TechSpot

Multiple instances of iexplore.exe running and multiplying

Solved
By Mephistopheles
Jul 9, 2012
  1. Hello

    I've been noticing multiple instances of iexplore.exe running without me actually using Internet Explorer. They keep increasing with time. Also, sometimes when I click on a link, some other random website opens instead of the intended link. I've observed this on Firefox.

    My logs:

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.07.09.14

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Shivam :: SHIVAM-PC [administrator]

    09/07/2012 6:52:57 PM
    mbam-log-2012-07-09 (18-52-57).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 211939
    Time elapsed: 3 minute(s), 21 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-07-09 19:18:24
    Windows 6.1.7601 Service Pack 1
    Running: tpk8cyus.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\d0df9ab0ec64
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\d0df9ab0ec64 (not active ControlSet)

    ---- EOF - GMER 1.0.15 ----


    >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
    Run by Shivam at 19:29:24 on 2012-07-09
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8140.5382 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\atieclxx.exe
    C:\Program Files (x86)\AlienRespawn\sftservice.EXE
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\AlienRespawn\TOASTER.EXE
    C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
    C:\WINDOWS\System32\igfxpers.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
    C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Alienware\Command Center\AlienFusionService.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files\Alienware\Command Center\AlienFusionController.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://AlienwareArena.com
    uDefault_Page_URL = hxxp://AlienwareArena.com
    uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [WinRAR SFX] RUNDLL32.EXE "C:\Users\Shivam\AppData\Local\WinRAR SFX\wjwgphgl.dll",AtiQueryMgpuCount
    uRun: [AdobeUpdater6] "C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe"
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
    mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [<NO NAME>]
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{C2984D33-2047-4F24-8271-9FC9AAA4D130} : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{C2984D33-2047-4F24-8271-9FC9AAA4D130}\5436374716479636D41676E6F6C69616D27657563747 : DhcpNameServer = 64.71.255.198
    TCP: Interfaces\{C2984D33-2047-4F24-8271-9FC9AAA4D130}\84F6D656E4564734 : DhcpNameServer = 192.168.10.1
    TCP: Interfaces\{EACBEF26-2F25-417B-8C1D-2F4E95C2F98E} : DhcpNameServer = 192.168.2.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    BHO-X64: uTorrentControl2 - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
    mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [(Default)]
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Shivam\AppData\Roaming\Mozilla\Firefox\Profiles\s6u7p11m.default\
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: C:\Users\Shivam\AppData\Roaming\Mozilla\Firefox\Profiles\s6u7p11m.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 EMSC;COMPAL Embedded System Control;C:\WINDOWS\System32\drivers\EMSC.sys [2009-6-26 13680]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-9-7 89600]
    R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-11-10 15296]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-7 13336]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\AlienRespawn\SftService.exe [2011-9-7 1692480]
    R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
    R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-4 250056]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-4 113120]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-07-09 23:18:46 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{67AEAA78-594A-4681-9792-68A687B97B26}\mpengine.dll
    2012-07-09 22:52:14 -------- d-----w- C:\Users\Shivam\AppData\Roaming\Malwarebytes
    2012-07-09 22:51:55 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-07-09 22:51:52 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-07-09 22:51:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-09 22:37:37 -------- d-----w- C:\Program Files (x86)\ESET
    2012-07-08 15:28:29 9013136 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-07-04 15:14:34 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2012-07-04 15:14:34 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FB1EBC30-8BFE-41C2-8681-2057268DE6F2}\gapaengine.dll
    2012-06-22 21:54:15 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-22 21:54:05 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-22 21:53:55 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-22 21:53:55 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-21 18:18:13 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BA312120-DBF2-4C72-9BFE-0C6DEAF0ACFB}\gapaengine.dll
    2012-06-21 18:15:42 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2012-06-21 18:15:33 -------- d-----w- C:\Program Files\Microsoft Security Client
    2012-06-19 18:08:33 -------- d-----w- C:\DCIM
    2012-06-19 18:08:22 -------- d-----w- C:\New folder
    2012-06-14 12:38:10 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-06-14 12:38:10 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-06-13 14:41:32 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-06-13 14:41:31 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-06-13 14:41:31 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-06-13 14:41:09 209920 ----a-w- C:\Windows\System32\profsvc.dll
    2012-06-13 14:41:06 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-06-13 14:41:05 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-06-13 14:41:04 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-06-13 14:41:01 3146752 ----a-w- C:\Windows\System32\win32k.sys
    2012-06-13 14:40:57 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-06-13 14:40:55 3216384 ----a-w- C:\Windows\System32\msi.dll
    2012-06-13 14:40:54 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
    2012-06-13 14:40:43 1462272 ----a-w- C:\Windows\System32\crypt32.dll
    2012-06-13 14:40:42 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-06-13 14:40:42 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-06-13 14:40:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-06-13 14:40:41 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-06-13 14:40:41 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2012-06-12 17:23:12 -------- d-----w- C:\Dell
    2012-06-11 19:22:20 -------- d-----w- C:\Music
    .
    ==================== Find3M ====================
    .
    2012-06-24 13:54:12 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-06-24 13:54:11 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-05-04 22:29:34 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2012-05-04 22:29:34 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-05-04 21:30:00 955848 ----a-w- C:\Windows\System32\npDeployJava1.dll
    2012-05-04 21:30:00 839112 ----a-w- C:\Windows\System32\deployJava1.dll
    .
    ============= FINISH: 19:30:10.78 ===============

    >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 04/05/2012 6:15:36 PM
    System Uptime: 01/07/2012 7:20:01 PM (192 hours ago)
    .
    Motherboard: Alienware | | M17xR3
    Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz | CPU1 | 780/1333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 288 GiB total, 89.45 GiB free.
    D: is FIXED (NTFS) - 39 GiB total, 1.661 GiB free.
    E: is FIXED (NTFS) - 10 GiB total, 0.22 GiB free.
    F: is FIXED (NTFS) - 88 GiB total, 2.592 GiB free.
    G: is FIXED (NTFS) - 161 GiB total, 3.028 GiB free.
    H: is CDROM ()
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP21: 21/06/2012 2:17:15 PM - Windows Update
    RP22: 22/06/2012 5:53:31 PM - Windows Update
    RP23: 23/06/2012 12:02:51 PM - Windows Update
    RP24: 27/06/2012 10:29:24 PM - Windows Update
    RP25: 01/07/2012 7:33:50 PM - Windows Update
    RP26: 06/07/2012 10:46:47 AM - Windows Update
    RP27: 09/07/2012 6:42:27 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.1.2
    Advanced Audio FX Engine
    AlienRespawn
    AlienRespawn - Support Software
    Alienware M17x Manual
    Alienware On-Screen Display
    µTorrent
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    Command Center
    DirectX 9 Runtime
    Dota 2
    EMSC
    ESET Online Scanner v3
    IDT Audio
    Integrated Webcam Live! Central
    Intel(R) Rapid Storage Technology
    Java Auto Updater
    Java(TM) 6 Update 32
    K-Lite Codec Pack 8.7.0 (Full)
    Malwarebytes Anti-Malware version 1.61.0.1400
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Mozilla Firefox 13.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    PhotoShowExpress
    PowerXpressHybrid
    PX Profile Update
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Burn
    Roxio Creator Starter
    Roxio Express Labeler 3
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Skype™ 5.9
    Sonic CinePlayer Decoder Pack
    Steam
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    uTorrentControl2 Toolbar
    VLC media player 2.0.1
    .
    ==== Event Viewer Messages From Past Week ========
    .
    09/07/2012 6:46:14 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.129.1102.0).
    03/07/2012 1:20:59 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.2.23. The computer with the IP address 192.168.2.2 did not allow the name to be claimed by this computer.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===========================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    =======================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  3. Mephistopheles

    Mephistopheles TS Rookie Topic Starter

    Thanks for the swift reply. The first time I ran aswMBR I got a BSOD. Here are the details of it:

    Problem signature:
    Problem Event Name: BlueScreen
    OS Version: 6.1.7601.2.1.0.768.3
    Locale ID: 4105

    Additional information about the problem:
    BCCode: 109
    BCP1: A3A039D8A4E3E70A
    BCP2: B3B7465EF76223C8
    BCP3: FFFFF880033706C0
    BCP4: 0000000000000002
    OS Version: 6_1_7601
    Service Pack: 1_0
    Product: 768_1

    Files that help describe the problem:
    C:\WINDOWS\Minidump\070912-17846-01.dmp
    C:\Users\Shivam\AppData\Local\Temp\WER-43321-0.sysdata.xml

    Read our privacy statement online:
    http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

    If the online privacy statement is not available, please read our privacy statement offline:
    C:\Windows\system32\en-US\erofflps.txt

    >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

    Logs:

    RogueKiller V7.6.3 [07/08/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User: Shivam [Admin rights]
    Mode: Scan -- Date: 07/09/2012 20:29:25

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Registry Entries: 9 ¤¤¤
    [SUSP PATH] HKCU\[...]\Run : WinRAR SFX (RUNDLL32.EXE "C:\Users\Shivam\AppData\Local\WinRAR SFX\wjwgphgl.dll",AtiQueryMgpuCount) -> FOUND
    [SUSP PATH] HKUS\S-1-5-21-2656897177-3677736646-1579547197-1000[...]\Run : WinRAR SFX (RUNDLL32.EXE "C:\Users\Shivam\AppData\Local\WinRAR SFX\wjwgphgl.dll",AtiQueryMgpuCount) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [SUSP PATH] [ON_D:]HKLM\Software[...]\Run : xvepigfm (C:\Documents and Settings\Compaq\Local Settings\Application Data\uveruajfq\lgpxdpatssd.exe) -> FOUND
    [SUSP PATH] [ON_D:]HKLM\Software[...]\Run : oyhbbedx (C:\Documents and Settings\Compaq\Local Settings\Application Data\qwurujjns\lwrksvftssd.exe) -> FOUND
    [SUSP PATH] [ON_D:Compaq]HKCU[...]\Run : xvepigfm (C:\Documents and Settings\Compaq\Local Settings\Application Data\uveruajfq\lgpxdpatssd.exe) -> FOUND
    [SUSP PATH] [ON_D:Compaq]HKCU[...]\Run : oyhbbedx (C:\Documents and Settings\Compaq\Local Settings\Application Data\qwurujjns\lwrksvftssd.exe) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤


    ¤¤¤ MBR Check: ¤¤¤

    >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

    +++++ PhysicalDrive0: ST320LT007-9ZV142 +++++
    --- User ---
    [MBR] c677a5260538eb45eff0ac0b73910d1b
    [BSP] 60cb20245e9cce53bcff3b7146c827e1 : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 10468 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 21520384 | Size: 294736 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: WDC WD3200BEKT-00F3T0 +++++
    --- User ---
    [MBR] 18f837238baacf3cd33f1793b9a53664
    [BSP] db7da14d8b2baec21644e94ac803d24d : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 39997 Mo
    1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 81915435 | Size: 265245 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive2: SD Card +++++
    --- User ---
    [MBR] 2dd27a2bd9b0b305e974b4defc45b985
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8192 | Size: 15189 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt

    >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-07-09 20:44:49
    -----------------------------
    20:44:49.813 OS Version: Windows x64 6.1.7601 Service Pack 1
    20:44:49.813 Number of processors: 8 586 0x2A07
    20:44:49.813 ComputerName: SHIVAM-PC UserName: Shivam
    20:44:51.003 Initialize success
    20:45:05.567 AVAST engine defs: 12070901
    20:47:04.096 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    20:47:04.106 Disk 0 Vendor: ST320LT0 0003 Size: 305245MB BusType: 8
    20:47:04.116 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
    20:47:04.116 Disk 1 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 8
    20:47:04.146 Disk 0 MBR read successfully
    20:47:04.146 Disk 0 MBR scan
    20:47:04.166 Disk 0 Windows 7 default MBR code
    20:47:04.166 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
    20:47:04.206 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10468 MB offset 81920
    20:47:04.286 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 294736 MB offset 21520384
    20:47:04.426 Disk 0 scanning C:\Windows\system32\drivers
    20:47:24.878 Service scanning
    20:48:16.992 Modules scanning
    20:48:17.002 Disk 0 trace - called modules:
    20:48:17.042 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
    20:48:17.052 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009c6d790]
    20:48:17.062 3 CLASSPNP.SYS[fffff88001dc543f] -> nt!IofCallDriver -> [0xfffffa8009b81cb0]
    20:48:17.082 5 stdcfltn.sys[fffff88001d05c52] -> nt!IofCallDriver -> [0xfffffa8007d93470]
    20:48:17.092 7 ACPI.sys[fffff88000f3c7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007de7050]
    20:48:18.442 AVAST engine scan C:\Windows
    20:48:21.152 AVAST engine scan C:\Windows\system32
    20:55:06.515 AVAST engine scan C:\Windows\system32\drivers
    20:55:28.395 AVAST engine scan C:\Users\Shivam
    21:02:58.696 AVAST engine scan C:\ProgramData
    21:03:31.660 Scan finished successfully
    23:00:52.462 Disk 0 MBR has been saved successfully to "C:\Users\Shivam\Desktop\New folder\MBR.dat"
    23:00:52.622 The log file has been saved successfully to "C:\Users\Shivam\Desktop\New folder\aswMBR.txt"
     
