Solved PC Keeps Restarting

[Resolved] PC Keeps Restarting

The original thread is located here, http://www.windowsbbs.com/windows-7/103936-pc-keeps-restarting.html I don't know how to move that thread here. Anyway,

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.24.01

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Swagata :: SWAGATA-PC [administrator]

10/24/2012 9:22:28 AM
mbam-log-2012-10-24 (09-22-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 189488
Time elapsed: 3 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Users\Swagata\AppData\Roaming\winlogon.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Swagata\AppData\Roaming\530426.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Swagata\AppData\Roaming\536476.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Swagata\AppData\Roaming\677233.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Swagata\AppData\Roaming\952850.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)











GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-24 09:37:49
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-6 WDC_WD3200AAJS-00YZCA0 rev.01.03B01
Running: gmer.exe; Driver: C:\Users\Swagata\AppData\Local\Temp\uglirfod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwCreateThread [0x8CDE07F0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwLoadDriver [0x8CDE08B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSystemInformation [0x8CDE0870]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSystemDebugControl [0x8CDE0830]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 83A4C599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83A71092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 34C 83A7899C 4 Bytes [F0, 07, DE, 8C]
.text ntkrnlpa.exe!RtlSidHashLookup + 45C 83A78AAC 4 Bytes [B0, 08, DE, 8C]
.text ntkrnlpa.exe!RtlSidHashLookup + 768 83A78DB8 4 Bytes [70, 08, DE, 8C]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B0 83A78E00 4 Bytes [30, 08, DE, 8C]
? System32\drivers\xpyfemrf.sys The system cannot find the path specified. !
.text sptd.sys 8CAA2001 31 Bytes [C7, E1, 83, A6, 61, E2, 83, ...]
.text sptd.sys 8CAA2024 141 Bytes [35, DD, AC, 83, AB, 8B, B2, ...]
.text sptd.sys 8CAA20B2 54 Bytes [A7, 83, 28, 46, A9, 83, 63, ...]
.text sptd.sys 8CAA20E9 7 Bytes [7B, A4, 83, 68, FE, AB, 83]
.text sptd.sys 8CAA20F1 219 Bytes [34, A7, 83, D0, 71, A4, 83, ...]
.text ...
.sptd2 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x8CB4C9E3]
? C:\Windows\System32\Drivers\sptd.sys The process cannot access the file because it is being used by another process.
PAGE PCIIDEX.SYS!DllUnload 8CC94606 5 Bytes JMP 871D61C8
PAGE ataport.SYS!DllUnload + 1 8CCD6AD7 4 Bytes JMP 865401C9
.text anr7apnt.SYS 8CD5B000 52 Bytes [A0, C7, E1, 83, 44, E8, E1, ...]
.text anr7apnt.SYS 8CD5B035 146 Bytes [00, 00, 00, B0, 6E, A4, 83, ...]
.text anr7apnt.SYS 8CD5B0C8 30 Bytes [00, 34, A7, 83, 00, 00, 00, ...]
.text anr7apnt.SYS 8CD5B0E7 23 Bytes [00, 38, 0F, 00, 00, 00, 00, ...]
.text anr7apnt.SYS 8CD5B0FF 704 Bytes [4E, 0E, 10, 0F, D2, 0D, 94, ...]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x93203000, 0x147F58, 0xE8000020]
.text USBPORT.SYS!DllUnload 92CBED18 5 Bytes JMP 876D21C8
PAGE peauth.sys 9DE45E20 101 Bytes [64, E8, 5F, 9D, 37, 89, 3B, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1508] kernel32.dll!SetUnhandledExceptionFilter 766430E2 4 Bytes [C2, 04, 00, 00]
.text C:\Windows\Explorer.EXE[1900] SHELL32.dll!SHFileOperationW 767F96E0 5 Bytes JMP 036B1102 C:\Program Files\Unlocker\UnlockerHook.dll

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8CAA370C] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8CAA3EEE] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [8CAA420E] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8CAA40CC] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8CAA38F0] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\System32\Drivers\anr7apnt.SYS[USBD.SYS!USBD_CreateConfigurationRequestEx] 10C483FC

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 871DA1E8
Device \Driver\usbuhci \Device\USBPDO-0 877001E8
Device \Driver\usbuhci \Device\USBPDO-1 877001E8
Device \Driver\PCI_PNP5540 \Device\00000052 sptd.sys
Device \Driver\PCI_PNP5540 \Device\00000052 sptd.sys
Device \Driver\usbuhci \Device\USBPDO-2 877001E8
Device \Driver\usbuhci \Device\USBPDO-3 877001E8
Device \Driver\usbehci \Device\USBPDO-4 876FE430

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 864FB1E8
Device \Driver\atapi \Device\Ide\IdePort0 871D81E8
Device \Driver\atapi \Device\Ide\IdePort1 871D81E8
Device \Driver\atapi \Device\Ide\IdePort2 871D81E8
Device \Driver\atapi \Device\Ide\IdePort3 871D81E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-8 871D81E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-6 871D81E8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom1 864FB1E8
Device \Driver\USBSTOR \Device\00000073 874AE1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{D242D67F-7E82-4CF2-8520-8080FEFE8537} 8762B1E8
Device \Driver\USBSTOR \Device\00000075 874AE1E8
Device \Driver\USBSTOR \Device\00000076 874AE1E8
Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl 865391E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8762B1E8
Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-0 877001E8
Device \Driver\usbuhci \Device\USBFDO-1 877001E8
Device \Driver\usbuhci \Device\USBFDO-2 877001E8
Device \Driver\usbuhci \Device\USBFDO-3 877001E8
Device \Driver\usbehci \Device\USBFDO-4 876FE430
Device \Driver\anr7apnt \Device\Scsi\anr7apnt1 874F41E8
Device \FileSystem\cdfs \Cdfs 8893B1E8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAF 0x35 0x2B 0x7A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7A 0x42 0x39 0x6A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x93 0xE0 0x7C 0xC1 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a1 0x10 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x7C 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x36 0x51 0x32 0x83 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x5F 0xEA 0x47 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAF 0x35 0x2B 0x7A ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7A 0x42 0x39 0x6A ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x93 0xE0 0x7C 0xC1 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a1 0x10 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x7C 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x36 0x51 0x32 0x83 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x5F 0xEA 0x47 0x00 ...

---- EOF - GMER 1.0.15 ----















aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-24 09:40:21
-----------------------------
09:40:21.668 OS Version: Windows 6.1.7600
09:40:21.668 Number of processors: 2 586 0x170A
09:40:21.668 ComputerName: SWAGATA-PC UserName: Swagata
09:40:22.058 Initialize success
09:40:25.317 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-6
09:40:25.317 Disk 0 Vendor: WDC_WD3200AAJS-00YZCA0 01.03B01 Size: 305245MB BusType: 3
09:40:25.629 Disk 0 MBR read successfully
09:40:25.629 Disk 0 MBR scan
09:40:25.629 Disk 0 Windows 7 default MBR code
09:40:25.660 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 34999 MB offset 2048
09:40:25.723 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 270244 MB offset 71680000
09:40:25.957 Disk 0 scanning sectors +625139712
09:40:26.238 Disk 0 scanning C:\Windows\system32\drivers
09:41:21.836 Service scanning
09:41:27.608 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
09:41:29.917 Modules scanning
09:42:55.826 Disk 0 trace - called modules:
09:42:55.858
09:42:55.858 Scan finished successfully
09:43:16.949 Disk 0 MBR has been saved successfully to "C:\Users\Swagata\Desktop\MBR.dat "
09:43:16.964 The log file has been saved successfully to "C:\Users\Swagata\Desktop\aswMBR.txt "
















DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421
Run by Swagata at 9:43:30 on 2012-10-24
Microsoft Windows 7 NVIDIA 2010 6.1.7600.0.1252.1.1033.18.3324.2200 [GMT 6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Fraps\fraps.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\DFX\DFX.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Grameenphone Internet\UIMain.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Swagata\Desktop\aswMBR.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe "
dRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dfx.lnk - c:\program files\dfx\DFX.exe
uPolicies-Explorer: NoResolveTrack = dword:1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoSMBalloonTip = dword:1
uPolicies-Explorer: NoDriveAutoRun = dword:67108819
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoSMBalloonTip = dword:1
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: Interfaces\{DD72F517-74F3-4682-A8C0-EAA71F78BD3D} : NameServer = 202.56.4.120 119.30.37.10
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
Hosts: 127.0.0.1 validation.sls.microsoft.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\swagata\appdata\roaming\mozilla\firefox\profiles\9k642y4e.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.windowsxlive.net
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\users\swagata\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - ExtSQL: 2012-10-21 01:03; mozilla_cc@internetdownloadmanager.com; c:\users\swagata\appdata\roaming\idm\idmmzcc5
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2011-8-4 50624]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\drivers\EpfwLWF.sys [2011-8-4 33656]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-7-28 217600]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2011-8-9 163424]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-9-22 974944]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2012-10-10 99192]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2012\TuneUpUtilitiesService32.exe [2012-2-6 1528640]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-7-28 8758784]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-7-28 296448]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-5-14 86656]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-5-15 232512]
R3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;c:\windows\system32\drivers\HSPADataCardusbmdm.sys [2012-5-1 106880]
R3 HSPADataCardusbnmea;HSPADataCard NMEA Port;c:\windows\system32\drivers\HSPADataCardusbnmea.sys [2012-5-1 106880]
R3 HSPADataCardusbser;HSPADataCard Diagnostic Port;c:\windows\system32\drivers\HSPADataCardusbser.sys [2012-5-1 106880]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2012\TuneUpUtilitiesDriver32.sys [2012-2-1 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2012-8-18 340480]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2012-8-18 48768]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2012-5-1 9216]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-1 129976]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-7-19 27192]
.
=============== Created Last 30 ================
.
2012-10-24 03:17:09 -------- d-----w- c:\users\swagata\appdata\roaming\Malwarebytes
2012-10-24 03:16:52 -------- d-----w- c:\programdata\Malwarebytes
2012-10-24 03:16:51 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-24 03:16:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-24 03:14:34 -------- d-----w- C:\gmer
2012-10-20 19:03:27 -------- d-----w- c:\users\swagata\appdata\roaming\IDM
2012-10-20 19:03:27 -------- d-----w- c:\users\swagata\appdata\roaming\DMCache
2012-10-20 19:03:25 -------- d-----w- c:\program files\Internet Download Manager
2012-10-18 18:44:05 -------- d-----w- c:\users\swagata\appdata\roaming\Foxit Software
2012-10-16 04:33:36 -------- d-----w- c:\users\swagata\appdata\local\BigHugeEngine
2012-10-15 09:54:36 -------- d-----w- c:\programdata\KONAMI
2012-10-10 09:36:33 99192 ----a-w- c:\windows\system32\drivers\idmwfp.sys
.
==================== Find3M ====================
.
2012-07-28 04:09:16 5538984 ----a-w- c:\windows\system32\atiumdag.dll
2012-07-28 04:06:48 8758784 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-07-28 03:43:04 58880 ----a-w- c:\windows\system32\coinst_8.982.dll
2012-07-28 02:50:10 20546560 ----a-w- c:\windows\system32\atioglxx.dll
2012-07-28 02:15:50 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-07-28 02:15:42 931328 ----a-w- c:\windows\system32\aticfx32.dll
2012-07-28 02:10:40 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-07-28 02:10:10 469504 ----a-w- c:\windows\system32\atieclxx.exe
2012-07-28 02:09:30 217600 ----a-w- c:\windows\system32\atiesrxx.exe
2012-07-28 02:08:12 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2012-07-28 02:08:02 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-07-28 02:07:52 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-07-28 02:07:10 6430208 ----a-w- c:\windows\system32\atidxx32.dll
2012-07-28 01:35:08 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-07-28 01:35:00 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-07-28 01:32:32 4751872 ----a-w- c:\windows\system32\atiumdva.dll
2012-07-28 01:30:10 13605888 ----a-w- c:\windows\system32\aticaldd.dll
2012-07-28 01:15:20 368640 ----a-w- c:\windows\system32\atiadlxx.dll
2012-07-28 01:15:08 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-07-28 01:14:56 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-07-28 01:14:22 296448 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-07-28 01:13:48 109568 ----a-w- c:\windows\system32\atiuxpag.dll
2012-07-28 01:13:32 83456 ----a-w- c:\windows\system32\atiu9pag.dll
2012-07-28 01:12:54 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-07-28 01:08:36 56832 ----a-w- c:\windows\system32\atimpc32.dll
2012-07-28 01:08:36 56832 ----a-w- c:\windows\system32\amdpcom32.dll
.
============= FINISH: 9:43:42.40 ===============















.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 NVIDIA 2010
Boot Device: \Device\HarddiskVolume2
Install Date: 5/1/2012 7:15:53 PM
System Uptime: 10/24/2012 9:27:30 AM (0 hours ago)
.
Motherboard: Intel Corporation | | DG41WV
Processor: Pentium(R) Dual-Core CPU E5400 @ 2.70GHz | PROCESSOR | 2700/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 34 GiB total, 7.453 GiB free.
E: is CDROM (CDFS)
F: is FIXED (NTFS) - 264 GiB total, 7.644 GiB free.
G: is CDROM ()
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Alan Wake
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ARO 2012
Bonjour
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
DAEMON Tools Pro
Dark Souls Prepare to Die Edition
Dark Souls Prepare To Die Edition version 5.1
DFX
Dishonored version 1.5
ESET Smart Security
Foxit Reader 5.1
Fraps (remove only)
Google Chrome
Grameenphone Internet
IncrediMail
IncrediMail 2.0
Internet Download Manager
iTunes
JunkFilterPlus
K-Lite Mega Codec Pack 9.1.0
Malwarebytes Anti-Malware version 1.65.1.1000
MegaTrainer eXperience V1.1.0.2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Minilyrics
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVC80_x86_v2
Nexus Mod Manager
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA PhysX
OpenAL
PC Connectivity Solution
Pro Evolution Soccer 2013
PunkBuster Services
Realtek High Definition Audio Driver
Recuva
Revo Uninstaller Pro 2.5.7
Rockstar Games Social Club
SpywareBlaster 4.6
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
Ubisoft Game Launcher
Unlocker 1.9.1
Windows Driver Package - Nokia Modem (06/09/2010 4.5)
Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live ID Sign-in Assistant
WinPatrol
WinRAR 4.00 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
10/24/2012 9:27:46 AM, Error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/24/2012 1:11:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
.
==== End Of File ===========================

 

Thank you for the reply.






