Jump to content


Photo

pc so slow and sick


  • This topic is locked This topic is locked
159 replies to this topic

#1 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 03 June 2012 - 02:26 AM

hi..... cant any want help me? could you please check my log file if theres a problem? got virus,malware or what because my pc so slow and sick.... i am very frusting?? right now i full scan my pc with malwarebytes but not finish yet....i use malwarebytes and bitdefender 2012 for my anti virus.sorry for my bad english... :) :)

#2 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 03 June 2012 - 02:29 AM

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03/06/2012 at 14:44:07.
Operating System: Windows 7 Ultimate


Processes terminated by Rkill or while it was running:



Rkill completed on 03/06/2012 at 14:59:06.

#3 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 03 June 2012 - 02:53 AM

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.0
Run by Hp at 15:22:57 on 2012-06-03
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2036.835 [GMT 8:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Enabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
FW: Bitdefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\SetPointP\LBTWiz.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\hkcmd.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\System32\alg.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\dllhost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\Explorer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.avg.com/?cid={A2D61784-D87D-4DD2-9965-674C2E8BA49B}&mid=e8eb7b1bf7cf47d1ad353163c4e39dbd-203ac9e8d151dfc7fffb8db0f46eb0334a45115b&lang=en&ds=ft011&pr=sa&d=2012-06-01 12:57:34&v=11.1.0.7&sap=hp
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:3144322079&ie=ISO-8859-1&sa=Search&q=%s
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2012\bdagent.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\hp\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
uPolicies-explorer: NoInstrumentation = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with &Media Finder - c:\program files\media finder\hook.html
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3CA0FAE8-B45D-4AF3-8FD4-487A12B01D2A} : NameServer = 202.188.0.133,202.188.1.5
TCP: Interfaces\{B5398B0D-41BE-4C96-89F6-B143C096AC3F} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B5398B0D-41BE-4C96-89F6-B143C096AC3F}\2676C693730333 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B5398B0D-41BE-4C96-89F6-B143C096AC3F}\378657B6279693730333 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B5398B0D-41BE-4C96-89F6-B143C096AC3F}\378657B62796F577966696 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B5398B0D-41BE-4C96-89F6-B143C096AC3F}\96450244963736F6 : DhcpNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\hp\appdata\roaming\mozilla\firefox\profiles\w6am161h.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://isearch.babylon.com/?babsrc=HP_ss&mntrId=9ac99f34000000000000e02a823cb1b7
FF - prefs.js: keyword.URL - hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:7461124956&ie=ISO-8859-1&sa=Search&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
.
---- FIREFOX POLICIES ----
FF - user.js: keyword.URL - hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:7461124956&ie=ISO-8859-1&sa=Search&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2012-3-20 611520]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-11-14 74832]
R1 bdfwfpf;bdfwfpf;c:\program files\common files\bitdefender\bitdefender firewall\bdfwfpf.sys [2011-11-14 90704]
R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2010-1-19 85128]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2012-5-4 96056]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2011-11-25 240184]
R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2012-2-17 447208]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2012-4-12 294952]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2012-4-10 254056]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-4-18 340072]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 63056]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2012-4-10 45736]
S3 KLMD;KLMD;c:\windows\system32\drivers\KLMD.sys [2012-4-23 16904]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-8-9 15872]
.
=============== Created Last 30 ================
.
2012-06-03 07:08:43 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-06-03 07:08:23 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-03 07:08:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-01 05:46:51 -------- d-----w- c:\users\hp\appdata\roaming\IDM
2012-06-01 05:46:35 -------- d-----w- c:\program files\Internet Download Manager
2012-05-31 08:56:22 -------- d-----w- c:\users\hp\appdata\roaming\DMCache
2012-05-29 16:44:36 -------- d-----w- c:\users\hp\appdata\roaming\Malwarebytes
2012-05-29 16:44:24 -------- d-----w- c:\programdata\Malwarebytes
2012-05-29 16:07:50 -------- d-----w- c:\users\hp\appdata\roaming\addpcs
2012-05-28 23:55:05 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-28 19:39:02 -------- d-----w- c:\users\hp\appdata\local\temp
2012-05-27 15:20:28 98816 ----a-w- c:\windows\sed.exe
2012-05-27 15:20:28 518144 ----a-w- c:\windows\SWREG.exe
2012-05-27 15:20:28 256000 ----a-w- c:\windows\PEV.exe
2012-05-27 15:20:28 208896 ----a-w- c:\windows\MBR.exe
2012-05-26 12:18:27 -------- d-----w- c:\users\hp\appdata\roaming\Bitdefender
2012-05-26 12:18:08 -------- d-----w- c:\programdata\Bitdefender
2012-05-26 11:42:18 -------- d-----w- c:\program files\Bitdefender
2012-05-26 11:41:24 360976 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2012-05-26 11:41:21 340624 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-05-26 11:36:12 -------- d-----w- c:\program files\common files\Bitdefender
2012-05-20 10:02:59 -------- d-----w- c:\program files\common files\Real
2012-05-14 11:22:27 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2012-05-14 11:22:27 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2012-05-14 11:20:26 -------- d-----w- c:\programdata\Kaspersky Lab
2012-05-14 10:29:39 -------- d-----w- c:\users\hp\appdata\local\Western Digital
2012-05-14 07:41:26 -------- d-----w- c:\program files\Western Digital
2012-05-09 19:35:40 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-09 19:35:39 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-05-09 19:35:39 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-05-09 19:35:38 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-05-09 19:35:29 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-09 19:35:28 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 19:35:27 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 19:34:55 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 19:34:52 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 19:27:54 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-07 18:05:33 -------- d-----w- c:\windows\AutoKMS
2012-05-07 18:01:06 151552 ----a-w- c:\windows\KMSEmulator.exe
2012-05-07 16:30:00 -------- d-----w- c:\users\hp\appdata\local\DDMSettings
2012-05-07 15:37:55 -------- d-----w- c:\program files\common files\DivX Shared
2012-05-07 15:37:34 -------- d-----w- c:\program files\DivX
2012-05-07 15:26:56 -------- d-----w- c:\programdata\DivX
2012-05-05 15:57:34 -------- d-----w- c:\users\hp\appdata\local\FileTypeAssistant
2012-05-05 15:53:50 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2012-05-04 16:06:48 -------- d-----w- c:\users\hp\appdata\roaming\SuperPump
2012-05-04 10:19:37 -------- d-----w- c:\program files\CCleaner
.
==================== Find3M ====================
.
2012-05-23 15:56:35 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-05-20 10:03:18 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-20 10:03:17 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-05-16 07:04:27 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-16 07:04:27 426144 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-01 10:53:22 772552 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-01 10:53:22 687560 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-23 11:26:26 96056 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-04-22 19:34:33 16904 ----a-w- c:\windows\system32\drivers\KLMD.sys
2012-04-18 12:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 12:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-11 17:12:16 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-03-20 12:22:08 611520 ----a-w- c:\windows\system32\drivers\avc3.sys
.
============= FINISH: 15:38:59.77 ===============

#4 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 03 June 2012 - 03:00 AM

i also got 1 more problem.... cannot use and open security check.any solution??

#5 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 03 June 2012 - 01:04 PM

Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.03.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Hp :: BGL9703 [administrator]

Protection: Disabled

4/6/2012 2:16:52 AM
mbam-log-2012-06-04 (02-16-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 199315
Time elapsed: 35 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

anything problem,please help me?? wait for second anti virus for finish.. full scan from ESET Online Scanner

#6 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 03 June 2012 - 01:07 PM

any clue for security check,cannot open that software and use it..

#7 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 04 June 2012 - 01:33 AM

i found the solution for my security check,my bitdefender detect that security check is malicious software... right now i have disable my bitdefender for security check want to scan...im waiting for the result...

#8 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 04 June 2012 - 03:54 AM

Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Bitdefender Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner
Java™ 7 Update 4
Adobe Flash Player 11.3.300.250
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0)
Google Chrome 19.0.1084.46
Google Chrome 19.0.1084.52
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Bitdefender Bitdefender 2012 vsserv.exe
Bitdefender Bitdefender 2012 bdagent.exe
Bitdefender Bitdefender 2012 updatesrv.exe
Bitdefender Bitdefender SafeBox safeboxservice.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

#9 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 04 June 2012 - 04:09 AM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.0
Run by Hp at 17:56:51 on 2012-06-04
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2036.786 [GMT 8:00]
.
AV: Bitdefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
FW: Bitdefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Logitech\SetPointP\LBTWiz.exe
C:\Windows\System32\alg.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.avg.com/?cid={A2D61784-D87D-4DD2-9965-674C2E8BA49B}&mid=e8eb7b1bf7cf47d1ad353163c4e39dbd-203ac9e8d151dfc7fffb8db0f46eb0334a45115b&lang=en&ds=ft011&pr=sa&d=2012-06-01 12:57:34&v=11.1.0.7&sap=hp
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:3144322079&ie=ISO-8859-1&sa=Search&q=%s
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2012\bdagent.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\hp\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
uPolicies-explorer: NoInstrumentation = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with &Media Finder - c:\program files\media finder\hook.html
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3CA0FAE8-B45D-4AF3-8FD4-487A12B01D2A} : NameServer = 202.188.0.133,202.188.1.5
TCP: Interfaces\{B5398B0D-41BE-4C96-89F6-B143C096AC3F} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B5398B0D-41BE-4C96-89F6-B143C096AC3F}\2676C693730333 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B5398B0D-41BE-4C96-89F6-B143C096AC3F}\378657B6279693730333 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B5398B0D-41BE-4C96-89F6-B143C096AC3F}\378657B62796F577966696 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B5398B0D-41BE-4C96-89F6-B143C096AC3F}\96450244963736F6 : DhcpNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\hp\appdata\roaming\mozilla\firefox\profiles\w6am161h.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://isearch.babylon.com/?babsrc=HP_ss&mntrId=9ac99f34000000000000e02a823cb1b7
FF - prefs.js: keyword.URL - hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:7461124956&ie=ISO-8859-1&sa=Search&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
.
---- FIREFOX POLICIES ----
FF - user.js: keyword.URL - hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:7461124956&ie=ISO-8859-1&sa=Search&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2012-3-20 611520]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-11-14 74832]
R1 bdfwfpf;bdfwfpf;c:\program files\common files\bitdefender\bitdefender firewall\bdfwfpf.sys [2011-11-14 90704]
R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2010-1-19 85128]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\adobe\elements 10 organizer\PhotoshopElementsFileAgent.exe [2011-9-14 169624]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2012-4-13 13592]
R2 IconMan_R;IconMan_R;c:\program files\realtek\realtek pcie card reader\RIconMan.exe [2012-4-12 1796200]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2012-5-4 96056]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2011-11-25 240184]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2012-4-12 294952]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-3 22344]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2012-4-10 254056]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-4-18 340072]
R3 SafeBox;SafeBox;c:\program files\bitdefender\bitdefender safebox\safeboxservice.exe [2012-2-21 67120]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2011-11-4 257184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-11 136176]
S3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
S3 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2012-4-12 81920]
S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2012-2-17 447208]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 63056]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2012-4-10 45736]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-11 136176]
S3 KLMD;KLMD;c:\windows\system32\drivers\KLMD.sys [2012-4-23 16904]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-3-17 112568]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-8-9 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-8-9 52224]
.
=============== Created Last 30 ================
.
2012-06-03 13:26:32 -------- d-----w- c:\users\hp\appdata\roaming\f-secure
2012-06-03 13:24:14 -------- d-----w- c:\programdata\F-Secure
2012-06-03 09:03:46 -------- d-----w- c:\program files\ESET
2012-06-03 07:08:23 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-03 07:08:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-01 05:46:51 -------- d-----w- c:\users\hp\appdata\roaming\IDM
2012-06-01 05:46:35 -------- d-----w- c:\program files\Internet Download Manager
2012-05-31 08:56:22 -------- d-----w- c:\users\hp\appdata\roaming\DMCache
2012-05-29 16:44:36 -------- d-----w- c:\users\hp\appdata\roaming\Malwarebytes
2012-05-29 16:44:24 -------- d-----w- c:\programdata\Malwarebytes
2012-05-29 16:07:50 -------- d-----w- c:\users\hp\appdata\roaming\addpcs
2012-05-28 23:55:05 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-28 19:39:02 -------- d-----w- c:\users\hp\appdata\local\temp
2012-05-27 15:20:28 98816 ----a-w- c:\windows\sed.exe
2012-05-27 15:20:28 518144 ----a-w- c:\windows\SWREG.exe
2012-05-27 15:20:28 256000 ----a-w- c:\windows\PEV.exe
2012-05-27 15:20:28 208896 ----a-w- c:\windows\MBR.exe
2012-05-26 12:18:27 -------- d-----w- c:\users\hp\appdata\roaming\Bitdefender
2012-05-26 12:18:08 -------- d-----w- c:\programdata\Bitdefender
2012-05-26 11:42:18 -------- d-----w- c:\program files\Bitdefender
2012-05-26 11:41:24 360976 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2012-05-26 11:41:21 340624 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-05-26 11:36:12 -------- d-----w- c:\program files\common files\Bitdefender
2012-05-20 10:02:59 -------- d-----w- c:\program files\common files\Real
2012-05-14 11:22:27 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2012-05-14 11:22:27 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2012-05-14 11:20:26 -------- d-----w- c:\programdata\Kaspersky Lab
2012-05-14 10:29:39 -------- d-----w- c:\users\hp\appdata\local\Western Digital
2012-05-14 07:41:26 -------- d-----w- c:\program files\Western Digital
2012-05-09 19:35:40 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-09 19:35:39 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-05-09 19:35:39 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-05-09 19:35:38 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-05-09 19:35:29 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-09 19:35:28 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 19:35:27 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 19:34:55 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 19:34:52 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 19:27:54 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-07 18:05:33 -------- d-----w- c:\windows\AutoKMS
2012-05-07 16:30:00 -------- d-----w- c:\users\hp\appdata\local\DDMSettings
2012-05-07 15:37:55 -------- d-----w- c:\program files\common files\DivX Shared
2012-05-07 15:37:34 -------- d-----w- c:\program files\DivX
2012-05-07 15:26:56 -------- d-----w- c:\programdata\DivX
2012-05-05 15:57:34 -------- d-----w- c:\users\hp\appdata\local\FileTypeAssistant
2012-05-05 15:53:50 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
.
==================== Find3M ====================
.
2012-05-23 15:56:35 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-05-20 10:03:18 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-20 10:03:17 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-05-16 07:04:27 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-16 07:04:27 426144 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-01 10:53:22 772552 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-01 10:53:22 687560 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-23 11:26:26 96056 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-04-22 19:34:33 16904 ----a-w- c:\windows\system32\drivers\KLMD.sys
2012-04-18 12:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 12:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-11 17:12:16 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-03-20 12:22:08 611520 ----a-w- c:\windows\system32\drivers\avc3.sys
.
============= FINISH: 18:05:47.10 ===============


latest report for dds

#10 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 04 June 2012 - 05:26 AM