  4. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  5. Mephistopheles

    Mephistopheles TS Rookie Topic Starter

    No threat was found:


    10:34:00.0360 1140 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
    10:34:00.0650 1140 ============================================================
    10:34:00.0650 1140 Current date / time: 2012/07/10 10:34:00.0650
    10:34:00.0650 1140 SystemInfo:
    10:34:00.0650 1140
    10:34:00.0650 1140 OS Version: 6.1.7601 ServicePack: 1.0
    10:34:00.0650 1140 Product type: Workstation
    10:34:00.0650 1140 ComputerName: SHIVAM-PC
    10:34:00.0650 1140 UserName: Shivam
    10:34:00.0650 1140 Windows directory: C:\Windows
    10:34:00.0650 1140 System windows directory: C:\Windows
    10:34:00.0650 1140 Running under WOW64
    10:34:00.0650 1140 Processor architecture: Intel x64
    10:34:00.0650 1140 Number of processors: 8
    10:34:00.0650 1140 Page size: 0x1000
    10:34:00.0650 1140 Boot type: Normal boot
    10:34:00.0650 1140 ============================================================
    10:34:02.0302 1140 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    10:34:02.0614 1140 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    10:34:02.0645 1140 Drive \Device\Harddisk2\DR2 - Size: 0x3B5980000 (14.84 Gb), SectorSize: 0x200, Cylinders: 0x790, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    10:34:02.0645 1140 ============================================================
    10:34:02.0645 1140 \Device\Harddisk0\DR0:
    10:34:02.0645 1140 MBR partitions:
    10:34:02.0645 1140 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1472000
    10:34:02.0645 1140 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1486000, BlocksNum 0x23FA8000
    10:34:02.0645 1140 \Device\Harddisk1\DR1:
    10:34:02.0645 1140 MBR partitions:
    10:34:02.0645 1140 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E1EDEC
    10:34:02.0661 1140 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x4E1EE6A, BlocksNum 0x1388AFC
    10:34:02.0661 1140 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x61A79A5, BlocksNum 0xAFC6752
    10:34:02.0676 1140 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x1116E136, BlocksNum 0x142BF58B
    10:34:02.0676 1140 \Device\Harddisk2\DR2:
    10:34:02.0676 1140 MBR partitions:
    10:34:02.0676 1140 \Device\Harddisk2\DR2\Partition0: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x1DAAC00
    10:34:02.0676 1140 ============================================================
    10:34:02.0696 1140 C: <-> \Device\Harddisk0\DR0\Partition1
    10:34:02.0716 1140 D: <-> \Device\Harddisk1\DR1\Partition0
    10:34:02.0736 1140 E: <-> \Device\Harddisk1\DR1\Partition1
    10:34:02.0766 1140 F: <-> \Device\Harddisk1\DR1\Partition2
    10:34:02.0796 1140 G: <-> \Device\Harddisk1\DR1\Partition3
    10:34:02.0796 1140 ============================================================
    10:34:02.0796 1140 Initialize success
    10:34:02.0796 1140 ============================================================
    10:34:18.0948 5312 ============================================================
    10:34:18.0948 5312 Scan started
    10:34:18.0948 5312 Mode: Manual;
    10:34:18.0948 5312 ============================================================
    10:34:19.0447 5312 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    10:34:19.0463 5312 1394ohci - ok
    10:34:19.0494 5312 Acceler (7a505465bbb1eb8b5ad4d76e8749383b) C:\Windows\system32\DRIVERS\Accelern.sys
    10:34:19.0494 5312 Acceler - ok
    10:34:19.0556 5312 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    10:34:19.0572 5312 ACPI - ok
    10:34:19.0572 5312 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    10:34:19.0587 5312 AcpiPmi - ok
    10:34:19.0712 5312 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    10:34:19.0728 5312 AdobeFlashPlayerUpdateSvc - ok
    10:34:19.0790 5312 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
    10:34:19.0806 5312 adp94xx - ok
    10:34:19.0853 5312 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
    10:34:19.0853 5312 adpahci - ok
    10:34:19.0899 5312 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
    10:34:19.0915 5312 adpu320 - ok
    10:34:19.0977 5312 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    10:34:19.0977 5312 AeLookupSvc - ok
    10:34:20.0055 5312 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
    10:34:20.0055 5312 AESTFilters - ok
    10:34:20.0133 5312 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    10:34:20.0149 5312 AFD - ok
    10:34:20.0196 5312 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    10:34:20.0196 5312 agp440 - ok
    10:34:20.0211 5312 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    10:34:20.0227 5312 ALG - ok
    10:34:20.0274 5312 AlienFusionService (4cfc72ae6c0ed4a04cb6042ae94024a9) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
    10:34:20.0274 5312 AlienFusionService - ok
    10:34:20.0289 5312 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    10:34:20.0289 5312 aliide - ok
    10:34:20.0321 5312 AMD External Events Utility (0a9eb584d4d4f1593ce74684fec4b76f) C:\Windows\system32\atiesrxx.exe
    10:34:20.0336 5312 AMD External Events Utility - ok
    10:34:20.0352 5312 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    10:34:20.0352 5312 amdide - ok
    10:34:20.0367 5312 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
    10:34:20.0367 5312 AmdK8 - ok
    10:34:20.0882 5312 amdkmdag (47590d41920d68c5ec79370311446041) C:\Windows\system32\DRIVERS\atikmdag.sys
    10:34:21.0116 5312 amdkmdag - ok
    10:34:21.0288 5312 amdkmdap (06bc34448c9efd9a8e5bbba64c50249b) C:\Windows\system32\DRIVERS\atikmpag.sys
    10:34:21.0319 5312 amdkmdap - ok
    10:34:21.0350 5312 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
    10:34:21.0350 5312 AmdPPM - ok
    10:34:21.0381 5312 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    10:34:21.0381 5312 amdsata - ok
    10:34:21.0397 5312 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
    10:34:21.0413 5312 amdsbs - ok
    10:34:21.0428 5312 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    10:34:21.0444 5312 amdxata - ok
    10:34:21.0475 5312 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    10:34:21.0475 5312 AppID - ok
    10:34:21.0506 5312 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    10:34:21.0506 5312 AppIDSvc - ok
    10:34:21.0537 5312 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    10:34:21.0553 5312 Appinfo - ok
    10:34:21.0569 5312 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
    10:34:21.0569 5312 arc - ok
    10:34:21.0584 5312 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
    10:34:21.0584 5312 arcsas - ok
    10:34:21.0693 5312 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    10:34:21.0693 5312 aspnet_state - ok
    10:34:21.0709 5312 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    10:34:21.0709 5312 AsyncMac - ok
    10:34:21.0725 5312 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    10:34:21.0725 5312 atapi - ok
    10:34:21.0787 5312 AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\Windows\system32\drivers\AtihdW76.sys
    10:34:21.0787 5312 AtiHDAudioService - ok
    10:34:21.0881 5312 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    10:34:21.0912 5312 AudioEndpointBuilder - ok
    10:34:21.0927 5312 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    10:34:21.0943 5312 AudioSrv - ok
    10:34:21.0990 5312 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    10:34:21.0990 5312 AxInstSV - ok
    10:34:22.0052 5312 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
    10:34:22.0083 5312 b06bdrv - ok
    10:34:22.0130 5312 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    10:34:22.0161 5312 b57nd60a - ok
    10:34:22.0380 5312 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys
    10:34:22.0473 5312 BCM43XX - ok
    10:34:22.0614 5312 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    10:34:22.0614 5312 BDESVC - ok
    10:34:22.0661 5312 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    10:34:22.0661 5312 Beep - ok
    10:34:22.0739 5312 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
    10:34:22.0770 5312 BFE - ok
    10:34:22.0832 5312 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
    10:34:22.0863 5312 BITS - ok
    10:34:22.0910 5312 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    10:34:22.0910 5312 blbdrive - ok
    10:34:22.0941 5312 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    10:34:22.0941 5312 bowser - ok
    10:34:22.0973 5312 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
    10:34:22.0973 5312 BrFiltLo - ok
    10:34:22.0988 5312 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
    10:34:22.0988 5312 BrFiltUp - ok
    10:34:23.0019 5312 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    10:34:23.0019 5312 Browser - ok
    10:34:23.0066 5312 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    10:34:23.0082 5312 Brserid - ok
    10:34:23.0097 5312 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    10:34:23.0097 5312 BrSerWdm - ok
    10:34:23.0113 5312 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    10:34:23.0113 5312 BrUsbMdm - ok
    10:34:23.0129 5312 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    10:34:23.0129 5312 BrUsbSer - ok
    10:34:23.0160 5312 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
    10:34:23.0160 5312 BthEnum - ok
    10:34:23.0191 5312 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
    10:34:23.0191 5312 BTHMODEM - ok
    10:34:23.0222 5312 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
    10:34:23.0222 5312 BthPan - ok
    10:34:23.0285 5312 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
    10:34:23.0316 5312 BTHPORT - ok
    10:34:23.0347 5312 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    10:34:23.0347 5312 bthserv - ok
    10:34:23.0378 5312 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
    10:34:23.0378 5312 BTHUSB - ok
    10:34:23.0425 5312 btwampfl (7a2ce8c1bf4daa1f2766e21e9ca11078) C:\Windows\system32\drivers\btwampfl.sys
    10:34:23.0441 5312 btwampfl - ok
    10:34:23.0472 5312 btwavdt (d895dc213edbda5fcc53aad1f1e0e63b) C:\Windows\system32\drivers\btwavdt.sys
    10:34:23.0487 5312 btwavdt - ok
    10:34:23.0503 5312 btwrchid (6d7aa2bde0135599c5f230d69db3b420) C:\Windows\system32\drivers\btwrchid.sys
    10:34:23.0503 5312 btwrchid - ok
    10:34:23.0534 5312 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    10:34:23.0550 5312 cdfs - ok
    10:34:23.0581 5312 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    10:34:23.0597 5312 cdrom - ok
    10:34:23.0643 5312 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    10:34:23.0659 5312 CertPropSvc - ok
    10:34:23.0675 5312 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
    10:34:23.0675 5312 circlass - ok
    10:34:23.0706 5312 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    10:34:23.0737 5312 CLFS - ok
    10:34:23.0799 5312 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    10:34:23.0815 5312 clr_optimization_v2.0.50727_32 - ok
    10:34:23.0862 5312 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    10:34:23.0862 5312 clr_optimization_v2.0.50727_64 - ok
    10:34:23.0924 5312 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    10:34:23.0940 5312 clr_optimization_v4.0.30319_32 - ok
    10:34:24.0002 5312 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    10:34:24.0002 5312 clr_optimization_v4.0.30319_64 - ok
    10:34:24.0049 5312 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    10:34:24.0049 5312 CmBatt - ok
    10:34:24.0080 5312 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    10:34:24.0080 5312 cmdide - ok
    10:34:24.0143 5312 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    10:34:24.0174 5312 CNG - ok
    10:34:24.0205 5312 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    10:34:24.0205 5312 Compbatt - ok
    10:34:24.0236 5312 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
    10:34:24.0236 5312 CompositeBus - ok
    10:34:24.0236 5312 COMSysApp - ok
    10:34:24.0252 5312 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
    10:34:24.0267 5312 crcdisk - ok
    10:34:24.0314 5312 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
    10:34:24.0330 5312 CryptSvc - ok
    10:34:24.0361 5312 CtClsFlt (bc3d4f90978cd7c8eabd1baf3bf7873a) C:\Windows\system32\DRIVERS\CtClsFlt.sys
    10:34:24.0377 5312 CtClsFlt - ok
    10:34:24.0439 5312 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    10:34:24.0470 5312 DcomLaunch - ok
    10:34:24.0517 5312 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    10:34:24.0533 5312 defragsvc - ok
    10:34:24.0548 5312 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    10:34:24.0564 5312 DfsC - ok
    10:34:24.0611 5312 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    10:34:24.0626 5312 Dhcp - ok
    10:34:24.0642 5312 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    10:34:24.0657 5312 discache - ok
    10:34:24.0689 5312 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
    10:34:24.0689 5312 Disk - ok
    10:34:24.0735 5312 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    10:34:24.0751 5312 Dnscache - ok
    10:34:24.0782 5312 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    10:34:24.0798 5312 dot3svc - ok
    10:34:24.0829 5312 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    10:34:24.0829 5312 DPS - ok
    10:34:24.0860 5312 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    10:34:24.0860 5312 drmkaud - ok
    10:34:24.0954 5312 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    10:34:25.0001 5312 DXGKrnl - ok
    10:34:25.0032 5312 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    10:34:25.0032 5312 EapHost - ok
    10:34:25.0250 5312 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
    10:34:25.0359 5312 ebdrv - ok
    10:34:25.0453 5312 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    10:34:25.0453 5312 EFS - ok
    10:34:25.0547 5312 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    10:34:25.0578 5312 ehRecvr - ok
    10:34:25.0609 5312 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    10:34:25.0609 5312 ehSched - ok
    10:34:25.0703 5312 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
    10:34:25.0734 5312 elxstor - ok
    10:34:25.0765 5312 EMSC (e47d9d7e6e53892fc97282482f4ae307) C:\Windows\system32\DRIVERS\EMSC.SYS
    10:34:25.0765 5312 EMSC - ok
    10:34:25.0781 5312 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    10:34:25.0781 5312 ErrDev - ok
    10:34:25.0843 5312 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    10:34:25.0859 5312 EventSystem - ok
    10:34:25.0905 5312 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    10:34:25.0921 5312 exfat - ok
    10:34:25.0952 5312 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    10:34:25.0968 5312 fastfat - ok
    10:34:26.0061 5312 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    10:34:26.0077 5312 Fax - ok
    10:34:26.0093 5312 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
    10:34:26.0093 5312 fdc - ok
    10:34:26.0108 5312 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    10:34:26.0124 5312 fdPHost - ok
    10:34:26.0139 5312 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    10:34:26.0139 5312 FDResPub - ok
    10:34:26.0155 5312 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    10:34:26.0171 5312 FileInfo - ok
    10:34:26.0186 5312 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    10:34:26.0186 5312 Filetrace - ok
    10:34:26.0202 5312 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
    10:34:26.0202 5312 flpydisk - ok
    10:34:26.0249 5312 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    10:34:26.0264 5312 FltMgr - ok
    10:34:26.0389 5312 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    10:34:26.0436 5312 FontCache - ok
    10:34:26.0514 5312 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    10:34:26.0514 5312 FontCache3.0.0.0 - ok
    10:34:26.0561 5312 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    10:34:26.0561 5312 FsDepends - ok
    10:34:26.0592 5312 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
