition0 - ok
10:34:47.0106 5312 Boot (0x1200) (4ffbfe1f9b5026fba9e5538a397b10f9) \Device\Harddisk0\DR0\Partition1
10:34:47.0106 5312 \Device\Harddisk0\DR0\Partition1 - ok
10:34:47.0106 5312 Boot (0x1200) (cf5948b166065d5e32fb430bdd785728) \Device\Harddisk1\DR1\Partition0
10:34:47.0121 5312 \Device\Harddisk1\DR1\Partition0 - ok
10:34:47.0121 5312 Boot (0x1200) (976f1e9b7711c188eb058c051bfddfa5) \Device\Harddisk1\DR1\Partition1
10:34:47.0121 5312 \Device\Harddisk1\DR1\Partition1 - ok
10:34:47.0137 5312 Boot (0x1200) (bad620c06c77d165d5eba3c8b8c88908) \Device\Harddisk1\DR1\Partition2
10:34:47.0137 5312 \Device\Harddisk1\DR1\Partition2 - ok
10:34:47.0137 5312 Boot (0x1200) (5fd62be78fbde8107cd8830f762ec844) \Device\Harddisk1\DR1\Partition3
10:34:47.0137 5312 \Device\Harddisk1\DR1\Partition3 - ok
10:34:47.0153 5312 Boot (0x1200) (7fa51cdabaa741bb672b6203e21ca9ac) \Device\Harddisk2\DR2\Partition0
10:34:47.0153 5312 \Device\Harddisk2\DR2\Partition0 - ok
10:34:47.0153 5312 ============================================================
10:34:47.0153 5312 Scan finished
10:34:47.0153 5312 ============================================================
10:34:47.0184 7928 Detected object count: 0
10:34:47.0184 7928 Actual detected object count: 0
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Great, I don't see any iexplore.exe processes after restarting from that scan. I hope they don't reappear with time now.

_________________________________________________________________________

ComboFix 12-07-10.01 - Shivam 10/07/2012 21:02:49.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8140.6480 [GMT -4:00]
Running from: c:\users\Shivam\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Shivam\AppData\Local\WinRAR SFX\wjwgphgl.dll
c:\windows\RPSETUP.EXE.LOG
.
.
((((((((((((((((((((((((( Files Created from 2012-06-11 to 2012-07-11 )))))))))))))))))))))))))))))))
.
.
2012-07-10 23:09 . 2012-05-31 01:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78DD8F93-859C-4B3D-BAFA-5DB2EB3F58ED}\mpengine.dll
2012-07-09 23:18 . 2012-05-31 01:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-09 22:52 . 2012-07-09 22:52 -------- d-----w- c:\users\Shivam\AppData\Roaming\Malwarebytes
2012-07-09 22:51 . 2012-07-09 22:51 -------- d-----w- c:\programdata\Malwarebytes
2012-07-09 22:51 . 2012-07-09 22:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-09 22:51 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-09 22:37 . 2012-07-09 22:37 -------- d-----w- c:\program files (x86)\ESET
2012-07-04 15:14 . 2012-06-21 18:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-07-04 15:14 . 2012-06-21 18:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB1EBC30-8BFE-41C2-8681-2057268DE6F2}\gapaengine.dll
2012-06-22 21:54 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 21:54 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 21:54 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 21:54 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 21:54 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 21:54 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 21:54 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 21:53 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 21:53 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 18:15 . 2012-06-21 18:15 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-21 18:15 . 2012-06-21 18:15 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-19 18:08 . 2012-06-19 18:11 -------- d-----w- C:\DCIM
2012-06-19 18:08 . 2012-06-19 18:08 -------- d-----w- C:\New folder
2012-06-14 22:28 . 2012-06-14 22:28 -------- d-----w- c:\users\Shivam\AppData\Roaming\Media Player Classic
2012-06-14 12:38 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-14 12:38 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-13 14:41 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 14:41 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 14:41 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 14:41 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 14:41 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 14:41 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 14:41 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 14:41 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 14:40 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 14:40 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-13 14:40 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 14:40 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 14:40 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 14:40 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 14:40 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 14:40 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 14:40 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-12 17:23 . 2012-06-12 17:23 -------- d-----w- C:\Dell
2012-06-11 19:22 . 2012-06-11 21:33 -------- d-----w- C:\Music
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-24 13:54 . 2012-05-04 21:32 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-24 13:54 . 2011-09-07 19:07 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-31 16:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-04 22:29 . 2012-05-04 22:29 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-04 22:29 . 2011-09-07 19:15 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-04 21:30 . 2012-05-04 21:30 955848 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-04 21:30 . 2011-09-07 19:16 839112 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"AlienwareOn-ScreenDisplay"="c:\program files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe" [2011-03-08 1635696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-10 336384]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-11-10 15296]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 250056]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-20 114704]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-04 1255736]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 16752]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-20 203776]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE [2011-07-08 1692480]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-09-07 27760]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-20 9320448]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-20 306688]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-08-17 344616]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-06-20 12229664]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-30 76912]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-03-04 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-03-04 181760]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-11-30 326760]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 13:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-17 1128448]
"Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2010-11-10 13256]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-20 416024]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://AlienwareArena.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Shivam\AppData\Roaming\Mozilla\Firefox\Profiles\s6u7p11m.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-WinRAR SFX - c:\users\Shivam\AppData\Local\WinRAR SFX\wjwgphgl.dll
Toolbar-Locked - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-(Default) - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AlienRespawn\TOASTER.EXE
c:\program files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
.
**************************************************************************
.
Completion time: 2012-07-10 21:17:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-11 01:17
.
Pre-Run: 95,648,313,344 bytes free
Post-Run: 95,669,735,424 bytes free
.
- - End Of File - - A01008D8DA710E346411B5C18504FC20
 