00:06:11.0545 3808 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
00:06:13.0320 3808 ============================================================
00:06:13.0320 3808 Current date / time: 2012/10/26 00:06:13.0320
00:06:13.0320 3808 SystemInfo:
00:06:13.0320 3808
00:06:13.0320 3808 OS Version: 6.1.7600 ServicePack: 0.0
00:06:13.0320 3808 Product type: Workstation
00:06:13.0320 3808 ComputerName: SWAGATA-PC
00:06:13.0320 3808 UserName: Swagata
00:06:13.0320 3808 Windows directory: C:\Windows
00:06:13.0320 3808 System windows directory: C:\Windows
00:06:13.0320 3808 Processor architecture: Intel x86
00:06:13.0320 3808 Number of processors: 2
00:06:13.0320 3808 Page size: 0x1000
00:06:13.0320 3808 Boot type: Normal boot
00:06:13.0320 3808 ============================================================
00:06:14.0326 3808 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:06:14.0342 3808 Drive \Device\Harddisk2\DR2 - Size: 0x1DE200000 (7.47 Gb), SectorSize: 0x200, Cylinders: 0x3CF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:06:14.0343 3808 ============================================================
00:06:14.0343 3808 \Device\Harddisk0\DR0:
00:06:14.0343 3808 MBR partitions:
00:06:14.0343 3808 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x445B800
00:06:14.0343 3808 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x445C000, BlocksNum 0x20FD2000
00:06:14.0343 3808 \Device\Harddisk2\DR2:
00:06:14.0344 3808 MBR partitions:
00:06:14.0344 3808 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x990, BlocksNum 0xEF0670
00:06:14.0344 3808 ============================================================
00:06:14.0368 3808 C: <-> \Device\Harddisk0\DR0\Partition1
00:06:14.0401 3808 F: <-> \Device\Harddisk0\DR0\Partition2
00:06:14.0402 3808 ============================================================
00:06:14.0402 3808 Initialize success
00:06:14.0402 3808 ============================================================
00:06:27.0341 3844 ============================================================
00:06:27.0341 3844 Scan started
00:06:27.0341 3844 Mode: Manual;
00:06:27.0341 3844 ============================================================
00:06:27.0815 3844 ================ Scan system memory ========================
00:06:27.0815 3844 System memory - ok
00:06:27.0815 3844 ================ Scan services =============================
00:06:27.0932 3844 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
00:06:27.0958 3844 1394ohci - ok
00:06:27.0976 3844 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
00:06:27.0982 3844 ACPI - ok
00:06:27.0995 3844 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
00:06:27.0998 3844 AcpiPmi - ok
00:06:28.0015 3844 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
00:06:28.0049 3844 adp94xx - ok
00:06:28.0056 3844 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
00:06:28.0075 3844 adpahci - ok
00:06:28.0081 3844 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
00:06:28.0099 3844 adpu320 - ok
00:06:28.0120 3844 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:06:28.0120 3844 AeLookupSvc - ok
00:06:28.0147 3844 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys
00:06:28.0173 3844 AFD - ok
00:06:28.0202 3844 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
00:06:28.0218 3844 agp440 - ok
00:06:28.0239 3844 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
00:06:28.0255 3844 aic78xx - ok
00:06:28.0268 3844 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
00:06:28.0271 3844 ALG - ok
00:06:28.0282 3844 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
00:06:28.0297 3844 aliide - ok
00:06:28.0325 3844 [ 87F8E98FCD859D2F0C291DCF9F1A5543 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
00:06:28.0330 3844 AMD External Events Utility - ok
00:06:28.0346 3844 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
00:06:28.0362 3844 amdagp - ok
00:06:28.0372 3844 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
00:06:28.0389 3844 amdide - ok
00:06:28.0401 3844 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
00:06:28.0416 3844 AmdK8 - ok
00:06:28.0554 3844 [ 6617FED21C91E821E3D00484741B302F ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
00:06:28.0700 3844 amdkmdag - ok
00:06:28.0726 3844 [ 0CD80C1ABE5507B4ADBFC8338E3698E0 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
00:06:28.0751 3844 amdkmdap - ok
00:06:28.0768 3844 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
00:06:28.0796 3844 AmdPPM - ok
00:06:28.0821 3844 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
00:06:28.0837 3844 amdsata - ok
00:06:28.0853 3844 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
00:06:28.0878 3844 amdsbs - ok
00:06:28.0892 3844 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\Windows\system32\drivers\amdxata.sys
00:06:28.0908 3844 amdxata - ok
00:06:28.0922 3844 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
00:06:28.0937 3844 AppID - ok
00:06:28.0968 3844 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
00:06:28.0970 3844 AppIDSvc - ok
00:06:28.0984 3844 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
00:06:28.0987 3844 Appinfo - ok
00:06:29.0071 3844 [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:06:29.0075 3844 Apple Mobile Device - ok
00:06:29.0110 3844 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
00:06:29.0115 3844 AppMgmt - ok
00:06:29.0142 3844 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
00:06:29.0158 3844 arc - ok
00:06:29.0164 3844 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
00:06:29.0180 3844 arcsas - ok
00:06:29.0258 3844 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
00:06:29.0262 3844 aspnet_state - ok
00:06:29.0276 3844 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:06:29.0291 3844 AsyncMac - ok
00:06:29.0309 3844 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys
00:06:29.0309 3844 atapi - ok
00:06:29.0333 3844 [ 434192D027A6A11E32E1C74C7C43E1ED ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
00:06:29.0349 3844 AtiHDAudioService - ok
00:06:29.0365 3844 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:06:29.0372 3844 AudioEndpointBuilder - ok
00:06:29.0389 3844 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
00:06:29.0392 3844 Audiosrv - ok
00:06:29.0405 3844 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
00:06:29.0407 3844 AxInstSV - ok
00:06:29.0424 3844 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
00:06:29.0430 3844 b06bdrv - ok
00:06:29.0443 3844 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
00:06:29.0493 3844 b57nd60x - ok
00:06:29.0520 3844 [ B5B0B31BBC69AA89B539CF9A84CEADA3 ] bcm C:\Windows\system32\DRIVERS\drxvi314.sys
00:06:29.0537 3844 bcm - ok
00:06:29.0549 3844 [ BC88FB0A5131CF1384DCEEEE13C59943 ] bcmbusctr C:\Windows\system32\DRIVERS\BcmBusCtr.sys
00:06:29.0564 3844 bcmbusctr - ok
00:06:29.0579 3844 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
00:06:29.0583 3844 BDESVC - ok
00:06:29.0596 3844 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
00:06:29.0610 3844 Beep - ok
00:06:29.0632 3844 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
00:06:29.0640 3844 BFE - ok
00:06:29.0676 3844 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\System32\qmgr.dll
00:06:29.0686 3844 BITS - ok
00:06:29.0704 3844 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
00:06:29.0719 3844 blbdrive - ok
00:06:29.0784 3844 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:06:29.0792 3844 Bonjour Service - ok
00:06:29.0819 3844 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:06:29.0834 3844 bowser - ok
00:06:29.0844 3844 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:06:29.0847 3844 BrFiltLo - ok
00:06:29.0869 3844 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:06:29.0872 3844 BrFiltUp - ok
00:06:29.0901 3844 [ 598E1280E7FF3744F4B8329366CC5635 ] Browser C:\Windows\System32\browser.dll
00:06:29.0904 3844 Browser - ok
00:06:29.0928 3844 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
00:06:29.0934 3844 Brserid - ok
00:06:29.0947 3844 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
00:06:29.0951 3844 BrSerWdm - ok
00:06:29.0959 3844 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
00:06:29.0962 3844 BrUsbMdm - ok
00:06:29.0975 3844 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
00:06:29.0978 3844 BrUsbSer - ok
00:06:29.0994 3844 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
00:06:30.0009 3844 BTHMODEM - ok
00:06:30.0023 3844 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
00:06:30.0025 3844 bthserv - ok
00:06:30.0043 3844 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:06:30.0058 3844 cdfs - ok
00:06:30.0064 3844 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
00:06:30.0092 3844 cdrom - ok
00:06:30.0104 3844 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
00:06:30.0107 3844 CertPropSvc - ok
00:06:30.0118 3844 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
00:06:30.0121 3844 circlass - ok
00:06:30.0135 3844 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
00:06:30.0141 3844 CLFS - ok
00:06:30.0294 3844 [ 4C6406CF07D4EBB70C5774D55C6688FB ] CLHNServiceForPowerDVD12 C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.e xe
00:06:30.0297 3844 CLHNServiceForPowerDVD12 - ok
00:06:30.0341 3844 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:06:30.0345 3844 clr_optimization_v2.0.50727_32 - ok
00:06:30.0370 3844 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:06:30.0397 3844 clr_optimization_v4.0.30319_32 - ok
00:06:30.0417 3844 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
00:06:30.0432 3844 CmBatt - ok
00:06:30.0437 3844 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
00:06:30.0453 3844 cmdide - ok
00:06:30.0490 3844 [ 36C252E474B2FFA0F0FBBFF20D92A640 ] CNG C:\Windows\system32\Drivers\cng.sys
00:06:30.0498 3844 CNG - ok
00:06:30.0503 3844 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
00:06:30.0519 3844 Compbatt - ok
00:06:30.0531 3844 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
00:06:30.0534 3844 CompositeBus - ok
00:06:30.0540 3844 COMSysApp - ok
00:06:30.0547 3844 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
00:06:30.0564 3844 crcdisk - ok
00:06:30.0596 3844 [ 9C231178CE4FB385F4B54B0A9080B8A4 ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:06:30.0600 3844 CryptSvc - ok
00:06:30.0639 3844 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:\Windows\system32\drivers\csc.sys
00:06:30.0681 3844 CSC - ok
00:06:30.0701 3844 [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService C:\Windows\System32\cscsvc.dll
00:06:30.0709 3844 CscService - ok
00:06:30.0831 3844 [ EA22BCA708B37B82ADEBC822A171B92E ] CyberLink PowerDVD 12 Media Server Monitor Service C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
00:06:30.0834 3844 CyberLink PowerDVD 12 Media Server Monitor Service - ok
00:06:30.0842 3844 [ 3168D2F171A64590E7A11355CAE60A1E ] CyberLink PowerDVD 12 Media Server Service C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
00:06:30.0846 3844 CyberLink PowerDVD 12 Media Server Service - ok
00:06:30.0884 3844 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
00:06:30.0890 3844 DcomLaunch - ok
00:06:30.0911 3844 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
00:06:30.0917 3844 defragsvc - ok
00:06:30.0948 3844 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:06:30.0963 3844 DfsC - ok
00:06:30.0984 3844 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
00:06:30.0989 3844 Dhcp - ok
00:06:30.0999 3844 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
00:06:31.0013 3844 discache - ok
00:06:31.0027 3844 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
00:06:31.0043 3844 Disk - ok
00:06:31.0077 3844 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:06:31.0082 3844 Dnscache - ok
00:06:31.0095 3844 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
00:06:31.0108 3844 dot3svc - ok
00:06:31.0124 3844 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
00:06:31.0129 3844 DPS - ok
00:06:31.0161 3844 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:06:31.0176 3844 drmkaud - ok
00:06:31.0200 3844 [ C8EB60A182BEE9AFD6B394C0145A1732 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
00:06:31.0227 3844 dtsoftbus01 - ok
00:06:31.0252 3844 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:06:31.0319 3844 DXGKrnl - ok
00:06:31.0345 3844 [ 04238864710460C5682E260207D06192 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
00:06:31.0370 3844 eamonm - ok
00:06:31.0380 3844 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
00:06:31.0385 3844 EapHost - ok
00:06:31.0458 3844 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
00:06:31.0543 3844 ebdrv - ok
00:06:31.0577 3844 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe
00:06:31.0582 3844 EFS - ok
00:06:31.0600 3844 [ DEFF87F04AB5F6DD5EDF2B80853BBE10 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
00:06:31.0619 3844 ehdrv - ok
00:06:31.0684 3844 [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:06:31.0693 3844 ehRecvr - ok
00:06:31.0729 3844 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
00:06:31.0733 3844 ehSched - ok