    10:34:26.0592 5312 Fs_Rec - ok
    10:34:26.0639 5312 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    10:34:26.0654 5312 fvevol - ok
    10:34:26.0685 5312 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
    10:34:26.0685 5312 gagp30kx - ok
    10:34:26.0779 5312 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    10:34:26.0810 5312 gpsvc - ok
    10:34:26.0826 5312 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    10:34:26.0826 5312 hcw85cir - ok
    10:34:26.0888 5312 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    10:34:26.0904 5312 HdAudAddService - ok
    10:34:26.0935 5312 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    10:34:26.0951 5312 HDAudBus - ok
    10:34:26.0966 5312 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
    10:34:26.0966 5312 HidBatt - ok
    10:34:26.0997 5312 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
    10:34:26.0997 5312 HidBth - ok
    10:34:27.0013 5312 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
    10:34:27.0013 5312 HidIr - ok
    10:34:27.0029 5312 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
    10:34:27.0029 5312 hidserv - ok
    10:34:27.0060 5312 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    10:34:27.0060 5312 HidUsb - ok
    10:34:27.0107 5312 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    10:34:27.0107 5312 hkmsvc - ok
    10:34:27.0153 5312 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    10:34:27.0169 5312 HomeGroupListener - ok
    10:34:27.0200 5312 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    10:34:27.0216 5312 HomeGroupProvider - ok
    10:34:27.0247 5312 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    10:34:27.0247 5312 HpSAMD - ok
    10:34:27.0309 5312 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    10:34:27.0341 5312 HTTP - ok
    10:34:27.0356 5312 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    10:34:27.0356 5312 hwpolicy - ok
    10:34:27.0387 5312 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    10:34:27.0403 5312 i8042prt - ok
    10:34:27.0450 5312 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
    10:34:27.0450 5312 iaStor - ok
    10:34:27.0528 5312 IAStorDataMgrSvc (b25f192ea1f84a316eb7c19efcccf33d) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    10:34:27.0543 5312 IAStorDataMgrSvc - ok
    10:34:27.0590 5312 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    10:34:27.0621 5312 iaStorV - ok
    10:34:27.0684 5312 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    10:34:27.0684 5312 IDriverT - ok
    10:34:27.0824 5312 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    10:34:27.0840 5312 idsvc - ok
    10:34:27.0965 5312 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
    10:34:27.0980 5312 iirsp - ok
    10:34:28.0074 5312 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    10:34:28.0105 5312 IKEEXT - ok
    10:34:28.0121 5312 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    10:34:28.0121 5312 intelide - ok
    10:34:28.0854 5312 intelkmd (58e04d9412f8668863a391232035cbe8) C:\Windows\system32\DRIVERS\igdpmd64.sys
    10:34:29.0135 5312 intelkmd - ok
    10:34:29.0259 5312 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    10:34:29.0275 5312 intelppm - ok
    10:34:29.0291 5312 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    10:34:29.0306 5312 IPBusEnum - ok
    10:34:29.0322 5312 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    10:34:29.0322 5312 IpFilterDriver - ok
    10:34:29.0384 5312 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
    10:34:29.0400 5312 iphlpsvc - ok
    10:34:29.0415 5312 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    10:34:29.0431 5312 IPMIDRV - ok
    10:34:29.0447 5312 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    10:34:29.0447 5312 IPNAT - ok
    10:34:29.0493 5312 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    10:34:29.0493 5312 IRENUM - ok
    10:34:29.0509 5312 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    10:34:29.0509 5312 isapnp - ok
    10:34:29.0556 5312 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    10:34:29.0571 5312 iScsiPrt - ok
    10:34:29.0603 5312 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    10:34:29.0603 5312 kbdclass - ok
    10:34:29.0634 5312 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    10:34:29.0634 5312 kbdhid - ok
    10:34:29.0665 5312 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    10:34:29.0681 5312 KeyIso - ok
    10:34:29.0696 5312 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    10:34:29.0712 5312 KSecDD - ok
    10:34:29.0743 5312 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    10:34:29.0759 5312 KSecPkg - ok
    10:34:29.0759 5312 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    10:34:29.0774 5312 ksthunk - ok
    10:34:29.0837 5312 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    10:34:29.0852 5312 KtmRm - ok
    10:34:29.0883 5312 L1C (ebed8b3ff4a823c1a6eebeed7b29353f) C:\Windows\system32\DRIVERS\L1C62x64.sys
    10:34:29.0899 5312 L1C - ok
    10:34:29.0930 5312 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
    10:34:29.0946 5312 LanmanServer - ok
    10:34:29.0993 5312 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    10:34:30.0008 5312 LanmanWorkstation - ok
    10:34:30.0039 5312 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    10:34:30.0039 5312 lltdio - ok
    10:34:30.0086 5312 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    10:34:30.0117 5312 lltdsvc - ok
    10:34:30.0133 5312 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    10:34:30.0133 5312 lmhosts - ok
    10:34:30.0195 5312 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
    10:34:30.0195 5312 LSI_FC - ok
    10:34:30.0211 5312 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
    10:34:30.0227 5312 LSI_SAS - ok
    10:34:30.0242 5312 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
    10:34:30.0242 5312 LSI_SAS2 - ok
    10:34:30.0273 5312 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
    10:34:30.0273 5312 LSI_SCSI - ok
    10:34:30.0289 5312 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    10:34:30.0305 5312 luafv - ok
    10:34:30.0320 5312 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    10:34:30.0336 5312 Mcx2Svc - ok
    10:34:30.0351 5312 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
    10:34:30.0351 5312 megasas - ok
    10:34:30.0398 5312 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
    10:34:30.0414 5312 MegaSR - ok
    10:34:30.0445 5312 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
    10:34:30.0461 5312 MEIx64 - ok
    10:34:30.0476 5312 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    10:34:30.0492 5312 MMCSS - ok
    10:34:30.0507 5312 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    10:34:30.0507 5312 Modem - ok
    10:34:30.0507 5312 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    10:34:30.0507 5312 monitor - ok
    10:34:30.0539 5312 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    10:34:30.0539 5312 mouclass - ok
    10:34:30.0570 5312 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    10:34:30.0570 5312 mouhid - ok
    10:34:30.0601 5312 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    10:34:30.0617 5312 mountmgr - ok
    10:34:30.0695 5312 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    10:34:30.0710 5312 MozillaMaintenance - ok
    10:34:30.0773 5312 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
    10:34:30.0788 5312 MpFilter - ok
    10:34:30.0819 5312 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    10:34:30.0835 5312 mpio - ok
    10:34:30.0866 5312 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    10:34:30.0866 5312 mpsdrv - ok
    10:34:30.0960 5312 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
    10:34:31.0007 5312 MpsSvc - ok
    10:34:31.0022 5312 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    10:34:31.0022 5312 MRxDAV - ok
    10:34:31.0053 5312 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    10:34:31.0069 5312 mrxsmb - ok
    10:34:31.0131 5312 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    10:34:31.0147 5312 mrxsmb10 - ok
    10:34:31.0163 5312 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    10:34:31.0178 5312 mrxsmb20 - ok
    10:34:31.0209 5312 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    10:34:31.0209 5312 msahci - ok
    10:34:31.0225 5312 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    10:34:31.0241 5312 msdsm - ok
    10:34:31.0256 5312 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    10:34:31.0272 5312 MSDTC - ok
    10:34:31.0303 5312 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    10:34:31.0303 5312 Msfs - ok
    10:34:31.0319 5312 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    10:34:31.0319 5312 mshidkmdf - ok
    10:34:31.0334 5312 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    10:34:31.0334 5312 msisadrv - ok
    10:34:31.0381 5312 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    10:34:31.0397 5312 MSiSCSI - ok
    10:34:31.0397 5312 msiserver - ok
    10:34:31.0428 5312 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    10:34:31.0428 5312 MSKSSRV - ok
    10:34:31.0506 5312 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
    10:34:31.0506 5312 MsMpSvc - ok
    10:34:31.0521 5312 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    10:34:31.0521 5312 MSPCLOCK - ok
    10:34:31.0537 5312 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    10:34:31.0537 5312 MSPQM - ok
    10:34:31.0568 5312 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    10:34:31.0584 5312 MsRPC - ok
    10:34:31.0615 5312 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    10:34:31.0615 5312 mssmbios - ok
    10:34:31.0631 5312 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    10:34:31.0631 5312 MSTEE - ok
    10:34:31.0646 5312 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
    10:34:31.0646 5312 MTConfig - ok
    10:34:31.0677 5312 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    10:34:31.0677 5312 Mup - ok
    10:34:31.0755 5312 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    10:34:31.0771 5312 napagent - ok
    10:34:31.0833 5312 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    10:34:31.0849 5312 NativeWifiP - ok
    10:34:31.0943 5312 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
    10:34:31.0974 5312 NDIS - ok
    10:34:31.0989 5312 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    10:34:31.0989 5312 NdisCap - ok
    10:34:32.0036 5312 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    10:34:32.0036 5312 NdisTapi - ok
    10:34:32.0052 5312 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    10:34:32.0067 5312 Ndisuio - ok
    10:34:32.0099 5312 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    10:34:32.0114 5312 NdisWan - ok
    10:34:32.0130 5312 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    10:34:32.0130 5312 NDProxy - ok
    10:34:32.0161 5312 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    10:34:32.0161 5312 NetBIOS - ok
    10:34:32.0192 5312 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    10:34:32.0208 5312 NetBT - ok
    10:34:32.0255 5312 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    10:34:32.0255 5312 Netlogon - ok
    10:34:32.0317 5312 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    10:34:32.0348 5312 Netman - ok
    10:34:32.0426 5312 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    10:34:32.0426 5312 NetMsmqActivator - ok
    10:34:32.0442 5312 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    10:34:32.0442 5312 NetPipeActivator - ok
    10:34:32.0489 5312 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    10:34:32.0535 5312 netprofm - ok
    10:34:32.0535 5312 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    10:34:32.0535 5312 NetTcpActivator - ok
    10:34:32.0551 5312 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    10:34:32.0551 5312 NetTcpPortSharing - ok
    10:34:32.0613 5312 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
    10:34:32.0613 5312 nfrd960 - ok
    10:34:32.0645 5312 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    10:34:32.0660 5312 NisDrv - ok
    10:34:32.0723 5312 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
    10:34:32.0738 5312 NisSrv - ok
    10:34:32.0785 5312 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    10:34:32.0832 5312 NlaSvc - ok
    10:34:32.0847 5312 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    10:34:32.0863 5312 Npfs - ok
    10:34:32.0879 5312 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    10:34:32.0879 5312 nsi - ok
    10:34:32.0894 5312 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    10:34:32.0910 5312 nsiproxy - ok
    10:34:33.0050 5312 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    10:34:33.0097 5312 Ntfs - ok
    10:34:33.0191 5312 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    10:34:33.0206 5312 Null - ok
    10:34:33.0237 5312 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys
    10:34:33.0253 5312 nusb3hub - ok
    10:34:33.0284 5312 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys
    10:34:33.0284 5312 nusb3xhc - ok
    10:34:33.0331 5312 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    10:34:33.0347 5312 nvraid - ok
    10:34:33.0362 5312 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    10:34:33.0378 5312 nvstor - ok
    10:34:33.0409 5312 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    10:34:33.0409 5312 nv_agp - ok
    10:34:33.0425 5312 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    10:34:33.0425 5312 ohci1394 - ok
    10:34:33.0487 5312 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    10:34:33.0503 5312 p2pimsvc - ok
    10:34:33.0549 5312 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    10:34:33.0565 5312 p2psvc - ok
    10:34:33.0596 5312 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
    10:34:33.0612 5312 Parport - ok
    10:34:33.0643 5312 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
    10:34:33.0643 5312 partmgr - ok
    10:34:33.0674 5312 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    10:34:33.0690 5312 PcaSvc - ok
    10:34:33.0721 5312 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    10:34:33.0737 5312 pci - ok
    10:34:33.0737 5312 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    10:34:33.0752 5312 pciide - ok
    10:34:33.0783 5312 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
    10:34:33.0799 5312 pcmcia - ok
    10:34:33.0830 5312 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    10:34:33.0830 5312 pcw - ok
    10:34:33.0908 5312 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    10:34:33.0924 5312 PEAUTH - ok
    10:34:34.0017 5312 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    10:34:34.0017 5312 PerfHost - ok
    10:34:34.0205 5312 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    10:34:34.0251 5312 pla - ok
    10:34:34.0407 5312 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    10:34:34.0423 5312 PlugPlay - ok
    10:34:34.0439 5312 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    10:34:34.0454 5312 PNRPAutoReg - ok
    10:34:34.0485 5312 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    10:34:34.0501 5312 PNRPsvc - ok
    10:34:34.0563 5312 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    10:34:34.0579 5312 PolicyAgent - ok
    10:34:34.0610 5312 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    10:34:34.0626 5312 Power - ok
    10:34:34.0688 5312 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    10:34:34.0688 5312 PptpMiniport - ok
    10:34:34.0719 5312 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
    10:34:34.0719 5312 Processor - ok
    10:34:34.0766 5312 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
    10:34:34.0782 5312 ProfSvc - ok
    10:34:34.0813 5312 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    10:34:34.0813 5312 ProtectedStorage - ok
    10:34:34.0844 5312 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    10:34:34.0860 5312 Psched - ok
    10:34:34.0907 5312 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
    10:34:34.0907 5312 PxHlpa64 - ok
     