Combofix log looks good :)

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL logfile created on: 10/07/2012 9:44:24 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Shivam\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

7.95 Gb Total Physical Memory | 6.17 Gb Available Physical Memory | 77.65% Memory free
15.90 Gb Paging File | 13.73 Gb Available in Paging File | 86.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.83 Gb Total Space | 89.24 Gb Free Space | 31.01% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 2.72 Gb Free Space | 6.95% Space Free | Partition Type: NTFS
Drive E: | 9.77 Gb Total Space | 0.22 Gb Free Space | 2.25% Space Free | Partition Type: NTFS
Drive F: | 87.89 Gb Total Space | 2.59 Gb Free Space | 2.95% Space Free | Partition Type: NTFS
Drive G: | 161.37 Gb Total Space | 3.03 Gb Free Space | 1.88% Space Free | Partition Type: NTFS
Drive I: | 14.82 Gb Total Space | 6.95 Gb Free Space | 46.89% Space Free | Partition Type: FAT32

Computer Name: SHIVAM-PC | User Name: Shivam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/10 21:42:34 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Shivam\Downloads\OTL.exe
PRC - [2012/06/24 09:54:12 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
PRC - [2012/06/16 18:03:44 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/07/08 11:14:44 | 003,968,832 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\AlienRespawn\Toaster.exe
PRC - [2011/07/08 11:12:32 | 002,749,248 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
PRC - [2011/07/08 11:09:50 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\AlienRespawn\SftService.exe
PRC - [2011/03/08 18:06:10 | 001,635,696 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
PRC - [2010/11/10 11:51:20 | 000,014,792 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
PRC - [2010/11/10 11:45:08 | 000,069,584 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
PRC - [2010/11/10 11:40:28 | 000,016,832 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
PRC - [2010/09/13 19:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/09/13 19:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/24 09:54:11 | 009,459,912 | ---- | M] () -- C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
MOD - [2012/06/16 18:03:43 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/06/15 10:25:27 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\09557e6c5a83a1cb68c7c50a841c8064\IAStorUtil.ni.dll
MOD - [2012/06/15 08:50:45 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/06/15 08:50:16 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/15 08:49:41 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/15 08:49:25 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/15 08:49:19 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/06/14 08:56:41 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bcec0e7db1d027328cc8cd702185fa66\PresentationFramework.ni.dll
MOD - [2012/06/14 08:56:12 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b460188cf6862491550a006c3660e2e6\PresentationCore.ni.dll
MOD - [2012/06/14 08:56:11 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c06946b464ae8dd22151e0a6f310c976\System.Windows.Forms.ni.dll
MOD - [2012/06/14 08:55:56 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\1d3c2d83da69c30ba8edf5cfea3c0057\WindowsBase.ni.dll
MOD - [2012/06/14 08:55:54 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\29e48cb144e24a7b4335d1360cc06642\System.Drawing.ni.dll
MOD - [2012/05/11 16:51:16 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/11 08:35:05 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\220b0516e45e7f9bbf6a631490c1243a\IAStorCommon.ni.dll
MOD - [2012/05/11 08:11:00 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/11 08:10:18 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/11 08:08:26 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/11 08:08:13 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/11 08:08:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/11 08:08:02 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/11 08:07:49 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/11 04:23:59 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\e72d56a0f58bcf95890614700f925609\System.Management.ni.dll
MOD - [2012/05/11 04:18:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\eba1ea877df19e9a05fb7f8cb0bc3368\System.Runtime.Remoting.ni.dll
MOD - [2012/05/11 04:17:23 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a181199f8dec15116e1c2eb4a79ec22b\System.Xaml.ni.dll
MOD - [2012/05/11 03:04:37 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\67065dc691dbf9574b3c8e5ac6ec5246\System.Data.ni.dll
MOD - [2012/05/11 03:04:32 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\3e4f9b3b78f0f13b7469a14e69d756ef\System.Core.ni.dll
MOD - [2012/05/11 03:04:30 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bd2433e160ce2f19acc8ebe10babae8d\System.Xml.ni.dll
MOD - [2012/05/11 03:04:27 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6711765f90c0082ec393943b924ed277\System.Configuration.ni.dll
MOD - [2012/05/11 03:04:24 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9cf67ed1b743fbc3dd6b78fbc0595236\System.ni.dll
MOD - [2012/05/11 03:04:21 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\360e9c00572679f437fff0ae719a5886\System.Numerics.ni.dll
MOD - [2012/05/11 03:04:20 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\1bdf7de454340e0ea9fc455aeaec49d9\mscorlib.ni.dll
MOD - [2011/07/08 11:12:32 | 002,749,248 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
MOD - [2011/03/08 18:06:10 | 001,635,696 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
MOD - [2010/11/10 11:40:28 | 000,016,832 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
MOD - [2009/12/18 12:07:06 | 000,577,536 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/06/20 11:09:54 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\WINDOWS\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/03/17 07:14:56 | 000,297,984 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/11/10 11:40:46 | 000,015,296 | ---- | M] (Alienware) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 05:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/06/24 09:54:12 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/16 18:03:43 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/20 23:19:34 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/07/08 11:09:50 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\AlienRespawn\SftService.exe -- (SftService)