00:06:31.0770 3844 [ C7BB95CF9631AA401E4ADED1648F6AF7 ] ekrn C:\Program Files\ESET\ESET Smart Security\ekrn.exe
00:06:31.0778 3844 ekrn - ok
00:06:31.0810 3844 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
00:06:31.0853 3844 elxstor - ok
00:06:31.0879 3844 [ 5BA193CA0AE31209AAA39939CE6736B2 ] epfw C:\Windows\system32\DRIVERS\epfw.sys
00:06:31.0903 3844 epfw - ok
00:06:31.0916 3844 [ 9CEFD59C8E5EBFB48165AEF54617F539 ] EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys
00:06:31.0944 3844 EpfwLWF - ok
00:06:31.0956 3844 [ 7144A06AC105A2A7302944602E415EC1 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys
00:06:31.0971 3844 epfwwfp - ok
00:06:31.0986 3844 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
00:06:32.0000 3844 ErrDev - ok
00:06:32.0051 3844 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
00:06:32.0057 3844 EventSystem - ok
00:06:32.0071 3844 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
00:06:32.0096 3844 exfat - ok
00:06:32.0111 3844 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:06:32.0136 3844 fastfat - ok
00:06:32.0158 3844 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
00:06:32.0168 3844 Fax - ok
00:06:32.0186 3844 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
00:06:32.0213 3844 fdc - ok
00:06:32.0238 3844 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
00:06:32.0241 3844 fdPHost - ok
00:06:32.0255 3844 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
00:06:32.0257 3844 FDResPub - ok
00:06:32.0266 3844 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:06:32.0282 3844 FileInfo - ok
00:06:32.0294 3844 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:06:32.0310 3844 Filetrace - ok
00:06:32.0316 3844 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
00:06:32.0331 3844 flpydisk - ok
00:06:32.0347 3844 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:06:32.0367 3844 FltMgr - ok
00:06:32.0404 3844 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\Windows\system32\FntCache.dll
00:06:32.0415 3844 FontCache - ok
00:06:32.0460 3844 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:06:32.0463 3844 FontCache3.0.0.0 - ok
00:06:32.0476 3844 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
00:06:32.0492 3844 FsDepends - ok
00:06:32.0522 3844 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:06:32.0537 3844 Fs_Rec - ok
00:06:32.0549 3844 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
00:06:32.0581 3844 fvevol - ok
00:06:32.0594 3844 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
00:06:32.0610 3844 gagp30kx - ok
00:06:32.0640 3844 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:06:32.0644 3844 GEARAspiWDM - ok
00:06:32.0680 3844 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
00:06:32.0689 3844 gpsvc - ok
00:06:32.0703 3844 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
00:06:32.0718 3844 hcw85cir - ok
00:06:32.0748 3844 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:06:32.0806 3844 HdAudAddService - ok
00:06:32.0840 3844 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
00:06:32.0843 3844 HDAudBus - ok
00:06:32.0859 3844 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
00:06:32.0875 3844 HidBatt - ok
00:06:32.0891 3844 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
00:06:32.0907 3844 HidBth - ok
00:06:32.0912 3844 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
00:06:32.0929 3844 HidIr - ok
00:06:32.0945 3844 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
00:06:32.0949 3844 hidserv - ok
00:06:32.0961 3844 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
00:06:32.0976 3844 HidUsb - ok
00:06:33.0005 3844 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
00:06:33.0009 3844 hkmsvc - ok
00:06:33.0021 3844 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:06:33.0025 3844 HomeGroupListener - ok
00:06:33.0047 3844 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:06:33.0052 3844 HomeGroupProvider - ok
00:06:33.0059 3844 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
00:06:33.0088 3844 HpSAMD - ok
00:06:33.0111 3844 [ 45D52161779745EFB6B20A9BD80A187C ] HSPADataCardusbmdm C:\Windows\system32\DRIVERS\HSPADataCardusbmdm.sys
00:06:33.0116 3844 HSPADataCardusbmdm - ok
00:06:33.0127 3844 [ 45D52161779745EFB6B20A9BD80A187C ] HSPADataCardusbnmea C:\Windows\system32\DRIVERS\HSPADataCardusbnmea.sys
00:06:33.0129 3844 HSPADataCardusbnmea - ok
00:06:33.0143 3844 [ 45D52161779745EFB6B20A9BD80A187C ] HSPADataCardusbser C:\Windows\system32\DRIVERS\HSPADataCardusbser.sys
00:06:33.0145 3844 HSPADataCardusbser - ok
00:06:33.0170 3844 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:06:33.0194 3844 HTTP - ok
00:06:33.0209 3844 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
00:06:33.0224 3844 hwpolicy - ok
00:06:33.0236 3844 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
00:06:33.0252 3844 i8042prt - ok
00:06:33.0279 3844 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
00:06:33.0304 3844 iaStorV - ok
00:06:33.0323 3844 [ 3240213B26BB814995AE0027313851F7 ] IDMWFP C:\Windows\system32\DRIVERS\idmwfp.sys
00:06:33.0329 3844 IDMWFP - ok
00:06:33.0366 3844 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:06:33.0384 3844 idsvc - ok
00:06:33.0404 3844 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
00:06:33.0419 3844 iirsp - ok
00:06:33.0457 3844 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
00:06:33.0467 3844 IKEEXT - ok
00:06:33.0551 3844 [ 345AC48D17F5C2F2AA1EE50D34C3978B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
00:06:33.0628 3844 IntcAzAudAddService - ok
00:06:33.0643 3844 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
00:06:33.0658 3844 intelide - ok
00:06:33.0673 3844 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:06:33.0688 3844 intelppm - ok
00:06:33.0699 3844 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:06:33.0703 3844 IPBusEnum - ok
00:06:33.0718 3844 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:06:33.0735 3844 IpFilterDriver - ok
00:06:33.0755 3844 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
00:06:33.0763 3844 iphlpsvc - ok
00:06:33.0769 3844 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
00:06:33.0785 3844 IPMIDRV - ok
00:06:33.0791 3844 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
00:06:33.0819 3844 IPNAT - ok
00:06:33.0852 3844 [ 33642C17C232AA272C68E446A2619899 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
00:06:33.0864 3844 iPod Service - ok
00:06:33.0876 3844 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:06:33.0891 3844 IRENUM - ok
00:06:33.0903 3844 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
00:06:33.0931 3844 isapnp - ok
00:06:33.0946 3844 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
00:06:33.0971 3844 iScsiPrt - ok
00:06:33.0983 3844 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
00:06:33.0999 3844 kbdclass - ok
00:06:34.0013 3844 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
00:06:34.0040 3844 kbdhid - ok
00:06:34.0052 3844 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe
00:06:34.0054 3844 KeyIso - ok
00:06:34.0082 3844 [ 0263364ACB9C834ACE52FB85C2C064EC ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:06:34.0085 3844 KSecDD - ok
00:06:34.0103 3844 [ 27391DB553BE2A4E2B0ADEEA2873B2AF ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
00:06:34.0120 3844 KSecPkg - ok
00:06:34.0148 3844 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
00:06:34.0155 3844 KtmRm - ok
00:06:34.0188 3844 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\system32\srvsvc.dll
00:06:34.0195 3844 LanmanServer - ok
00:06:34.0230 3844 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:06:34.0235 3844 LanmanWorkstation - ok
00:06:34.0253 3844 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:06:34.0269 3844 lltdio - ok
00:06:34.0311 3844 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:06:34.0315 3844 lltdsvc - ok
00:06:34.0321 3844 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
00:06:34.0325 3844 lmhosts - ok
00:06:34.0336 3844 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
00:06:34.0353 3844 LSI_FC - ok
00:06:34.0360 3844 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
00:06:34.0376 3844 LSI_SAS - ok
00:06:34.0383 3844 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:06:34.0411 3844 LSI_SAS2 - ok
00:06:34.0417 3844 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:06:34.0437 3844 LSI_SCSI - ok
00:06:34.0442 3844 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
00:06:34.0459 3844 luafv - ok
00:06:34.0471 3844 [ 79EC6C0033776F89DD5131241F0170E1 ] massfilter C:\Windows\system32\drivers\massfilter.sys
00:06:34.0486 3844 massfilter - ok
00:06:34.0519 3844 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:06:34.0523 3844 Mcx2Svc - ok
00:06:34.0538 3844 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
00:06:34.0566 3844 megasas - ok
00:06:34.0573 3844 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
00:06:34.0591 3844 MegaSR - ok
00:06:34.0606 3844 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
00:06:34.0611 3844 MMCSS - ok
00:06:34.0626 3844 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
00:06:34.0640 3844 Modem - ok
00:06:34.0653 3844 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:06:34.0680 3844 monitor - ok
00:06:34.0692 3844 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
00:06:34.0708 3844 mouclass - ok
00:06:34.0723 3844 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:06:34.0738 3844 mouhid - ok
00:06:34.0754 3844 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
00:06:34.0770 3844 mountmgr - ok
00:06:34.0788 3844 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
00:06:34.0792 3844 MozillaMaintenance - ok
00:06:34.0810 3844 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
00:06:34.0820 3844 MpFilter - ok
00:06:34.0826 3844 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
00:06:34.0843 3844 mpio - ok
00:06:34.0850 3844 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:06:34.0866 3844 mpsdrv - ok
00:06:34.0890 3844 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll
00:06:34.0900 3844 MpsSvc - ok
00:06:34.0910 3844 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:06:35.0149 3844 MRxDAV - ok
00:06:35.0165 3844 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:06:35.0213 3844 mrxsmb - ok
00:06:35.0229 3844 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:06:35.0246 3844 mrxsmb10 - ok
00:06:35.0252 3844 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:06:35.0281 3844 mrxsmb20 - ok
00:06:35.0291 3844 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
00:06:35.0307 3844 msahci - ok
00:06:35.0313 3844 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
00:06:35.0330 3844 msdsm - ok
00:06:35.0340 3844 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
00:06:35.0347 3844 MSDTC - ok
00:06:35.0365 3844 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:06:35.0380 3844 Msfs - ok
00:06:35.0388 3844 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
00:06:35.0403 3844 mshidkmdf - ok
00:06:35.0405 3844 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
00:06:35.0420 3844 msisadrv - ok
00:06:35.0438 3844 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:06:35.0441 3844 MSiSCSI - ok
00:06:35.0444 3844 msiserver - ok
00:06:35.0454 3844 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:06:35.0457 3844 MSKSSRV - ok
00:06:35.0492 3844 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
00:06:35.0495 3844 MsMpSvc - ok
00:06:35.0509 3844 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:06:35.0523 3844 MSPCLOCK - ok
00:06:35.0538 3844 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:06:35.0540 3844 MSPQM - ok
00:06:35.0550 3844 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:06:35.0555 3844 MsRPC - ok
00:06:35.0570 3844 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
00:06:35.0585 3844 mssmbios - ok
00:06:35.0596 3844 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:06:35.0610 3844 MSTEE - ok
00:06:35.0623 3844 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
00:06:35.0638 3844 MTConfig - ok
00:06:35.0648 3844 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
00:06:35.0651 3844 Mup - ok
00:06:35.0683 3844 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
00:06:35.0690 3844 napagent - ok
00:06:35.0709 3844 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:06:35.0735 3844 NativeWifiP - ok
00:06:35.0748 3844 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
00:06:35.0771 3844 NDIS - ok
00:06:35.0784 3844 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
00:06:35.0800 3844 NdisCap - ok
00:06:35.0805 3844 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:06:35.0808 3844 NdisTapi - ok
00:06:35.0822 3844 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:06:35.0850 3844 Ndisuio - ok
00:06:35.0865 3844 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:06:35.0882 3844 NdisWan - ok
00:06:35.0897 3844 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:06:35.0913 3844 NDProxy - ok
00:06:35.0929 3844 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:06:35.0954 3844 NetBIOS - ok
00:06:35.0972 3844 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
00:06:35.0991 3844 NetBT - ok