ComboFix 12-06-03.05 - Hp 04/06/2012 18:43:36.4.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2036.762 [GMT 8:00]
Running from: c:\users\Hp\Desktop\ComboFix_2.exe
AV: Bitdefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: Bitdefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: Bitdefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-04 to 2012-06-04 )))))))))))))))))))))))))))))))
.
.
2012-06-04 11:10 . 2012-06-04 11:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-03 13:26 . 2012-06-03 13:26 -------- d-----w- c:\users\Hp\AppData\Roaming\f-secure
2012-06-03 13:24 . 2012-06-03 13:24 -------- d-----w- c:\programdata\F-Secure
2012-06-03 07:08 . 2012-06-03 07:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-03 07:08 . 2012-04-04 07:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-01 05:46 . 2012-06-03 18:32 -------- d-----w- c:\users\Hp\AppData\Roaming\IDM
2012-06-01 05:46 . 2012-06-01 05:52 -------- d-----w- c:\program files\Internet Download Manager
2012-05-31 08:56 . 2012-06-04 11:11 -------- d-----w- c:\users\Hp\AppData\Roaming\DMCache
2012-05-29 16:44 . 2012-05-29 16:44 -------- d-----w- c:\users\Hp\AppData\Roaming\Malwarebytes
2012-05-29 16:44 . 2012-05-29 16:44 -------- d-----w- c:\programdata\Malwarebytes
2012-05-29 16:07 . 2012-05-29 16:07 -------- d-----w- c:\users\Hp\AppData\Roaming\addpcs
2012-05-28 19:39 . 2012-06-04 11:10 -------- d-----w- c:\users\Hp\AppData\Local\temp
2012-05-26 12:18 . 2012-05-26 12:52 -------- d-----w- c:\users\Hp\AppData\Roaming\Bitdefender
2012-05-26 12:18 . 2012-05-26 12:19 -------- d-----w- c:\programdata\Bitdefender
2012-05-26 11:42 . 2012-05-26 11:48 -------- d-----w- c:\program files\Bitdefender
2012-05-26 11:41 . 2011-08-16 06:59 360976 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2012-05-26 11:41 . 2011-10-27 07:07 340624 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-05-26 11:36 . 2012-05-26 11:41 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-05-23 15:49 . 2012-05-23 15:49 -------- d-----w- c:\programdata\Logitech
2012-05-20 10:02 . 2012-05-20 10:19 -------- d-----w- c:\program files\Common Files\Real
2012-05-14 11:22 . 2009-12-14 04:44 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2012-05-14 11:22 . 2009-12-14 04:44 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2012-05-14 11:20 . 2012-05-25 12:36 -------- d-----w- c:\programdata\Kaspersky Lab
2012-05-14 10:29 . 2012-05-14 10:29 -------- d-----w- c:\users\Hp\AppData\Local\Western Digital
2012-05-14 07:41 . 2012-05-14 07:41 -------- d-----w- c:\program files\Western Digital
2012-05-09 19:35 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 19:35 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 19:35 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 19:35 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 19:35 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-09 19:35 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 19:35 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 19:34 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 19:34 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 19:27 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-07 18:05 . 2012-05-07 18:06 -------- d-----w- c:\windows\AutoKMS
2012-05-07 16:30 . 2012-05-07 16:30 -------- d-----w- c:\users\Hp\AppData\Local\DDMSettings
2012-05-07 15:37 . 2012-05-07 16:26 -------- d-----w- c:\program files\Common Files\DivX Shared
2012-05-07 15:37 . 2012-05-07 16:28 -------- d-----w- c:\program files\DivX
2012-05-07 15:26 . 2012-05-07 16:28 -------- d-----w- c:\programdata\DivX
2012-05-05 15:57 . 2012-05-05 15:57 -------- d-----w- c:\users\Hp\AppData\Local\FileTypeAssistant
2012-05-05 15:53 . 2012-05-05 18:21 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-23 15:56 . 2012-04-12 07:09 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-05-20 10:03 . 2012-01-25 06:22 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-20 10:03 . 2010-10-25 07:13 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-05-16 07:04 . 2011-11-04 12:16 426144 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-16 07:04 . 2011-08-07 01:58 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-01 10:53 . 2012-04-18 10:20 772552 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-01 10:53 . 2012-04-13 07:40 687560 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-23 11:26 . 2012-05-03 19:07 96056 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-04-22 19:34 . 2012-04-22 19:34 16904 ----a-w- c:\windows\system32\drivers\KLMD.sys
2012-04-18 12:56 . 2012-04-18 12:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 12:56 . 2012-04-18 12:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-12 07:10 . 2012-04-12 07:10 53248 ----a-r- c:\users\Hp\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-04-11 17:12 . 2012-04-11 17:12 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-03-20 12:22 . 2012-03-20 12:22 611520 ----a-w- c:\windows\system32\drivers\avc3.sys
2012-03-19 19:53 . 2012-04-17 16:16 6582328 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{24313A92-26E6-43C2-8B48-884EAD7FF7F8}\mpengine.dll
2012-04-25 22:59 . 2012-03-24 14:47 85432 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2012-02-22 05:54 239112 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2012-02-22 05:54 239112 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2012-02-22 05:54 239112 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2012-02-22 05:54 239112 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-06-01 3487128]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-06-08 495708]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-13 2299176]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-24 150552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-24 173592]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-03-22 1183616]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:1033 /heur:80 /RA:ask /pup /archives /IA:0 /KBD:2 /dir:C:\Program
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-06-16 08:43 499608 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAHeadless]
2011-09-14 14:09 539800 ----a-w- c:\program files\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2009-07-14 01:14 8704 ----a-w- c:\windows\System32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-09 18:41 49208 ------w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]
2011-11-29 12:04 284440 ----a-w- c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2009-01-08 13:44 70936 ----a-w- c:\users\Hp\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R1 azwwljds;azwwljds;c:\windows\system32\drivers\azwwljds.sys [x]
R1 minhfjmw;minhfjmw;c:\windows\system32\drivers\minhfjmw.sys [x]
R1 pukqzpus;pukqzpus;c:\windows\system32\drivers\pukqzpus.sys [x]
R2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 257184]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-11 136176]
R2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-08-31 1796200]
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R3 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-02 81920]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2012-02-17 447208]
R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 63056]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-13 45736]
R3 btwl2cap;Bluetooth L2CAP Service; [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-11 136176]
R3 KLMD;KLMD;c:\windows\system32\Drivers\KLMD.sys [2012-04-22 16904]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 112568]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub; [x]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-14 307544]
R3 VGPU;VGPU; [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-30 1343400]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2012-03-20 611520]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-11-14 74832]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 90704]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [2010-01-19 85128]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-14 169624]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-04-23 96056]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-03-13 53224]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [2011-11-25 240184]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-06-09 294952]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-12-06 254056]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-02-16 340072]
S3 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2012-02-21 67120]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2011-11-04 07:04]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-11 14:27]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-11 14:27]
.
2012-05-03 c:\windows\Tasks\SidebarExecute.job
- c:\program files\Windows Sidebar\sidebar.exe [2011-08-08 12:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://isearch.avg.com/?cid={A2D61784-D87D-4DD2-9965-674C2E8BA49B}&mid=e8eb7b1bf7cf47d1ad353163c4e39dbd-203ac9e8d151dfc7fffb8db0f46eb0334a45115b&lang=en&ds=ft011&pr=sa&d=2012-06-01 12:57&v=11.1.0.7&sap=hp
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:3144322079&ie=ISO-8859-1&sa=Search&q=%s
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3CA0FAE8-B45D-4AF3-8FD4-487A12B01D2A}: NameServer = 202.188.0.133,202.188.1.5
FF - ProfilePath - c:\users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\w6am161h.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://isearch.babylon.com/?babsrc=HP_ss&mntrId=9ac99f34000000000000e02a823cb1b7
FF - prefs.js: keyword.URL - hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:7461124956&ie=ISO-8859-1&sa=Search&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - user.js: keyword.URL - hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:7461124956&ie=ISO-8859-1&sa=Search&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
MSConfigStartUp-uTorrent - c:\program files\uTorrent\uTorrent.exe
MSConfigStartUp-uTorrent Turbo Accelerator - c:\program files\uTorrent Turbo Accelerator\uTorrent Turbo Accelerator.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA2"="<settings accountStatus=\"1\" oldDevice=\"\" timeDiff=\"1338036144\" expireTime=\"1258888654\" productStatus=\"1\" obSize=\"2\" InstallTS=\"1289332796\" isSubsc=\"0\" authStat_ts=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"1\" moduleId1=\"7\" moduleId2=\"10\" relType=\"1\" />"
"DEVICE2"="vaaur8rPygA="
.
[HKEY_USERS\S-1-5-21-2541759816-211721918-909212357-1000_Classes\CLSID\{1861d51f-0d6f-4826-85e8-9e4333a87779}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000009b
"Therad"=dword:00000004
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-2541759816-211721918-909212357-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):be,d6,19,64,ff,0d,9a,d1,7e,3f,80,75,36,75,2a,7e,82,d4,c7,44,19,
b8,d5,da,a7,9e,7c,cf,1d,6c,72,ed,7d,ea,e7,2b,21,df,27,dd,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-04 19:19:48
ComboFix-quarantined-files.txt 2012-06-04 11:19
.
Pre-Run: 178,791,137,280 bytes free
Post-Run: 178,504,364,032 bytes free
.
- - End Of File - - 4C028464FF5052CA11ED90B78C9DDE8D

#11 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 04 June 2012 - 01:26 PM

Hello mat yie76.

When did the slowness start? Do you remember the approximate date?
I don't see any obvious malware. ComboFix made a few changes - did that help?

I see that you appear to have some things disabled via MsConfig. MsConfig should really only be used for troubleshooting. Please do this:
Start > Run > msconfig.exe. Set it to 'Normal startup' and reboot.

Then run ComboFix again with BitDefender and Windows Defender disabled. Please post the new log.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#12 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 05 June 2012 - 06:44 AM

hello cnm... thank you very much for your feedback for my post... i appreciate that.... actually my pc was slow last week...now I follow what u want me to do and wait for the result....

#13 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 05 June 2012 - 06:46 AM

same still slow after ComboFix made a few changes..

#14 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 05 June 2012 - 09:03 AM