  6. Mephistopheles

    Mephistopheles TS Rookie Topic Starter

    10:34:35.0047 5312 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
    10:34:35.0078 5312 ql2300 - ok
    10:34:35.0203 5312 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
    10:34:35.0203 5312 ql40xx - ok
    10:34:35.0250 5312 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    10:34:35.0265 5312 QWAVE - ok
    10:34:35.0281 5312 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    10:34:35.0297 5312 QWAVEdrv - ok
    10:34:35.0312 5312 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    10:34:35.0312 5312 RasAcd - ok
    10:34:35.0359 5312 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    10:34:35.0359 5312 RasAgileVpn - ok
    10:34:35.0375 5312 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    10:34:35.0390 5312 RasAuto - ok
    10:34:35.0421 5312 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    10:34:35.0437 5312 Rasl2tp - ok
    10:34:35.0484 5312 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    10:34:35.0499 5312 RasMan - ok
    10:34:35.0531 5312 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    10:34:35.0546 5312 RasPppoe - ok
    10:34:35.0562 5312 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    10:34:35.0577 5312 RasSstp - ok
    10:34:35.0609 5312 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    10:34:35.0624 5312 rdbss - ok
    10:34:35.0655 5312 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
    10:34:35.0655 5312 rdpbus - ok
    10:34:35.0671 5312 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    10:34:35.0671 5312 RDPCDD - ok
    10:34:35.0687 5312 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    10:34:35.0687 5312 RDPENCDD - ok
    10:34:35.0718 5312 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    10:34:35.0718 5312 RDPREFMP - ok
    10:34:35.0765 5312 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
    10:34:35.0780 5312 RDPWD - ok
    10:34:35.0811 5312 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    10:34:35.0827 5312 rdyboost - ok
    10:34:35.0874 5312 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    10:34:35.0874 5312 RemoteAccess - ok
    10:34:35.0921 5312 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    10:34:35.0936 5312 RemoteRegistry - ok
    10:34:35.0967 5312 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
    10:34:35.0983 5312 RFCOMM - ok
    10:34:36.0170 5312 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
    10:34:36.0217 5312 RoxMediaDB12OEM - ok
    10:34:36.0248 5312 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
    10:34:36.0264 5312 RoxWatch12 - ok
    10:34:36.0389 5312 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    10:34:36.0389 5312 RpcEptMapper - ok
    10:34:36.0420 5312 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    10:34:36.0435 5312 RpcLocator - ok
    10:34:36.0482 5312 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    10:34:36.0498 5312 RpcSs - ok
    10:34:36.0576 5312 RSPCIESTOR (85b325723f67ef80927326fd7eb1cc10) C:\Windows\system32\DRIVERS\RtsPStor.sys
    10:34:36.0607 5312 RSPCIESTOR - ok
    10:34:36.0654 5312 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    10:34:36.0669 5312 rspndr - ok
    10:34:36.0685 5312 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    10:34:36.0701 5312 SamSs - ok
    10:34:36.0716 5312 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    10:34:36.0732 5312 sbp2port - ok
    10:34:36.0763 5312 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    10:34:36.0779 5312 SCardSvr - ok
    10:34:36.0794 5312 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    10:34:36.0794 5312 scfilter - ok
    10:34:36.0903 5312 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    10:34:36.0966 5312 Schedule - ok
    10:34:36.0997 5312 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    10:34:36.0997 5312 SCPolicySvc - ok
    10:34:37.0044 5312 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
    10:34:37.0059 5312 sdbus - ok
    10:34:37.0091 5312 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    10:34:37.0106 5312 SDRSVC - ok
    10:34:37.0137 5312 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    10:34:37.0137 5312 secdrv - ok
    10:34:37.0153 5312 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    10:34:37.0169 5312 seclogon - ok
    10:34:37.0184 5312 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
    10:34:37.0184 5312 SENS - ok
    10:34:37.0200 5312 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    10:34:37.0200 5312 SensrSvc - ok
    10:34:37.0231 5312 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
    10:34:37.0231 5312 Serenum - ok
    10:34:37.0278 5312 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
    10:34:37.0278 5312 Serial - ok
    10:34:37.0293 5312 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
    10:34:37.0293 5312 sermouse - ok
    10:34:37.0340 5312 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    10:34:37.0356 5312 SessionEnv - ok
    10:34:37.0356 5312 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    10:34:37.0356 5312 sffdisk - ok
    10:34:37.0371 5312 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    10:34:37.0371 5312 sffp_mmc - ok
    10:34:37.0387 5312 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    10:34:37.0387 5312 sffp_sd - ok
    10:34:37.0403 5312 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
    10:34:37.0403 5312 sfloppy - ok
    10:34:37.0574 5312 SftService (1968e6ebbeecf61d5f7d8603467e2ad0) C:\Program Files (x86)\AlienRespawn\sftservice.EXE
    10:34:37.0621 5312 SftService - ok
    10:34:37.0777 5312 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    10:34:37.0793 5312 SharedAccess - ok
    10:34:37.0839 5312 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    10:34:37.0855 5312 ShellHWDetection - ok
    10:34:37.0902 5312 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
    10:34:37.0917 5312 SiSRaid2 - ok
    10:34:37.0933 5312 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
    10:34:37.0933 5312 SiSRaid4 - ok
    10:34:38.0011 5312 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
    10:34:38.0027 5312 SkypeUpdate - ok
    10:34:38.0058 5312 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    10:34:38.0058 5312 Smb - ok
    10:34:38.0105 5312 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    10:34:38.0105 5312 SNMPTRAP - ok
    10:34:38.0120 5312 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    10:34:38.0120 5312 spldr - ok
    10:34:38.0183 5312 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    10:34:38.0214 5312 Spooler - ok
    10:34:38.0432 5312 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    10:34:38.0541 5312 sppsvc - ok
    10:34:38.0651 5312 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    10:34:38.0666 5312 sppuinotify - ok
    10:34:38.0744 5312 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    10:34:38.0760 5312 srv - ok
    10:34:38.0807 5312 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    10:34:38.0822 5312 srv2 - ok
    10:34:38.0853 5312 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    10:34:38.0869 5312 srvnet - ok
    10:34:38.0916 5312 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    10:34:38.0931 5312 SSDPSRV - ok
    10:34:38.0963 5312 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    10:34:38.0978 5312 SstpSvc - ok
    10:34:39.0056 5312 STacSV (e82994866a370a480607637f28b82835) C:\Program Files\IDT\WDM\STacSV64.exe
    10:34:39.0072 5312 STacSV - ok
    10:34:39.0087 5312 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
    10:34:39.0103 5312 stdcfltn - ok
    10:34:39.0150 5312 Steam Client Service - ok
    10:34:39.0181 5312 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
    10:34:39.0181 5312 stexstor - ok
    10:34:39.0243 5312 STHDA (3ad0ed8b19cd76d2254de5fb298e3c26) C:\Windows\system32\DRIVERS\stwrt64.sys
    10:34:39.0275 5312 STHDA - ok
    10:34:39.0353 5312 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    10:34:39.0384 5312 stisvc - ok
    10:34:39.0415 5312 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    10:34:39.0493 5312 stllssvr - ok
    10:34:39.0524 5312 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    10:34:39.0540 5312 swenum - ok
    10:34:39.0602 5312 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    10:34:39.0633 5312 swprv - ok
    10:34:39.0774 5312 SynTP (d8205430cfd64fdb7d691d3bb74fd18f) C:\Windows\system32\DRIVERS\SynTP.sys
    10:34:39.0821 5312 SynTP - ok
    10:34:40.0023 5312 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    10:34:40.0070 5312 SysMain - ok
    10:34:40.0195 5312 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    10:34:40.0211 5312 TabletInputService - ok
    10:34:40.0257 5312 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    10:34:40.0289 5312 TapiSrv - ok
    10:34:40.0304 5312 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    10:34:40.0320 5312 TBS - ok
    10:34:40.0523 5312 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
    10:34:40.0585 5312 Tcpip - ok
    10:34:40.0850 5312 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
    10:34:40.0881 5312 TCPIP6 - ok
    10:34:41.0037 5312 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    10:34:41.0037 5312 tcpipreg - ok
    10:34:41.0069 5312 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    10:34:41.0069 5312 TDPIPE - ok
    10:34:41.0100 5312 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    10:34:41.0115 5312 TDTCP - ok
    10:34:41.0147 5312 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    10:34:41.0162 5312 tdx - ok
    10:34:41.0178 5312 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
    10:34:41.0178 5312 TermDD - ok
    10:34:41.0256 5312 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    10:34:41.0287 5312 TermService - ok
    10:34:41.0303 5312 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    10:34:41.0318 5312 Themes - ok
    10:34:41.0349 5312 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    10:34:41.0365 5312 THREADORDER - ok
    10:34:41.0381 5312 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    10:34:41.0396 5312 TrkWks - ok
    10:34:41.0443 5312 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    10:34:41.0459 5312 TrustedInstaller - ok
    10:34:41.0505 5312 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    10:34:41.0505 5312 tssecsrv - ok
    10:34:41.0537 5312 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    10:34:41.0537 5312 TsUsbFlt - ok
    10:34:41.0552 5312 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
    10:34:41.0552 5312 TsUsbGD - ok
    10:34:41.0599 5312 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    10:34:41.0615 5312 tunnel - ok
    10:34:41.0630 5312 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
    10:34:41.0630 5312 uagp35 - ok
    10:34:41.0661 5312 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    10:34:41.0693 5312 udfs - ok
    10:34:41.0724 5312 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    10:34:41.0724 5312 UI0Detect - ok
    10:34:41.0771 5312 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    10:34:41.0771 5312 uliagpkx - ok
    10:34:41.0786 5312 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
    10:34:41.0802 5312 umbus - ok
    10:34:41.0817 5312 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
    10:34:41.0817 5312 UmPass - ok
    10:34:41.0864 5312 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    10:34:41.0880 5312 upnphost - ok
    10:34:41.0911 5312 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
    10:34:41.0911 5312 usbccgp - ok
    10:34:41.0942 5312 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    10:34:41.0942 5312 usbcir - ok
    10:34:41.0958 5312 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    10:34:41.0958 5312 usbehci - ok
    10:34:42.0005 5312 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    10:34:42.0020 5312 usbhub - ok
    10:34:42.0036 5312 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    10:34:42.0051 5312 usbohci - ok
    10:34:42.0067 5312 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
    10:34:42.0067 5312 usbprint - ok
    10:34:42.0098 5312 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    10:34:42.0114 5312 USBSTOR - ok
    10:34:42.0114 5312 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    10:34:42.0129 5312 usbuhci - ok
    10:34:42.0192 5312 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
    10:34:42.0207 5312 usbvideo - ok
    10:34:42.0239 5312 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    10:34:42.0239 5312 UxSms - ok
    10:34:42.0270 5312 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    10:34:42.0270 5312 VaultSvc - ok
    10:34:42.0285 5312 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    10:34:42.0285 5312 vdrvroot - ok
    10:34:42.0348 5312 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    10:34:42.0379 5312 vds - ok
    10:34:42.0395 5312 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    10:34:42.0395 5312 vga - ok
    10:34:42.0410 5312 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    10:34:42.0426 5312 VgaSave - ok
    10:34:42.0457 5312 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    10:34:42.0473 5312 vhdmp - ok
    10:34:42.0488 5312 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    10:34:42.0488 5312 viaide - ok
    10:34:42.0519 5312 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    10:34:42.0519 5312 volmgr - ok
    10:34:42.0566 5312 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    10:34:42.0582 5312 volmgrx - ok
    10:34:42.0629 5312 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    10:34:42.0644 5312 volsnap - ok
    10:34:42.0675 5312 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
    10:34:42.0691 5312 vsmraid - ok
    10:34:42.0816 5312 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    10:34:42.0863 5312 VSS - ok
    10:34:42.0987 5312 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    10:34:42.0987 5312 vwifibus - ok
    10:34:43.0019 5312 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    10:34:43.0034 5312 vwififlt - ok
    10:34:43.0081 5312 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    10:34:43.0097 5312 W32Time - ok
    10:34:43.0112 5312 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
    10:34:43.0112 5312 WacomPen - ok
    10:34:43.0143 5312 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    10:34:43.0159 5312 WANARP - ok
    10:34:43.0175 5312 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    10:34:43.0175 5312 Wanarpv6 - ok
    10:34:43.0315 5312 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    10:34:43.0346 5312 WatAdminSvc - ok
    10:34:43.0455 5312 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    10:34:43.0502 5312 wbengine - ok
    10:34:43.0627 5312 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    10:34:43.0643 5312 WbioSrvc - ok
    10:34:43.0689 5312 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    10:34:43.0705 5312 wcncsvc - ok
    10:34:43.0721 5312 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    10:34:43.0736 5312 WcsPlugInService - ok
    10:34:43.0783 5312 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
    10:34:43.0783 5312 Wd - ok
    10:34:43.0845 5312 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    10:34:43.0877 5312 Wdf01000 - ok
    10:34:43.0892 5312 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    10:34:43.0908 5312 WdiServiceHost - ok
    10:34:43.0923 5312 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    10:34:43.0923 5312 WdiSystemHost - ok
    10:34:43.0970 5312 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    10:34:43.0986 5312 WebClient - ok
    10:34:44.0017 5312 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    10:34:44.0033 5312 Wecsvc - ok
    10:34:44.0064 5312 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    10:34:44.0079 5312 wercplsupport - ok
    10:34:44.0111 5312 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    10:34:44.0126 5312 WerSvc - ok
    10:34:44.0157 5312 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    10:34:44.0157 5312 WfpLwf - ok
    10:34:44.0204 5312 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
    10:34:44.0220 5312 WimFltr - ok
    10:34:44.0251 5312 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    10:34:44.0251 5312 WIMMount - ok
    10:34:44.0282 5312 WinDefend - ok
    10:34:44.0298 5312 WinHttpAutoProxySvc - ok
    10:34:44.0376 5312 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    10:34:44.0391 5312 Winmgmt - ok
    10:34:44.0532 5312 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    10:34:44.0610 5312 WinRM - ok
    10:34:44.0828 5312 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    10:34:44.0859 5312 Wlansvc - ok
    10:34:44.0906 5312 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    10:34:44.0906 5312 WmiAcpi - ok
    10:34:44.0969 5312 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    10:34:44.0984 5312 wmiApSrv - ok
    10:34:45.0015 5312 WMPNetworkSvc - ok
    10:34:45.0031 5312 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    10:34:45.0047 5312 WPCSvc - ok
    10:34:45.0062 5312 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    10:34:45.0078 5312 WPDBusEnum - ok
    10:34:45.0093 5312 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    10:34:45.0093 5312 ws2ifsl - ok
    10:34:45.0125 5312 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
    10:34:45.0140 5312 wscsvc - ok
    10:34:45.0140 5312 WSearch - ok
    10:34:45.0312 5312 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
    10:34:45.0390 5312 wuauserv - ok
    10:34:45.0515 5312 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    10:34:45.0530 5312 WudfPf - ok
    10:34:45.0577 5312 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    10:34:45.0593 5312 WUDFRd - ok
    10:34:45.0624 5312 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    10:34:45.0639 5312 wudfsvc - ok
    10:34:45.0686 5312 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    10:34:45.0702 5312 WwanSvc - ok
    10:34:45.0733 5312 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    10:34:46.0123 5312 \Device\Harddisk0\DR0 - ok
    10:34:46.0123 5312 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
    10:34:47.0059 5312 \Device\Harddisk1\DR1 - ok
    10:34:47.0075 5312 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
    10:34:47.0090 5312 \Device\Harddisk2\DR2 - ok
    10:34:47.0090 5312 Boot (0x1200) (6f960f2f35ad48c2950230489dd13e71) \Device\Harddisk0\DR0\Partition0
    10:34:47.0090 5312 \Device\Harddisk0\DR0\Partition0 - ok
    10:34:47.0106 5312 Boot (0x1200) (4ffbfe1f9b5026fba9e5538a397b10f9) \Device\Harddisk0\DR0\Partition1
    10:34:47.0106 5312 \Device\Harddisk0\DR0\Partition1 - ok
    10:34:47.0106 5312 Boot (0x1200) (cf5948b166065d5e32fb430bdd785728) \Device\Harddisk1\DR1\Partition0
    10:34:47.0121 5312 \Device\Harddisk1\DR1\Partition0 - ok
    10:34:47.0121 5312 Boot (0x1200) (976f1e9b7711c188eb058c051bfddfa5) \Device\Harddisk1\DR1\Partition1
    10:34:47.0121 5312 \Device\Harddisk1\DR1\Partition1 - ok
    10:34:47.0137 5312 Boot (0x1200) (bad620c06c77d165d5eba3c8b8c88908) \Device\Harddisk1\DR1\Partition2
    10:34:47.0137 5312 \Device\Harddisk1\DR1\Partition2 - ok
    10:34:47.0137 5312 Boot (0x1200) (5fd62be78fbde8107cd8830f762ec844) \Device\Harddisk1\DR1\Partition3
    10:34:47.0137 5312 \Device\Harddisk1\DR1\Partition3 - ok
    10:34:47.0153 5312 Boot (0x1200) (7fa51cdabaa741bb672b6203e21ca9ac) \Device\Harddisk2\DR2\Partition0
    10:34:47.0153 5312 \Device\Harddisk2\DR2\Partition0 - ok
    10:34:47.0153 5312 ============================================================
    10:34:47.0153 5312 Scan finished
    10:34:47.0153 5312 ============================================================
    10:34:47.0184 7928 Detected object count: 0
    10:34:47.0184 7928 Actual detected object count: 0
     