 

00:06:36.0003 3844 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe
00:06:36.0004 3844 Netlogon - ok
00:06:36.0028 3844 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
00:06:36.0035 3844 Netman - ok
00:06:36.0063 3844 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:06:36.0080 3844 NetMsmqActivator - ok
00:06:36.0085 3844 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:06:36.0087 3844 NetPipeActivator - ok
00:06:36.0106 3844 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
00:06:36.0143 3844 netprofm - ok
00:06:36.0173 3844 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:06:36.0174 3844 NetTcpActivator - ok
00:06:36.0217 3844 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:06:36.0218 3844 NetTcpPortSharing - ok
00:06:36.0248 3844 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
00:06:36.0267 3844 nfrd960 - ok
00:06:36.0281 3844 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
00:06:36.0287 3844 NlaSvc - ok
00:06:36.0314 3844 [ C3963D85B721A7F80D8A55F4E2867A3A ] nmwcd C:\Windows\system32\drivers\ccdcmb.sys
00:06:36.0329 3844 nmwcd - ok
00:06:36.0343 3844 [ 3859C69A77793180548802DAC9F34A38 ] nmwcdc C:\Windows\system32\drivers\ccdcmbo.sys
00:06:36.0345 3844 nmwcdc - ok
00:06:36.0352 3844 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:06:36.0369 3844 Npfs - ok
00:06:36.0383 3844 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
00:06:36.0386 3844 nsi - ok
00:06:36.0402 3844 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:06:36.0416 3844 nsiproxy - ok
00:06:36.0449 3844 [ 187002CE05693C306F43C873F821381F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:06:36.0477 3844 Ntfs - ok
00:06:36.0521 3844 [ 4A6A8C2882EA29F7CAE995E82C259EEB ] ntk_PowerDVD12 C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys
00:06:36.0525 3844 ntk_PowerDVD12 - ok
00:06:36.0542 3844 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
00:06:36.0557 3844 Null - ok
00:06:36.0567 3844 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:06:36.0583 3844 nvraid - ok
00:06:36.0608 3844 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:06:36.0639 3844 nvstor - ok
00:06:36.0648 3844 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
00:06:36.0664 3844 nv_agp - ok
00:06:36.0674 3844 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
00:06:36.0678 3844 ohci1394 - ok
00:06:36.0708 3844 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
00:06:36.0714 3844 p2pimsvc - ok
00:06:36.0728 3844 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
00:06:36.0735 3844 p2psvc - ok
00:06:36.0761 3844 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
00:06:36.0777 3844 Parport - ok
00:06:36.0799 3844 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:06:36.0827 3844 partmgr - ok
00:06:36.0840 3844 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
00:06:36.0855 3844 Parvdm - ok
00:06:36.0873 3844 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
00:06:36.0878 3844 PcaSvc - ok
00:06:36.0913 3844 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
00:06:36.0917 3844 pccsmcfd - ok
00:06:36.0923 3844 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys
00:06:36.0940 3844 pci - ok
00:06:36.0945 3844 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
00:06:36.0961 3844 pciide - ok
00:06:36.0979 3844 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
00:06:37.0005 3844 pcmcia - ok
00:06:37.0012 3844 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
00:06:37.0029 3844 pcw - ok
00:06:37.0052 3844 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:06:37.0060 3844 PEAUTH - ok
00:06:37.0100 3844 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
00:06:37.0125 3844 PeerDistSvc - ok
00:06:37.0170 3844 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
00:06:37.0190 3844 pla - ok
00:06:37.0218 3844 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:06:37.0225 3844 PlugPlay - ok
00:06:37.0247 3844 [ 3A2E85F7D90D15460C337CE80C2E3B29 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
00:06:37.0253 3844 PnkBstrA - ok
00:06:37.0269 3844 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
00:06:37.0272 3844 PNRPAutoReg - ok
00:06:37.0292 3844 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
00:06:37.0295 3844 PNRPsvc - ok
00:06:37.0333 3844 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:06:37.0339 3844 PolicyAgent - ok
00:06:37.0355 3844 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
00:06:37.0361 3844 Power - ok
00:06:37.0388 3844 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:06:37.0405 3844 PptpMiniport - ok
00:06:37.0417 3844 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
00:06:37.0432 3844 Processor - ok
00:06:37.0447 3844 [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc C:\Windows\system32\profsvc.dll
00:06:37.0453 3844 ProfSvc - ok
00:06:37.0460 3844 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:06:37.0461 3844 ProtectedStorage - ok
00:06:37.0477 3844 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
00:06:37.0494 3844 Psched - ok
00:06:37.0538 3844 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
00:06:37.0574 3844 ql2300 - ok
00:06:37.0580 3844 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
00:06:37.0598 3844 ql40xx - ok
00:06:37.0612 3844 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
00:06:37.0618 3844 QWAVE - ok
00:06:37.0630 3844 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:06:37.0645 3844 QWAVEdrv - ok
00:06:37.0660 3844 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:06:37.0675 3844 RasAcd - ok
00:06:37.0683 3844 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
00:06:37.0699 3844 RasAgileVpn - ok
00:06:37.0709 3844 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
00:06:37.0714 3844 RasAuto - ok
00:06:37.0728 3844 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:06:37.0745 3844 Rasl2tp - ok
00:06:37.0766 3844 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
00:06:37.0773 3844 RasMan - ok
00:06:37.0789 3844 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:06:37.0804 3844 RasPppoe - ok
00:06:37.0831 3844 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:06:37.0848 3844 RasSstp - ok
00:06:37.0868 3844 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:06:37.0893 3844 rdbss - ok
00:06:37.0899 3844 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
00:06:37.0914 3844 rdpbus - ok
00:06:37.0924 3844 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:06:37.0939 3844 RDPCDD - ok
00:06:37.0967 3844 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
00:06:37.0971 3844 RDPDR - ok
00:06:37.0984 3844 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:06:37.0999 3844 RDPENCDD - ok
00:06:38.0007 3844 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
00:06:38.0024 3844 RDPREFMP - ok
00:06:38.0053 3844 [ 0399C725A9C95A6F1862B93F008DDF4A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:06:38.0078 3844 RDPWD - ok
00:06:38.0095 3844 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
00:06:38.0121 3844 rdyboost - ok
00:06:38.0167 3844 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
00:06:38.0170 3844 RemoteAccess - ok
00:06:38.0197 3844 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:06:38.0202 3844 RemoteRegistry - ok
00:06:38.0229 3844 [ B9BB8E2093C1615AD6EA55AD96214354 ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys
00:06:38.0233 3844 Revoflt - ok
00:06:38.0265 3844 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
00:06:38.0269 3844 RpcEptMapper - ok
00:06:38.0292 3844 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
00:06:38.0296 3844 RpcLocator - ok
00:06:38.0316 3844 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
00:06:38.0320 3844 RpcSs - ok
00:06:38.0345 3844 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:06:38.0373 3844 rspndr - ok
00:06:38.0395 3844 [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
00:06:38.0420 3844 RTL8167 - ok
00:06:38.0444 3844 [ 5423D8437051E89DD34749F242C98648 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
00:06:38.0458 3844 s3cap - ok
00:06:38.0468 3844 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe
00:06:38.0470 3844 SamSs - ok
00:06:38.0483 3844 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
00:06:38.0499 3844 sbp2port - ok
00:06:38.0517 3844 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:06:38.0523 3844 SCardSvr - ok
00:06:38.0530 3844 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
00:06:38.0534 3844 scfilter - ok
00:06:38.0567 3844 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll
00:06:38.0583 3844 Schedule - ok
00:06:38.0595 3844 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
00:06:38.0597 3844 SCPolicySvc - ok
00:06:38.0610 3844 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:06:38.0616 3844 SDRSVC - ok
00:06:38.0634 3844 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:06:38.0649 3844 secdrv - ok
00:06:38.0659 3844 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
00:06:38.0663 3844 seclogon - ok
00:06:38.0680 3844 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
00:06:38.0684 3844 SENS - ok
00:06:38.0717 3844 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
00:06:38.0721 3844 SensrSvc - ok
00:06:38.0729 3844 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
00:06:38.0744 3844 Serenum - ok
00:06:38.0760 3844 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
00:06:38.0776 3844 Serial - ok
00:06:38.0781 3844 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
00:06:38.0798 3844 sermouse - ok
00:06:38.0853 3844 [ 2D841B7B7F6DEC32162EDFCC69D61F42 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
00:06:38.0863 3844 ServiceLayer - ok
00:06:38.0884 3844 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
00:06:38.0889 3844 SessionEnv - ok
00:06:38.0906 3844 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
00:06:38.0920 3844 sffdisk - ok
00:06:38.0925 3844 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
00:06:38.0940 3844 sffp_mmc - ok
00:06:38.0945 3844 [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
00:06:38.0961 3844 sffp_sd - ok
00:06:38.0972 3844 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
00:06:38.0987 3844 sfloppy - ok
00:06:39.0025 3844 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
00:06:39.0033 3844 SharedAccess - ok
00:06:39.0046 3844 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:06:39.0054 3844 ShellHWDetection - ok
00:06:39.0064 3844 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
00:06:39.0081 3844 sisagp - ok
00:06:39.0091 3844 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:06:39.0119 3844 SiSRaid2 - ok
00:06:39.0127 3844 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
00:06:39.0157 3844 SiSRaid4 - ok
00:06:39.0164 3844 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:06:39.0180 3844 Smb - ok
00:06:39.0199 3844 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:06:39.0203 3844 SNMPTRAP - ok
00:06:39.0219 3844 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
00:06:39.0222 3844 spldr - ok
00:06:39.0247 3844 [ D1BB750EB51694DE183E08B9C33BE5B2 ] Spooler C:\Windows\System32\spoolsv.exe
00:06:39.0255 3844 Spooler - ok
00:06:39.0314 3844 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
00:06:39.0361 3844 sppsvc - ok
00:06:39.0381 3844 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
00:06:39.0386 3844 sppuinotify - ok
00:06:39.0402 3844 [ 8EA0FD60A5B047E0C734D51AACE531C9 ] sptd C:\Windows\System32\Drivers\sptd.sys
00:06:39.0470 3844 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: 8EA0FD60A5B047E0C734D51AACE531C9
00:06:39.0471 3844 sptd ( LockedFile.Multi.Generic ) - warning
00:06:39.0471 3844 sptd - detected LockedFile.Multi.Generic (1)
00:06:39.0484 3844 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys
00:06:39.0503 3844 srv - ok
00:06:39.0522 3844 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:06:39.0540 3844 srv2 - ok
00:06:39.0556 3844 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:06:39.0584 3844 srvnet - ok
00:06:39.0599 3844 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:06:39.0605 3844 SSDPSRV - ok
00:06:39.0630 3844 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:06:39.0635 3844 SstpSvc - ok
00:06:39.0660 3844 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
00:06:39.0675 3844 stexstor - ok
00:06:39.0704 3844 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
00:06:39.0713 3844 StiSvc - ok
00:06:39.0727 3844 [ 957E346CA948668F2496A6CCF6FF82CC ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
00:06:39.0742 3844 storflt - ok
00:06:39.0754 3844 [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
00:06:39.0769 3844 storvsc - ok
00:06:39.0797 3844 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
00:06:39.0800 3844 swenum - ok
00:06:39.0818 3844 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
00:06:39.0825 3844 swprv - ok
00:06:39.0853 3844 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
00:06:39.0884 3844 SysMain - ok
00:06:39.0895 3844 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:06:39.0900 3844 TabletInputService - ok
00:06:39.0920 3844 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
00:06:39.0926 3844 TapiSrv - ok
00:06:39.0950 3844 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
00:06:39.0954 3844 TBS - ok
00:06:39.0996 3844 [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:06:40.0030 3844 Tcpip - ok
00:06:40.0058 3844 [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
00:06:40.0065 3844 TCPIP6 - ok
00:06:40.0097 3844 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:06:40.0113 3844 tcpipreg - ok
00:06:40.0126 3844 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:06:40.0141 3844 TDPIPE - ok
00:06:40.0152 3844 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:06:40.0168 3844 TDTCP - ok
00:06:40.0195 3844 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:06:40.0223 3844 tdx - ok
00:06:40.0230 3844 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
00:06:40.0234 3844 TermDD - ok
00:06:40.0256 3844 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
00:06:40.0265 3844 TermService - ok
00:06:40.0292 3844 [ A66277FB1FACE9EDF23829F791803F4F ] Themes C:\Windows\system32\themeservice.dll
00:06:40.0297 3844 Themes - ok
00:06:40.0306 3844 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
00:06:40.0308 3844 THREADORDER - ok
00:06:40.0322 3844 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
00:06:40.0326 3844 TrkWks - ok
00:06:40.0366 3844 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:06:40.0372 3844 TrustedInstaller - ok
00:06:40.0388 3844 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:06:40.0429 3844 tssecsrv - ok
00:06:40.0492 3844 [ 1EBA9D9B118106CCB80B19B893A4AA79 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
00:06:40.0519 3844 TuneUp.UtilitiesSvc - ok
00:06:40.0530 3844 [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
00:06:40.0533 3844 TuneUpUtilitiesDrv - ok
00:06:40.0546 3844 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:06:40.0589 3844 tunnel - ok
00:06:40.0596 3844 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
00:06:40.0612 3844 uagp35 - ok
00:06:40.0625 3844 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:06:40.0644 3844 udfs - ok
00:06:40.0684 3844 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:06:40.0689 3844 UI0Detect - ok
00:06:40.0696 3844 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
00:06:40.0712 3844 uliagpkx - ok
00:06:40.0725 3844 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
00:06:40.0740 3844 umbus - ok
00:06:40.0750 3844 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
00:06:40.0766 3844 UmPass - ok
00:06:40.0793 3844 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService C:\Windows\System32\umrdp.dll
00:06:40.0799 3844 UmRdpService - ok
00:06:40.0853 3844 [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
00:06:40.0855 3844 UnlockerDriver5 - ok
00:06:40.0881 3844 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
00:06:40.0889 3844 upnphost - ok
00:06:40.0908 3844 [ 0CCADC7391021376EDBB8AA649D04E68 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
00:06:40.0910 3844 upperdev - ok
00:06:40.0921 3844 [ C31AE588E403042632DC796CF09E30B0 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:06:40.0950 3844 usbccgp - ok
00:06:40.0969 3844 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
00:06:40.0988 3844 usbcir - ok
00:06:41.0010 3844 [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
00:06:41.0026 3844 usbehci - ok
00:06:41.0044 3844 [ BDCD7156EC37448F08633FD899823620 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
00:06:41.0078 3844 usbhub - ok
00:06:41.0083 3844 [ EB2D819A639015253C871CDA09D91D58 ] usbohci C:\Windows\system32\drivers\usbohci.sys
00:06:41.0099 3844 usbohci - ok
00:06:41.0113 3844 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
00:06:41.0128 3844 usbprint - ok
00:06:41.0137 3844 [ 88701ECA76145E2C011C0EEFF0F7B70E ] usbser C:\Windows\system32\drivers\usbser.sys
00:06:41.0152 3844 usbser - ok
00:06:41.0165 3844 [ 68B4F83CCCF70A2FF32EE142C234332A ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
00:06:41.0167 3844 UsbserFilt - ok
00:06:41.0179 3844 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:06:41.0194 3844 USBSTOR - ok
00:06:41.0207 3844 [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
00:06:41.0222 3844 usbuhci - ok
00:06:41.0250 3844 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
00:06:41.0282 3844 UxSms - ok
00:06:41.0294 3844 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe
00:06:41.0296 3844 VaultSvc - ok
00:06:41.0309 3844 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
00:06:41.0324 3844 vdrvroot - ok
00:06:41.0349 3844 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
00:06:41.0359 3844 vds - ok
00:06:41.0368 3844 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:06:41.0384 3844 vga - ok
00:06:41.0392 3844 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
00:06:41.0419 3844 VgaSave - ok
00:06:41.0429 3844 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
00:06:41.0454 3844 vhdmp - ok
00:06:41.0459 3844 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
00:06:41.0477 3844 viaagp - ok
00:06:41.0482 3844 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
00:06:41.0705 3844 ViaC7 - ok
00:06:41.0718 3844 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
00:06:41.0733 3844 viaide - ok
00:06:41.0752 3844 [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
00:06:41.0757 3844 vmbus - ok
00:06:41.0771 3844 [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
00:06:41.0774 3844 VMBusHID - ok
00:06:41.0781 3844 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
00:06:41.0797 3844 volmgr - ok
00:06:41.0806 3844 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:06:41.0832 3844 volmgrx - ok
00:06:41.0843 3844 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
00:06:41.0874 3844 volsnap - ok
00:06:41.0881 3844 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
00:06:41.0898 3844 vsmraid - ok
00:06:41.0924 3844 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
00:06:41.0940 3844 VSS - ok
00:06:41.0956 3844 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
00:06:41.0985 3844 vwifibus - ok
00:06:42.0001 3844 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
00:06:42.0008 3844 W32Time - ok
00:06:42.0016 3844 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
00:06:42.0033 3844 WacomPen - ok
00:06:42.0038 3844 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
00:06:42.0054 3844 WANARP - ok
00:06:42.0058 3844 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:06:42.0059 3844 Wanarpv6 - ok
00:06:42.0089 3844 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
00:06:42.0122 3844 wbengine - ok
00:06:42.0136 3844 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
00:06:42.0142 3844 WbioSrvc - ok
00:06:42.0168 3844 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:06:42.0174 3844 wcncsvc - ok
00:06:42.0190 3844 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:06:42.0194 3844 WcsPlugInService - ok
00:06:42.0204 3844 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
00:06:42.0219 3844 Wd - ok
00:06:42.0244 3844 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:06:42.0286 3844 Wdf01000 - ok
00:06:42.0299 3844 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:06:42.0304 3844 WdiServiceHost - ok
00:06:42.0308 3844 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:06:42.0311 3844 WdiSystemHost - ok
00:06:42.0343 3844 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\Windows\System32\webclnt.dll
00:06:42.0350 3844 WebClient - ok
00:06:42.0364 3844 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:06:42.0369 3844 Wecsvc - ok
00:06:42.0380 3844 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:06:42.0385 3844 wercplsupport - ok
00:06:42.0398 3844 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
00:06:42.0403 3844 WerSvc - ok
00:06:42.0421 3844 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
00:06:42.0436 3844 WfpLwf - ok
00:06:42.0450 3844 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
00:06:42.0465 3844 WIMMount - ok
00:06:42.0511 3844 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
00:06:42.0520 3844 WinDefend - ok
00:06:42.0531 3844 WinHttpAutoProxySvc - ok
00:06:42.0583 3844 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:06:42.0586 3844 Winmgmt - ok
00:06:42.0630 3844 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
00:06:42.0663 3844 WinRM - ok
00:06:42.0698 3844 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
00:06:42.0701 3844 WinUsb - ok
00:06:42.0730 3844 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
00:06:42.0746 3844 Wlansvc - ok
00:06:42.0808 3844 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:06:42.0835 3844 wlidsvc - ok
00:06:42.0852 3844 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
00:06:42.0866 3844 WmiAcpi - ok
00:06:42.0893 3844 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:06:42.0898 3844 wmiApSrv - ok
00:06:42.0956 3844 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
00:06:42.0972 3844 WMPNetworkSvc - ok
00:06:42.0993 3844 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:06:42.0997 3844 WPCSvc - ok
00:06:43.0011 3844 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:06:43.0016 3844 WPDBusEnum - ok
00:06:43.0037 3844 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:06:43.0052 3844 ws2ifsl - ok
00:06:43.0084 3844 [ A661A76333057B383A06E65F0073222F ] wscsvc C:\Windows\System32\wscsvc.dll
00:06:43.0089 3844 wscsvc - ok
00:06:43.0097 3844 WSearch - ok
00:06:43.0150 3844 [ A33408CC036F9C08142B11BE5E93F0A1 ] wuauserv C:\Windows\system32\wuaueng.dll
00:06:43.0187 3844 wuauserv - ok
00:06:43.0199 3844 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
00:06:43.0215 3844 WudfPf - ok
00:06:43.0221 3844 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:06:43.0227 3844 WUDFRd - ok
00:06:43.0246 3844 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:06:43.0251 3844 wudfsvc - ok
00:06:43.0264 3844 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
00:06:43.0270 3844 WwanSvc - ok
00:06:43.0386 3844 [ 74EC37B9EAF9FCA015B933A526825C7A ] {329F96B6-DF1E-4328-BFDA-39EA953C1312} C:\Program Files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl
00:06:43.0390 3844 {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
00:06:43.0404 3844 ================ Scan global ===============================
00:06:43.0432 3844 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
00:06:43.0450 3844 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
00:06:43.0461 3844 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
00:06:43.0486 3844 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
00:06:43.0523 3844 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
00:06:43.0528 3844 [Global] - ok
00:06:43.0528 3844 ================ Scan MBR ==================================
00:06:43.0534 3844 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:06:43.0852 3844 \Device\Harddisk0\DR0 - ok
00:06:43.0857 3844 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
00:06:45.0905 3844 \Device\Harddisk2\DR2 - ok
00:06:45.0906 3844 ================ Scan VBR ==================================
00:06:45.0916 3844 [ 34AE96F34E95126312BBF6419E1C6AF4 ] \Device\Harddisk0\DR0\Partition1
00:06:45.0917 3844 \Device\Harddisk0\DR0\Partition1 - ok
00:06:45.0921 3844 [ DBE4A98E3BD897E01FF4412BC57D61FA ] \Device\Harddisk0\DR0\Partition2
00:06:45.0922 3844 \Device\Harddisk0\DR0\Partition2 - ok
00:06:45.0929 3844 [ 59A207CE056C444DE01F4C3137C2D9B3 ] \Device\Harddisk2\DR2\Partition1
00:06:45.0932 3844 \Device\Harddisk2\DR2\Partition1 - ok
00:06:45.0932 3844 ============================================================
00:06:45.0932 3844 Scan finished
00:06:45.0932 3844 ============================================================
00:06:45.0946 2176 Detected object count: 1
00:06:45.0946 2176 Actual detected object count: 1
00:07:17.0189 2176 sptd ( LockedFile.Multi.Generic ) - skipped by user
00:07:17.0189 2176 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