SRV - [2010/11/25 06:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 06:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/09/13 19:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/07 16:50:38 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/09/07 16:50:38 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/06/20 11:10:14 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/06/20 11:10:04 | 012,229,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011/06/20 11:09:54 | 009,320,448 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/20 11:09:54 | 000,306,688 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/17 07:14:56 | 000,521,728 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/03/03 20:18:22 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/03/03 20:18:22 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/01/20 12:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/11/30 09:48:38 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/11/30 09:32:36 | 000,326,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/11/29 12:03:06 | 001,395,760 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/09/13 19:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/09/07 09:41:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/08/20 14:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010/08/17 09:17:46 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/08/17 09:17:46 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/08/17 09:17:46 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/07/15 08:59:30 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/26 16:43:42 | 000,016,752 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\EMSC.sys -- (EMSC)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/26 16:43:42 | 000,013,680 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\SysWOW64\drivers\EMSC.sys -- (EMSC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2656897177-3677736646-1579547197-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://AlienwareArena.com
IE - HKU\S-1-5-21-2656897177-3677736646-1579547197-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2656897177-3677736646-1579547197-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2656897177-3677736646-1579547197-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/16 18:03:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/16 18:03:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/05/04 17:22:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shivam\AppData\Roaming\Mozilla\Extensions
[2012/05/30 13:38:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shivam\AppData\Roaming\Mozilla\Firefox\Profiles\s6u7p11m.default\extensions
[2012/05/30 13:38:51 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Shivam\AppData\Roaming\Mozilla\Firefox\Profiles\s6u7p11m.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/06/07 23:24:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/16 18:03:44 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/20 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/20 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/10 21:12:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2656897177-3677736646-1579547197-1000\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Command Center Controllers] C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe (Microsoft)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2656897177-3677736646-1579547197-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2656897177-3677736646-1579547197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.4.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.4.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2984D33-2047-4F24-8271-9FC9AAA4D130}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EACBEF26-2F25-417B-8C1D-2F4E95C2F98E}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/01 15:30:54 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/10 21:17:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/10 21:12:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/10 21:01:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/10 21:01:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/10 21:01:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/10 21:00:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/10 21:00:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/10 20:59:46 | 004,575,265 | R--- | C] (Swearware) -- C:\Users\Shivam\Desktop\ComboFix.exe
[2012/07/09 20:41:32 | 000,000,000 | ---D | C] -- C:\Users\Shivam\Desktop\New folder
[2012/07/09 20:28:50 | 000,000,000 | ---D | C] -- C:\Users\Shivam\Desktop\RK_Quarantine
[2012/07/09 18:52:14 | 000,000,000 | ---D | C] -- C:\Users\Shivam\AppData\Roaming\Malwarebytes
[2012/07/09 18:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/09 18:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/09 18:51:52 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/09 18:51:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/09 18:37:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/07/09 18:31:03 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\Shivam\Desktop\boot_cleaner.exe
[2012/06/29 12:30:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/06/21 14:15:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/06/21 14:15:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/06/19 14:08:33 | 000,000,000 | ---D | C] -- C:\DCIM
[2012/06/19 14:08:22 | 000,000,000 | ---D | C] -- C:\New folder
[2012/06/19 13:52:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kundli for Windows 5.5
[2012/06/19 13:52:18 | 000,405,504 | ---- | C] (Macromedia, Inc.) -- C:\Windows\SysWow64\swflash.ocx
[2012/06/19 13:52:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Computer Zone
[2012/06/14 18:28:02 | 000,000,000 | ---D | C] -- C:\Users\Shivam\AppData\Roaming\Media Player Classic
[2012/06/12 13:23:12 | 000,000,000 | ---D | C] -- C:\Dell
[2012/06/11 15:22:20 | 000,000,000 | ---D | C] -- C:\Music

========== Files - Modified Within 30 Days ==========

[2012/07/10 21:27:42 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/10 21:27:42 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/10 21:20:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/10 21:20:14 | 2106,449,919 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/10 21:12:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/10 20:57:05 | 004,575,265 | R--- | M] (Swearware) -- C:\Users\Shivam\Desktop\ComboFix.exe
[2012/07/10 20:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/09 20:40:07 | 880,830,623 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/09 18:52:06 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/09 18:29:52 | 000,000,512 | ---- | M] () -- C:\Users\Shivam\Desktop\MBR.dat
[2012/07/09 18:19:01 | 000,044,607 | ---- | M] () -- C:\Users\Shivam\Desktop\bootkit_remover.zip
[2012/07/08 22:27:04 | 000,002,060 | -H-- | M] () -- C:\Users\Shivam\Documents\Default.rdp
[2012/06/26 19:02:56 | 000,004,504 | ---- | M] () -- C:\Users\Shivam\Desktop\images.jpg
[2012/06/26 18:58:41 | 000,089,045 | ---- | M] () -- C:\Users\Shivam\Desktop\1246541469.jpg
[2012/06/26 18:53:44 | 000,001,347 | ---- | M] () -- C:\Users\Shivam\Desktop\taskkill.lnk
[2012/06/26 18:47:26 | 000,076,459 | ---- | M] () -- C:\Users\Shivam\Desktop\Snape_OOP_trailer.png
[2012/06/23 14:06:31 | 000,782,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/23 14:06:31 | 000,666,908 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/23 14:06:31 | 000,126,512 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/21 16:40:20 | 000,322,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/21 14:15:59 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/21 14:15:46 | 000,788,116 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/19 13:52:31 | 000,001,204 | ---- | M] () -- C:\Users\Shivam\Desktop\Kundli for Windows 5.5.lnk