  7. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  8. Mephistopheles

    Mephistopheles TS Rookie Topic Starter

    Great, I don't see any iexplore.exe processes after restarting from that scan. I hope they don't reappear with time now.

    _________________________________________________________________________

    ComboFix 12-07-10.01 - Shivam 10/07/2012 21:02:49.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8140.6480 [GMT -4:00]
    Running from: c:\users\Shivam\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Shivam\AppData\Local\WinRAR SFX\wjwgphgl.dll
    c:\windows\RPSETUP.EXE.LOG
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-11 to 2012-07-11 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-10 23:09 . 2012-05-31 01:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78DD8F93-859C-4B3D-BAFA-5DB2EB3F58ED}\mpengine.dll
    2012-07-09 23:18 . 2012-05-31 01:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-07-09 22:52 . 2012-07-09 22:52 -------- d-----w- c:\users\Shivam\AppData\Roaming\Malwarebytes
    2012-07-09 22:51 . 2012-07-09 22:51 -------- d-----w- c:\programdata\Malwarebytes
    2012-07-09 22:51 . 2012-07-09 22:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-09 22:51 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-09 22:37 . 2012-07-09 22:37 -------- d-----w- c:\program files (x86)\ESET
    2012-07-04 15:14 . 2012-06-21 18:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2012-07-04 15:14 . 2012-06-21 18:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB1EBC30-8BFE-41C2-8681-2057268DE6F2}\gapaengine.dll
    2012-06-22 21:54 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-22 21:54 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-22 21:54 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-22 21:54 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-22 21:54 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-22 21:54 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-22 21:54 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-22 21:53 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-22 21:53 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-21 18:15 . 2012-06-21 18:15 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-06-21 18:15 . 2012-06-21 18:15 -------- d-----w- c:\program files\Microsoft Security Client
    2012-06-19 18:08 . 2012-06-19 18:11 -------- d-----w- C:\DCIM
    2012-06-19 18:08 . 2012-06-19 18:08 -------- d-----w- C:\New folder
    2012-06-14 22:28 . 2012-06-14 22:28 -------- d-----w- c:\users\Shivam\AppData\Roaming\Media Player Classic
    2012-06-14 12:38 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-06-14 12:38 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-06-13 14:41 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-06-13 14:41 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-13 14:41 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-06-13 14:41 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
    2012-06-13 14:41 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-06-13 14:41 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-06-13 14:41 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-06-13 14:41 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
    2012-06-13 14:40 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-13 14:40 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
    2012-06-13 14:40 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
    2012-06-13 14:40 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
    2012-06-13 14:40 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-06-13 14:40 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-06-13 14:40 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-06-13 14:40 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-06-13 14:40 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2012-06-12 17:23 . 2012-06-12 17:23 -------- d-----w- C:\Dell
    2012-06-11 19:22 . 2012-06-11 21:33 -------- d-----w- C:\Music
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-24 13:54 . 2012-05-04 21:32 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-24 13:54 . 2011-09-07 19:07 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-31 16:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-05-04 22:29 . 2012-05-04 22:29 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2012-05-04 22:29 . 2011-09-07 19:15 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-05-04 21:30 . 2012-05-04 21:30 955848 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-05-04 21:30 . 2011-09-07 19:16 839112 ----a-w- c:\windows\system32\deployJava1.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
    "AlienwareOn-ScreenDisplay"="c:\program files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe" [2011-03-08 1635696]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-10 336384]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-11-10 15296]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 250056]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-20 114704]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-04 1255736]
    S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 16752]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
    S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-20 203776]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE [2011-07-08 1692480]
    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-09-07 27760]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-20 9320448]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-20 306688]
    S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-08-17 344616]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
    S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-06-20 12229664]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-30 76912]
    S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-03-04 82432]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-03-04 181760]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-11-30 326760]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 13:54]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-17 1128448]
    "Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2010-11-10 13256]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-20 168216]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-20 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-20 416024]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://AlienwareArena.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 192.168.2.1
    FF - ProfilePath - c:\users\Shivam\AppData\Roaming\Mozilla\Firefox\Profiles\s6u7p11m.default\
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-WinRAR SFX - c:\users\Shivam\AppData\Local\WinRAR SFX\wjwgphgl.dll
    Toolbar-Locked - (no file)
    WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-(Default) - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\AlienRespawn\TOASTER.EXE
    c:\program files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
    .
    **************************************************************************
    .
    Completion time: 2012-07-10 21:17:09 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-11 01:17
    .
    Pre-Run: 95,648,313,344 bytes free
    Post-Run: 95,669,735,424 bytes free
    .
    - - End Of File - - A01008D8DA710E346411B5C18504FC20
     
  9. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Combofix log looks good :)

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  10. Mephistopheles

    Mephistopheles TS Rookie Topic Starter

    OTL logfile created on: 10/07/2012 9:44:24 PM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Shivam\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    7.95 Gb Total Physical Memory | 6.17 Gb Available Physical Memory | 77.65% Memory free
    15.90 Gb Paging File | 13.73 Gb Available in Paging File | 86.36% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 287.83 Gb Total Space | 89.24 Gb Free Space | 31.01% Space Free | Partition Type: NTFS
    Drive D: | 39.06 Gb Total Space | 2.72 Gb Free Space | 6.95% Space Free | Partition Type: NTFS
    Drive E: | 9.77 Gb Total Space | 0.22 Gb Free Space | 2.25% Space Free | Partition Type: NTFS
    Drive F: | 87.89 Gb Total Space | 2.59 Gb Free Space | 2.95% Space Free | Partition Type: NTFS
    Drive G: | 161.37 Gb Total Space | 3.03 Gb Free Space | 1.88% Space Free | Partition Type: NTFS
    Drive I: | 14.82 Gb Total Space | 6.95 Gb Free Space | 46.89% Space Free | Partition Type: FAT32