 

RogueKiller V8.2.0 [10/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : Swagata [Admin rights]
Mode : Scan -- Date : 10/26/2012 00:09:25

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312} (\??\C:\Program Files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{DD72F517-74F3-4682-A8C0-EAA71F78BD3D} : NameServer (202.56.4.120 119.30.37.10) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
IRP[IRP_MJ_CREATE] : \SystemRoot\System32\drivers\mountmgr.sys -> HOOKED ([MAJOR] Unknown @ 0x8632C1E8)
IRP[IRP_MJ_CLOSE] : \SystemRoot\System32\drivers\mountmgr.sys -> HOOKED ([MAJOR] Unknown @ 0x8632C1E8)
IRP[IRP_MJ_DEVICE_CONTROL] : \SystemRoot\System32\drivers\mountmgr.sys -> HOOKED ([MAJOR] Unknown @ 0x8632C1E8)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : \SystemRoot\System32\drivers\mountmgr.sys -> HOOKED ([MAJOR] Unknown @ 0x8632C1E8)
IRP[IRP_MJ_POWER] : \SystemRoot\System32\drivers\mountmgr.sys -> HOOKED ([MAJOR] Unknown @ 0x8632C1E8)
IRP[IRP_MJ_SYSTEM_CONTROL] : \SystemRoot\System32\drivers\mountmgr.sys -> HOOKED ([MAJOR] Unknown @ 0x8632C1E8)
IRP[IRP_MJ_PNP] : \SystemRoot\System32\drivers\mountmgr.sys -> HOOKED ([MAJOR] Unknown @ 0x8632C1E8)

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 validation.sls.microsoft.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200AAJS-00YZCA0 ATA Device +++++
--- User ---
[MBR] 8c3eebeb88d40eb961825bcf19a93004
[BSP] b82fee0f675efc861fbf14cb88815117 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 34999 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 71680000 | Size: 270244 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: JetFlash Transcend 8GB USB Device +++++
--- User ---
[MBR] 90c86b1643932b7df5c666b2515b315b
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2448 | Size: 7648 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt










RogueKiller V8.2.0 [10/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : Swagata [Admin rights]
Mode : Remove -- Date : 10/26/2012 00:09:45

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312} (\??\C:\Program Files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl) -> DELETED
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{DD72F517-74F3-4682-A8C0-EAA71F78BD3D} : NameServer (202.56.4.120 119.30.37.10) -> NOT REMOVED, USE DNSFIX
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
IRP[IRP_MJ_CREATE] : \SystemRoot\System32\drivers\mountmgr.sys -> HOOKED ([MAJOR] Unknown @ 0x8632C1E8)
IRP[IRP_MJ_CLOSE] : \SystemRoot\System32\drivers\mountmgr.sys -> HOOKED ([MAJOR] Unknown @ 0x8632C1E8)
IRP[IRP_MJ_DEVICE_CONTROL] : \SystemRoot\System32\drivers\mountmgr.sys -> HOOKED ([MAJOR] Unknown @ 0x8632C1E8)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : \SystemRoot\System32\drivers\mountmgr.sys -> HOOKED ([MAJOR] Unknown @ 0x8632C1E8)
IRP[IRP_MJ_POWER] : \SystemRoot\System32\drivers\mountmgr.sys -> HOOKED ([MAJOR] Unknown @ 0x8632C1E8)
IRP[IRP_MJ_SYSTEM_CONTROL] : \SystemRoot\System32\drivers\mountmgr.sys -> HOOKED ([MAJOR] Unknown @ 0x8632C1E8)
IRP[IRP_MJ_PNP] : \SystemRoot\System32\drivers\mountmgr.sys -> HOOKED ([MAJOR] Unknown @ 0x8632C1E8)

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 validation.sls.microsoft.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200AAJS-00YZCA0 ATA Device +++++
--- User ---
[MBR] 8c3eebeb88d40eb961825bcf19a93004
[BSP] b82fee0f675efc861fbf14cb88815117 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 34999 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 71680000 | Size: 270244 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: JetFlash Transcend 8GB USB Device +++++
--- User ---
[MBR] 90c86b1643932b7df5c666b2515b315b
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2448 | Size: 7648 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

 

ComboFix 12-10-25.01 - Swagata 10/26/2012 1:37.1.2 - x86
Microsoft Windows 7 NVIDIA 2010 6.1.7600.0.1252.1.1033.18.3324.2322 [GMT 6:00]
Running from: c:\users\Swagata\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\RazorDOX
c:\windows\RazorDOX\RazorDOX.dll
c:\windows\RazorDOX\RazorDOX.ini
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\system32\rockers.reg
.
.
((((((((((((((((((((((((( Files Created from 2012-09-25 to 2012-10-25 )))))))))))))))))))))))))))))))
.
.
2012-10-25 19:40 . 2012-10-25 19:41 -------- d-----w- c:\users\Swagata\AppData\Local\temp
2012-10-25 19:40 . 2012-10-25 19:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-25 14:44 . 2012-10-25 14:44 -------- d-----w- c:\program files\CyberLink
2012-10-25 14:33 . 2012-10-25 14:43 -------- d-----w- c:\users\Swagata\AppData\Roaming\COWON
2012-10-25 14:30 . 2012-10-25 14:43 -------- d-----w- c:\program files\JetAudio
2012-10-25 14:23 . 2012-10-25 14:23 -------- d-----w- c:\users\Swagata\AppData\Roaming\Media Player Classic
2012-10-25 09:53 . 2012-10-25 09:53 -------- d-----w- c:\users\Swagata\AppData\Roaming\AVS4YOU
2012-10-25 09:52 . 2011-09-16 10:05 11137024 ----a-w- c:\windows\system32\libmfxsw32.dll
2012-10-25 09:52 . 2012-10-25 09:52 -------- d-----w- c:\program files\Common Files\AVSMedia
2012-10-25 09:51 . 2012-10-25 09:53 -------- d-----w- c:\programdata\AVS4YOU
2012-10-25 09:51 . 2012-10-25 09:52 -------- d-----w- c:\program files\AVS4YOU
2012-10-25 09:51 . 2011-08-22 10:33 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2012-10-25 09:51 . 2011-08-22 10:32 24576 ----a-w- c:\windows\system32\msxml3a.dll
2012-10-25 09:35 . 2012-10-25 09:35 -------- d-----w- c:\users\Swagata\AppData\Local\MediaShow
2012-10-25 09:34 . 2012-10-25 09:34 -------- d-----w- c:\users\Swagata\AppData\Local\MediaServer
2012-10-25 09:34 . 2012-10-25 09:34 -------- d-----w- c:\programdata\PDVD
2012-10-25 09:34 . 2012-10-25 09:35 -------- d-----w- c:\users\Swagata\AppData\Roaming\CyberLink
2012-10-25 09:34 . 2012-10-25 14:45 -------- d-----w- c:\programdata\CyberLink
2012-10-25 09:34 . 2012-10-25 14:45 -------- d-----w- c:\users\Swagata\AppData\Local\CyberLink
2012-10-25 09:34 . 2012-10-25 14:45 -------- d-----w- c:\users\Public\CyberLink
2012-10-25 09:33 . 2012-10-25 09:33 -------- d-----w- c:\programdata\install_clap
2012-10-24 03:17 . 2012-10-24 03:17 -------- d-----w- c:\users\Swagata\AppData\Roaming\Malwarebytes
2012-10-24 03:16 . 2012-10-24 03:16 -------- d-----w- c:\programdata\Malwarebytes
2012-10-24 03:16 . 2012-10-24 03:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-24 03:16 . 2012-09-29 13:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-24 03:14 . 2012-10-24 03:14 -------- d-----w- C:\gmer
2012-10-20 19:03 . 2012-10-25 19:35 -------- d-----w- c:\users\Swagata\AppData\Roaming\DMCache
2012-10-20 19:03 . 2012-10-24 03:06 -------- d-----w- c:\users\Swagata\AppData\Roaming\IDM
2012-10-20 19:03 . 2012-10-23 18:58 -------- d-----w- c:\program files\Internet Download Manager
2012-10-18 18:44 . 2012-10-18 18:44 -------- d-----w- c:\users\Swagata\AppData\Roaming\Foxit Software
2012-10-16 20:07 . 2012-10-16 20:07 -------- d-----w- c:\program files\Recuva
2012-10-16 04:33 . 2012-10-16 04:33 -------- d-----w- c:\users\Swagata\AppData\Local\BigHugeEngine
2012-10-15 09:54 . 2012-10-15 09:54 -------- d-----w- c:\programdata\KONAMI
2012-10-10 09:36 . 2012-09-27 18:07 99192 ----a-w- c:\windows\system32\drivers\idmwfp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-24 03:06 . 2012-10-24 03:05 294216 ----a-w- C:\gmer.zip
2012-07-28 04:09 . 2012-07-28 04:09 5538984 ----a-w- c:\windows\system32\atiumdag.dll
2012-07-28 04:06 . 2012-07-28 04:06 8758784 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-07-28 03:43 . 2012-07-28 03:43 58880 ----a-w- c:\windows\system32\coinst_8.982.dll
2012-07-28 02:50 . 2012-07-28 02:50 20546560 ----a-w- c:\windows\system32\atioglxx.dll
2012-07-28 02:15 . 2012-07-28 02:15 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-07-28 02:15 . 2012-07-28 02:15 931328 ----a-w- c:\windows\system32\aticfx32.dll
2012-07-28 02:10 . 2012-07-28 02:10 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-07-28 02:10 . 2012-07-28 02:10 469504 ----a-w- c:\windows\system32\atieclxx.exe
2012-07-28 02:09 . 2012-07-28 02:09 217600 ----a-w- c:\windows\system32\atiesrxx.exe
2012-07-28 02:08 . 2012-07-28 02:08 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2012-07-28 02:08 . 2012-07-28 02:08 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-07-28 02:07 . 2012-07-28 02:07 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-07-28 02:07 . 2012-07-28 02:07 6430208 ----a-w- c:\windows\system32\atidxx32.dll
2012-07-28 01:35 . 2012-07-28 01:35 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-07-28 01:35 . 2012-07-28 01:35 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-07-28 01:32 . 2012-07-28 01:32 4751872 ----a-w- c:\windows\system32\atiumdva.dll
2012-07-28 01:30 . 2012-07-28 01:30 13605888 ----a-w- c:\windows\system32\aticaldd.dll
2012-07-28 01:15 . 2012-07-28 01:15 368640 ----a-w- c:\windows\system32\atiadlxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-07-28 01:14 . 2012-07-28 01:14 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-07-28 01:14 . 2012-07-28 01:14 296448 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-07-28 01:13 . 2012-07-28 01:13 109568 ----a-w- c:\windows\system32\atiuxpag.dll
2012-07-28 01:13 . 2012-07-28 01:13 83456 ----a-w- c:\windows\system32\atiu9pag.dll
2012-07-28 01:12 . 2012-07-28 01:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:\windows\system32\atimpc32.dll
2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:\windows\system32\amdpcom32.dll
2012-04-21 01:19 . 2012-05-01 13:32 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@= "{CDC95B92-E27C-4745-A8C5-64A52A78855D} "
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan "= "c:\program files\Internet Download Manager\IDMan.exe" [2012-10-20 3536320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol "= "c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2012-02-24 328800]
"egui "= "c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
"UnlockerAssistant "= "c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
DFX.lnk - c:\program files\DFX\DFX.exe [2012-4-14 1054632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)
"PromptOnSecureDesktop "= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack "= 1 (0x1)
"NoSMBalloonTip "= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack "= 1 (0x1)
"NoSMBalloonTip "= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5 "=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT]
start AMD Accelerated Video Transcoding device initialization [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 01:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autodetect]
2010-12-30 03:51 129872 ----a-w- c:\program files\Grameenphone Internet\AutoDect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 12:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerDVD12Agent]
2012-01-12 12:58 371256 ----a-w- c:\program files\CyberLink\PowerDVD12\PowerDVD12Agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerDVD12DMREngine]
2012-01-02 02:21 501544 ----a-w- c:\program files\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
2011-10-17 09:13 11430504 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2012-08-06 07:44 642216 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Welcome Center]
2009-11-12 04:07 960512 ----a-w- c:\windows\System32\OobeFldr.dll
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AROReminder "=c:\program files\ARO 2012\aro.exe -rem
"Fraps "=c:\fraps\fraps.exe
.
R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314.sys [x]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr.sys [x]
R3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;c:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys [x]
R3 HSPADataCardusbnmea;HSPADataCard NMEA Port;c:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys [x]
R3 HSPADataCardusbser;HSPADataCard Diagnostic Port;c:\windows\system32\DRIVERS\HSPADataCardusbser.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [x]
S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S4 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [x]
S4 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [x]
S4 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 70283434
*NewlyCreated* - NTK_POWERDVD12
*NewlyCreated* - TRUESIGHT
*NewlyCreated* - {329F96B6-DF1E-4328-BFDA-39EA953C1312}
*Deregistered* - 70283434
*Deregistered* - TrueSight
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-648181345-4246963648-1265415711-1000Core.job
- c:\users\Swagata\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-10 12:52]
.
2012-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-648181345-4246963648-1265415711-1000UA.job
- c:\users\Swagata\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-10 12:52]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
FF - ProfilePath - c:\users\Swagata\AppData\Roaming\Mozilla\Firefox\Profiles\9k642y4e.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.windowsxlive.net
FF - ExtSQL: 2012-10-21 01:03; mozilla_cc@internetdownloadmanager.com; c:\users\Swagata\AppData\Roaming\IDM\idmmzcc5
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-26 01:42:34
ComboFix-quarantined-files.txt 2012-10-25 19:42
.
Pre-Run: 7,931,195,392 bytes free
Post-Run: 7,770,591,232 bytes free
.
- - End Of File - - 06A7459CAA85443A58FAC9B827641C40

 

PC is running fine, I guess. No further restarts. Is it possible that an infected pc takes restart while in BIOS setting ? And, there was no "Extras.txt ".