ComboFix 12-06-05.01 - Hp 05/06/2012 22:13:48.6.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2036.860 [GMT 8:00]
Running from: c:\users\Hp\Desktop\ComboFix_2.exe
AV: Bitdefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: Bitdefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: Bitdefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-05 to 2012-06-05 )))))))))))))))))))))))))))))))
.
.
2012-06-05 14:40 . 2012-06-05 14:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-04 10:35 . 2012-06-04 11:19 -------- d-----w- C:\ComboFix_2
2012-06-03 13:26 . 2012-06-03 13:26 -------- d-----w- c:\users\Hp\AppData\Roaming\f-secure
2012-06-03 13:24 . 2012-06-03 13:24 -------- d-----w- c:\programdata\F-Secure
2012-06-03 07:08 . 2012-06-03 07:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-03 07:08 . 2012-04-04 07:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-01 05:46 . 2012-06-03 18:32 -------- d-----w- c:\users\Hp\AppData\Roaming\IDM
2012-06-01 05:46 . 2012-06-01 05:52 -------- d-----w- c:\program files\Internet Download Manager
2012-05-31 08:56 . 2012-06-05 14:41 -------- d-----w- c:\users\Hp\AppData\Roaming\DMCache
2012-05-29 16:44 . 2012-05-29 16:44 -------- d-----w- c:\users\Hp\AppData\Roaming\Malwarebytes
2012-05-29 16:44 . 2012-05-29 16:44 -------- d-----w- c:\programdata\Malwarebytes
2012-05-29 16:07 . 2012-05-29 16:07 -------- d-----w- c:\users\Hp\AppData\Roaming\addpcs
2012-05-28 19:39 . 2012-06-05 14:40 -------- d-----w- c:\users\Hp\AppData\Local\temp
2012-05-26 12:18 . 2012-05-26 12:52 -------- d-----w- c:\users\Hp\AppData\Roaming\Bitdefender
2012-05-26 12:18 . 2012-05-26 12:19 -------- d-----w- c:\programdata\Bitdefender
2012-05-26 11:42 . 2012-05-26 11:48 -------- d-----w- c:\program files\Bitdefender
2012-05-26 11:41 . 2011-08-16 06:59 360976 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2012-05-26 11:41 . 2011-10-27 07:07 340624 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-05-26 11:36 . 2012-05-26 11:41 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-05-23 15:49 . 2012-05-23 15:49 -------- d-----w- c:\programdata\Logitech
2012-05-20 10:02 . 2012-05-20 10:19 -------- d-----w- c:\program files\Common Files\Real
2012-05-14 11:22 . 2009-12-14 04:44 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2012-05-14 11:22 . 2009-12-14 04:44 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2012-05-14 11:20 . 2012-05-25 12:36 -------- d-----w- c:\programdata\Kaspersky Lab
2012-05-14 10:29 . 2012-05-14 10:29 -------- d-----w- c:\users\Hp\AppData\Local\Western Digital
2012-05-14 07:41 . 2012-05-14 07:41 -------- d-----w- c:\program files\Western Digital
2012-05-09 19:35 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 19:35 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 19:35 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 19:35 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 19:35 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-09 19:35 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 19:35 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 19:34 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 19:34 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 19:27 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-07 18:05 . 2012-05-07 18:06 -------- d-----w- c:\windows\AutoKMS
2012-05-07 16:30 . 2012-05-07 16:30 -------- d-----w- c:\users\Hp\AppData\Local\DDMSettings
2012-05-07 15:37 . 2012-05-07 16:26 -------- d-----w- c:\program files\Common Files\DivX Shared
2012-05-07 15:37 . 2012-05-07 16:28 -------- d-----w- c:\program files\DivX
2012-05-07 15:26 . 2012-05-07 16:28 -------- d-----w- c:\programdata\DivX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-23 15:56 . 2012-04-12 07:09 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-05-20 10:03 . 2012-01-25 06:22 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-20 10:03 . 2010-10-25 07:13 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-05-16 07:04 . 2011-11-04 12:16 426144 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-16 07:04 . 2011-08-07 01:58 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-01 10:53 . 2012-04-18 10:20 772552 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-01 10:53 . 2012-04-13 07:40 687560 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-23 11:26 . 2012-05-03 19:07 96056 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-04-22 19:34 . 2012-04-22 19:34 16904 ----a-w- c:\windows\system32\drivers\KLMD.sys
2012-04-18 12:56 . 2012-04-18 12:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 12:56 . 2012-04-18 12:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-12 07:10 . 2012-04-12 07:10 53248 ----a-r- c:\users\Hp\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-04-11 17:12 . 2012-04-11 17:12 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-03-20 12:22 . 2012-03-20 12:22 611520 ----a-w- c:\windows\system32\drivers\avc3.sys
2012-03-19 19:53 . 2012-04-17 16:16 6582328 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{24313A92-26E6-43C2-8B48-884EAD7FF7F8}\mpengine.dll
2012-04-25 22:59 . 2012-03-24 14:47 85432 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2012-02-22 05:54 239112 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2012-02-22 05:54 239112 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2012-02-22 05:54 239112 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2012-02-22 05:54 239112 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-06-01 3487128]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
"Octoshape Streaming Services"="c:\users\Hp\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"CAHeadless"="c:\program files\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" [2011-09-14 539800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-06-08 495708]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-13 2299176]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-24 150552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-24 173592]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-03-22 1183616]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-09 49208]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:1033 /heur:80 /RA:ask /pup /archives /IA:0 /KBD:2 /dir:C:\Program
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R1 azwwljds;azwwljds;c:\windows\system32\drivers\azwwljds.sys [x]
R1 minhfjmw;minhfjmw;c:\windows\system32\drivers\minhfjmw.sys [x]
R1 pukqzpus;pukqzpus;c:\windows\system32\drivers\pukqzpus.sys [x]
R2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 257184]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-11 136176]
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R3 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-02 81920]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2012-02-17 447208]
R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 63056]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-13 45736]
R3 btwl2cap;Bluetooth L2CAP Service; [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-11 136176]
R3 KLMD;KLMD;c:\windows\system32\Drivers\KLMD.sys [2012-04-22 16904]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 112568]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub; [x]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-14 307544]
R3 VGPU;VGPU; [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-30 1343400]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2012-03-20 611520]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-11-14 74832]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 90704]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [2010-01-19 85128]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-14 169624]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-08-31 1796200]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-04-23 96056]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-03-13 53224]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [2011-11-25 240184]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-06-09 294952]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-12-06 254056]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-02-16 340072]
S3 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2012-02-21 67120]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2011-11-04 07:04]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-11 14:27]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-11 14:27]
.
2012-05-03 c:\windows\Tasks\SidebarExecute.job
- c:\program files\Windows Sidebar\sidebar.exe [2011-08-08 12:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://isearch.avg.com/?cid={A2D61784-D87D-4DD2-9965-674C2E8BA49B}&mid=e8eb7b1bf7cf47d1ad353163c4e39dbd-203ac9e8d151dfc7fffb8db0f46eb0334a45115b&lang=en&ds=ft011&pr=sa&d=2012-06-01 12:57&v=11.1.0.7&sap=hp
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:3144322079&ie=ISO-8859-1&sa=Search&q=%s
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3CA0FAE8-B45D-4AF3-8FD4-487A12B01D2A}: NameServer = 202.188.0.133,202.188.1.5
FF - ProfilePath - c:\users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\w6am161h.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://isearch.babylon.com/?babsrc=HP_ss&mntrId=9ac99f34000000000000e02a823cb1b7
FF - prefs.js: keyword.URL - hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:7461124956&ie=ISO-8859-1&sa=Search&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - user.js: keyword.URL - hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:7461124956&ie=ISO-8859-1&sa=Search&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA2"="<settings accountStatus=\"1\" oldDevice=\"\" timeDiff=\"1338036144\" expireTime=\"1258888654\" productStatus=\"1\" obSize=\"2\" InstallTS=\"1289332796\" isSubsc=\"0\" authStat_ts=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"1\" moduleId1=\"7\" moduleId2=\"10\" relType=\"1\" />"
"DEVICE2"="vaaur8rPygA="
.
[HKEY_USERS\S-1-5-21-2541759816-211721918-909212357-1000_Classes\CLSID\{1861d51f-0d6f-4826-85e8-9e4333a87779}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000009b
"Therad"=dword:00000004
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-2541759816-211721918-909212357-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):be,d6,19,64,ff,0d,9a,d1,7e,3f,80,75,36,75,2a,7e,82,d4,c7,44,19,
b8,d5,da,a7,9e,7c,cf,1d,6c,72,ed,7d,ea,e7,2b,21,df,27,dd,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-05 22:47:55
ComboFix-quarantined-files.txt 2012-06-05 14:47
ComboFix2.txt 2012-06-04 19:40
ComboFix3.txt 2012-06-04 11:19
.
Pre-Run: 178,037,518,336 bytes free
Post-Run: 177,985,032,192 bytes free
.
- - End Of File - - C31F8914C1C5EFFE238E290A027F53AE

#15 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 05 June 2012 - 09:11 AM

i also scan with bitdefender total security 2012(quick scan)but that anti virus not detect any virus... i am so sorry cnm because i do know how to show the result...cant u teach me how to copy paste the result cnm?? i am beginner not expert...

#16 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 05 June 2012 - 11:00 AM

If you mean how to show the BitDefender log - we don't need it.

You installed c:\windows\AutoKMS on May 7. This can be used to install an illegal copy of Office, or be malware. http://answers.micro...c5-38e4a3de4a09

Note that SWI does not condone piracy.

Your ComboFix logs don't look right to me. Please download the latest version to your Desktop.
Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.
If ComboFix leads to an error, reboot should fix it.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#17 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 06 June 2012 - 03:44 AM

ComboFix 12-06-05.04 - Hp 06/06/2012 14:42:15.7.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2036.830 [GMT 8:00]
Running from: c:\users\Hp\Downloads\Programs\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: Bitdefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: Bitdefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
/wow section - STAGE 31
grep: temp2401: No such file or directory
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\ati4irxx.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-05-06 to 2012-06-06 )))))))))))))))))))))))))))))))
.
.
2012-06-06 08:28 . 2012-06-06 08:28 -------- d-----w- c:\users\Hp\AppData\Local\temp
2012-06-06 08:28 . 2012-06-06 08:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-03 13:26 . 2012-06-03 13:26 -------- d-----w- c:\users\Hp\AppData\Roaming\f-secure
2012-06-03 13:24 . 2012-06-03 13:24 -------- d-----w- c:\programdata\F-Secure
2012-06-01 05:46 . 2012-06-03 18:32 -------- d-----w- c:\users\Hp\AppData\Roaming\IDM
2012-06-01 05:46 . 2012-06-01 05:52 -------- d-----w- c:\program files\Internet Download Manager
2012-05-31 08:56 . 2012-06-06 06:36 -------- d-----w- c:\users\Hp\AppData\Roaming\DMCache
2012-05-29 16:44 . 2012-05-29 16:44 -------- d-----w- c:\users\Hp\AppData\Roaming\Malwarebytes
2012-05-29 16:44 . 2012-05-29 16:44 -------- d-----w- c:\programdata\Malwarebytes
2012-05-29 16:07 . 2012-05-29 16:07 -------- d-----w- c:\users\Hp\AppData\Roaming\addpcs
2012-05-26 12:18 . 2012-05-26 12:52 -------- d-----w- c:\users\Hp\AppData\Roaming\Bitdefender
2012-05-26 12:18 . 2012-05-26 12:19 -------- d-----w- c:\programdata\Bitdefender
2012-05-26 11:42 . 2012-05-26 11:48 -------- d-----w- c:\program files\Bitdefender
2012-05-26 11:41 . 2011-08-16 06:59 360976 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2012-05-26 11:41 . 2011-10-27 07:07 340624 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-05-26 11:36 . 2012-05-26 11:41 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-05-23 15:49 . 2012-05-23 15:49 -------- d-----w- c:\programdata\Logitech
2012-05-20 10:02 . 2012-05-20 10:19 -------- d-----w- c:\program files\Common Files\Real
2012-05-14 11:22 . 2009-12-14 04:44 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2012-05-14 11:22 . 2009-12-14 04:44 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2012-05-14 11:20 . 2012-05-25 12:36 -------- d-----w- c:\programdata\Kaspersky Lab
2012-05-14 10:29 . 2012-05-14 10:29 -------- d-----w- c:\users\Hp\AppData\Local\Western Digital
2012-05-14 07:41 . 2012-05-14 07:41 -------- d-----w- c:\program files\Western Digital
2012-05-09 19:35 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 19:35 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 19:35 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 19:35 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 19:35 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-09 19:35 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 19:35 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 19:34 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 19:34 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 19:27 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-07 18:05 . 2012-05-07 18:06 -------- d-----w- c:\windows\AutoKMS
2012-05-07 16:30 . 2012-05-07 16:30 -------- d-----w- c:\users\Hp\AppData\Local\DDMSettings
2012-05-07 15:37 . 2012-05-07 16:26 -------- d-----w- c:\program files\Common Files\DivX Shared
2012-05-07 15:37 . 2012-05-07 16:28 -------- d-----w- c:\program files\DivX
2012-05-07 15:26 . 2012-05-07 16:28 -------- d-----w- c:\programdata\DivX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-23 15:56 . 2012-04-12 07:09 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-05-20 10:03 . 2012-01-25 06:22 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-20 10:03 . 2010-10-25 07:13 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-05-16 07:04 . 2011-11-04 12:16 426144 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-16 07:04 . 2011-08-07 01:58 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-01 10:53 . 2012-04-18 10:20 772552 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-01 10:53 . 2012-04-13 07:40 687560 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-23 11:26 . 2012-05-03 19:07 96056 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-04-22 19:34 . 2012-04-22 19:34 16904 ----a-w- c:\windows\system32\drivers\KLMD.sys
2012-04-18 12:56 . 2012-04-18 12:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 12:56 . 2012-04-18 12:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-12 07:10 . 2012-04-12 07:10 53248 ----a-r- c:\users\Hp\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-04-11 17:12 . 2012-04-11 17:12 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-03-20 12:22 . 2012-03-20 12:22 611520 ----a-w- c:\windows\system32\drivers\avc3.sys
2012-03-19 19:53 . 2012-04-17 16:16 6582328 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{24313A92-26E6-43C2-8B48-884EAD7FF7F8}\mpengine.dll
2012-04-25 22:59 . 2012-03-24 14:47 85432 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2012-02-22 05:54 239112 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2012-02-22 05:54 239112 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2012-02-22 05:54 239112 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2012-02-22 05:54 239112 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-06-01 3487128]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
"Octoshape Streaming Services"="c:\users\Hp\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"CAHeadless"="c:\program files\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" [2011-09-14 539800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-06-08 495708]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-13 2299176]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-24 150552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-24 173592]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-03-22 1183616]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-09 49208]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:1033 /heur:80 /RA:ask /pup /archives /IA:0 /KBD:2 /dir:C:\Program
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R1 azwwljds;azwwljds;c:\windows\system32\drivers\azwwljds.sys [x]
R1 minhfjmw;minhfjmw;c:\windows\system32\drivers\minhfjmw.sys [x]
R1 pukqzpus;pukqzpus;c:\windows\system32\drivers\pukqzpus.sys [x]
R2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 257184]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-11 136176]
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R3 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-02 81920]
R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 63056]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-13 45736]
R3 btwl2cap;Bluetooth L2CAP Service; [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-11 136176]
R3 KLMD;KLMD;c:\windows\system32\Drivers\KLMD.sys [2012-04-22 16904]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 112568]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub; [x]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-14 307544]
R3 VGPU;VGPU; [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-30 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2012-03-20 611520]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-11-14 74832]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 90704]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [2010-01-19 85128]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-14 169624]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-08-31 1796200]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-04-23 96056]
S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-03-13 53224]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [2011-11-25 240184]
S3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2012-02-17 447208]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-06-09 294952]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-12-06 254056]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-02-16 340072]
S3 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2012-02-21 67120]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2011-11-04 07:04]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-11 14:27]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-11 14:27]
.
2012-05-03 c:\windows\Tasks\SidebarExecute.job
- c:\program files\Windows Sidebar\sidebar.exe [2011-08-08 12:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://isearch.avg.com/?cid={A2D61784-D87D-4DD2-9965-674C2E8BA49B}&mid=e8eb7b1bf7cf47d1ad353163c4e39dbd-203ac9e8d151dfc7fffb8db0f46eb0334a45115b&lang=en&ds=ft011&pr=sa&d=2012-06-01 12:57&v=11.1.0.7&sap=hp
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:3144322079&ie=ISO-8859-1&sa=Search&q=%s
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3CA0FAE8-B45D-4AF3-8FD4-487A12B01D2A}: NameServer = 202.188.0.133,202.188.1.5
FF - ProfilePath - c:\users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\w6am161h.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://isearch.babylon.com/?babsrc=HP_ss&mntrId=9ac99f34000000000000e02a823cb1b7
FF - prefs.js: keyword.URL - hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:7461124956&ie=ISO-8859-1&sa=Search&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - user.js: keyword.URL - hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:7461124956&ie=ISO-8859-1&sa=Search&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA2"="<settings accountStatus=\"1\" oldDevice=\"\" timeDiff=\"1338036144\" expireTime=\"1258888654\" productStatus=\"1\" obSize=\"2\" InstallTS=\"1289332796\" isSubsc=\"0\" authStat_ts=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"1\" moduleId1=\"7\" moduleId2=\"10\" relType=\"1\" />"
"DEVICE2"="vaaur8rPygA="
.
[HKEY_USERS\S-1-5-21-2541759816-211721918-909212357-1000_Classes\CLSID\{1861d51f-0d6f-4826-85e8-9e4333a87779}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000009b
"Therad"=dword:00000004
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-2541759816-211721918-909212357-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):be,d6,19,64,ff,0d,9a,d1,7e,3f,80,75,36,75,2a,7e,82,d4,c7,44,19,
b8,d5,da,a7,9e,7c,cf,1d,6c,72,ed,7d,ea,e7,2b,21,df,27,dd,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-06 16:37:17
ComboFix-quarantined-files.txt 2012-06-06 08:37
ComboFix2.txt 2012-06-05 14:47
ComboFix3.txt 2012-06-04 19:40
ComboFix4.txt 2012-06-04 11:19
.
Pre-Run: 177,602,367,488 bytes free
Post-Run: 177,599,344,640 bytes free
.
- - End Of File - - 577BEE2BFB7F64F00C24C04CDBDC9EDD