========== Files Created - No Company Name ==========

[2012/07/10 21:01:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/10 21:01:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/10 21:01:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/10 21:01:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/10 21:01:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/09 18:52:06 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/09 18:30:13 | 000,044,607 | ---- | C] () -- C:\Users\Shivam\Desktop\bootkit_remover.zip
[2012/07/09 18:29:52 | 000,000,512 | ---- | C] () -- C:\Users\Shivam\Desktop\MBR.dat
[2012/06/29 12:30:15 | 880,830,623 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/06/26 19:02:55 | 000,004,504 | ---- | C] () -- C:\Users\Shivam\Desktop\images.jpg
[2012/06/26 18:58:40 | 000,089,045 | ---- | C] () -- C:\Users\Shivam\Desktop\1246541469.jpg
[2012/06/26 18:53:33 | 000,001,347 | ---- | C] () -- C:\Users\Shivam\Desktop\taskkill.lnk
[2012/06/26 18:47:24 | 000,076,459 | ---- | C] () -- C:\Users\Shivam\Desktop\Snape_OOP_trailer.png
[2012/06/21 14:15:59 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/06/21 14:15:52 | 000,001,952 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/19 13:52:31 | 000,001,204 | ---- | C] () -- C:\Users\Shivam\Desktop\Kundli for Windows 5.5.lnk
[2012/06/19 13:52:30 | 000,004,928 | ---- | C] () -- C:\Windows\SysWow64\oledb32x.dll
[2012/06/19 13:52:30 | 000,004,928 | ---- | C] () -- C:\Windows\SysWow64\oledb32r.dll
[2012/06/19 13:52:30 | 000,004,928 | ---- | C] () -- C:\Windows\SysWow64\oledb32.dll
[2012/06/19 13:52:30 | 000,000,149 | ---- | C] () -- C:\Windows\SysWow64\setup.ini
[2012/06/19 13:52:30 | 000,000,084 | ---- | C] () -- C:\Windows\SysWow64\setup.tdf
[2012/06/19 13:52:29 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\odbcstf.dll
[2012/06/19 13:52:29 | 000,003,291 | ---- | C] () -- C:\Windows\SysWow64\odbckey.inf
[2012/06/19 13:52:27 | 000,183,056 | ---- | C] () -- C:\Windows\SysWow64\msdaora.dll
[2012/06/19 13:52:26 | 000,018,535 | ---- | C] () -- C:\Windows\SysWow64\mdac_typ.stf
[2012/06/19 13:52:26 | 000,011,206 | ---- | C] () -- C:\Windows\SysWow64\mdac_typ.inf
[2012/06/19 13:52:25 | 000,918,455 | ---- | C] () -- C:\Windows\SysWow64\Mdac20_A.CAB
[2012/06/19 13:52:25 | 000,779,461 | ---- | C] () -- C:\Windows\SysWow64\mdac11.cab
[2012/06/19 13:52:25 | 000,558,789 | ---- | C] () -- C:\Windows\SysWow64\instcat.sql
[2012/06/19 13:52:25 | 000,517,800 | ---- | C] () -- C:\Windows\SysWow64\Mdac20.CAB
[2012/06/19 13:52:25 | 000,000,518 | ---- | C] () -- C:\Windows\SysWow64\HANDLER.reg
[2012/06/19 13:52:25 | 000,000,510 | ---- | C] () -- C:\Windows\SysWow64\HANDLER.SRG
[2012/06/19 13:52:25 | 000,000,026 | ---- | C] () -- C:\Windows\SysWow64\makfre15.bat
[2012/06/19 13:52:25 | 000,000,026 | ---- | C] () -- C:\Windows\SysWow64\makapt15.bat
[2012/06/19 13:52:24 | 000,010,099 | ---- | C] () -- C:\Windows\SysWow64\adovbs.inc
[2012/06/19 13:52:24 | 000,009,871 | ---- | C] () -- C:\Windows\SysWow64\adojavas.inc
[2012/06/19 13:52:24 | 000,000,665 | ---- | C] () -- C:\Windows\SysWow64\adoapt15.reg
[2012/06/19 13:52:24 | 000,000,640 | ---- | C] () -- C:\Windows\SysWow64\adofre15.reg
[2012/06/19 13:52:24 | 000,000,596 | ---- | C] () -- C:\Windows\SysWow64\adcjavas.inc
[2012/06/19 13:52:24 | 000,000,589 | ---- | C] () -- C:\Windows\SysWow64\adcvbs.inc
[2012/06/19 13:52:19 | 000,081,408 | ---- | C] () -- C:\Windows\SysWow64\kkundli.dll
[2012/06/19 13:52:19 | 000,078,336 | ---- | C] () -- C:\Windows\SysWow64\kkundli1.dll
[2012/06/19 13:52:19 | 000,020,992 | ---- | C] () -- C:\Windows\SysWow64\msscript.oca
[2012/06/19 13:52:19 | 000,006,057 | ---- | C] () -- C:\Windows\SysWow64\Setup.Lst
[2012/06/19 13:52:18 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\RICHTX32.oca
[2012/06/19 13:52:18 | 000,043,008 | ---- | C] () -- C:\Windows\SysWow64\TABCTL32.oca
[2012/06/19 13:52:18 | 000,003,010 | ---- | C] () -- C:\Windows\SysWow64\RICHTX32.DEP
[2012/06/19 13:52:18 | 000,002,496 | ---- | C] () -- C:\Windows\SysWow64\TABCTL32.DEP
[2012/06/19 13:52:16 | 000,000,111 | ---- | C] () -- C:\Windows\SysWow64\MSHFLXGD.SRG
[2012/06/19 13:52:15 | 000,090,624 | ---- | C] () -- C:\Windows\SysWow64\MSHFLXGD.oca
[2012/06/19 13:52:15 | 000,088,576 | ---- | C] () -- C:\Windows\SysWow64\msdxm.oca
[2012/06/19 13:52:15 | 000,076,288 | ---- | C] () -- C:\Windows\SysWow64\MSFLXGRD.oca
[2012/06/19 13:52:15 | 000,002,530 | ---- | C] () -- C:\Windows\SysWow64\MSHFLXGD.DEP
[2012/06/19 13:52:15 | 000,002,496 | ---- | C] () -- C:\Windows\SysWow64\MSFLXGRD.DEP
[2012/06/19 13:52:14 | 000,265,728 | ---- | C] () -- C:\Windows\SysWow64\MSCOMCTL.oca
[2012/06/19 13:52:14 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\MSCOMCT2.oca
[2012/06/19 13:52:14 | 000,002,496 | ---- | C] () -- C:\Windows\SysWow64\MSCOMCTL.DEP
[2012/06/19 13:52:14 | 000,002,496 | ---- | C] () -- C:\Windows\SysWow64\MSCOMCT2.DEP
[2012/06/19 13:52:14 | 000,000,111 | ---- | C] () -- C:\Windows\SysWow64\MSCOMCTL.SRG
[2012/06/19 13:52:14 | 000,000,111 | ---- | C] () -- C:\Windows\SysWow64\MSCOMCT2.SRG
[2012/06/19 13:52:13 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\MSACAL70.oca
[2012/06/19 13:52:12 | 000,035,840 | ---- | C] () -- C:\Windows\SysWow64\COMDLG32.oca
[2012/06/19 13:52:12 | 000,035,328 | ---- | C] () -- C:\Windows\SysWow64\COMCT332.oca
[2012/06/19 13:52:12 | 000,003,026 | ---- | C] () -- C:\Windows\SysWow64\COMCT332.DEP
[2012/06/19 13:52:12 | 000,002,496 | ---- | C] () -- C:\Windows\SysWow64\COMDLG32.DEP
[2012/06/19 13:52:12 | 000,002,495 | ---- | C] () -- C:\Windows\SysWow64\COMCT232.DEP
[2012/06/19 13:52:12 | 000,000,111 | ---- | C] () -- C:\Windows\SysWow64\COMCT332.SRG
[2012/05/04 17:30:46 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/09/07 16:38:06 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/09/07 16:38:06 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/09/07 16:38:05 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/09/07 16:38:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/09/07 16:38:02 | 013,787,648 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/09/07 16:37:56 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/09/07 15:36:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/07 15:31:34 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011/06/16 21:00:42 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/02/10 12:10:51 | 000,788,116 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/10 11:50:38 | 000,098,232 | ---- | C] () -- C:\Windows\SysWow64\CCBiosSupportAPI.dll