    Computer Name: SHIVAM-PC | User Name: Shivam | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/10 21:42:34 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Shivam\Downloads\OTL.exe
    PRC - [2012/06/24 09:54:12 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
    PRC - [2012/06/16 18:03:44 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2011/07/08 11:14:44 | 003,968,832 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\AlienRespawn\Toaster.exe
    PRC - [2011/07/08 11:12:32 | 002,749,248 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
    PRC - [2011/07/08 11:09:50 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\AlienRespawn\SftService.exe
    PRC - [2011/03/08 18:06:10 | 001,635,696 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
    PRC - [2010/11/10 11:51:20 | 000,014,792 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
    PRC - [2010/11/10 11:45:08 | 000,069,584 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
    PRC - [2010/11/10 11:40:28 | 000,016,832 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
    PRC - [2010/09/13 19:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2010/09/13 19:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/24 09:54:11 | 009,459,912 | ---- | M] () -- C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
    MOD - [2012/06/16 18:03:43 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2012/06/15 10:25:27 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\09557e6c5a83a1cb68c7c50a841c8064\IAStorUtil.ni.dll
    MOD - [2012/06/15 08:50:45 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
    MOD - [2012/06/15 08:50:16 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
    MOD - [2012/06/15 08:49:41 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012/06/15 08:49:25 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012/06/15 08:49:19 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
    MOD - [2012/06/14 08:56:41 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bcec0e7db1d027328cc8cd702185fa66\PresentationFramework.ni.dll
    MOD - [2012/06/14 08:56:12 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b460188cf6862491550a006c3660e2e6\PresentationCore.ni.dll
    MOD - [2012/06/14 08:56:11 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c06946b464ae8dd22151e0a6f310c976\System.Windows.Forms.ni.dll
    MOD - [2012/06/14 08:55:56 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\1d3c2d83da69c30ba8edf5cfea3c0057\WindowsBase.ni.dll
    MOD - [2012/06/14 08:55:54 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\29e48cb144e24a7b4335d1360cc06642\System.Drawing.ni.dll
    MOD - [2012/05/11 16:51:16 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
    MOD - [2012/05/11 08:35:05 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\220b0516e45e7f9bbf6a631490c1243a\IAStorCommon.ni.dll
    MOD - [2012/05/11 08:11:00 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
    MOD - [2012/05/11 08:10:18 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
    MOD - [2012/05/11 08:08:26 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
    MOD - [2012/05/11 08:08:13 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012/05/11 08:08:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012/05/11 08:08:02 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/05/11 08:07:49 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2012/05/11 04:23:59 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\e72d56a0f58bcf95890614700f925609\System.Management.ni.dll
    MOD - [2012/05/11 04:18:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\eba1ea877df19e9a05fb7f8cb0bc3368\System.Runtime.Remoting.ni.dll
    MOD - [2012/05/11 04:17:23 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a181199f8dec15116e1c2eb4a79ec22b\System.Xaml.ni.dll
    MOD - [2012/05/11 03:04:37 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\67065dc691dbf9574b3c8e5ac6ec5246\System.Data.ni.dll
    MOD - [2012/05/11 03:04:32 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\3e4f9b3b78f0f13b7469a14e69d756ef\System.Core.ni.dll
    MOD - [2012/05/11 03:04:30 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bd2433e160ce2f19acc8ebe10babae8d\System.Xml.ni.dll
    MOD - [2012/05/11 03:04:27 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6711765f90c0082ec393943b924ed277\System.Configuration.ni.dll
    MOD - [2012/05/11 03:04:24 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9cf67ed1b743fbc3dd6b78fbc0595236\System.ni.dll
    MOD - [2012/05/11 03:04:21 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\360e9c00572679f437fff0ae719a5886\System.Numerics.ni.dll
    MOD - [2012/05/11 03:04:20 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\1bdf7de454340e0ea9fc455aeaec49d9\mscorlib.ni.dll
    MOD - [2011/07/08 11:12:32 | 002,749,248 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
    MOD - [2011/03/08 18:06:10 | 001,635,696 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
    MOD - [2010/11/10 11:40:28 | 000,016,832 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
    MOD - [2009/12/18 12:07:06 | 000,577,536 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011/06/20 11:09:54 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\WINDOWS\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2011/03/17 07:14:56 | 000,297,984 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2010/11/10 11:40:46 | 000,015,296 | ---- | M] (Alienware) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/03/03 05:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
    SRV - [2012/06/24 09:54:12 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/06/16 18:03:43 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/05/20 23:19:34 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2011/07/08 11:09:50 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\AlienRespawn\SftService.exe -- (SftService)
    SRV - [2010/11/25 06:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
    SRV - [2010/11/25 06:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
    SRV - [2010/09/13 19:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
    SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/09/07 16:50:38 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/09/07 16:50:38 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/06/20 11:10:14 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2011/06/20 11:10:04 | 012,229,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdpmd64.sys -- (intelkmd)
    DRV:64bit: - [2011/06/20 11:09:54 | 009,320,448 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/06/20 11:09:54 | 000,306,688 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/03/17 07:14:56 | 000,521,728 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2011/03/03 20:18:22 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2011/03/03 20:18:22 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2011/01/20 12:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
    DRV:64bit: - [2010/11/30 09:48:38 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2010/11/30 09:32:36 | 000,326,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
    DRV:64bit: - [2010/11/29 12:03:06 | 001,395,760 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
    DRV:64bit: - [2010/09/13 19:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/09/07 09:41:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Accelern.sys -- (Acceler)
    DRV:64bit: - [2010/08/20 14:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
    DRV:64bit: - [2010/08/17 09:17:46 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btwampfl.sys -- (btwampfl)
    DRV:64bit: - [2010/08/17 09:17:46 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2010/08/17 09:17:46 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2010/07/15 08:59:30 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/26 16:43:42 | 000,016,752 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\EMSC.sys -- (EMSC)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/06/26 16:43:42 | 000,013,680 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\SysWOW64\drivers\EMSC.sys -- (EMSC)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2656897177-3677736646-1579547197-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://AlienwareArena.com
    IE - HKU\S-1-5-21-2656897177-3677736646-1579547197-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-2656897177-3677736646-1579547197-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-2656897177-3677736646-1579547197-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/16 18:03:44 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/16 18:03:44 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2012/05/04 17:22:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shivam\AppData\Roaming\Mozilla\Extensions
    [2012/05/30 13:38:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shivam\AppData\Roaming\Mozilla\Firefox\Profiles\s6u7p11m.default\extensions
    [2012/05/30 13:38:51 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Shivam\AppData\Roaming\Mozilla\Firefox\Profiles\s6u7p11m.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
    [2012/06/07 23:24:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/06/16 18:03:44 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/04/20 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/04/20 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/07/10 21:12:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-2656897177-3677736646-1579547197-1000\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    O4:64bit: - HKLM..\Run: [Command Center Controllers] C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe (Microsoft)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe ()
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2656897177-3677736646-1579547197-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2656897177-3677736646-1579547197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.4.0)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.4.0)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2984D33-2047-4F24-8271-9FC9AAA4D130}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EACBEF26-2F25-417B-8C1D-2F4E95C2F98E}: DhcpNameServer = 192.168.2.1
    O18:64bit: - Protocol\Handler\ipp - No CLSID value found
    O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/09/01 15:30:54 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/10 21:17:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/07/10 21:12:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/07/10 21:01:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/10 21:01:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/10 21:01:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/10 21:00:58 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/10 21:00:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/10 20:59:46 | 004,575,265 | R--- | C] (Swearware) -- C:\Users\Shivam\Desktop\ComboFix.exe
    [2012/07/09 20:41:32 | 000,000,000 | ---D | C] -- C:\Users\Shivam\Desktop\New folder
    [2012/07/09 20:28:50 | 000,000,000 | ---D | C] -- C:\Users\Shivam\Desktop\RK_Quarantine
    [2012/07/09 18:52:14 | 000,000,000 | ---D | C] -- C:\Users\Shivam\AppData\Roaming\Malwarebytes
    [2012/07/09 18:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/09 18:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/07/09 18:51:52 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/07/09 18:51:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/07/09 18:37:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2012/07/09 18:31:03 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\Shivam\Desktop\boot_cleaner.exe
    [2012/06/29 12:30:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2012/06/21 14:15:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/06/21 14:15:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/06/19 14:08:33 | 000,000,000 | ---D | C] -- C:\DCIM
    [2012/06/19 14:08:22 | 000,000,000 | ---D | C] -- C:\New folder
    [2012/06/19 13:52:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kundli for Windows 5.5
    [2012/06/19 13:52:18 | 000,405,504 | ---- | C] (Macromedia, Inc.) -- C:\Windows\SysWow64\swflash.ocx
    [2012/06/19 13:52:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Computer Zone
    [2012/06/14 18:28:02 | 000,000,000 | ---D | C] -- C:\Users\Shivam\AppData\Roaming\Media Player Classic
    [2012/06/12 13:23:12 | 000,000,000 | ---D | C] -- C:\Dell
    [2012/06/11 15:22:20 | 000,000,000 | ---D | C] -- C:\Music

    ========== Files - Modified Within 30 Days ==========

    [2012/07/10 21:27:42 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/10 21:27:42 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/10 21:20:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/10 21:20:14 | 2106,449,919 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/10 21:12:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/07/10 20:57:05 | 004,575,265 | R--- | M] (Swearware) -- C:\Users\Shivam\Desktop\ComboFix.exe
    [2012/07/10 20:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/07/09 20:40:07 | 880,830,623 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/07/09 18:52:06 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/09 18:29:52 | 000,000,512 | ---- | M] () -- C:\Users\Shivam\Desktop\MBR.dat
    [2012/07/09 18:19:01 | 000,044,607 | ---- | M] () -- C:\Users\Shivam\Desktop\bootkit_remover.zip
    [2012/07/08 22:27:04 | 000,002,060 | -H-- | M] () -- C:\Users\Shivam\Documents\Default.rdp
    [2012/06/26 19:02:56 | 000,004,504 | ---- | M] () -- C:\Users\Shivam\Desktop\images.jpg
    [2012/06/26 18:58:41 | 000,089,045 | ---- | M] () -- C:\Users\Shivam\Desktop\1246541469.jpg
    [2012/06/26 18:53:44 | 000,001,347 | ---- | M] () -- C:\Users\Shivam\Desktop\taskkill.lnk
    [2012/06/26 18:47:26 | 000,076,459 | ---- | M] () -- C:\Users\Shivam\Desktop\Snape_OOP_trailer.png
    [2012/06/23 14:06:31 | 000,782,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/06/23 14:06:31 | 000,666,908 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/06/23 14:06:31 | 000,126,512 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/06/21 16:40:20 | 000,322,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/06/21 14:15:59 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/06/21 14:15:46 | 000,788,116 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/06/19 13:52:31 | 000,001,204 | ---- | M] () -- C:\Users\Shivam\Desktop\Kundli for Windows 5.5.lnk