sir,this is the result from combofix from web u recomment to me.. i also uninstall malwarebytes anti virus from my pc because went i want to open my pc,my pc was very very slow to open...(conflict between bitdefender and malwarebytes)so my simple solution is delete one of my anti virus.. mind will right now my pc cannot detect and failed to connect to window service centre.i do know why my pc became like this... so sad and frust... help me sir?..

#18 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 06 June 2012 - 07:31 AM

ComboFix 12-06-05.04 - Hp 06/06/2012 19:29:37.9.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2036.1108 [GMT 8:00]
Running from: c:\users\Hp\Downloads\Programs\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: Bitdefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: Bitdefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-06 to 2012-06-06 )))))))))))))))))))))))))))))))
.
.
2012-06-06 13:11 . 2012-06-06 13:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-06 08:37 . 2012-06-06 13:11 -------- d-----w- c:\users\Hp\AppData\Local\temp
2012-06-03 13:26 . 2012-06-03 13:26 -------- d-----w- c:\users\Hp\AppData\Roaming\f-secure
2012-06-03 13:24 . 2012-06-03 13:24 -------- d-----w- c:\programdata\F-Secure
2012-06-01 05:46 . 2012-06-03 18:32 -------- d-----w- c:\users\Hp\AppData\Roaming\IDM
2012-06-01 05:46 . 2012-06-01 05:52 -------- d-----w- c:\program files\Internet Download Manager
2012-05-31 08:56 . 2012-06-06 13:12 -------- d-----w- c:\users\Hp\AppData\Roaming\DMCache
2012-05-29 16:07 . 2012-05-29 16:07 -------- d-----w- c:\users\Hp\AppData\Roaming\addpcs
2012-05-26 12:18 . 2012-05-26 12:52 -------- d-----w- c:\users\Hp\AppData\Roaming\Bitdefender
2012-05-26 12:18 . 2012-05-26 12:19 -------- d-----w- c:\programdata\Bitdefender
2012-05-26 11:42 . 2012-05-26 11:48 -------- d-----w- c:\program files\Bitdefender
2012-05-26 11:41 . 2011-08-16 06:59 360976 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2012-05-26 11:41 . 2011-10-27 07:07 340624 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-05-26 11:36 . 2012-05-26 11:41 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-05-23 15:49 . 2012-05-23 15:49 -------- d-----w- c:\programdata\Logitech
2012-05-20 10:02 . 2012-05-20 10:19 -------- d-----w- c:\program files\Common Files\Real
2012-05-14 11:22 . 2009-12-14 04:44 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2012-05-14 11:22 . 2009-12-14 04:44 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2012-05-14 11:20 . 2012-05-25 12:36 -------- d-----w- c:\programdata\Kaspersky Lab
2012-05-14 10:29 . 2012-05-14 10:29 -------- d-----w- c:\users\Hp\AppData\Local\Western Digital
2012-05-14 07:41 . 2012-05-14 07:41 -------- d-----w- c:\program files\Western Digital
2012-05-09 19:35 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 19:35 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 19:35 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 19:35 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 19:35 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-09 19:35 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 19:35 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 19:34 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 19:34 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 19:27 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-07 18:05 . 2012-05-07 18:06 -------- d-----w- c:\windows\AutoKMS
2012-05-07 16:30 . 2012-05-07 16:30 -------- d-----w- c:\users\Hp\AppData\Local\DDMSettings
2012-05-07 15:37 . 2012-05-07 16:26 -------- d-----w- c:\program files\Common Files\DivX Shared
2012-05-07 15:37 . 2012-05-07 16:28 -------- d-----w- c:\program files\DivX
2012-05-07 15:26 . 2012-05-07 16:28 -------- d-----w- c:\programdata\DivX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-23 15:56 . 2012-04-12 07:09 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-05-20 10:03 . 2012-01-25 06:22 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-20 10:03 . 2010-10-25 07:13 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-05-16 07:04 . 2011-11-04 12:16 426144 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-16 07:04 . 2011-08-07 01:58 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-01 10:53 . 2012-04-18 10:20 772552 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-01 10:53 . 2012-04-13 07:40 687560 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-23 11:26 . 2012-05-03 19:07 96056 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-04-22 19:34 . 2012-04-22 19:34 16904 ----a-w- c:\windows\system32\drivers\KLMD.sys
2012-04-18 12:56 . 2012-04-18 12:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 12:56 . 2012-04-18 12:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-12 07:10 . 2012-04-12 07:10 53248 ----a-r- c:\users\Hp\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-04-11 17:12 . 2012-04-11 17:12 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-03-20 12:22 . 2012-03-20 12:22 611520 ----a-w- c:\windows\system32\drivers\avc3.sys
2012-03-19 19:53 . 2012-04-17 16:16 6582328 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{24313A92-26E6-43C2-8B48-884EAD7FF7F8}\mpengine.dll
2012-04-25 22:59 . 2012-03-24 14:47 85432 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2012-02-22 05:54 239112 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2012-02-22 05:54 239112 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2012-02-22 05:54 239112 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2012-02-22 05:54 239112 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-06-01 3487128]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
"Octoshape Streaming Services"="c:\users\Hp\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"CAHeadless"="c:\program files\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" [2011-09-14 539800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-06-08 495708]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-13 2299176]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-24 150552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-24 173592]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-03-22 1183616]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-09 49208]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:1033 /heur:80 /RA:ask /pup /archives /IA:0 /KBD:2 /dir:C:\Program
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R1 azwwljds;azwwljds;c:\windows\system32\drivers\azwwljds.sys [x]
R1 minhfjmw;minhfjmw;c:\windows\system32\drivers\minhfjmw.sys [x]
R1 pukqzpus;pukqzpus;c:\windows\system32\drivers\pukqzpus.sys [x]
R2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 257184]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-11 136176]
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R3 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-02 81920]
R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 63056]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-13 45736]
R3 btwl2cap;Bluetooth L2CAP Service; [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-11 136176]
R3 KLMD;KLMD;c:\windows\system32\Drivers\KLMD.sys [2012-04-22 16904]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 112568]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub; [x]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-14 307544]
R3 VGPU;VGPU; [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-30 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2012-03-20 611520]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-11-14 74832]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 90704]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [2010-01-19 85128]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-14 169624]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-08-31 1796200]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-04-23 96056]
S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-03-13 53224]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [2011-11-25 240184]
S3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2012-02-17 447208]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-06-09 294952]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-12-06 254056]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-02-16 340072]
S3 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2012-02-21 67120]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2011-11-04 07:04]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-11 14:27]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-11 14:27]
.
2012-05-03 c:\windows\Tasks\SidebarExecute.job
- c:\program files\Windows Sidebar\sidebar.exe [2011-08-08 12:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://isearch.avg.com/?cid={A2D61784-D87D-4DD2-9965-674C2E8BA49B}&mid=e8eb7b1bf7cf47d1ad353163c4e39dbd-203ac9e8d151dfc7fffb8db0f46eb0334a45115b&lang=en&ds=ft011&pr=sa&d=2012-06-01 12:57&v=11.1.0.7&sap=hp
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:3144322079&ie=ISO-8859-1&sa=Search&q=%s
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3CA0FAE8-B45D-4AF3-8FD4-487A12B01D2A}: NameServer = 202.188.0.133,202.188.1.5
FF - ProfilePath - c:\users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\w6am161h.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://isearch.babylon.com/?babsrc=HP_ss&mntrId=9ac99f34000000000000e02a823cb1b7
FF - prefs.js: keyword.URL - hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:7461124956&ie=ISO-8859-1&sa=Search&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - user.js: keyword.URL - hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:7461124956&ie=ISO-8859-1&sa=Search&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA2"="<settings accountStatus=\"1\" oldDevice=\"\" timeDiff=\"1338036144\" expireTime=\"1258888654\" productStatus=\"1\" obSize=\"2\" InstallTS=\"1289332796\" isSubsc=\"0\" authStat_ts=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"1\" moduleId1=\"7\" moduleId2=\"10\" relType=\"1\" />"
"DEVICE2"="vaaur8rPygA="
.
[HKEY_USERS\S-1-5-21-2541759816-211721918-909212357-1000_Classes\CLSID\{1861d51f-0d6f-4826-85e8-9e4333a87779}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000009b
"Therad"=dword:00000004
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-2541759816-211721918-909212357-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):be,d6,19,64,ff,0d,9a,d1,7e,3f,80,75,36,75,2a,7e,82,d4,c7,44,19,
b8,d5,da,a7,9e,7c,cf,1d,6c,72,ed,7d,ea,e7,2b,21,df,27,dd,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(6048)
c:\windows\system32\DUser.dll
c:\windows\system32\DUI70.dll
c:\windows\system32\dwmapi.dll
c:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
c:\windows\system32\PROPSYS.dll
c:\windows\system32\WindowsCodecs.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
c:\windows\system32\IconCodecService.dll
c:\windows\system32\SndVolSSO.DLL
c:\windows\system32\HID.DLL
c:\windows\System32\MMDevApi.dll
c:\windows\system32\timedate.cpl
c:\windows\System32\shdocvw.dll
c:\windows\system32\LINKINFO.dll
c:\windows\System32\shacct.dll
c:\windows\system32\SAMLIB.dll
c:\windows\system32\MsftEdit.dll
c:\windows\system32\msls31.dll
c:\windows\System32\XmlLite.dll
c:\windows\system32\stobject.dll
c:\windows\system32\Syncreg.dll
c:\windows\ehome\ehSSO.dll
c:\windows\System32\AltTab.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\System32\QUtil.dll
c:\windows\system32\wwapi.dll
.
Completion time: 2012-06-06 21:22:20
ComboFix-quarantined-files.txt 2012-06-06 13:22
ComboFix2.txt 2012-06-06 08:37
ComboFix3.txt 2012-06-05 14:47
ComboFix4.txt 2012-06-04 19:40
ComboFix5.txt 2012-06-06 11:14
.
Pre-Run: 177,487,142,912 bytes free
Post-Run: 177,430,106,112 bytes free
.
- - End Of File - - 39A898BE17CC3A9B8D318318DACCCC21


this is the second scan for combofix.. hope u can fine the problem and help me.. GOD BLESS U..

#19 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 06 June 2012 - 10:11 AM

Don't worry.

You may have had a rootkit - please do this:

Please print out these instructions or copy them to a Notepad file for an easier reading and download to your Desktop:

>>> Please right-click on Rkill => "Run as administrator". It will kill some processes from malware to allow you running our tools.

Note-:
- If the first one does not run successfully, download and try the other copies (with a different file extensions) and see if one of them will run.
- If fore some reasons your computer should restart, please do so and re-run Rkill once again.
- I don't need to see any log from it.


>>> TDSSKiller: Right-click on TDSSKiller.exe => "Run as administrator".
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):
  • TDSSKiller_log.txt

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#20 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 06 June 2012 - 10:24 AM

ok... i do it now,when finish i post it..

#21 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 06 June 2012 - 10:52 AM

sorry,i post 2 time result for tdsskiller...