========== LOP Check ==========

[2012/05/10 02:26:58 | 000,000,000 | ---D | M] -- C:\Users\Shivam\AppData\Roaming\IDT
[2012/05/22 16:11:17 | 000,000,000 | ---D | M] -- C:\Users\Shivam\AppData\Roaming\uTorrent
[2009/07/14 01:08:49 | 000,019,502 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
 
OTL Extras logfile created on: 10/07/2012 9:44:24 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Shivam\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

7.95 Gb Total Physical Memory | 6.17 Gb Available Physical Memory | 77.65% Memory free
15.90 Gb Paging File | 13.73 Gb Available in Paging File | 86.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.83 Gb Total Space | 89.24 Gb Free Space | 31.01% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 2.72 Gb Free Space | 6.95% Space Free | Partition Type: NTFS
Drive E: | 9.77 Gb Total Space | 0.22 Gb Free Space | 2.25% Space Free | Partition Type: NTFS
Drive F: | 87.89 Gb Total Space | 2.59 Gb Free Space | 2.95% Space Free | Partition Type: NTFS
Drive G: | 161.37 Gb Total Space | 3.03 Gb Free Space | 1.88% Space Free | Partition Type: NTFS
Drive I: | 14.82 Gb Total Space | 6.95 Gb Free Space | 46.89% Space Free | Partition Type: FAT32