OTL logfile created on: 10/26/2012 7:10:00 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Swagata\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 73.57% Memory free
8.93 Gb Paging File | 8.04 Gb Available in Paging File | 90.07% Paging File free
Paging file location(s): c:\pagefile.sys 0 0f:\pagefile.sys 2500 3500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 34.18 Gb Total Space | 7.30 Gb Free Space | 21.37% Space Free | Partition Type: NTFS
Drive D: | 16.70 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 7.47 Gb Total Space | 0.44 Gb Free Space | 5.85% Space Free | Partition Type: NTFS
Drive F: | 263.91 Gb Total Space | 8.28 Gb Free Space | 3.14% Space Free | Partition Type: NTFS

Computer Name: SWAGATA-PC | User Name: Swagata | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/26 07:07:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Swagata\Desktop\OTL.exe
PRC - [2012/02/06 14:25:22 | 001,220,928 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2012/02/06 14:25:18 | 001,528,640 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2011/09/22 12:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2011/08/17 13:28:14 | 003,120,448 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2011/02/26 11:33:08 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/25 23:24:44 | 007,896,408 | ---- | M] () -- C:\Program Files\Grameenphone Internet\UIMain.exe
PRC - [2010/05/25 18:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2009/07/14 07:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/20 21:52:58 | 014,415,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll
MOD - [2011/01/25 23:24:44 | 007,896,408 | ---- | M] () -- C:\Program Files\Grameenphone Internet\UIMain.exe
MOD - [2011/01/25 23:24:42 | 001,004,904 | ---- | M] () -- C:\Program Files\Grameenphone Internet\DLL_Netcard_R.dll
MOD - [2010/12/30 09:06:52 | 001,183,072 | ---- | M] () -- C:\Program Files\Grameenphone Internet\WaitingForm.dll
MOD - [2009/07/14 07:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll


========== Services (SafeList) ==========

SRV - [2012/07/28 08:09:30 | 000,217,600 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/04/21 07:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/02/06 14:25:18 | 001,528,640 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/01/12 19:52:57 | 000,296,232 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe -- (CyberLink PowerDVD 12 Media Server Service)
SRV - [2012/01/12 19:52:55 | 000,087,336 | ---- | M] (CyberLink Corp.) [Disabled | Stopped] -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe -- (CLHNServiceForPowerDVD12)
SRV - [2012/01/12 19:52:55 | 000,075,048 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe -- (CyberLink PowerDVD 12 Media Server Monitor Service)
SRV - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/07/14 07:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 07:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 07:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Swagata\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (avxzdn2s)
DRV - [2012/09/28 00:07:26 | 000,099,192 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2012/07/28 10:06:48 | 008,758,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/07/28 07:14:22 | 000,296,448 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012/05/15 17:02:54 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2012/05/15 17:01:55 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/05/14 12:12:28 | 000,086,656 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2012/02/01 13:24:02 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/10/27 12:18:45 | 000,120,432 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys -- (ntk_PowerDVD12)
DRV - [2011/08/09 14:24:52 | 000,163,424 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2011/08/04 09:20:38 | 000,147,480 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2011/08/04 09:20:38 | 000,050,624 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2011/08/04 09:20:38 | 000,033,656 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV - [2011/08/04 09:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2011/03/11 12:28:28 | 000,340,480 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\drxvi314.sys -- (bcm)
DRV - [2011/03/11 12:25:20 | 000,048,768 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BcmBusCtr.sys -- (bcmbusctr)
DRV - [2011/01/20 20:40:06 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2010/12/27 12:03:00 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSPADataCardusbser.sys -- (HSPADataCardusbser)
DRV - [2010/12/27 12:03:00 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSPADataCardusbnmea.sys -- (HSPADataCardusbnmea)
DRV - [2010/12/27 12:03:00 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSPADataCardusbmdm.sys -- (HSPADataCardusbmdm)
DRV - [2010/02/26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/12/30 10:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/07/14 07:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 07:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 07:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 05:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 05:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 05:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-648181345-4246963648-1265415711-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-648181345-4246963648-1265415711-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-648181345-4246963648-1265415711-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.windowsxlive.net "
FF - prefs.js..extensions.enabledAddons: mozilla_cc@internetdownloadmanager.com:7.3.29


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Swagata\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Swagata\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/01 19:32:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Swagata\AppData\Roaming\IDM\idmmzcc5 [2012/10/21 01:03:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Swagata\AppData\Roaming\IDM\idmmzcc5 [2012/10/21 01:03:33 | 000,000,000 | ---D | M]

[2012/05/01 19:47:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Swagata\AppData\Roaming\Mozilla\Extensions
[2012/10/20 00:33:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Swagata\AppData\Roaming\Mozilla\Firefox\Profiles\9k642y4e.default\extensions
[2012/08/14 21:55:57 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Swagata\AppData\Roaming\Mozilla\Firefox\Profiles\9k642y4e.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/05/01 19:32:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/21 01:03:33 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\SWAGATA\APPDATA\ROAMING\IDM\IDMMZCC5
[2012/04/21 07:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/21 07:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/21 07:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Swagata\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Swagata\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Swagata\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Swagata\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Entanglement = C:\Users\Swagata\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: YouTube = C:\Users\Swagata\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Swagata\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_1\
CHR - Extension: Google Search = C:\Users\Swagata\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Drag and Go = C:\Users\Swagata\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaikcnhlohebodlpkmjepipngegjbfpg\1.8.0.1_0\
CHR - Extension: SmoothScroll = C:\Users\Swagata\AppData\Local\Google\Chrome\User Data\Default\Extensions\majhdaoicifjoioofgmjjkfjmnmmbpli\1.0.6_0\
CHR - Extension: Super Drag = C:\Users\Swagata\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbjeigngkfagmefkkkmhaeechmohhneo\1.0_0\
CHR - Extension: Poppit = C:\Users\Swagata\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Google Play Books = C:\Users\Swagata\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.3_0\
CHR - Extension: Incredible StartPage - Productive Start Page for Chrome! = C:\Users\Swagata\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeghkpohnalmpblddmnppfooljekh\1.5.2_0\
CHR - Extension: Gmail = C:\Users\Swagata\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/10/26 01:41:14 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-648181345-4246963648-1265415711-1000..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-648181345-4246963648-1265415711-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-648181345-4246963648-1265415711-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-648181345-4246963648-1265415711-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-648181345-4246963648-1265415711-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-648181345-4246963648-1265415711-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-648181345-4246963648-1265415711-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-648181345-4246963648-1265415711-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-648181345-4246963648-1265415711-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-648181345-4246963648-1265415711-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108819
O7 - HKU\S-1-5-21-648181345-4246963648-1265415711-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD72F517-74F3-4682-A8C0-EAA71F78BD3D}: NameServer = 202.56.4.120 119.30.37.10
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 03:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/01/26 02:51:21 | 000,000,643 | R--- | M] () - D:\AutoRun.dat -- [ CDFS ]
O32 - AutoRun File - [2010/12/30 17:38:51 | 000,328,704 | R--- | M] () - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/12/27 17:54:25 | 000,009,662 | R--- | M] () - D:\AutoRun.ico -- [ CDFS ]
O32 - AutoRun File - [2010/12/30 17:38:51 | 000,000,047 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/26 07:06:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Swagata\Desktop\OTL.exe
[2012/10/26 02:01:41 | 000,000,000 | ---D | C] -- C:\Users\Swagata\AppData\Roaming\Media Player Classic
[2012/10/26 01:56:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012/10/26 01:54:22 | 000,000,000 | ---D | C] -- C:\Users\Swagata\AppData\Local\Programs
[2012/10/26 01:42:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/26 01:42:36 | 000,000,000 | ---D | C] -- C:\Users\Swagata\AppData\Local\temp
[2012/10/26 01:36:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/26 01:36:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/26 01:36:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/26 01:36:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/26 01:36:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/26 01:05:45 | 004,988,915 | R--- | C] (Swearware) -- C:\Users\Swagata\Desktop\ComboFix.exe
[2012/10/26 00:09:01 | 000,000,000 | ---D | C] -- C:\Users\Swagata\Desktop\RK_Quarantine
[2012/10/26 00:05:50 | 000,000,000 | ---D | C] -- C:\Users\Swagata\Desktop\tdsskiller
[2012/10/25 20:45:07 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 12
[2012/10/25 20:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2012/10/25 20:33:03 | 000,000,000 | ---D | C] -- C:\Users\Swagata\AppData\Roaming\COWON
[2012/10/25 15:53:10 | 000,000,000 | ---D | C] -- C:\Users\Swagata\AppData\Roaming\AVS4YOU
[2012/10/25 15:52:54 | 000,000,000 | ---D | C] -- C:\Users\Swagata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2012/10/25 15:52:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2012/10/25 15:52:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2012/10/25 15:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2012/10/25 15:51:56 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2012/10/25 15:35:36 | 000,000,000 | ---D | C] -- C:\Users\Swagata\AppData\Local\MediaShow
[2012/10/25 15:34:59 | 000,000,000 | ---D | C] -- C:\Users\Swagata\Documents\CyberLink
[2012/10/25 15:34:18 | 000,000,000 | ---D | C] -- C:\Users\Swagata\AppData\Local\MediaServer
[2012/10/25 15:34:18 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CyberLink
[2012/10/25 15:34:16 | 000,000,000 | ---D | C] -- C:\ProgramData\PDVD
[2012/10/25 15:34:11 | 000,000,000 | ---D | C] -- C:\Users\Swagata\AppData\Roaming\CyberLink
[2012/10/25 15:34:07 | 000,000,000 | ---D | C] -- C:\Users\Swagata\AppData\Local\CyberLink
[2012/10/25 15:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012/10/25 15:33:12 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap
[2012/10/24 09:17:29 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Swagata\Desktop\aswMBR.exe
[2012/10/24 09:17:09 | 000,000,000 | ---D | C] -- C:\Users\Swagata\AppData\Roaming\Malwarebytes
[2012/10/24 09:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/24 09:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/24 09:16:51 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/10/24 09:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/24 09:14:34 | 000,000,000 | ---D | C] -- C:\gmer
[2012/10/24 09:10:07 | 000,687,724 | R--- | C] (Swearware) -- C:\Users\Swagata\Desktop\dds.EXE
[2012/10/21 01:03:27 | 000,000,000 | ---D | C] -- C:\Users\Swagata\AppData\Roaming\IDM
[2012/10/21 01:03:27 | 000,000,000 | ---D | C] -- C:\Users\Swagata\AppData\Roaming\DMCache
[2012/10/21 01:03:26 | 000,000,000 | ---D | C] -- C:\Users\Swagata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2012/10/21 01:03:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2012/10/21 01:03:25 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2012/10/19 00:44:05 | 000,000,000 | ---D | C] -- C:\Users\Swagata\AppData\Roaming\Foxit Software
[2012/10/17 02:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2012/10/17 02:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2012/10/16 12:14:23 | 000,000,000 | ---D | C] -- C:\Users\Swagata\Documents\Remedy
[2012/10/16 10:33:36 | 000,000,000 | ---D | C] -- C:\Users\Swagata\AppData\Local\BigHugeEngine
[2012/10/15 23:50:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dishonored
[2012/10/15 23:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remedy Entertainment
[2012/10/15 16:02:56 | 000,000,000 | ---D | C] -- C:\Users\Swagata\Documents\KONAMI
[2012/10/15 15:54:36 | 000,000,000 | ---D | C] -- C:\ProgramData\KONAMI
[2012/10/15 15:47:49 | 000,000,000 | ---D | C] -- C:\Users\Swagata\Documents\FIFA 13
[2012/10/10 15:36:33 | 000,099,192 | ---- | C] (Tonec Inc.) -- C:\Windows\System32\drivers\idmwfp.sys
[2 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/26 07:09:08 | 000,659,580 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/26 07:09:08 | 000,120,508 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/26 07:07:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Swagata\Desktop\OTL.exe
[2012/10/26 07:04:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/26 02:01:59 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/26 02:01:59 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/26 01:52:37 | 000,036,352 | ---- | M] () -- C:\Users\Swagata\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/26 01:41:14 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/10/26 01:09:59 | 004,988,915 | R--- | M] (Swearware) -- C:\Users\Swagata\Desktop\ComboFix.exe
[2012/10/26 00:05:27 | 002,194,704 | ---- | M] () -- C:\Users\Swagata\Desktop\tdsskiller.zip
[2012/10/26 00:04:51 | 001,580,544 | ---- | M] () -- C:\Users\Swagata\Desktop\RogueKiller.exe
[2012/10/25 20:45:44 | 000,015,360 | ---- | M] () -- C:\Windows\System32\BASSMOD.dll
[2012/10/25 20:45:07 | 000,002,140 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 12.lnk
[2012/10/25 20:40:49 | 043,235,328 | ---- | M] () -- C:\Users\Swagata\Documents\New - VTS_01_2.mpg
[2012/10/25 15:52:55 | 000,001,251 | ---- | M] () -- C:\Users\Swagata\Desktop\AVS4YOU Software Navigator.lnk
[2012/10/24 09:43:16 | 000,000,512 | ---- | M] () -- C:\Users\Swagata\Desktop\MBR.dat
[2012/10/24 09:17:00 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Swagata\Desktop\aswMBR.exe
[2012/10/24 09:13:06 | 000,687,724 | R--- | M] (Swearware) -- C:\Users\Swagata\Desktop\dds.EXE
[2012/10/24 09:06:23 | 000,294,216 | ---- | M] () -- C:\gmer.zip
[2012/10/20 02:04:45 | 000,000,655 | ---- | M] () -- C:\Users\Swagata\Desktop\It_Next_Sleeping Dogs Play.lnk
[2012/10/19 23:48:18 | 000,074,654 | ---- | M] () -- C:\Users\Swagata\Documents\Datga.7z
[2012/10/17 11:50:02 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2012/10/17 01:10:17 | 000,002,581 | ---- | M] () -- C:\Users\Swagata\Documents\statue.rtf
[2012/10/17 00:43:55 | 000,018,044 | ---- | M] () -- C:\HK Autosave Slot
[2012/10/17 00:43:55 | 000,003,656 | ---- | M] () -- C:\HK Options
[2012/10/16 02:50:14 | 000,063,381 | -H-- | M] () -- C:\Users\Swagata\AppData\Roaming\Swagatav1.18.0 - Trial versionlog.dat
[2012/10/15 23:21:22 | 000,000,707 | ---- | M] () -- C:\Users\Public\Desktop\Alan Wake.lnk
[2012/10/15 15:47:33 | 000,000,625 | ---- | M] () -- C:\Users\Swagata\Desktop\fifa13.lnk
[2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/28 00:07:26 | 000,099,192 | ---- | M] (Tonec Inc.) -- C:\Windows\System32\drivers\idmwfp.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/26 01:36:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/26 01:36:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/26 01:36:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/26 01:36:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/26 01:36:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/26 00:04:02 | 001,580,544 | ---- | C] () -- C:\Users\Swagata\Desktop\RogueKiller.exe
[2012/10/26 00:03:08 | 002,194,704 | ---- | C] () -- C:\Users\Swagata\Desktop\tdsskiller.zip
[2012/10/25 20:45:07 | 000,002,140 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 12.lnk
[2012/10/25 20:36:31 | 043,235,328 | ---- | C] () -- C:\Users\Swagata\Documents\New - VTS_01_2.mpg
[2012/10/25 15:52:55 | 000,001,251 | ---- | C] () -- C:\Users\Swagata\Desktop\AVS4YOU Software Navigator.lnk
[2012/10/25 15:34:34 | 000,015,360 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2012/10/24 09:43:16 | 000,000,512 | ---- | C] () -- C:\Users\Swagata\Desktop\MBR.dat
[2012/10/24 09:05:54 | 000,294,216 | ---- | C] () -- C:\gmer.zip
[2012/10/20 01:09:08 | 000,074,654 | ---- | C] () -- C:\Users\Swagata\Documents\Datga.7z
[2012/10/17 11:50:02 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/10/17 01:28:31 | 000,000,141 | ---- | C] () -- C:\UserOptions.dat
[2012/10/17 01:10:17 | 000,002,581 | ---- | C] () -- C:\Users\Swagata\Documents\statue.rtf
[2012/10/16 00:25:34 | 000,000,655 | ---- | C] () -- C:\Users\Swagata\Desktop\It_Next_Sleeping Dogs Play.lnk
[2012/10/16 00:01:34 | 000,018,044 | ---- | C] () -- C:\HK Autosave Slot
[2012/10/16 00:01:34 | 000,003,656 | ---- | C] () -- C:\HK Options
[2012/10/15 23:21:22 | 000,000,707 | ---- | C] () -- C:\Users\Public\Desktop\Alan Wake.lnk
[2012/10/15 15:47:33 | 000,000,625 | ---- | C] () -- C:\Users\Swagata\Desktop\fifa13.lnk
[2012/07/18 15:45:19 | 000,139,848 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012/07/18 15:45:19 | 000,138,904 | ---- | C] () -- C:\Users\Swagata\AppData\Roaming\PnkBstrK.sys
[2012/07/18 15:45:14 | 000,282,696 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012/07/18 15:45:02 | 003,166,792 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2012/07/18 15:45:02 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012/05/17 16:51:08 | 000,000,806 | ---- | C] () -- C:\Users\Swagata\apr2005_d3dx9_25_x64.inf
[2012/05/06 21:25:36 | 000,000,020 | -HS- | C] () -- C:\Windows\System32\Userdata.ini
[2012/05/04 20:38:36 | 000,069,632 | ---- | C] () -- C:\Windows\System32\moveex.exe
[2012/05/04 17:32:30 | 000,036,352 | ---- | C] () -- C:\Users\Swagata\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/01 19:35:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/05/01 19:30:10 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/05/01 19:24:26 | 000,150,996 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/04/13 01:30:10 | 000,637,743 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012/04/06 07:21:42 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012/04/06 07:21:42 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2011/09/13 04:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2005/04/08 08:16:43 | 000,063,381 | -H-- | C] () -- C:\Users\Swagata\AppData\Roaming\Swagatav1.18.0 - Trial versionlog.dat