Edited by mat yie76, 06 June 2012 - 11:25 AM.


#22 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 06 June 2012 - 10:55 AM

00:41:10.0286 4380 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
00:41:11.0285 4380 ============================================================
00:41:11.0285 4380 Current date / time: 2012/06/07 00:41:11.0285
00:41:11.0285 4380 SystemInfo:
00:41:11.0285 4380
00:41:11.0285 4380 OS Version: 6.1.7601 ServicePack: 1.0
00:41:11.0285 4380 Product type: Workstation
00:41:11.0285 4380 ComputerName: BGL9703
00:41:11.0285 4380 UserName: Hp
00:41:11.0285 4380 Windows directory: C:\Windows
00:41:11.0285 4380 System windows directory: C:\Windows
00:41:11.0285 4380 Processor architecture: Intel x86
00:41:11.0285 4380 Number of processors: 2
00:41:11.0285 4380 Page size: 0x1000
00:41:11.0285 4380 Boot type: Normal boot
00:41:11.0285 4380 ============================================================
00:41:13.0438 4380 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:41:13.0453 4380 ============================================================
00:41:13.0453 4380 \Device\Harddisk0\DR0:
00:41:13.0453 4380 MBR partitions:
00:41:13.0453 4380 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
00:41:13.0453 4380 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B407800
00:41:13.0453 4380 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B46B800, BlocksNum 0x1D26000
00:41:13.0453 4380 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x1D191800, BlocksNum 0x33970
00:41:13.0453 4380 ============================================================
00:41:13.0484 4380 C: <-> \Device\Harddisk0\DR0\Partition1
00:41:13.0547 4380 D: <-> \Device\Harddisk0\DR0\Partition2
00:41:13.0562 4380 E: <-> \Device\Harddisk0\DR0\Partition3
00:41:13.0609 4380 G: <-> \Device\Harddisk0\DR0\Partition0
00:41:13.0609 4380 ============================================================
00:41:13.0609 4380 Initialize success
00:41:13.0609 4380 ============================================================
00:41:29.0272 2932 ============================================================
00:41:29.0272 2932 Scan started
00:41:29.0272 2932 Mode: Manual;
00:41:29.0272 2932 ============================================================
00:41:30.0941 2932 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
00:41:30.0972 2932 1394ohci - ok
00:41:31.0034 2932 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
00:41:31.0050 2932 ACPI - ok
00:41:31.0097 2932 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
00:41:31.0097 2932 AcpiPmi - ok
00:41:31.0284 2932 AdobeActiveFileMonitor10.0 (047bd1eb681453a7fe492a71802ac9f3) C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
00:41:31.0315 2932 AdobeActiveFileMonitor10.0 - ok
00:41:31.0425 2932 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
00:41:31.0440 2932 AdobeARMservice - ok
00:41:31.0518 2932 AdobeFlashPlayerUpdateSvc (8df00255f29a8b19a51317c869e0ee90) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:41:31.0549 2932 AdobeFlashPlayerUpdateSvc - ok
00:41:31.0643 2932 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
00:41:31.0674 2932 adp94xx - ok
00:41:31.0752 2932 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
00:41:31.0768 2932 adpahci - ok
00:41:31.0815 2932 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
00:41:31.0877 2932 adpu320 - ok
00:41:31.0955 2932 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
00:41:31.0955 2932 AeLookupSvc - ok
00:41:32.0064 2932 AESTFilters (827dbc22c96eecf6d36a13162fabafd3) C:\Program Files\IDT\WDM\aestsrv.exe
00:41:32.0064 2932 AESTFilters - ok
00:41:32.0158 2932 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
00:41:32.0173 2932 AFD - ok
00:41:32.0236 2932 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
00:41:32.0236 2932 agp440 - ok
00:41:32.0283 2932 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
00:41:32.0298 2932 aic78xx - ok
00:41:32.0345 2932 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
00:41:32.0361 2932 ALG - ok
00:41:32.0392 2932 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
00:41:32.0392 2932 aliide - ok
00:41:32.0423 2932 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
00:41:32.0454 2932 amdagp - ok
00:41:32.0485 2932 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
00:41:32.0485 2932 amdide - ok
00:41:32.0532 2932 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
00:41:32.0532 2932 AmdK8 - ok
00:41:32.0579 2932 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
00:41:32.0579 2932 AmdPPM - ok
00:41:32.0626 2932 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
00:41:32.0626 2932 amdsata - ok
00:41:32.0673 2932 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
00:41:32.0688 2932 amdsbs - ok
00:41:32.0719 2932 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
00:41:32.0735 2932 amdxata - ok
00:41:32.0766 2932 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
00:41:32.0782 2932 AppID - ok
00:41:32.0829 2932 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
00:41:32.0829 2932 AppIDSvc - ok
00:41:32.0875 2932 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
00:41:32.0891 2932 Appinfo - ok
00:41:32.0938 2932 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
00:41:32.0953 2932 AppMgmt - ok
00:41:33.0016 2932 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
00:41:33.0016 2932 arc - ok
00:41:33.0047 2932 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
00:41:33.0063 2932 arcsas - ok
00:41:33.0172 2932 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
00:41:33.0172 2932 aspnet_state - ok
00:41:33.0203 2932 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
00:41:33.0219 2932 AsyncMac - ok
00:41:33.0265 2932 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
00:41:33.0297 2932 atapi - ok
00:41:33.0359 2932 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
00:41:33.0390 2932 AudioEndpointBuilder - ok
00:41:33.0421 2932 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
00:41:33.0421 2932 Audiosrv - ok
00:41:33.0546 2932 avc3 (f0c0e213d6d811384a49981adff0b6c0) C:\Windows\system32\DRIVERS\avc3.sys
00:41:33.0562 2932 avc3 - ok
00:41:33.0655 2932 avchv (a64529781e5b9cc454666a33a24e3e1d) C:\Windows\system32\DRIVERS\avchv.sys
00:41:33.0655 2932 avchv - ok
00:41:33.0749 2932 avckf (2bce314a25e71298add6794bfbd66266) C:\Windows\system32\DRIVERS\avckf.sys
00:41:33.0765 2932 avckf - ok
00:41:33.0811 2932 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
00:41:33.0827 2932 AxInstSV - ok
00:41:33.0843 2932 azwwljds - ok
00:41:33.0921 2932 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
00:41:33.0952 2932 b06bdrv - ok
00:41:33.0999 2932 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
00:41:34.0014 2932 b57nd60x - ok
00:41:34.0279 2932 BCM43XX (9c3b534854f0152ed4711d936a2192eb) C:\Windows\system32\DRIVERS\bcmwl6.sys
00:41:34.0373 2932 BCM43XX - ok
00:41:34.0513 2932 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
00:41:34.0529 2932 BDESVC - ok
00:41:34.0716 2932 BdfNdisf (fa33f2db2f6f8afbedc917632a10d515) c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
00:41:34.0716 2932 BdfNdisf - ok
00:41:34.0857 2932 bdfsfltr (5ef7ac38b4a7dc80860d7ffafac78c36) C:\Windows\system32\DRIVERS\bdfsfltr.sys
00:41:34.0857 2932 bdfsfltr - ok
00:41:34.0966 2932 bdfwfpf (2f66c9df34134419928bac00e21e2679) C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
00:41:34.0966 2932 bdfwfpf - ok
00:41:35.0044 2932 bdsandbox (e260c0079b5c1107b87e98f356292004) C:\Windows\system32\drivers\bdsandbox.sys
00:41:35.0059 2932 bdsandbox - ok
00:41:35.0153 2932 bdselfpr (042941c8e50f38e34c3c345f45e16cf3) C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys
00:41:35.0169 2932 bdselfpr - ok
00:41:35.0215 2932 BDVEDISK (375cd0b9f433465ec6f50d4df44e9448) C:\Windows\system32\DRIVERS\bdvedisk.sys
00:41:35.0231 2932 BDVEDISK - ok
00:41:35.0262 2932 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
00:41:35.0262 2932 Beep - ok
00:41:35.0371 2932 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
00:41:35.0387 2932 BFE - ok
00:41:35.0496 2932 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
00:41:35.0527 2932 BITS - ok
00:41:35.0574 2932 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
00:41:35.0574 2932 blbdrive - ok
00:41:35.0699 2932 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
00:41:35.0715 2932 Bonjour Service - ok
00:41:35.0777 2932 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
00:41:35.0793 2932 bowser - ok
00:41:35.0855 2932 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:41:35.0855 2932 BrFiltLo - ok
00:41:35.0886 2932 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:41:35.0886 2932 BrFiltUp - ok
00:41:35.0964 2932 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
00:41:35.0980 2932 BridgeMP - ok
00:41:36.0027 2932 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
00:41:36.0027 2932 Browser - ok
00:41:36.0105 2932 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
00:41:36.0105 2932 Brserid - ok
00:41:36.0167 2932 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
00:41:36.0183 2932 BrSerWdm - ok
00:41:36.0245 2932 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:41:36.0245 2932 BrUsbMdm - ok
00:41:36.0307 2932 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
00:41:36.0307 2932 BrUsbSer - ok
00:41:36.0370 2932 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
00:41:36.0370 2932 BthEnum - ok
00:41:36.0432 2932 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
00:41:36.0448 2932 BTHMODEM - ok
00:41:36.0495 2932 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
00:41:36.0495 2932 BthPan - ok
00:41:36.0573 2932 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\system32\Drivers\BTHport.sys
00:41:36.0604 2932 BTHPORT - ok
00:41:36.0682 2932 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
00:41:36.0682 2932 bthserv - ok
00:41:36.0760 2932 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\system32\Drivers\BTHUSB.sys
00:41:36.0760 2932 BTHUSB - ok
00:41:36.0822 2932 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
00:41:36.0822 2932 btusbflt - ok
00:41:36.0900 2932 btwampfl (e4e5ab603c936bafd1a5de1d6086221e) C:\Windows\system32\drivers\btwampfl.sys
00:41:36.0916 2932 btwampfl - ok
00:41:36.0931 2932 btwaudio - ok
00:41:36.0947 2932 btwavdt - ok
00:41:36.0994 2932 btwl2cap - ok
00:41:37.0041 2932 btwrchid - ok
00:41:37.0212 2932 catchme - ok
00:41:37.0275 2932 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
00:41:37.0290 2932 cdfs - ok
00:41:37.0337 2932 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
00:41:37.0353 2932 cdrom - ok
00:41:37.0415 2932 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
00:41:37.0415 2932 CertPropSvc - ok
00:41:37.0446 2932 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
00:41:37.0462 2932 circlass - ok
00:41:37.0540 2932 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
00:41:37.0555 2932 CLFS - ok
00:41:37.0633 2932 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:41:37.0665 2932 clr_optimization_v2.0.50727_32 - ok
00:41:37.0758 2932 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:41:37.0774 2932 clr_optimization_v4.0.30319_32 - ok
00:41:37.0821 2932 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
00:41:37.0821 2932 CmBatt - ok
00:41:37.0867 2932 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
00:41:37.0867 2932 cmdide - ok
00:41:37.0961 2932 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
00:41:37.0977 2932 CNG - ok
00:41:38.0023 2932 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
00:41:38.0023 2932 Compbatt - ok
00:41:38.0070 2932 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
00:41:38.0070 2932 CompositeBus - ok
00:41:38.0117 2932 COMSysApp - ok
00:41:38.0164 2932 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
00:41:38.0164 2932 crcdisk - ok
00:41:38.0242 2932 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
00:41:38.0257 2932 CryptSvc - ok
00:41:38.0335 2932 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
00:41:38.0351 2932 CSC - ok
00:41:38.0445 2932 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
00:41:38.0460 2932 CscService - ok
00:41:38.0538 2932 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
00:41:38.0554 2932 DcomLaunch - ok
00:41:38.0632 2932 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
00:41:38.0647 2932 defragsvc - ok
00:41:38.0741 2932 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
00:41:38.0741 2932 DfsC - ok
00:41:38.0819 2932 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
00:41:38.0835 2932 Dhcp - ok
00:41:38.0928 2932 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
00:41:38.0928 2932 discache - ok
00:41:38.0991 2932 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
00:41:39.0006 2932 Disk - ok
00:41:39.0069 2932 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
00:41:39.0100 2932 Dnscache - ok
00:41:39.0178 2932 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
00:41:39.0193 2932 dot3svc - ok
00:41:39.0240 2932 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
00:41:39.0256 2932 DPS - ok
00:41:39.0318 2932 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
00:41:39.0318 2932 drmkaud - ok
00:41:39.0443 2932 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
00:41:39.0459 2932 DXGKrnl - ok
00:41:39.0537 2932 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
00:41:39.0552 2932 EapHost - ok
00:41:39.0849 2932 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
00:41:39.0942 2932 ebdrv - ok
00:41:40.0098 2932 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
00:41:40.0098 2932 EFS - ok
00:41:40.0239 2932 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
00:41:40.0254 2932 ehRecvr - ok
00:41:40.0317 2932 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
00:41:40.0317 2932 ehSched - ok
00:41:40.0457 2932 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
00:41:40.0473 2932 elxstor - ok