    ========== Files Created - No Company Name ==========

    [2012/07/10 21:01:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/10 21:01:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/10 21:01:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/10 21:01:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/10 21:01:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/09 18:52:06 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/09 18:30:13 | 000,044,607 | ---- | C] () -- C:\Users\Shivam\Desktop\bootkit_remover.zip
    [2012/07/09 18:29:52 | 000,000,512 | ---- | C] () -- C:\Users\Shivam\Desktop\MBR.dat
    [2012/06/29 12:30:15 | 880,830,623 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/06/26 19:02:55 | 000,004,504 | ---- | C] () -- C:\Users\Shivam\Desktop\images.jpg
    [2012/06/26 18:58:40 | 000,089,045 | ---- | C] () -- C:\Users\Shivam\Desktop\1246541469.jpg
    [2012/06/26 18:53:33 | 000,001,347 | ---- | C] () -- C:\Users\Shivam\Desktop\taskkill.lnk
    [2012/06/26 18:47:24 | 000,076,459 | ---- | C] () -- C:\Users\Shivam\Desktop\Snape_OOP_trailer.png
    [2012/06/21 14:15:59 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2012/06/21 14:15:52 | 000,001,952 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/06/19 13:52:31 | 000,001,204 | ---- | C] () -- C:\Users\Shivam\Desktop\Kundli for Windows 5.5.lnk
    [2012/06/19 13:52:30 | 000,004,928 | ---- | C] () -- C:\Windows\SysWow64\oledb32x.dll
    [2012/06/19 13:52:30 | 000,004,928 | ---- | C] () -- C:\Windows\SysWow64\oledb32r.dll
    [2012/06/19 13:52:30 | 000,004,928 | ---- | C] () -- C:\Windows\SysWow64\oledb32.dll
    [2012/06/19 13:52:30 | 000,000,149 | ---- | C] () -- C:\Windows\SysWow64\setup.ini
    [2012/06/19 13:52:30 | 000,000,084 | ---- | C] () -- C:\Windows\SysWow64\setup.tdf
    [2012/06/19 13:52:29 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\odbcstf.dll
    [2012/06/19 13:52:29 | 000,003,291 | ---- | C] () -- C:\Windows\SysWow64\odbckey.inf
    [2012/06/19 13:52:27 | 000,183,056 | ---- | C] () -- C:\Windows\SysWow64\msdaora.dll
    [2012/06/19 13:52:26 | 000,018,535 | ---- | C] () -- C:\Windows\SysWow64\mdac_typ.stf
    [2012/06/19 13:52:26 | 000,011,206 | ---- | C] () -- C:\Windows\SysWow64\mdac_typ.inf
    [2012/06/19 13:52:25 | 000,918,455 | ---- | C] () -- C:\Windows\SysWow64\Mdac20_A.CAB
    [2012/06/19 13:52:25 | 000,779,461 | ---- | C] () -- C:\Windows\SysWow64\mdac11.cab
    [2012/06/19 13:52:25 | 000,558,789 | ---- | C] () -- C:\Windows\SysWow64\instcat.sql
    [2012/06/19 13:52:25 | 000,517,800 | ---- | C] () -- C:\Windows\SysWow64\Mdac20.CAB
    [2012/06/19 13:52:25 | 000,000,518 | ---- | C] () -- C:\Windows\SysWow64\HANDLER.reg
    [2012/06/19 13:52:25 | 000,000,510 | ---- | C] () -- C:\Windows\SysWow64\HANDLER.SRG
    [2012/06/19 13:52:25 | 000,000,026 | ---- | C] () -- C:\Windows\SysWow64\makfre15.bat
    [2012/06/19 13:52:25 | 000,000,026 | ---- | C] () -- C:\Windows\SysWow64\makapt15.bat
    [2012/06/19 13:52:24 | 000,010,099 | ---- | C] () -- C:\Windows\SysWow64\adovbs.inc
    [2012/06/19 13:52:24 | 000,009,871 | ---- | C] () -- C:\Windows\SysWow64\adojavas.inc
    [2012/06/19 13:52:24 | 000,000,665 | ---- | C] () -- C:\Windows\SysWow64\adoapt15.reg
    [2012/06/19 13:52:24 | 000,000,640 | ---- | C] () -- C:\Windows\SysWow64\adofre15.reg
    [2012/06/19 13:52:24 | 000,000,596 | ---- | C] () -- C:\Windows\SysWow64\adcjavas.inc
    [2012/06/19 13:52:24 | 000,000,589 | ---- | C] () -- C:\Windows\SysWow64\adcvbs.inc
    [2012/06/19 13:52:19 | 000,081,408 | ---- | C] () -- C:\Windows\SysWow64\kkundli.dll
    [2012/06/19 13:52:19 | 000,078,336 | ---- | C] () -- C:\Windows\SysWow64\kkundli1.dll
    [2012/06/19 13:52:19 | 000,020,992 | ---- | C] () -- C:\Windows\SysWow64\msscript.oca
    [2012/06/19 13:52:19 | 000,006,057 | ---- | C] () -- C:\Windows\SysWow64\Setup.Lst
    [2012/06/19 13:52:18 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\RICHTX32.oca
    [2012/06/19 13:52:18 | 000,043,008 | ---- | C] () -- C:\Windows\SysWow64\TABCTL32.oca
    [2012/06/19 13:52:18 | 000,003,010 | ---- | C] () -- C:\Windows\SysWow64\RICHTX32.DEP
    [2012/06/19 13:52:18 | 000,002,496 | ---- | C] () -- C:\Windows\SysWow64\TABCTL32.DEP
    [2012/06/19 13:52:16 | 000,000,111 | ---- | C] () -- C:\Windows\SysWow64\MSHFLXGD.SRG
    [2012/06/19 13:52:15 | 000,090,624 | ---- | C] () -- C:\Windows\SysWow64\MSHFLXGD.oca
    [2012/06/19 13:52:15 | 000,088,576 | ---- | C] () -- C:\Windows\SysWow64\msdxm.oca
    [2012/06/19 13:52:15 | 000,076,288 | ---- | C] () -- C:\Windows\SysWow64\MSFLXGRD.oca
    [2012/06/19 13:52:15 | 000,002,530 | ---- | C] () -- C:\Windows\SysWow64\MSHFLXGD.DEP
    [2012/06/19 13:52:15 | 000,002,496 | ---- | C] () -- C:\Windows\SysWow64\MSFLXGRD.DEP
    [2012/06/19 13:52:14 | 000,265,728 | ---- | C] () -- C:\Windows\SysWow64\MSCOMCTL.oca
    [2012/06/19 13:52:14 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\MSCOMCT2.oca
    [2012/06/19 13:52:14 | 000,002,496 | ---- | C] () -- C:\Windows\SysWow64\MSCOMCTL.DEP
    [2012/06/19 13:52:14 | 000,002,496 | ---- | C] () -- C:\Windows\SysWow64\MSCOMCT2.DEP
    [2012/06/19 13:52:14 | 000,000,111 | ---- | C] () -- C:\Windows\SysWow64\MSCOMCTL.SRG
    [2012/06/19 13:52:14 | 000,000,111 | ---- | C] () -- C:\Windows\SysWow64\MSCOMCT2.SRG
    [2012/06/19 13:52:13 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\MSACAL70.oca
    [2012/06/19 13:52:12 | 000,035,840 | ---- | C] () -- C:\Windows\SysWow64\COMDLG32.oca
    [2012/06/19 13:52:12 | 000,035,328 | ---- | C] () -- C:\Windows\SysWow64\COMCT332.oca
    [2012/06/19 13:52:12 | 000,003,026 | ---- | C] () -- C:\Windows\SysWow64\COMCT332.DEP
    [2012/06/19 13:52:12 | 000,002,496 | ---- | C] () -- C:\Windows\SysWow64\COMDLG32.DEP
    [2012/06/19 13:52:12 | 000,002,495 | ---- | C] () -- C:\Windows\SysWow64\COMCT232.DEP
    [2012/06/19 13:52:12 | 000,000,111 | ---- | C] () -- C:\Windows\SysWow64\COMCT332.SRG
    [2012/05/04 17:30:46 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2011/09/07 16:38:06 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/09/07 16:38:06 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/09/07 16:38:05 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2011/09/07 16:38:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2011/09/07 16:38:02 | 013,787,648 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2011/09/07 16:37:56 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/09/07 15:36:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2011/09/07 15:31:34 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
    [2011/06/16 21:00:42 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
    [2011/02/10 12:10:51 | 000,788,116 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/11/10 11:50:38 | 000,098,232 | ---- | C] () -- C:\Windows\SysWow64\CCBiosSupportAPI.dll

    ========== LOP Check ==========

    [2012/05/10 02:26:58 | 000,000,000 | ---D | M] -- C:\Users\Shivam\AppData\Roaming\IDT
    [2012/05/22 16:11:17 | 000,000,000 | ---D | M] -- C:\Users\Shivam\AppData\Roaming\uTorrent
    [2009/07/14 01:08:49 | 000,019,502 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >
     
  11. Mephistopheles

    Mephistopheles TS Rookie Topic Starter

    OTL Extras logfile created on: 10/07/2012 9:44:24 PM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Shivam\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    7.95 Gb Total Physical Memory | 6.17 Gb Available Physical Memory | 77.65% Memory free
    15.90 Gb Paging File | 13.73 Gb Available in Paging File | 86.36% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 287.83 Gb Total Space | 89.24 Gb Free Space | 31.01% Space Free | Partition Type: NTFS
    Drive D: | 39.06 Gb Total Space | 2.72 Gb Free Space | 6.95% Space Free | Partition Type: NTFS
    Drive E: | 9.77 Gb Total Space | 0.22 Gb Free Space | 2.25% Space Free | Partition Type: NTFS
    Drive F: | 87.89 Gb Total Space | 2.59 Gb Free Space | 2.95% Space Free | Partition Type: NTFS
    Drive G: | 161.37 Gb Total Space | 3.03 Gb Free Space | 1.88% Space Free | Partition Type: NTFS
    Drive I: | 14.82 Gb Total Space | 6.95 Gb Free Space | 46.89% Space Free | Partition Type: FAT32

    Computer Name: SHIVAM-PC | User Name: Shivam | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2656897177-3677736646-1579547197-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0EDD14A5-B8BA-4E24-82BA-89CC6E432CCE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{30EB5940-0D46-4AD1-B436-2A8B108B0536}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{327FE1B6-EC45-4145-8938-00232B405212}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{3B2CF4E0-F066-4740-9399-A99C66B3F813}" = rport=137 | protocol=17 | dir=out | app=system |
    "{3D66F71C-144B-4080-A1FD-D388A4B77661}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5024D0E5-8910-4A65-B102-35392A1FC388}" = lport=445 | protocol=6 | dir=in | app=system |
    "{534778F4-46A3-4ACB-A540-BD3AC5196520}" = lport=139 | protocol=6 | dir=in | app=system |
    "{5F6F4012-032D-4667-A648-B16DE082E45F}" = lport=138 | protocol=17 | dir=in | app=system |
    "{77006685-BAD5-4155-A39C-0F6B4A5557ED}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{8143B75E-9992-4E08-9822-30A041E4F551}" = rport=139 | protocol=6 | dir=out | app=system |
    "{8919FD18-A8DF-4CE7-B5F1-256228B37494}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{A3117D16-CF74-40B8-90D6-60ECDB9FD0CA}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{A9754E83-D32C-468A-B31B-ECD0EFCD3CCE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{AEFCD0DF-91FB-4645-B66A-ED1DEDDB7AFF}" = rport=138 | protocol=17 | dir=out | app=system |
    "{B1877D72-71D1-4B02-A9E9-FAED64C505CC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B30FE9FD-654F-4240-AEB5-1FBF17A0140B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{B32AD045-C940-4ADB-9CC6-B065C1159129}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B8E1B585-1B95-4B70-AA74-ACB6F3A8A257}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{BD6DFF96-B856-45BE-8758-6CB4C20AC045}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{BFA45B53-567C-442A-B35A-C6ADAB3C4450}" = lport=137 | protocol=17 | dir=in | app=system |
    "{D7C26521-53D2-46E1-8B1F-7113844D747A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{022E6CE1-DF7F-45DD-AEB9-2482B76FD7DC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{0BB44695-0EFA-4F10-88B5-C0693344108C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{0C3BE680-7D28-47D7-AB86-AD50DF3C85F3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{0F4CCFC4-148E-498A-AA4E-04FE66BF71CB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1592A8F6-6D79-4C4C-AB20-EFC3B29862AE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{20D4214A-B56F-4891-A543-810B8DAD89B5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{32E54AA5-B144-400F-A58A-9C8D7E1AD8D6}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{3E320209-AB3A-4CE2-877F-B4DDE2B59D4C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{45D57C1C-AD87-407F-86D0-B81904FD0ED2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{4F6E4D05-83E4-4B8D-875B-C7493FFDC2D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{516E74C4-65BB-4575-B0BF-F7EC1E4B557F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{52C01E76-BCAB-4711-A05B-56E54E795686}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{56942C6E-6CA5-4CB8-9F44-7D0E7ABD3D70}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
    "{5AED34C2-4D8C-4138-A825-93B08D40302E}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{5CE352CF-1623-487F-B234-E2F80F1DE8F0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{65111A2D-93F6-4A39-A3F7-9758F0BA0B23}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{65920760-29F7-403E-915C-FFFA6CBA242B}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{6E921E72-400B-40F8-840F-A1F5E96F9DF1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{73BC8D13-1113-40E7-B5C9-53BF82A59409}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{92C574EE-0893-48F5-BC8D-5D450954DECB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A47D48C3-ACB3-41D2-91CA-C1B5468D7B36}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{A62EB66F-CB12-4773-BA92-E7E2C26F3AD4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
    "{BA06AD65-7978-4788-B18D-E604F75E59B8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{BE996FE2-B5BD-4D1F-8CC2-162F01702751}" = protocol=6 | dir=out | app=system |
    "{D8888F63-9FB0-4312-B5C1-445E75CFFE6D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{EC631469-E6BD-4E07-8C78-DB40DE674B74}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{F1DFB98E-1724-42CF-9EC1-C613CA55AFDD}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{F32DE4BB-F47C-4AF6-B8A9-41B7D042B0B7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1032900F-4BC2-4E9F-BAE3-93A7FDDA0EEF}" = Command Center
    "{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
    "{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
    "{3F31B482-BE90-FCD3-3B9D-72672E1FF05C}" = ATI Catalyst Install Manager
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
    "{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
    "{A140A094-942E-4F76-B8F4-850EC146170F}" = Alienware M17x Manual
    "{B078E313-8B46-51F5-6403-E18A7B312503}" = ccc-utility64
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Security Client" = Microsoft Security Essentials
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "WinRAR archiver" = WinRAR 4.11 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0D69462F-99CC-4F8D-942E-666E21CE59F8}" = Alienware On-Screen Display
    "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = AlienRespawn
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1ABC5598-1488-C081-1040-E95595A5E444}" = Catalyst Control Center
    "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
    "{2AE9C040-AD47-0E54-0D2E-D01B2164DC58}" = CCC Help Chinese Standard
    "{2EB90225-0649-BDBD-1560-94A0E1638944}" = CCC Help English
    "{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
    "{33341E4F-E494-ACEA-1773-00FFEAFBB75F}" = CCC Help Korean
    "{34EC6EFF-4FE6-A563-F042-A56B0BE9982B}" = CCC Help French
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{420F7735-2DFB-5EDF-2E57-78416173D0E0}" = Catalyst Control Center InstallProxy
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
    "{606AF1CB-8031-9CE7-E1B1-0F23CD47804C}" = CCC Help Portuguese
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6C9510AE-E3FA-2848-E523-7ED09ECCE7B0}" = CCC Help Chinese Traditional
    "{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
    "{710180FE-6A3B-EF55-83D8-6DF5437F4654}" = CCC Help Finnish
    "{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
    "{781849EB-89BB-3FF5-47B2-D4A9438843A6}" = CCC Help Danish
    "{7FEA0BF5-4579-D868-82CB-12FFF4016194}" = Catalyst Control Center Localization All
    "{80845B37-249A-593C-6335-FFD9B269223F}" = CCC Help Dutch
    "{818F50C5-ACD4-4053-0BF6-C720CA5DB67D}" = PX Profile Update
    "{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{98A70CDE-85D3-69F9-24EA-712A7FDE5B84}" = CCC Help Russian
    "{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
    "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = AlienRespawn - Support Software
    "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
    "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
    "{AFEA7544-6B97-4867-A94D-1C39BA61B64F}" = Catalyst Control Center - Branding
    "{B3FC185E-ED7F-7274-82FF-6E6C5EDE2F8F}" = CCC Help Norwegian
    "{B5E44903-EE08-4B97-9A0F-08E2E1AAACF5}" = PowerXpressHybrid
    "{B977CB07-4841-84F2-ABFA-1107E3143F1A}" = CCC Help Spanish
    "{C352F29D-F458-ED99-AFFF-66030522AF5B}" = CCC Help Japanese
    "{D23CB02A-60BF-B51D-9CAA-601DEE2141D0}" = CCC Help Swedish
    "{E0454752-D79A-584B-FF3E-A949B50B3FCB}" = CCC Help Italian
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
    "{EE8BAD6E-A466-B34B-B8F0-F9A672053901}" = CCC Help German
    "{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
    "{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
    "{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "ESET Online Scanner" = ESET Online Scanner v3
    "InstallShield_{0D69462F-99CC-4F8D-942E-666E21CE59F8}" = Alienware On-Screen Display
    "InstallShield_{1032900F-4BC2-4E9F-BAE3-93A7FDDA0EEF}" = Command Center
    "InstallShield_{A140A094-942E-4F76-B8F4-850EC146170F}" = Alienware M17x Manual
    "Integrated Webcam Live! Central" = Integrated Webcam Live! Central
    "KLiteCodecPack_is1" = K-Lite Codec Pack 8.7.0 (Full)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Steam App 570" = Dota 2
    "uTorrent" = µTorrent
    "uTorrentControl2 Toolbar" = uTorrentControl2 Toolbar
    "VLC media player" = VLC media player 2.0.1