========== ZeroAccess Check ==========

[2009/07/14 10:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
" " = %SystemRoot%\system32\shell32.dll -- [2012/01/04 15:03:46 | 012,868,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
" " = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 07:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
" " = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 07:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/10/25 20:43:09 | 000,000,000 | ---D | M] -- C:\Users\Swagata\AppData\Roaming\COWON
[2012/05/15 17:08:49 | 000,000,000 | ---D | M] -- C:\Users\Swagata\AppData\Roaming\DAEMON Tools Pro
[2012/10/26 07:08:42 | 000,000,000 | ---D | M] -- C:\Users\Swagata\AppData\Roaming\DMCache
[2012/05/04 21:57:34 | 000,000,000 | ---D | M] -- C:\Users\Swagata\AppData\Roaming\ESET
[2012/10/19 00:44:05 | 000,000,000 | ---D | M] -- C:\Users\Swagata\AppData\Roaming\Foxit Software
[2012/10/24 09:06:33 | 000,000,000 | ---D | M] -- C:\Users\Swagata\AppData\Roaming\IDM
[2012/10/20 09:50:08 | 000,000,000 | ---D | M] -- C:\Users\Swagata\AppData\Roaming\MiniLyrics
[2012/09/05 01:02:46 | 000,000,000 | ---D | M] -- C:\Users\Swagata\AppData\Roaming\Nokia
[2012/09/05 01:02:45 | 000,000,000 | ---D | M] -- C:\Users\Swagata\AppData\Roaming\PC Suite
[2012/05/01 19:44:11 | 000,000,000 | ---D | M] -- C:\Users\Swagata\AppData\Roaming\Sammsoft
[2012/05/01 20:00:24 | 000,000,000 | ---D | M] -- C:\Users\Swagata\AppData\Roaming\TuneUp Software
[2012/07/18 15:36:03 | 000,000,000 | ---D | M] -- C:\Users\Swagata\AppData\Roaming\Ubisoft
[2012/05/01 20:07:31 | 000,000,000 | ---D | M] -- C:\Users\Swagata\AppData\Roaming\WinPatrol

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

 

PC is running fine, I guess. No further restarts. Is it possible that an infected pc takes restart while in BIOS setting ? And, there was no "Extras.txt ".



OTL logfile created on: 10/26/2012 7:10:00 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Swagata\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 73.57% Memory free
8.93 Gb Paging File | 8.04 Gb Available in Paging File | 90.07% Paging File free
Paging file location(s): c:\pagefile.sys 0 0f:\pagefile.sys 2500 3500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 34.18 Gb Total Space | 7.30 Gb Free Space | 21.37% Space Free | Partition Type: NTFS
Drive D: | 16.70 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 7.47 Gb Total Space | 0.44 Gb Free Space | 5.85% Space Free | Partition Type: NTFS
Drive F: | 263.91 Gb Total Space | 8.28 Gb Free Space | 3.14% Space Free | Partition Type: NTFS

Computer Name: SWAGATA-PC | User Name: Swagata | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/26 07:07:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Swagata\Desktop\OTL.exe
PRC - [2012/02/06 14:25:22 | 001,220,928 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2012/02/06 14:25:18 | 001,528,640 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2011/09/22 12:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2011/08/17 13:28:14 | 003,120,448 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2011/02/26 11:33:08 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/25 23:24:44 | 007,896,408 | ---- | M] () -- C:\Program Files\Grameenphone Internet\UIMain.exe
PRC - [2010/05/25 18:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2009/07/14 07:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/20 21:52:58 | 014,415,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll
MOD - [2011/01/25 23:24:44 | 007,896,408 | ---- | M] () -- C:\Program Files\Grameenphone Internet\UIMain.exe
MOD - [2011/01/25 23:24:42 | 001,004,904 | ---- | M] () -- C:\Program Files\Grameenphone Internet\DLL_Netcard_R.dll
MOD - [2010/12/30 09:06:52 | 001,183,072 | ---- | M] () -- C:\Program Files\Grameenphone Internet\WaitingForm.dll
MOD - [2009/07/14 07:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll


========== Services (SafeList) ==========

SRV - [2012/07/28 08:09:30 | 000,217,600 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/04/21 07:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/02/06 14:25:18 | 001,528,640 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/01/12 19:52:57 | 000,296,232 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe -- (CyberLink PowerDVD 12 Media Server Service)
SRV - [2012/01/12 19:52:55 | 000,087,336 | ---- | M] (CyberLink Corp.) [Disabled | Stopped] -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe -- (CLHNServiceForPowerDVD12)
SRV - [2012/01/12 19:52:55 | 000,075,048 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe -- (CyberLink PowerDVD 12 Media Server Monitor Service)
SRV - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/07/14 07:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 07:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 07:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Swagata\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (avxzdn2s)
DRV - [2012/09/28 00:07:26 | 000,099,192 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2012/07/28 10:06:48 | 008,758,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/07/28 07:14:22 | 000,296,448 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012/05/15 17:02:54 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2012/05/15 17:01:55 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/05/14 12:12:28 | 000,086,656 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2012/02/01 13:24:02 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/10/27 12:18:45 | 000,120,432 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys -- (ntk_PowerDVD12)
DRV - [2011/08/09 14:24:52 | 000,163,424 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2011/08/04 09:20:38 | 000,147,480 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2011/08/04 09:20:38 | 000,050,624 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2011/08/04 09:20:38 | 000,033,656 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV - [2011/08/04 09:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2011/03/11 12:28:28 | 000,340,480 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\drxvi314.sys -- (bcm)
DRV - [2011/03/11 12:25:20 | 000,048,768 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BcmBusCtr.sys -- (bcmbusctr)
DRV - [2011/01/20 20:40:06 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2010/12/27 12:03:00 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSPADataCardusbser.sys -- (HSPADataCardusbser)
DRV - [2010/12/27 12:03:00 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSPADataCardusbnmea.sys -- (HSPADataCardusbnmea)
DRV - [2010/12/27 12:03:00 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSPADataCardusbmdm.sys -- (HSPADataCardusbmdm)
DRV - [2010/02/26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/12/30 10:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/07/14 07:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 07:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 07:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 05:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 05:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 05:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-648181345-4246963648-1265415711-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-648181345-4246963648-1265415711-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-648181345-4246963648-1265415711-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.windowsxlive.net "
FF - prefs.js..extensions.enabledAddons: mozilla_cc@internetdownloadmanager.com:7.3.29


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Swagata\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Swagata\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/01 19:32:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Swagata\AppData\Roaming\IDM\idmmzcc5 [2012/10/21 01:03:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Swagata\AppData\Roaming\IDM\idmmzcc5 [2012/10/21 01:03:33 | 000,000,000 | ---D | M]