00:41:40.0535 2932 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
00:41:40.0551 2932 ErrDev - ok
00:41:40.0660 2932 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
00:41:40.0675 2932 EventSystem - ok
00:41:40.0769 2932 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
00:41:40.0785 2932 exfat - ok
00:41:40.0847 2932 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
00:41:40.0847 2932 fastfat - ok
00:41:40.0956 2932 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
00:41:40.0972 2932 Fax - ok
00:41:41.0019 2932 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
00:41:41.0034 2932 fdc - ok
00:41:41.0097 2932 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
00:41:41.0112 2932 fdPHost - ok
00:41:41.0159 2932 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
00:41:41.0159 2932 FDResPub - ok
00:41:41.0206 2932 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
00:41:41.0221 2932 FileInfo - ok
00:41:41.0268 2932 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
00:41:41.0268 2932 Filetrace - ok
00:41:41.0331 2932 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
00:41:41.0331 2932 flpydisk - ok
00:41:41.0393 2932 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
00:41:41.0393 2932 FltMgr - ok
00:41:41.0502 2932 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
00:41:41.0533 2932 FontCache - ok
00:41:41.0643 2932 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:41:41.0643 2932 FontCache3.0.0.0 - ok
00:41:41.0689 2932 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
00:41:41.0705 2932 FsDepends - ok
00:41:41.0736 2932 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
00:41:41.0752 2932 Fs_Rec - ok
00:41:41.0830 2932 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
00:41:41.0845 2932 fvevol - ok
00:41:41.0892 2932 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:41:41.0908 2932 gagp30kx - ok
00:41:41.0986 2932 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
00:41:42.0001 2932 gpsvc - ok
00:41:42.0142 2932 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
00:41:42.0157 2932 gupdate - ok
00:41:42.0173 2932 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
00:41:42.0189 2932 gupdatem - ok
00:41:42.0267 2932 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
00:41:42.0298 2932 gusvc - ok
00:41:42.0345 2932 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
00:41:42.0360 2932 hcw85cir - ok
00:41:42.0438 2932 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
00:41:42.0454 2932 HdAudAddService - ok
00:41:42.0516 2932 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
00:41:42.0516 2932 HDAudBus - ok
00:41:42.0563 2932 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
00:41:42.0563 2932 HidBatt - ok
00:41:42.0625 2932 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
00:41:42.0641 2932 HidBth - ok
00:41:42.0688 2932 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
00:41:42.0688 2932 HidIr - ok
00:41:42.0750 2932 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
00:41:42.0766 2932 hidserv - ok
00:41:42.0813 2932 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
00:41:42.0813 2932 HidUsb - ok
00:41:42.0859 2932 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
00:41:42.0875 2932 hkmsvc - ok
00:41:42.0937 2932 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
00:41:42.0969 2932 HomeGroupListener - ok
00:41:43.0015 2932 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
00:41:43.0031 2932 HomeGroupProvider - ok
00:41:43.0078 2932 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
00:41:43.0093 2932 HpSAMD - ok
00:41:43.0187 2932 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
00:41:43.0203 2932 HTTP - ok
00:41:43.0281 2932 hwdatacard (4154079a88089155d10168333b19627f) C:\Windows\system32\DRIVERS\ewusbmdm.sys
00:41:43.0296 2932 hwdatacard - ok
00:41:43.0327 2932 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
00:41:43.0343 2932 hwpolicy - ok
00:41:43.0452 2932 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
00:41:43.0452 2932 i8042prt - ok
00:41:43.0546 2932 iaStor (e64665e2a6caeb52c8ae6e5eb6f3fd7c) C:\Windows\system32\DRIVERS\iaStor.sys
00:41:43.0561 2932 iaStor - ok
00:41:43.0717 2932 IAStorDataMgrSvc (7d4b9a48430ed57aca6373b71d5904ca) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
00:41:43.0717 2932 IAStorDataMgrSvc - ok
00:41:43.0795 2932 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
00:41:43.0811 2932 iaStorV - ok
00:41:44.0045 2932 IconMan_R (a335eb1cfa708581f1d6eff2fb3c3a27) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
00:41:44.0107 2932 IconMan_R - ok
00:41:44.0341 2932 IDMWFP (8dc6f8a868b06f7b21c5683053509c8f) C:\Windows\system32\DRIVERS\idmwfp.sys
00:41:44.0357 2932 IDMWFP - ok
00:41:44.0544 2932 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:41:44.0560 2932 idsvc - ok
00:41:44.0965 2932 igfx (ba41e1bba410212ce6d30e0dac47972b) C:\Windows\system32\DRIVERS\igdkmd32.sys
00:41:45.0121 2932 igfx - ok
00:41:45.0309 2932 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
00:41:45.0309 2932 iirsp - ok
00:41:45.0433 2932 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
00:41:45.0465 2932 IKEEXT - ok
00:41:45.0558 2932 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
00:41:45.0558 2932 intelide - ok
00:41:45.0605 2932 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
00:41:45.0605 2932 intelppm - ok
00:41:45.0683 2932 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
00:41:45.0683 2932 IPBusEnum - ok
00:41:45.0745 2932 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:41:45.0761 2932 IpFilterDriver - ok
00:41:45.0855 2932 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
00:41:45.0886 2932 iphlpsvc - ok
00:41:45.0933 2932 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
00:41:45.0948 2932 IPMIDRV - ok
00:41:46.0011 2932 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
00:41:46.0011 2932 IPNAT - ok
00:41:46.0073 2932 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
00:41:46.0073 2932 IRENUM - ok
00:41:46.0135 2932 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
00:41:46.0151 2932 isapnp - ok
00:41:46.0213 2932 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\DRIVERS\msiscsi.sys
00:41:46.0229 2932 iScsiPrt - ok
00:41:46.0291 2932 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
00:41:46.0291 2932 kbdclass - ok
00:41:46.0338 2932 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
00:41:46.0354 2932 kbdhid - ok
00:41:46.0401 2932 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
00:41:46.0416 2932 KeyIso - ok
00:41:46.0510 2932 kl1 (ce3958f58547454884e97bda78cd7040) C:\Windows\system32\DRIVERS\kl1.sys
00:41:46.0525 2932 kl1 - ok
00:41:46.0603 2932 KLMD (4dd5aeb8499af27872b07f845b492929) C:\Windows\system32\Drivers\KLMD.sys
00:41:46.0603 2932 KLMD - ok
00:41:46.0666 2932 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
00:41:46.0666 2932 KSecDD - ok
00:41:46.0728 2932 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
00:41:46.0744 2932 KSecPkg - ok
00:41:46.0837 2932 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
00:41:46.0869 2932 KtmRm - ok
00:41:46.0947 2932 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
00:41:46.0962 2932 LanmanServer - ok
00:41:47.0009 2932 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
00:41:47.0040 2932 LanmanWorkstation - ok
00:41:47.0212 2932 LBTServ (910344e2a984010435ae84783b25e5eb) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
00:41:47.0227 2932 LBTServ - ok
00:41:47.0305 2932 LHidFilt (01cc7fb6e790ef044b411377f3a1ff41) C:\Windows\system32\DRIVERS\LHidFilt.Sys
00:41:47.0321 2932 LHidFilt - ok
00:41:47.0368 2932 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
00:41:47.0399 2932 lltdio - ok
00:41:47.0508 2932 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
00:41:47.0524 2932 lltdsvc - ok
00:41:47.0571 2932 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
00:41:47.0586 2932 lmhosts - ok
00:41:47.0633 2932 LMouFilt (a2e7eae8898d7b4b8c302b8f4e836bb5) C:\Windows\system32\DRIVERS\LMouFilt.Sys
00:41:47.0633 2932 LMouFilt - ok
00:41:47.0711 2932 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:41:47.0727 2932 LSI_FC - ok
00:41:47.0805 2932 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:41:47.0805 2932 LSI_SAS - ok
00:41:47.0851 2932 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:41:47.0867 2932 LSI_SAS2 - ok
00:41:47.0914 2932 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:41:47.0929 2932 LSI_SCSI - ok
00:41:47.0992 2932 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
00:41:47.0992 2932 luafv - ok
00:41:48.0054 2932 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
00:41:48.0070 2932 Mcx2Svc - ok
00:41:48.0132 2932 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
00:41:48.0132 2932 megasas - ok
00:41:48.0257 2932 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
00:41:48.0273 2932 MegaSR - ok
00:41:48.0304 2932 minhfjmw - ok
00:41:48.0366 2932 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
00:41:48.0382 2932 MMCSS - ok
00:41:48.0429 2932 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
00:41:48.0429 2932 Modem - ok
00:41:48.0507 2932 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
00:41:48.0507 2932 monitor - ok
00:41:48.0569 2932 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
00:41:48.0585 2932 mouclass - ok
00:41:48.0647 2932 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
00:41:48.0663 2932 mouhid - ok
00:41:48.0725 2932 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
00:41:48.0725 2932 mountmgr - ok
00:41:48.0881 2932 MozillaMaintenance (faf39f88ec64160d901848ea08cf6eb1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
00:41:48.0881 2932 MozillaMaintenance - ok
00:41:48.0959 2932 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
00:41:48.0975 2932 mpio - ok
00:41:49.0037 2932 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
00:41:49.0053 2932 mpsdrv - ok
00:41:49.0162 2932 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
00:41:49.0193 2932 MpsSvc - ok
00:41:49.0240 2932 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
00:41:49.0240 2932 MRxDAV - ok
00:41:49.0318 2932 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:41:49.0318 2932 mrxsmb - ok
00:41:49.0396 2932 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:41:49.0411 2932 mrxsmb10 - ok
00:41:49.0474 2932 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:41:49.0489 2932 mrxsmb20 - ok
00:41:49.0536 2932 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
00:41:49.0552 2932 msahci - ok
00:41:49.0630 2932 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
00:41:49.0630 2932 msdsm - ok
00:41:49.0739 2932 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
00:41:49.0755 2932 MSDTC - ok
00:41:49.0864 2932 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
00:41:49.0879 2932 Msfs - ok
00:41:49.0926 2932 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
00:41:49.0942 2932 mshidkmdf - ok
00:41:49.0973 2932 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
00:41:49.0973 2932 msisadrv - ok
00:41:50.0051 2932 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
00:41:50.0067 2932 MSiSCSI - ok
00:41:50.0098 2932 msiserver - ok
00:41:50.0160 2932 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
00:41:50.0191 2932 MSKSSRV - ok
00:41:50.0238 2932 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
00:41:50.0238 2932 MSPCLOCK - ok
00:41:50.0301 2932 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
00:41:50.0316 2932 MSPQM - ok
00:41:50.0363 2932 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
00:41:50.0394 2932 MsRPC - ok
00:41:50.0472 2932 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
00:41:50.0472 2932 mssmbios - ok
00:41:50.0519 2932 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
00:41:50.0519 2932 MSTEE - ok
00:41:50.0566 2932 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
00:41:50.0566 2932 MTConfig - ok
00:41:50.0613 2932 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
00:41:50.0628 2932 Mup - ok
00:41:50.0706 2932 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
00:41:50.0722 2932 napagent - ok
00:41:50.0800 2932 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
00:41:50.0831 2932 NativeWifiP - ok
00:41:50.0940 2932 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
00:41:50.0971 2932 NDIS - ok
00:41:51.0018 2932 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
00:41:51.0034 2932 NdisCap - ok
00:41:51.0081 2932 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
00:41:51.0081 2932 NdisTapi - ok
00:41:51.0143 2932 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
00:41:51.0159 2932 Ndisuio - ok
00:41:51.0221 2932 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
00:41:51.0237 2932 NdisWan - ok
00:41:51.0315 2932 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
00:41:51.0330 2932 NDProxy - ok
00:41:51.0393 2932 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
00:41:51.0393 2932 NetBIOS - ok
00:41:51.0471 2932 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
00:41:51.0471 2932 NetBT - ok
00:41:51.0564 2932 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
00:41:51.0564 2932 Netlogon - ok
00:41:51.0658 2932 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
00:41:51.0673 2932 Netman - ok
00:41:51.0798 2932 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:41:51.0845 2932 NetMsmqActivator - ok
00:41:51.0876 2932 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:41:51.0876 2932 NetPipeActivator - ok
00:41:51.0970 2932 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
00:41:51.0985 2932 netprofm - ok
00:41:52.0017 2932 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:41:52.0032 2932 NetTcpActivator - ok
00:41:52.0063 2932 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:41:52.0063 2932 NetTcpPortSharing - ok
00:41:52.0141 2932 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
00:41:52.0141 2932 nfrd960 - ok
00:41:52.0219 2932 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