Computer Name: SHIVAM-PC | User Name: Shivam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2656897177-3677736646-1579547197-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EDD14A5-B8BA-4E24-82BA-89CC6E432CCE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{30EB5940-0D46-4AD1-B436-2A8B108B0536}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{327FE1B6-EC45-4145-8938-00232B405212}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3B2CF4E0-F066-4740-9399-A99C66B3F813}" = rport=137 | protocol=17 | dir=out | app=system |
"{3D66F71C-144B-4080-A1FD-D388A4B77661}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5024D0E5-8910-4A65-B102-35392A1FC388}" = lport=445 | protocol=6 | dir=in | app=system |
"{534778F4-46A3-4ACB-A540-BD3AC5196520}" = lport=139 | protocol=6 | dir=in | app=system |
"{5F6F4012-032D-4667-A648-B16DE082E45F}" = lport=138 | protocol=17 | dir=in | app=system |
"{77006685-BAD5-4155-A39C-0F6B4A5557ED}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8143B75E-9992-4E08-9822-30A041E4F551}" = rport=139 | protocol=6 | dir=out | app=system |
"{8919FD18-A8DF-4CE7-B5F1-256228B37494}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A3117D16-CF74-40B8-90D6-60ECDB9FD0CA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A9754E83-D32C-468A-B31B-ECD0EFCD3CCE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AEFCD0DF-91FB-4645-B66A-ED1DEDDB7AFF}" = rport=138 | protocol=17 | dir=out | app=system |
"{B1877D72-71D1-4B02-A9E9-FAED64C505CC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B30FE9FD-654F-4240-AEB5-1FBF17A0140B}" = rport=445 | protocol=6 | dir=out | app=system |
"{B32AD045-C940-4ADB-9CC6-B065C1159129}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B8E1B585-1B95-4B70-AA74-ACB6F3A8A257}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BD6DFF96-B856-45BE-8758-6CB4C20AC045}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BFA45B53-567C-442A-B35A-C6ADAB3C4450}" = lport=137 | protocol=17 | dir=in | app=system |
"{D7C26521-53D2-46E1-8B1F-7113844D747A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{022E6CE1-DF7F-45DD-AEB9-2482B76FD7DC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0BB44695-0EFA-4F10-88B5-C0693344108C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0C3BE680-7D28-47D7-AB86-AD50DF3C85F3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0F4CCFC4-148E-498A-AA4E-04FE66BF71CB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1592A8F6-6D79-4C4C-AB20-EFC3B29862AE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{20D4214A-B56F-4891-A543-810B8DAD89B5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{32E54AA5-B144-400F-A58A-9C8D7E1AD8D6}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{3E320209-AB3A-4CE2-877F-B4DDE2B59D4C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{45D57C1C-AD87-407F-86D0-B81904FD0ED2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4F6E4D05-83E4-4B8D-875B-C7493FFDC2D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{516E74C4-65BB-4575-B0BF-F7EC1E4B557F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{52C01E76-BCAB-4711-A05B-56E54E795686}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{56942C6E-6CA5-4CB8-9F44-7D0E7ABD3D70}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{5AED34C2-4D8C-4138-A825-93B08D40302E}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{5CE352CF-1623-487F-B234-E2F80F1DE8F0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{65111A2D-93F6-4A39-A3F7-9758F0BA0B23}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{65920760-29F7-403E-915C-FFFA6CBA242B}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{6E921E72-400B-40F8-840F-A1F5E96F9DF1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{73BC8D13-1113-40E7-B5C9-53BF82A59409}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{92C574EE-0893-48F5-BC8D-5D450954DECB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A47D48C3-ACB3-41D2-91CA-C1B5468D7B36}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A62EB66F-CB12-4773-BA92-E7E2C26F3AD4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{BA06AD65-7978-4788-B18D-E604F75E59B8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BE996FE2-B5BD-4D1F-8CC2-162F01702751}" = protocol=6 | dir=out | app=system |
"{D8888F63-9FB0-4312-B5C1-445E75CFFE6D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{EC631469-E6BD-4E07-8C78-DB40DE674B74}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F1DFB98E-1724-42CF-9EC1-C613CA55AFDD}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{F32DE4BB-F47C-4AF6-B8A9-41B7D042B0B7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1032900F-4BC2-4E9F-BAE3-93A7FDDA0EEF}" = Command Center
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{3F31B482-BE90-FCD3-3B9D-72672E1FF05C}" = ATI Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{A140A094-942E-4F76-B8F4-850EC146170F}" = Alienware M17x Manual
"{B078E313-8B46-51F5-6403-E18A7B312503}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.11 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0D69462F-99CC-4F8D-942E-666E21CE59F8}" = Alienware On-Screen Display
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = AlienRespawn
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1ABC5598-1488-C081-1040-E95595A5E444}" = Catalyst Control Center
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{2AE9C040-AD47-0E54-0D2E-D01B2164DC58}" = CCC Help Chinese Standard
"{2EB90225-0649-BDBD-1560-94A0E1638944}" = CCC Help English
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{33341E4F-E494-ACEA-1773-00FFEAFBB75F}" = CCC Help Korean
"{34EC6EFF-4FE6-A563-F042-A56B0BE9982B}" = CCC Help French
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{420F7735-2DFB-5EDF-2E57-78416173D0E0}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{606AF1CB-8031-9CE7-E1B1-0F23CD47804C}" = CCC Help Portuguese
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6C9510AE-E3FA-2848-E523-7ED09ECCE7B0}" = CCC Help Chinese Traditional
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710180FE-6A3B-EF55-83D8-6DF5437F4654}" = CCC Help Finnish
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{781849EB-89BB-3FF5-47B2-D4A9438843A6}" = CCC Help Danish
"{7FEA0BF5-4579-D868-82CB-12FFF4016194}" = Catalyst Control Center Localization All
"{80845B37-249A-593C-6335-FFD9B269223F}" = CCC Help Dutch
"{818F50C5-ACD4-4053-0BF6-C720CA5DB67D}" = PX Profile Update
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{98A70CDE-85D3-69F9-24EA-712A7FDE5B84}" = CCC Help Russian
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = AlienRespawn - Support Software
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{AFEA7544-6B97-4867-A94D-1C39BA61B64F}" = Catalyst Control Center - Branding
"{B3FC185E-ED7F-7274-82FF-6E6C5EDE2F8F}" = CCC Help Norwegian
"{B5E44903-EE08-4B97-9A0F-08E2E1AAACF5}" = PowerXpressHybrid
"{B977CB07-4841-84F2-ABFA-1107E3143F1A}" = CCC Help Spanish
"{C352F29D-F458-ED99-AFFF-66030522AF5B}" = CCC Help Japanese
"{D23CB02A-60BF-B51D-9CAA-601DEE2141D0}" = CCC Help Swedish
"{E0454752-D79A-584B-FF3E-A949B50B3FCB}" = CCC Help Italian
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EE8BAD6E-A466-B34B-B8F0-F9A672053901}" = CCC Help German
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{0D69462F-99CC-4F8D-942E-666E21CE59F8}" = Alienware On-Screen Display
"InstallShield_{1032900F-4BC2-4E9F-BAE3-93A7FDDA0EEF}" = Command Center
"InstallShield_{A140A094-942E-4F76-B8F4-850EC146170F}" = Alienware M17x Manual
"Integrated Webcam Live! Central" = Integrated Webcam Live! Central
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.7.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Steam App 570" = Dota 2
"uTorrent" = µTorrent
"uTorrentControl2 Toolbar" = uTorrentControl2 Toolbar
"VLC media player" = VLC media player 2.0.1