[2012/05/01 19:47:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Swagata\AppData\Roaming\Mozilla\Extensions
[2012/10/20 00:33:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Swagata\AppData\Roaming\Mozilla\Firefox\Profiles\9k642y4e.default\extensions
[2012/08/14 21:55:57 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Swagata\AppData\Roaming\Mozilla\Firefox\Profiles\9k642y4e.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/05/01 19:32:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/21 01:03:33 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\SWAGATA\APPDATA\ROAMING\IDM\IDMMZCC5
[2012/04/21 07:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/21 07:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/21 07:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Swagata\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Swagata\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Swagata\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Swagata\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Entanglement = C:\Users\Swagata\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: YouTube = C:\Users\Swagata\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Swagata\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_1\
CHR - Extension: Google Search = C:\Users\Swagata\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Drag and Go = C:\Users\Swagata\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaikcnhlohebodlpkmjepipngegjbfpg\1.8.0.1_0\
CHR - Extension: SmoothScroll = C:\Users\Swagata\AppData\Local\Google\Chrome\User Data\Default\Extensions\majhdaoicifjoioofgmjjkfjmnmmbpli\1.0.6_0\
CHR - Extension: Super Drag = C:\Users\Swagata\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbjeigngkfagmefkkkmhaeechmohhneo\1.0_0\
CHR - Extension: Poppit = C:\Users\Swagata\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Google Play Books = C:\Users\Swagata\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.3_0\
CHR - Extension: Incredible StartPage - Productive Start Page for Chrome! = C:\Users\Swagata\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeghkpohnalmpblddmnppfooljekh\1.5.2_0\
CHR - Extension: Gmail = C:\Users\Swagata\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/10/26 01:41:14 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-648181345-4246963648-1265415711-1000..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-648181345-4246963648-1265415711-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-648181345-4246963648-1265415711-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-648181345-4246963648-1265415711-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-648181345-4246963648-1265415711-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-648181345-4246963648-1265415711-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-648181345-4246963648-1265415711-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-648181345-4246963648-1265415711-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-648181345-4246963648-1265415711-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-648181345-4246963648-1265415711-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108819
O7 - HKU\S-1-5-21-648181345-4246963648-1265415711-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD72F517-74F3-4682-A8C0-EAA71F78BD3D}: NameServer = 202.56.4.120 119.30.37.10
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 03:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/01/26 02:51:21 | 000,000,643 | R--- | M] () - D:\AutoRun.dat -- [ CDFS ]
O32 - AutoRun File - [2010/12/30 17:38:51 | 000,328,704 | R--- | M] () - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/12/27 17:54:25 | 000,009,662 | R--- | M] () - D:\AutoRun.ico -- [ CDFS ]
O32 - AutoRun File - [2010/12/30 17:38:51 | 000,000,047 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/26 07:06:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Swagata\Desktop\OTL.exe
[2012/10/26 02:01:41 | 000,000,000 | ---D | C] -- C:\Users\Swagata\AppData\Roaming\Media Player Classic
[2012/10/26 01:56:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012/10/26 01:54:22 | 000,000,000 | ---D | C] -- C:\Users\Swagata\AppData\Local\Programs
[2012/10/26 01:42:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/26 01:42:36 | 000,000,000 | ---D | C] -- C:\Users\Swagata\AppData\Local\temp
[2012/10/26 01:36:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/26 01:36:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/26 01:36:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/26 01:36:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/26 01:36:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/26 01:05:45 | 004,988,915 | R--- | C] (Swearware) -- C:\Users\Swagata\Desktop\ComboFix.exe
[2012/10/26 00:09:01 | 000,000,000 | ---D | C] -- C:\Users\Swagata\Desktop\RK_Quarantine
[2012/10/26 00:05:50 | 000,000,000 | ---D | C] -- C:\Users\Swagata\Desktop\tdsskiller
[2012/10/25 20:45:07 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 12
[2012/10/25 20:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2012/10/25 20:33:03 | 000,000,000 | ---D | C] -- C:\Users\Swagata\AppData\Roaming\COWON
[2012/10/25 15:53:10 | 000,000,000 | ---D | C] -- C:\Users\Swagata\AppData\Roaming\AVS4YOU
[2012/10/25 15:52:54 | 000,000,000 | ---D | C] -- C:\Users\Swagata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2012/10/25 15:52:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2012/10/25 15:52:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2012/10/25 15:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2012/10/25 15:51:56 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2012/10/25 15:35:36 | 000,000,000 | ---D | C] -- C:\Users\Swagata\AppData\Local\MediaShow
[2012/10/25 15:34:59 | 000,000,000 | ---D | C] -- C:\Users\Swagata\Documents\CyberLink
[2012/10/25 15:34:18 | 000,000,000 | ---D | C] -- C:\Users\Swagata\AppData\Local\MediaServer
[2012/10/25 15:34:18 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CyberLink
[2012/10/25 15:34:16 | 000,000,000 | ---D | C] -- C:\ProgramData\PDVD
[2012/10/25 15:34:11 | 000,000,000 | ---D | C] -- C:\Users\Swagata\AppData\Roaming\CyberLink
[2012/10/25 15:34:07 | 000,000,000 | ---D | C] -- C:\Users\Swagata\AppData\Local\CyberLink
[2012/10/25 15:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012/10/25 15:33:12 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap
[2012/10/24 09:17:29 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Swagata\Desktop\aswMBR.exe
[2012/10/24 09:17:09 | 000,000,000 | ---D | C] -- C:\Users\Swagata\AppData\Roaming\Malwarebytes
[2012/10/24 09:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/24 09:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/24 09:16:51 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/10/24 09:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/24 09:14:34 | 000,000,000 | ---D | C] -- C:\gmer
[2012/10/24 09:10:07 | 000,687,724 | R--- | C] (Swearware) -- C:\Users\Swagata\Desktop\dds.EXE
[2012/10/21 01:03:27 | 000,000,000 | ---D | C] -- C:\Users\Swagata\AppData\Roaming\IDM
[2012/10/21 01:03:27 | 000,000,000 | ---D | C] -- C:\Users\Swagata\AppData\Roaming\DMCache
[2012/10/21 01:03:26 | 000,000,000 | ---D | C] -- C:\Users\Swagata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2012/10/21 01:03:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2012/10/21 01:03:25 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2012/10/19 00:44:05 | 000,000,000 | ---D | C] -- C:\Users\Swagata\AppData\Roaming\Foxit Software
[2012/10/17 02:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2012/10/17 02:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2012/10/16 12:14:23 | 000,000,000 | ---D | C] -- C:\Users\Swagata\Documents\Remedy
[2012/10/16 10:33:36 | 000,000,000 | ---D | C] -- C:\Users\Swagata\AppData\Local\BigHugeEngine
[2012/10/15 23:50:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dishonored
[2012/10/15 23:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remedy Entertainment
[2012/10/15 16:02:56 | 000,000,000 | ---D | C] -- C:\Users\Swagata\Documents\KONAMI
[2012/10/15 15:54:36 | 000,000,000 | ---D | C] -- C:\ProgramData\KONAMI
[2012/10/15 15:47:49 | 000,000,000 | ---D | C] -- C:\Users\Swagata\Documents\FIFA 13
[2012/10/10 15:36:33 | 000,099,192 | ---- | C] (Tonec Inc.) -- C:\Windows\System32\drivers\idmwfp.sys
[2 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/26 07:09:08 | 000,659,580 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/26 07:09:08 | 000,120,508 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/26 07:07:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Swagata\Desktop\OTL.exe
[2012/10/26 07:04:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/26 02:01:59 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/26 02:01:59 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/26 01:52:37 | 000,036,352 | ---- | M] () -- C:\Users\Swagata\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/26 01:41:14 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/10/26 01:09:59 | 004,988,915 | R--- | M] (Swearware) -- C:\Users\Swagata\Desktop\ComboFix.exe
[2012/10/26 00:05:27 | 002,194,704 | ---- | M] () -- C:\Users\Swagata\Desktop\tdsskiller.zip
[2012/10/26 00:04:51 | 001,580,544 | ---- | M] () -- C:\Users\Swagata\Desktop\RogueKiller.exe
[2012/10/25 20:45:44 | 000,015,360 | ---- | M] () -- C:\Windows\System32\BASSMOD.dll
[2012/10/25 20:45:07 | 000,002,140 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 12.lnk
[2012/10/25 20:40:49 | 043,235,328 | ---- | M] () -- C:\Users\Swagata\Documents\New - VTS_01_2.mpg
[2012/10/25 15:52:55 | 000,001,251 | ---- | M] () -- C:\Users\Swagata\Desktop\AVS4YOU Software Navigator.lnk
[2012/10/24 09:43:16 | 000,000,512 | ---- | M] () -- C:\Users\Swagata\Desktop\MBR.dat
[2012/10/24 09:17:00 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Swagata\Desktop\aswMBR.exe
[2012/10/24 09:13:06 | 000,687,724 | R--- | M] (Swearware) -- C:\Users\Swagata\Desktop\dds.EXE
[2012/10/24 09:06:23 | 000,294,216 | ---- | M] () -- C:\gmer.zip
[2012/10/20 02:04:45 | 000,000,655 | ---- | M] () -- C:\Users\Swagata\Desktop\It_Next_Sleeping Dogs Play.lnk
[2012/10/19 23:48:18 | 000,074,654 | ---- | M] () -- C:\Users\Swagata\Documents\Datga.7z
[2012/10/17 11:50:02 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2012/10/17 01:10:17 | 000,002,581 | ---- | M] () -- C:\Users\Swagata\Documents\statue.rtf
[2012/10/17 00:43:55 | 000,018,044 | ---- | M] () -- C:\HK Autosave Slot
[2012/10/17 00:43:55 | 000,003,656 | ---- | M] () -- C:\HK Options
[2012/10/16 02:50:14 | 000,063,381 | -H-- | M] () -- C:\Users\Swagata\AppData\Roaming\Swagatav1.18.0 - Trial versionlog.dat
[2012/10/15 23:21:22 | 000,000,707 | ---- | M] () -- C:\Users\Public\Desktop\Alan Wake.lnk
[2012/10/15 15:47:33 | 000,000,625 | ---- | M] () -- C:\Users\Swagata\Desktop\fifa13.lnk
[2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/28 00:07:26 | 000,099,192 | ---- | M] (Tonec Inc.) -- C:\Windows\System32\drivers\idmwfp.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/26 01:36:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/26 01:36:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/26 01:36:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/26 01:36:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/26 01:36:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/26 00:04:02 | 001,580,544 | ---- | C] () -- C:\Users\Swagata\Desktop\RogueKiller.exe
[2012/10/26 00:03:08 | 002,194,704 | ---- | C] () -- C:\Users\Swagata\Desktop\tdsskiller.zip
[2012/10/25 20:45:07 | 000,002,140 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 12.lnk
[2012/10/25 20:36:31 | 043,235,328 | ---- | C] () -- C:\Users\Swagata\Documents\New - VTS_01_2.mpg
[2012/10/25 15:52:55 | 000,001,251 | ---- | C] () -- C:\Users\Swagata\Desktop\AVS4YOU Software Navigator.lnk
[2012/10/25 15:34:34 | 000,015,360 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2012/10/24 09:43:16 | 000,000,512 | ---- | C] () -- C:\Users\Swagata\Desktop\MBR.dat
[2012/10/24 09:05:54 | 000,294,216 | ---- | C] () -- C:\gmer.zip
[2012/10/20 01:09:08 | 000,074,654 | ---- | C] () -- C:\Users\Swagata\Documents\Datga.7z
[2012/10/17 11:50:02 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/10/17 01:28:31 | 000,000,141 | ---- | C] () -- C:\UserOptions.dat
[2012/10/17 01:10:17 | 000,002,581 | ---- | C] () -- C:\Users\Swagata\Documents\statue.rtf
[2012/10/16 00:25:34 | 000,000,655 | ---- | C] () -- C:\Users\Swagata\Desktop\It_Next_Sleeping Dogs Play.lnk
[2012/10/16 00:01:34 | 000,018,044 | ---- | C] () -- C:\HK Autosave Slot
[2012/10/16 00:01:34 | 000,003,656 | ---- | C] () -- C:\HK Options
[2012/10/15 23:21:22 | 000,000,707 | ---- | C] () -- C:\Users\Public\Desktop\Alan Wake.lnk
[2012/10/15 15:47:33 | 000,000,625 | ---- | C] () -- C:\Users\Swagata\Desktop\fifa13.lnk
[2012/07/18 15:45:19 | 000,139,848 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012/07/18 15:45:19 | 000,138,904 | ---- | C] () -- C:\Users\Swagata\AppData\Roaming\PnkBstrK.sys
[2012/07/18 15:45:14 | 000,282,696 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012/07/18 15:45:02 | 003,166,792 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2012/07/18 15:45:02 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012/05/17 16:51:08 | 000,000,806 | ---- | C] () -- C:\Users\Swagata\apr2005_d3dx9_25_x64.inf
[2012/05/06 21:25:36 | 000,000,020 | -HS- | C] () -- C:\Windows\System32\Userdata.ini
[2012/05/04 20:38:36 | 000,069,632 | ---- | C] () -- C:\Windows\System32\moveex.exe
[2012/05/04 17:32:30 | 000,036,352 | ---- | C] () -- C:\Users\Swagata\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/01 19:35:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/05/01 19:30:10 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/05/01 19:24:26 | 000,150,996 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/04/13 01:30:10 | 000,637,743 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012/04/06 07:21:42 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012/04/06 07:21:42 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2011/09/13 04:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2005/04/08 08:16:43 | 000,063,381 | -H-- | C] () -- C:\Users\Swagata\AppData\Roaming\Swagatav1.18.0 - Trial versionlog.dat

========== ZeroAccess Check ==========

[2009/07/14 10:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
" " = %SystemRoot%\system32\shell32.dll -- [2012/01/04 15:03:46 | 012,868,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
" " = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 07:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
" " = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 07:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/10/25 20:43:09 | 000,000,000 | ---D | M] -- C:\Users\Swagata\AppData\Roaming\COWON
[2012/05/15 17:08:49 | 000,000,000 | ---D | M] -- C:\Users\Swagata\AppData\Roaming\DAEMON Tools Pro
[2012/10/26 07:08:42 | 000,000,000 | ---D | M] -- C:\Users\Swagata\AppData\Roaming\DMCache
[2012/05/04 21:57:34 | 000,000,000 | ---D | M] -- C:\Users\Swagata\AppData\Roaming\ESET
[2012/10/19 00:44:05 | 000,000,000 | ---D | M] -- C:\Users\Swagata\AppData\Roaming\Foxit Software
[2012/10/24 09:06:33 | 000,000,000 | ---D | M] -- C:\Users\Swagata\AppData\Roaming\IDM
[2012/10/20 09:50:08 | 000,000,000 | ---D | M] -- C:\Users\Swagata\AppData\Roaming\MiniLyrics
[2012/09/05 01:02:46 | 000,000,000 | ---D | M] -- C:\Users\Swagata\AppData\Roaming\Nokia
[2012/09/05 01:02:45 | 000,000,000 | ---D | M] -- C:\Users\Swagata\AppData\Roaming\PC Suite
[2012/05/01 19:44:11 | 000,000,000 | ---D | M] -- C:\Users\Swagata\AppData\Roaming\Sammsoft
[2012/05/01 20:00:24 | 000,000,000 | ---D | M] -- C:\Users\Swagata\AppData\Roaming\TuneUp Software
[2012/07/18 15:36:03 | 000,000,000 | ---D | M] -- C:\Users\Swagata\AppData\Roaming\Ubisoft
[2012/05/01 20:07:31 | 000,000,000 | ---D | M] -- C:\Users\Swagata\AppData\Roaming\WinPatrol

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

 

Once I was in the BIOS setting, (Pressing F2 before the windows loads) and there was an automated restart. Can it be because of virus ? "F-Secure online scanner" returned to their homepage. After doing the adwcleaner.exe scan, I couldn't find the log file later. I ran the software again and posted the new log.



All processes killed
========== OTL ==========
Error: No service named avxzdn2s was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avxzdn2s deleted successfully.
ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Swagata
->Temp folder emptied: 180288 bytes
->Temporary Internet Files folder emptied: 1966524 bytes
->FireFox cache emptied: 194199186 bytes
->Google Chrome cache emptied: 12518291 bytes
->Flash cache emptied: 6220 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1724 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 199.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Swagata

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Swagata
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10262012_074127

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...









Results of screen317's Security Check version 0.99.53
x86 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ESET Smart Security 5.0
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
WinPatrol
SpywareBlaster 4.6
Malwarebytes Anti-Malware version 1.65.1.1000
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
Adobe Flash Player 11.2.202.235
Mozilla Firefox 12.0 Firefox out of Date!
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.77
````````Process Check: objlist.exe by Laurent````````
WinPatrol winpatrol.exe
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
BillP Studios WinPatrol WinPatrol.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````










Farbar Service Scanner Version: 19-10-2012
Ran by Swagata (administrator) on 26-10-2012 at 07:53:13
Running from "C:\Users\Swagata\Desktop "
Microsoft Windows 7 NVIDIA 2010 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
WAN connected
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-06-06 20:27] - [2012-03-30 16:29] - 1287024 ____A (Microsoft Corporation) 55E9965552741F3850CB22CBBA9671ED

C:\Windows\system32\dnsrslvr.dll
[2012-05-02 12:42] - [2011-03-03 11:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9

C:\Windows\system32\mpssvc.dll
[2009-07-14 05:53] - [2009-07-14 07:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\Windows\system32\bfe.dll
[2009-07-14 05:54] - [2009-07-14 07:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll
[2009-07-14 05:23] - [2009-07-14 07:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\Windows\system32\vssvc.exe
[2009-07-14 05:24] - [2009-07-14 07:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\Windows\system32\wscsvc.dll
[2012-05-02 19:31] - [2010-12-21 11:38] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll
[2009-07-14 06:15] - [2009-07-14 07:16] - 1912832 ____A (Microsoft Corporation) A33408CC036F9C08142B11BE5E93F0A1

C:\Windows\system32\qmgr.dll
[2009-07-14 05:30] - [2009-07-14 07:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****









# AdwCleaner v2.005 - Logfile created 10/26/2012 at 08:12:34
# Updated 14/10/2012 by Xplode
# Operating system : Windows Seven Black Edition (32 bits)
# User : Swagata - SWAGATA-PC
# Boot Mode : Normal
# Running from : C:\Users\Swagata\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (en-US)

Profile name : default
File : C:\Users\Swagata\AppData\Roaming\Mozilla\Firefox\Profiles\9k642y4e.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.77

File : C:\Users\Swagata\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [834 octets] - [26/10/2012 08:12:34]

########## EOF - C:\AdwCleaner[S1].txt - [893 octets] ##########

 

I tried to run the F Secure online scan. But my internet speed is very slow. It's not possible for me to perform F Secure online scan. Is there anything more I need to do ?

 

I did this one. However, I couldn't find any View Report button; there wasn't any. Please look at the screenshot,

 

I think everything is fine now. My pc is running fine. Thank you for your help. Please, mark this thread as Solved.











All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Swagata
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6594600 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 6.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Swagata
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Swagata
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 10302012_081609

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...