00:41:52.0282 2932 NlaSvc - ok
00:41:52.0329 2932 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
00:41:52.0344 2932 Npfs - ok
00:41:52.0407 2932 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
00:41:52.0422 2932 nsi - ok
00:41:52.0453 2932 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
00:41:52.0469 2932 nsiproxy - ok
00:41:52.0672 2932 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
00:41:52.0703 2932 Ntfs - ok
00:41:52.0781 2932 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
00:41:52.0797 2932 Null - ok
00:41:52.0890 2932 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
00:41:52.0906 2932 nvraid - ok
00:41:52.0968 2932 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
00:41:52.0968 2932 nvstor - ok
00:41:53.0046 2932 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
00:41:53.0062 2932 nv_agp - ok
00:41:53.0124 2932 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
00:41:53.0140 2932 ohci1394 - ok
00:41:53.0327 2932 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:41:53.0343 2932 ose - ok
00:41:53.0779 2932 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:41:53.0920 2932 osppsvc - ok
00:41:54.0138 2932 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
00:41:54.0154 2932 p2pimsvc - ok
00:41:54.0247 2932 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
00:41:54.0263 2932 p2psvc - ok
00:41:54.0372 2932 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
00:41:54.0372 2932 Parport - ok
00:41:54.0466 2932 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
00:41:54.0481 2932 partmgr - ok
00:41:54.0528 2932 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
00:41:54.0544 2932 Parvdm - ok
00:41:54.0591 2932 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
00:41:54.0622 2932 PcaSvc - ok
00:41:54.0684 2932 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
00:41:54.0700 2932 pci - ok
00:41:54.0747 2932 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
00:41:54.0762 2932 pciide - ok
00:41:54.0856 2932 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
00:41:54.0856 2932 pcmcia - ok
00:41:54.0918 2932 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
00:41:54.0918 2932 pcw - ok
00:41:55.0012 2932 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
00:41:55.0043 2932 PEAUTH - ok
00:41:55.0168 2932 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
00:41:55.0199 2932 PeerDistSvc - ok
00:41:55.0511 2932 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
00:41:55.0558 2932 pla - ok
00:41:55.0745 2932 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
00:41:55.0761 2932 PlugPlay - ok
00:41:55.0839 2932 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
00:41:55.0854 2932 PNRPAutoReg - ok
00:41:55.0948 2932 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
00:41:55.0963 2932 PNRPsvc - ok
00:41:56.0057 2932 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
00:41:56.0073 2932 PolicyAgent - ok
00:41:56.0182 2932 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
00:41:56.0197 2932 Power - ok
00:41:56.0307 2932 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
00:41:56.0322 2932 PptpMiniport - ok
00:41:56.0369 2932 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
00:41:56.0369 2932 Processor - ok
00:41:56.0463 2932 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
00:41:56.0478 2932 ProfSvc - ok
00:41:56.0541 2932 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
00:41:56.0541 2932 ProtectedStorage - ok
00:41:56.0603 2932 Ps2 (bffdb363485501a38f0bca83aec810db) C:\Windows\system32\DRIVERS\PS2.sys
00:41:56.0603 2932 Ps2 - ok
00:41:56.0697 2932 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
00:41:56.0697 2932 Psched - ok
00:41:56.0728 2932 pukqzpus - ok
00:41:56.0821 2932 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
00:41:56.0837 2932 PxHelp20 - ok
00:41:56.0993 2932 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
00:41:57.0040 2932 ql2300 - ok
00:41:57.0243 2932 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
00:41:57.0258 2932 ql40xx - ok
00:41:57.0352 2932 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
00:41:57.0367 2932 QWAVE - ok
00:41:57.0414 2932 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
00:41:57.0414 2932 QWAVEdrv - ok
00:41:57.0461 2932 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
00:41:57.0477 2932 RasAcd - ok
00:41:57.0523 2932 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:41:57.0539 2932 RasAgileVpn - ok
00:41:57.0617 2932 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
00:41:57.0633 2932 RasAuto - ok
00:41:57.0695 2932 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:41:57.0695 2932 Rasl2tp - ok
00:41:57.0789 2932 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
00:41:57.0804 2932 RasMan - ok
00:41:57.0867 2932 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
00:41:57.0867 2932 RasPppoe - ok
00:41:57.0929 2932 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
00:41:57.0945 2932 RasSstp - ok
00:41:58.0023 2932 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
00:41:58.0038 2932 rdbss - ok
00:41:58.0132 2932 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
00:41:58.0147 2932 rdpbus - ok
00:41:58.0194 2932 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:41:58.0225 2932 RDPCDD - ok
00:41:58.0303 2932 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
00:41:58.0319 2932 RDPDR - ok
00:41:58.0366 2932 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
00:41:58.0413 2932 RDPENCDD - ok
00:41:58.0475 2932 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
00:41:58.0491 2932 RDPREFMP - ok
00:41:58.0569 2932 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
00:41:58.0584 2932 RdpVideoMiniport - ok
00:41:58.0662 2932 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
00:41:58.0693 2932 RDPWD - ok
00:41:58.0771 2932 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
00:41:58.0787 2932 rdyboost - ok
00:41:58.0912 2932 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
00:41:58.0927 2932 RemoteAccess - ok
00:41:59.0021 2932 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
00:41:59.0037 2932 RemoteRegistry - ok
00:41:59.0115 2932 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
00:41:59.0130 2932 RFCOMM - ok
00:41:59.0193 2932 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
00:41:59.0208 2932 RpcEptMapper - ok
00:41:59.0255 2932 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
00:41:59.0286 2932 RpcLocator - ok
00:41:59.0380 2932 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\System32\rpcss.dll
00:41:59.0380 2932 RpcSs - ok
00:41:59.0473 2932 RSPCIESTOR (f26c73c30e22db6996f04afbc8670312) C:\Windows\system32\DRIVERS\RtsPStor.sys
00:41:59.0489 2932 RSPCIESTOR - ok
00:41:59.0551 2932 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
00:41:59.0567 2932 rspndr - ok
00:41:59.0661 2932 RTL8167 (effd24b219c44f9044b8dbb95a54b7ab) C:\Windows\system32\DRIVERS\Rt86win7.sys
00:41:59.0676 2932 RTL8167 - ok
00:41:59.0801 2932 SafeBox (d5291db188e4423f3696ca550edeb876) C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
00:41:59.0817 2932 SafeBox - ok
00:41:59.0879 2932 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
00:41:59.0895 2932 SamSs - ok
00:41:59.0973 2932 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
00:41:59.0973 2932 sbp2port - ok
00:42:00.0066 2932 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
00:42:00.0082 2932 SCardSvr - ok
00:42:00.0160 2932 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
00:42:00.0175 2932 scfilter - ok
00:42:00.0316 2932 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
00:42:00.0347 2932 Schedule - ok
00:42:00.0425 2932 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
00:42:00.0425 2932 SCPolicySvc - ok
00:42:00.0519 2932 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
00:42:00.0534 2932 SDRSVC - ok
00:42:00.0612 2932 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:42:00.0612 2932 secdrv - ok
00:42:00.0690 2932 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
00:42:00.0706 2932 seclogon - ok
00:42:00.0784 2932 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
00:42:00.0799 2932 SENS - ok
00:42:00.0877 2932 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
00:42:00.0893 2932 SensrSvc - ok
00:42:00.0955 2932 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
00:42:00.0971 2932 Serenum - ok
00:42:01.0018 2932 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
00:42:01.0018 2932 Serial - ok
00:42:01.0080 2932 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
00:42:01.0096 2932 sermouse - ok
00:42:01.0252 2932 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
00:42:01.0283 2932 SessionEnv - ok
00:42:01.0345 2932 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
00:42:01.0345 2932 sffdisk - ok
00:42:01.0408 2932 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
00:42:01.0408 2932 sffp_mmc - ok
00:42:01.0470 2932 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
00:42:01.0470 2932 sffp_sd - ok
00:42:01.0548 2932 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
00:42:01.0548 2932 sfloppy - ok
00:42:01.0673 2932 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
00:42:01.0689 2932 SharedAccess - ok
00:42:01.0798 2932 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
00:42:01.0813 2932 ShellHWDetection - ok
00:42:01.0876 2932 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
00:42:01.0891 2932 sisagp - ok
00:42:01.0954 2932 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:42:01.0954 2932 SiSRaid2 - ok
00:42:02.0016 2932 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
00:42:02.0032 2932 SiSRaid4 - ok
00:42:02.0094 2932 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
00:42:02.0094 2932 Smb - ok
00:42:02.0235 2932 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
00:42:02.0250 2932 SNMPTRAP - ok
00:42:02.0297 2932 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
00:42:02.0313 2932 spldr - ok
00:42:02.0406 2932 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
00:42:02.0437 2932 Spooler - ok
00:42:02.0734 2932 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
00:42:02.0843 2932 sppsvc - ok
00:42:03.0061 2932 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
00:42:03.0077 2932 sppuinotify - ok
00:42:03.0186 2932 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
00:42:03.0202 2932 srv - ok
00:42:03.0311 2932 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
00:42:03.0327 2932 srv2 - ok
00:42:03.0405 2932 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
00:42:03.0420 2932 srvnet - ok
00:42:03.0561 2932 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
00:42:03.0576 2932 SSDPSRV - ok
00:42:03.0639 2932 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
00:42:03.0654 2932 SstpSvc - ok
00:42:03.0841 2932 STacSV (f076ffe8af8398fdf2028f6eac5f1778) C:\Program Files\IDT\WDM\STacSV.exe
00:42:03.0857 2932 STacSV - ok
00:42:03.0919 2932 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
00:42:03.0935 2932 stexstor - ok
00:42:04.0060 2932 STHDA (f71736dc79731c98698b93326e01a6bd) C:\Windows\system32\DRIVERS\stwrt.sys
00:42:04.0091 2932 STHDA - ok
00:42:04.0200 2932 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
00:42:04.0231 2932 StiSvc - ok
00:42:04.0309 2932 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
00:42:04.0309 2932 swenum - ok
00:42:04.0403 2932 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
00:42:04.0419 2932 swprv - ok
00:42:04.0481 2932 Synth3dVsc - ok
00:42:04.0590 2932 SynTP (6dd49e1a5fa0f01824652f1a0a8866fb) C:\Windows\system32\DRIVERS\SynTP.sys
00:42:04.0606 2932 SynTP - ok
00:42:04.0793 2932 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
00:42:04.0840 2932 SysMain - ok
00:42:04.0933 2932 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
00:42:04.0949 2932 TabletInputService - ok
00:42:05.0058 2932 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
00:42:05.0089 2932 TapiSrv - ok
00:42:05.0167 2932 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
00:42:05.0199 2932 TBS - ok
00:42:05.0401 2932 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
00:42:05.0448 2932 Tcpip - ok
00:42:05.0526 2932 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
00:42:05.0557 2932 TCPIP6 - ok
00:42:05.0729 2932 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
00:42:05.0729 2932 tcpipreg - ok
00:42:05.0838 2932 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
00:42:05.0854 2932 TDPIPE - ok
00:42:05.0932 2932 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
00:42:05.0947 2932 TDTCP - ok
00:42:06.0010 2932 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
00:42:06.0025 2932 tdx - ok
00:42:06.0103 2932 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
00:42:06.0119 2932 TermDD - ok
00:42:06.0228 2932 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
00:42:06.0259 2932 TermService - ok
00:42:06.0337 2932 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
00:42:06.0353 2932 Themes - ok
00:42:06.0431 2932 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
00:42:06.0431 2932 THREADORDER - ok
00:42:06.0525 2932 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
00:42:06.0556 2932 TrkWks - ok
00:42:06.0696 2932 trufos (9016639c71328e4667d06119937aa20a) C:\Windows\system32\DRIVERS\trufos.sys
00:42:06.0696 2932 trufos - ok
00:42:06.0821 2932 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
00:42:06.0852 2932 TrustedInstaller - ok
00:42:06.0946 2932 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:42:06.0946 2932 tssecsrv - ok
00:42:07.0008 2932 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
00:42:07.0024 2932 TsUsbFlt - ok
00:42:07.0055 2932 tsusbhub - ok
00:42:07.0133 2932 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
00:42:07.0149 2932 tunnel - ok
00:42:07.0211 2932 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
00:42:07.0227 2932 uagp35 - ok
00:42:07.030