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 26/06/2012 6:53:50 PM | Computer Name = Shivam-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
time stamp: 0x4fb57c8f Faulting module name: IEFRAME.dll, version: 9.0.8112.16446,
time stamp: 0x4fb57fbb Exception code: 0xc0000005 Fault offset: 0x000fd1e1 Faulting
process id: 0x1a40 Faulting application start time: 0x01cd53ee8bbed052 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\system32\IEFRAME.dll Report Id: cb2a5f77-bfe1-11e1-860d-d0df9ab0ec64

Error - 26/06/2012 6:54:52 PM | Computer Name = Shivam-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
time stamp: 0x4fb57c8f Faulting module name: IEFRAME.dll, version: 9.0.8112.16446,
time stamp: 0x4fb57fbb Exception code: 0xc0000005 Fault offset: 0x000fd1e1 Faulting
process id: 0x1278 Faulting application start time: 0x01cd53eeb1aa3f66 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\system32\IEFRAME.dll Report Id: eff14772-bfe1-11e1-860d-d0df9ab0ec64

Error - 26/06/2012 10:11:44 PM | Computer Name = Shivam-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
time stamp: 0x4fb57c8f Faulting module name: IEFRAME.dll, version: 9.0.8112.16446,
time stamp: 0x4fb57fbb Exception code: 0xc0000005 Fault offset: 0x000fd1e1 Faulting
process id: 0xb20 Faulting application start time: 0x01cd540a31f01cd1 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\system32\IEFRAME.dll Report Id: 7096982e-bffd-11e1-860d-d0df9ab0ec64

Error - 26/06/2012 10:12:46 PM | Computer Name = Shivam-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
time stamp: 0x4fb57c8f Faulting module name: IEFRAME.dll, version: 9.0.8112.16446,
time stamp: 0x4fb57fbb Exception code: 0xc0000005 Fault offset: 0x000fd1e1 Faulting
process id: 0xe0c Faulting application start time: 0x01cd540a57079506 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\system32\IEFRAME.dll Report Id: 95585eda-bffd-11e1-860d-d0df9ab0ec64

Error - 27/06/2012 12:22:19 PM | Computer Name = Shivam-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
time stamp: 0x4fb57c8f Faulting module name: IEFRAME.dll, version: 9.0.8112.16446,
time stamp: 0x4fb57fbb Exception code: 0xc0000005 Fault offset: 0x000fd1e1 Faulting
process id: 0x8fc Faulting application start time: 0x01cd5481056226a7 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\system32\IEFRAME.dll Report Id: 43cf80fe-c074-11e1-860d-d0df9ab0ec64