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 26/06/2012 6:53:50 PM | Computer Name = Shivam-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
    time stamp: 0x4fb57c8f Faulting module name: IEFRAME.dll, version: 9.0.8112.16446,
    time stamp: 0x4fb57fbb Exception code: 0xc0000005 Fault offset: 0x000fd1e1 Faulting
    process id: 0x1a40 Faulting application start time: 0x01cd53ee8bbed052 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Windows\system32\IEFRAME.dll Report Id: cb2a5f77-bfe1-11e1-860d-d0df9ab0ec64

    Error - 26/06/2012 6:54:52 PM | Computer Name = Shivam-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
    time stamp: 0x4fb57c8f Faulting module name: IEFRAME.dll, version: 9.0.8112.16446,
    time stamp: 0x4fb57fbb Exception code: 0xc0000005 Fault offset: 0x000fd1e1 Faulting
    process id: 0x1278 Faulting application start time: 0x01cd53eeb1aa3f66 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Windows\system32\IEFRAME.dll Report Id: eff14772-bfe1-11e1-860d-d0df9ab0ec64

    Error - 26/06/2012 10:11:44 PM | Computer Name = Shivam-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
    time stamp: 0x4fb57c8f Faulting module name: IEFRAME.dll, version: 9.0.8112.16446,
    time stamp: 0x4fb57fbb Exception code: 0xc0000005 Fault offset: 0x000fd1e1 Faulting
    process id: 0xb20 Faulting application start time: 0x01cd540a31f01cd1 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Windows\system32\IEFRAME.dll Report Id: 7096982e-bffd-11e1-860d-d0df9ab0ec64

    Error - 26/06/2012 10:12:46 PM | Computer Name = Shivam-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
    time stamp: 0x4fb57c8f Faulting module name: IEFRAME.dll, version: 9.0.8112.16446,
    time stamp: 0x4fb57fbb Exception code: 0xc0000005 Fault offset: 0x000fd1e1 Faulting
    process id: 0xe0c Faulting application start time: 0x01cd540a57079506 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Windows\system32\IEFRAME.dll Report Id: 95585eda-bffd-11e1-860d-d0df9ab0ec64

    Error - 27/06/2012 12:22:19 PM | Computer Name = Shivam-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
    time stamp: 0x4fb57c8f Faulting module name: IEFRAME.dll, version: 9.0.8112.16446,
    time stamp: 0x4fb57fbb Exception code: 0xc0000005 Fault offset: 0x000fd1e1 Faulting
    process id: 0x8fc Faulting application start time: 0x01cd5481056226a7 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Windows\system32\IEFRAME.dll Report Id: 43cf80fe-c074-11e1-860d-d0df9ab0ec64

    Error - 28/06/2012 2:12:59 PM | Computer Name = Shivam-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
    time stamp: 0x4fb57c8f Faulting module name: IEFRAME.dll, version: 9.0.8112.16446,
    time stamp: 0x4fb57fbb Exception code: 0xc0000005 Fault offset: 0x000fd1e1 Faulting
    process id: 0x1274 Faulting application start time: 0x01cd5559a4fac9c5 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Windows\system32\IEFRAME.dll Report Id: e3f59413-c14c-11e1-860d-d0df9ab0ec64

    Error - 28/06/2012 2:16:31 PM | Computer Name = Shivam-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
    time stamp: 0x4fb57c8f Faulting module name: IEFRAME.dll, version: 9.0.8112.16446,
    time stamp: 0x4fb57fbb Exception code: 0xc0000005 Fault offset: 0x000fd1e1 Faulting
    process id: 0x1088 Faulting application start time: 0x01cd555a240ce0a7 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Windows\system32\IEFRAME.dll Report Id: 6232cba7-c14d-11e1-860d-d0df9ab0ec64

    Error - 28/06/2012 2:17:32 PM | Computer Name = Shivam-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
    time stamp: 0x4fb57c8f Faulting module name: IEFRAME.dll, version: 9.0.8112.16446,
    time stamp: 0x4fb57fbb Exception code: 0xc0000005 Fault offset: 0x000fd1e1 Faulting
    process id: 0x1d34 Faulting application start time: 0x01cd555a489add7d Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Windows\system32\IEFRAME.dll Report Id: 869c01e3-c14d-11e1-860d-d0df9ab0ec64

    Error - 28/06/2012 3:08:49 PM | Computer Name = Shivam-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
    time stamp: 0x4fb57c8f Faulting module name: IEFRAME.dll, version: 9.0.8112.16446,
    time stamp: 0x4fb57fbb Exception code: 0xc0000005 Fault offset: 0x000fd1e1 Faulting
    process id: 0x1004 Faulting application start time: 0x01cd556171c689e7 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Windows\system32\IEFRAME.dll Report Id: b0975d67-c154-11e1-860d-d0df9ab0ec64

    Error - 28/06/2012 4:19:09 PM | Computer Name = Shivam-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
    time stamp: 0x4fb57c8f Faulting module name: IEFRAME.dll, version: 9.0.8112.16446,
    time stamp: 0x4fb57fbb Exception code: 0xc0000005 Fault offset: 0x000fd1e1 Faulting
    process id: 0x1c64 Faulting application start time: 0x01cd556b44eceb4d Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Windows\system32\IEFRAME.dll Report Id: 83e82acd-c15e-11e1-860d-d0df9ab0ec64

    [ System Events ]
    Error - 29/06/2012 1:41:33 PM | Computer Name = Shivam-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the SftService service.

    Error - 29/06/2012 1:42:03 PM | Computer Name = Shivam-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the SftService service.

    Error - 30/06/2012 2:39:16 PM | Computer Name = Shivam-PC | Source = bowser | ID = 8003
    Description =

    Error - 01/07/2012 12:35:43 PM | Computer Name = Shivam-PC | Source = NetBT | ID = 4321
    Description = The name "WORKGROUP :1d" could not be registered on the interface
    with IP address 192.168.10.143. The computer with the IP address 192.168.10.144
    did not allow the name to be claimed by this computer.

    Error - 01/07/2012 12:41:05 PM | Computer Name = Shivam-PC | Source = DCOM | ID = 10010
    Description =

    Error - 01/07/2012 7:21:02 PM | Computer Name = Shivam-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the SftService service.

    Error - 01/07/2012 7:21:32 PM | Computer Name = Shivam-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the SftService service.

    Error - 01/07/2012 10:30:05 PM | Computer Name = Shivam-PC | Source = NetBT | ID = 4321
    Description = The name "WORKGROUP :1d" could not be registered on the interface
    with IP address 192.168.10.143. The computer with the IP address 192.168.10.144
    did not allow the name to be claimed by this computer.

    Error - 03/07/2012 12:59:27 PM | Computer Name = Shivam-PC | Source = NetBT | ID = 4321
    Description = The name "WORKGROUP :1d" could not be registered on the interface
    with IP address 192.168.2.23. The computer with the IP address 192.168.2.2 did not
    allow the name to be claimed by this computer.

    Error - 03/07/2012 1:20:59 PM | Computer Name = Shivam-PC | Source = NetBT | ID = 4321
    Description = The name "WORKGROUP :1d" could not be registered on the interface
    with IP address 192.168.2.23. The computer with the IP address 192.168.2.2 did not
    allow the name to be claimed by this computer.


    < End of report >
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    OTL logs are clean :)

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  13. Mephistopheles

    Mephistopheles TS Rookie Topic Starter

    Security Check:

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    ESET Online Scanner v3
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 32
    Adobe Flash Player 11.3.300.262
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    ``````````End of Log````````````



    ---------------------------------------------------------------------------------------------------------------------------------------------

    Farbar Service Scanner:

    Farbar Service Scanner Version: 08-07-2012
    Ran by Shivam (administrator) on 11-07-2012 at 09:45:37
    Running from "C:\Users\Shivam\Downloads"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****

    -----------------------------------------------------------------------------------------------------------------------------------------------

    ESET Online Scanner:

    D:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL Win32/Toolbar.AskSBar application cleaned by deleting - quarantined
    D:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL Win32/Toolbar.AskSBar application cleaned by deleting - quarantined
     
  14. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  15. Mephistopheles

    Mephistopheles TS Rookie Topic Starter

    No iexplore.exe processes now! My PC is also faster and better then before.
    Thanks a lot for your extensive help.

    One Question: Is a free anti-virus program like MSE enough or should I consider getting a commercial one? Which one would you recommend? Thanks once again!

    OTL log:

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Shivam
    ->Temp folder emptied: 56117 bytes
    ->Temporary Internet Files folder emptied: 37294 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 306603307 bytes
    ->Flash cache emptied: 2747 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 12824 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 293.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Shivam
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Shivam
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.53.1 log created on 07122012_100848

    Files\Folders moved on Reboot...
    C:\Users\Shivam\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...
    File C:\Users\Shivam\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

    Registry entries deleted on Reboot...
     
  16. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    MSE is a decent AV program.

    Way to go!! [​IMG]
    Good luck and stay safe :)
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.