Error - 28/06/2012 2:12:59 PM | Computer Name = Shivam-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
time stamp: 0x4fb57c8f Faulting module name: IEFRAME.dll, version: 9.0.8112.16446,
time stamp: 0x4fb57fbb Exception code: 0xc0000005 Fault offset: 0x000fd1e1 Faulting
process id: 0x1274 Faulting application start time: 0x01cd5559a4fac9c5 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\system32\IEFRAME.dll Report Id: e3f59413-c14c-11e1-860d-d0df9ab0ec64

Error - 28/06/2012 2:16:31 PM | Computer Name = Shivam-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
time stamp: 0x4fb57c8f Faulting module name: IEFRAME.dll, version: 9.0.8112.16446,
time stamp: 0x4fb57fbb Exception code: 0xc0000005 Fault offset: 0x000fd1e1 Faulting
process id: 0x1088 Faulting application start time: 0x01cd555a240ce0a7 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\system32\IEFRAME.dll Report Id: 6232cba7-c14d-11e1-860d-d0df9ab0ec64

Error - 28/06/2012 2:17:32 PM | Computer Name = Shivam-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
time stamp: 0x4fb57c8f Faulting module name: IEFRAME.dll, version: 9.0.8112.16446,
time stamp: 0x4fb57fbb Exception code: 0xc0000005 Fault offset: 0x000fd1e1 Faulting
process id: 0x1d34 Faulting application start time: 0x01cd555a489add7d Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\system32\IEFRAME.dll Report Id: 869c01e3-c14d-11e1-860d-d0df9ab0ec64

Error - 28/06/2012 3:08:49 PM | Computer Name = Shivam-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
time stamp: 0x4fb57c8f Faulting module name: IEFRAME.dll, version: 9.0.8112.16446,
time stamp: 0x4fb57fbb Exception code: 0xc0000005 Fault offset: 0x000fd1e1 Faulting
process id: 0x1004 Faulting application start time: 0x01cd556171c689e7 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\system32\IEFRAME.dll Report Id: b0975d67-c154-11e1-860d-d0df9ab0ec64

Error - 28/06/2012 4:19:09 PM | Computer Name = Shivam-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
time stamp: 0x4fb57c8f Faulting module name: IEFRAME.dll, version: 9.0.8112.16446,
time stamp: 0x4fb57fbb Exception code: 0xc0000005 Fault offset: 0x000fd1e1 Faulting
process id: 0x1c64 Faulting application start time: 0x01cd556b44eceb4d Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\system32\IEFRAME.dll Report Id: 83e82acd-c15e-11e1-860d-d0df9ab0ec64

[ System Events ]
Error - 29/06/2012 1:41:33 PM | Computer Name = Shivam-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 29/06/2012 1:42:03 PM | Computer Name = Shivam-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 30/06/2012 2:39:16 PM | Computer Name = Shivam-PC | Source = bowser | ID = 8003
Description =

Error - 01/07/2012 12:35:43 PM | Computer Name = Shivam-PC | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.10.143. The computer with the IP address 192.168.10.144
did not allow the name to be claimed by this computer.

Error - 01/07/2012 12:41:05 PM | Computer Name = Shivam-PC | Source = DCOM | ID = 10010
Description =

Error - 01/07/2012 7:21:02 PM | Computer Name = Shivam-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 01/07/2012 7:21:32 PM | Computer Name = Shivam-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 01/07/2012 10:30:05 PM | Computer Name = Shivam-PC | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.10.143. The computer with the IP address 192.168.10.144
did not allow the name to be claimed by this computer.

Error - 03/07/2012 12:59:27 PM | Computer Name = Shivam-PC | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.2.23. The computer with the IP address 192.168.2.2 did not
allow the name to be claimed by this computer.

Error - 03/07/2012 1:20:59 PM | Computer Name = Shivam-PC | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.2.23. The computer with the IP address 192.168.2.2 did not
allow the name to be claimed by this computer.


< End of report >
 
OTL logs are clean :)

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Security Check:

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:

Java(TM) 6 Update 32
Adobe Flash Player 11.3.300.262
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
``````````End of Log````````````



---------------------------------------------------------------------------------------------------------------------------------------------

Farbar Service Scanner:

Farbar Service Scanner Version: 08-07-2012
Ran by Shivam (administrator) on 11-07-2012 at 09:45:37
Running from "C:\Users\Shivam\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

-----------------------------------------------------------------------------------------------------------------------------------------------

ESET Online Scanner:

D:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL Win32/Toolbar.AskSBar application cleaned by deleting - quarantined
D:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL Win32/Toolbar.AskSBar application cleaned by deleting - quarantined
 
1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
No iexplore.exe processes now! My PC is also faster and better then before.
Thanks a lot for your extensive help.

One Question: Is a free anti-virus program like MSE enough or should I consider getting a commercial one? Which one would you recommend? Thanks once again!

OTL log:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User

User: Public
->Temp folder emptied: 0 bytes

User: Shivam
->Temp folder emptied: 56117 bytes
->Temporary Internet Files folder emptied: 37294 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 306603307 bytes
->Flash cache emptied: 2747 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12824 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 293.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Shivam
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Shivam
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.1 log created on 07122012_100848

Files\Folders moved on Reboot...
C:\Users\Shivam\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Shivam\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
 
Back