#23 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 06 June 2012 - 11:05 AM

01:00:41.0209 4956 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
01:00:42.0457 4956 ============================================================
01:00:42.0457 4956 Current date / time: 2012/06/07 01:00:42.0457
01:00:42.0457 4956 SystemInfo:
01:00:42.0457 4956
01:00:42.0457 4956 OS Version: 6.1.7601 ServicePack: 1.0
01:00:42.0457 4956 Product type: Workstation
01:00:42.0457 4956 ComputerName: BGL9703
01:00:42.0457 4956 UserName: Hp
01:00:42.0457 4956 Windows directory: C:\Windows
01:00:42.0457 4956 System windows directory: C:\Windows
01:00:42.0457 4956 Processor architecture: Intel x86
01:00:42.0457 4956 Number of processors: 2
01:00:42.0457 4956 Page size: 0x1000
01:00:42.0457 4956 Boot type: Normal boot
01:00:42.0457 4956 ============================================================
01:00:45.0499 4956 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
01:00:45.0499 4956 ============================================================
01:00:45.0499 4956 \Device\Harddisk0\DR0:
01:00:45.0499 4956 MBR partitions:
01:00:45.0499 4956 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
01:00:45.0499 4956 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B407800
01:00:45.0499 4956 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B46B800, BlocksNum 0x1D26000
01:00:45.0499 4956 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x1D191800, BlocksNum 0x33970
01:00:45.0499 4956 ============================================================
01:00:45.0545 4956 C: <-> \Device\Harddisk0\DR0\Partition1
01:00:45.0608 4956 D: <-> \Device\Harddisk0\DR0\Partition2
01:00:45.0623 4956 E: <-> \Device\Harddisk0\DR0\Partition3
01:00:45.0655 4956 G: <-> \Device\Harddisk0\DR0\Partition0
01:00:45.0670 4956 ============================================================
01:00:45.0670 4956 Initialize success
01:00:45.0670 4956 ============================================================
01:00:47.0464 2264 ============================================================
01:00:47.0464 2264 Scan started
01:00:47.0464 2264 Mode: Manual;
01:00:47.0464 2264 ============================================================
01:00:47.0932 2264 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
01:00:47.0932 2264 1394ohci - ok
01:00:48.0026 2264 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
01:00:48.0041 2264 ACPI - ok
01:00:48.0057 2264 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
01:00:48.0057 2264 AcpiPmi - ok
01:00:48.0260 2264 AdobeActiveFileMonitor10.0 (047bd1eb681453a7fe492a71802ac9f3) C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
01:00:48.0260 2264 AdobeActiveFileMonitor10.0 - ok
01:00:48.0369 2264 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
01:00:48.0369 2264 AdobeARMservice - ok
01:00:48.0431 2264 AdobeFlashPlayerUpdateSvc (8df00255f29a8b19a51317c869e0ee90) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
01:00:48.0447 2264 AdobeFlashPlayerUpdateSvc - ok
01:00:48.0509 2264 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
01:00:48.0525 2264 adp94xx - ok
01:00:48.0587 2264 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
01:00:48.0587 2264 adpahci - ok
01:00:48.0634 2264 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
01:00:48.0634 2264 adpu320 - ok
01:00:48.0712 2264 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
01:00:48.0712 2264 AeLookupSvc - ok
01:00:48.0837 2264 AESTFilters (827dbc22c96eecf6d36a13162fabafd3) C:\Program Files\IDT\WDM\aestsrv.exe
01:00:48.0837 2264 AESTFilters - ok
01:00:48.0915 2264 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
01:00:48.0915 2264 AFD - ok
01:00:48.0962 2264 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
01:00:48.0977 2264 agp440 - ok
01:00:49.0009 2264 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
01:00:49.0009 2264 aic78xx - ok
01:00:49.0055 2264 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
01:00:49.0071 2264 ALG - ok
01:00:49.0102 2264 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
01:00:49.0102 2264 aliide - ok
01:00:49.0133 2264 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
01:00:49.0149 2264 amdagp - ok
01:00:49.0180 2264 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
01:00:49.0180 2264 amdide - ok
01:00:49.0211 2264 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
01:00:49.0227 2264 AmdK8 - ok
01:00:49.0258 2264 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
01:00:49.0258 2264 AmdPPM - ok
01:00:49.0305 2264 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
01:00:49.0321 2264 amdsata - ok
01:00:49.0367 2264 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
01:00:49.0383 2264 amdsbs - ok
01:00:49.0414 2264 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
01:00:49.0414 2264 amdxata - ok
01:00:49.0445 2264 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
01:00:49.0461 2264 AppID - ok
01:00:49.0492 2264 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
01:00:49.0492 2264 AppIDSvc - ok
01:00:49.0539 2264 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
01:00:49.0555 2264 Appinfo - ok
01:00:49.0617 2264 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
01:00:49.0617 2264 AppMgmt - ok
01:00:49.0664 2264 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
01:00:49.0664 2264 arc - ok
01:00:49.0695 2264 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
01:00:49.0695 2264 arcsas - ok
01:00:49.0804 2264 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
01:00:49.0804 2264 aspnet_state - ok
01:00:49.0867 2264 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
01:00:49.0867 2264 AsyncMac - ok
01:00:49.0929 2264 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
01:00:49.0929 2264 atapi - ok
01:00:50.0007 2264 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
01:00:50.0023 2264 AudioEndpointBuilder - ok
01:00:50.0038 2264 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
01:00:50.0054 2264 Audiosrv - ok
01:00:50.0194 2264 avc3 (f0c0e213d6d811384a49981adff0b6c0) C:\Windows\system32\DRIVERS\avc3.sys
01:00:50.0210 2264 avc3 - ok
01:00:50.0319 2264 avchv (a64529781e5b9cc454666a33a24e3e1d) C:\Windows\system32\DRIVERS\avchv.sys
01:00:50.0335 2264 avchv - ok
01:00:50.0428 2264 avckf (2bce314a25e71298add6794bfbd66266) C:\Windows\system32\DRIVERS\avckf.sys
01:00:50.0444 2264 avckf - ok
01:00:50.0491 2264 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
01:00:50.0491 2264 AxInstSV - ok
01:00:50.0506 2264 azwwljds - ok
01:00:50.0584 2264 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
01:00:50.0600 2264 b06bdrv - ok
01:00:50.0662 2264 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
01:00:50.0678 2264 b57nd60x - ok
01:00:50.0943 2264 BCM43XX (9c3b534854f0152ed4711d936a2192eb) C:\Windows\system32\DRIVERS\bcmwl6.sys
01:00:50.0974 2264 BCM43XX - ok
01:00:51.0130 2264 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
01:00:51.0130 2264 BDESVC - ok
01:00:51.0271 2264 BdfNdisf (fa33f2db2f6f8afbedc917632a10d515) c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
01:00:51.0286 2264 BdfNdisf - ok
01:00:51.0395 2264 bdfsfltr (5ef7ac38b4a7dc80860d7ffafac78c36) C:\Windows\system32\DRIVERS\bdfsfltr.sys
01:00:51.0395 2264 bdfsfltr - ok
01:00:51.0489 2264 bdfwfpf (2f66c9df34134419928bac00e21e2679) C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
01:00:51.0489 2264 bdfwfpf - ok
01:00:51.0551 2264 bdsandbox (e260c0079b5c1107b87e98f356292004) C:\Windows\system32\drivers\bdsandbox.sys
01:00:51.0551 2264 bdsandbox - ok
01:00:51.0645 2264 bdselfpr (042941c8e50f38e34c3c345f45e16cf3) C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys
01:00:51.0661 2264 bdselfpr - ok
01:00:51.0707 2264 BDVEDISK (375cd0b9f433465ec6f50d4df44e9448) C:\Windows\system32\DRIVERS\bdvedisk.sys
01:00:51.0707 2264 BDVEDISK - ok
01:00:51.0770 2264 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
01:00:51.0770 2264 Beep - ok
01:00:51.0848 2264 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
01:00:51.0863 2264 BFE - ok
01:00:51.0957 2264 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
01:00:51.0973 2264 BITS - ok
01:00:52.0019 2264 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
01:00:52.0019 2264 blbdrive - ok
01:00:52.0144 2264 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
01:00:52.0160 2264 Bonjour Service - ok
01:00:52.0207 2264 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
01:00:52.0222 2264 bowser - ok
01:00:52.0269 2264 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:00:52.0269 2264 BrFiltLo - ok
01:00:52.0300 2264 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:00:52.0316 2264 BrFiltUp - ok
01:00:52.0378 2264 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
01:00:52.0378 2264 BridgeMP - ok
01:00:52.0425 2264 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
01:00:52.0425 2264 Browser - ok
01:00:52.0472 2264 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
01:00:52.0487 2264 Brserid - ok
01:00:52.0534 2264 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
01:00:52.0534 2264 BrSerWdm - ok
01:00:52.0565 2264 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
01:00:52.0581 2264 BrUsbMdm - ok
01:00:52.0612 2264 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
01:00:52.0612 2264 BrUsbSer - ok
01:00:52.0643 2264 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
01:00:52.0643 2264 BthEnum - ok
01:00:52.0690 2264 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
01:00:52.0690 2264 BTHMODEM - ok
01:00:52.0753 2264 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
01:00:52.0753 2264 BthPan - ok
01:00:52.0831 2264 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\system32\Drivers\BTHport.sys
01:00:52.0862 2264 BTHPORT - ok
01:00:52.0940 2264 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
01:00:52.0955 2264 bthserv - ok
01:00:53.0018 2264 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\system32\Drivers\BTHUSB.sys
01:00:53.0018 2264 BTHUSB - ok
01:00:53.0080 2264 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
01:00:53.0080 2264 btusbflt - ok
01:00:53.0158 2264 btwampfl (e4e5ab603c936bafd1a5de1d6086221e) C:\Windows\system32\drivers\btwampfl.sys
01:00:53.0174 2264 btwampfl - ok
01:00:53.0189 2264 btwaudio - ok
01:00:53.0205 2264 btwavdt - ok
01:00:53.0252 2264 btwl2cap - ok
01:00:53.0267 2264 btwrchid - ok
01:00:53.0439 2264 catchme - ok
01:00:53.0501 2264 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
01:00:53.0501 2264 cdfs - ok
01:00:53.0548 2264 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
01:00:53.0564 2264 cdrom - ok
01:00:53.0611 2264 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
01:00:53.0611 2264 CertPropSvc - ok
01:00:53.0642 2264 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
01:00:53.0642 2264 circlass - ok
01:00:53.0735 2264 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
01:00:53.0751 2264 CLFS - ok
01:00:53.0860 2264 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:00:53.0876 2264 clr_optimization_v2.0.50727_32 - ok
01:00:53.0969 2264 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:00:53.0985 2264 clr_optimization_v4.0.30319_32 - ok
01:00:54.0032 2264 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
01:00:54.0032 2264 CmBatt - ok
01:00:54.0079 2264 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
01:00:54.0079 2264 cmdide - ok
01:00:54.0172 2264 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
01:00:54.0203 2264 CNG - ok
01:00:54.0250 2264 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
01:00:54.0250 2264 Compbatt - ok
01:00:54.0297 2264 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
01:00:54.0297 2264 CompositeBus - ok
01:00:54.0328 2264 COMSysApp - ok
01:00:54.0375 2264 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
01:00:54.0391 2264 crcdisk - ok
01:00:54.0469 2264 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
01:00:54.0484 2264 CryptSvc - ok
01:00:54.0562 2264 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
01:00:54.0578 2264 CSC - ok
01:00:54.0671 2264 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
01:00:54.0687 2264 CscService - ok
01:00:54.0781 2264 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
01:00:54.0796 2264 DcomLaunch - ok
01:00:54.0874 2264 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
01:00:54.0890 2264 defragsvc - ok
01:00:54.0968 2264 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
01:00:54.0983 2264 DfsC - ok
01:00:55.0046 2264 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
01:00:55.0061 2264 Dhcp - ok
01:00:55.0139 2264 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
01:00:55.0139 2264 discache - ok
01:00:55.0202 2264 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
01:00:55.0202 2264 Disk - ok
01:00:55.0280 2264 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
01:00:55.0280 2264 Dnscache - ok
01:00:55.0342 2264 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
01:00:55.0358 2264 dot3svc - ok
01:00:55.0405 2264 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
01:00:55.0420 2264 DPS - ok
01:00:55.0451 2264 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
01:00:55.0467 2264 drmkaud - ok
01:00:55.0576 2264 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
01:00:55.0592 2264 DXGKrnl - ok
01:00:55.0654 2264 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
01:00:55.0670 2264 EapHost - ok
01:00:55.0982 2264 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
01:00:56.0091 2264 ebdrv - ok
01:00:56.0231 2264 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
01:00:56.0231 2264 EFS - ok
01:00:56.0372 2264 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
01:00:56.0403 2264 ehRecvr - ok
01:00:56.0434 2264 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
01:00:56.0450 2264 ehSched - ok
01:00:56.0559 2264 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
01:00:56.0575 2264 elxstor - ok
01:00:56.0621 2264 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
01:00:56.0637 2264 ErrDev - ok
01:00:56.0762 2264 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
01:00:56.0777 2264 EventSystem - ok
01:00:56.0840 2264 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
01:00:56.0855 2264 exfat - ok
01:00:56.0902 2264 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
01:00:56.0918 2264 fastfat - ok
01:00:57.0027 2264 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
01:00:57.0043 2264 Fax - ok
01:00:57.0074 2264 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
01:00:57.0089 2264 fdc - ok
01:00:57.0121 2264 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
01:00:57.0121 2264 fdPHost - ok
01:00:57.0152 2264 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
01:00:57.0167 2264 FDResPub - ok
01:00:57.0199 2264 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
01:00:57.0199 2264 FileInfo - ok
01:00:57.0245 2264 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
01:00:57.0245 2264 Filetrace - ok
01:00:57.0292 2264 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
01:00:57.0292 2264 flpydisk - ok
01:00:57.0355 2264 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
01:00:57.0370 2264 FltMgr - ok
01:00:57.0479 2264 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
01:00:57.0511 2264 FontCache - ok
01:00:57.0635 2264 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
01:00:57.0635 2264 FontCache3.0.0.0 - ok
01:00:57.0667 2264 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
01:00:57.0682 2264 FsDepends - ok
01:00:57.0729 2264 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
01:00:57.0729 2264 Fs_Rec - ok
01:00:57.0807 2264 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
01:00:57.0823 2264 fvevol - ok
01:00:57.0869 2264 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
01:00:57.0885 2264 gagp30kx - ok
01:00:57.0979 2264 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
01:00:57.0994 2264 gpsvc - ok
01:00:58.0119 2264 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
01:00:58.0135 2264 gupdate - ok
01:00:58.0150 2264 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
01:00:58.0150 2264 gupdatem - ok
01:00:58.0228 2264 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
01:00:58.0259 2264 gusvc - ok
01:00:58.0322 2264 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
01:00:58.0322 2264 hcw85cir - ok
01:00:58.0400 2264 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
01:00:58.0415 2264 HdAudAddService - ok
01:00:58.0462 2264 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
01:00:58.0478 2264 HDAudBus - ok
01:00:58.0509 2264 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
01:00:58.0525 2264 HidBatt - ok
01:00:58.0587 2264 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
01:00:58.0603 2264 HidBth - ok
01:00:58.0634 2264 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
01:00:58.0634 2264 HidIr - ok
01:00:58.0696 2264 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
01:00:58.0696 2264 hidserv - ok
01:00:58.0790 2264 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
01:00:58.0805 2264 HidUsb - ok
01:00:58.0852 2264 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
01:00:58.0868 2264 hkmsvc - ok
01:00:58.0930 2264 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
01:00:58.0946 2264 HomeGroupListener - ok
01:00:59.0008 2264 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
01:00:59.0024 2264 HomeGroupProvider - ok
01:00:59.0071 2264 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
01:00:59.0071 2264 HpSAMD - ok
01:00:59.0195 2264 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
01:00:59.0211 2264 HTTP - ok
01:00:59.0305 2264 hwdatacard (4154079a88089155d10168333b19627f) C:\Windows\system32\DRIVERS\ewusbmdm.sys
01:00:59.0320 2264 hwdatacard - ok
01:00:59.0367 2264 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
01:00:59.0367 2264 hwpolicy - ok
01:00:59.0492 2264 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
01:00:59.0492 2264 i8042prt - ok
01:00:59.0601 2264 iaStor (e64665e2a6caeb52c8ae6e5eb6f3fd7c) C:\Windows\system32\DRIVERS\iaStor.sys
01:00:59.0617 2264 iaStor - ok
01:00:59.0757 2264 IAStorDataMgrSvc (7d4b9a48430ed57aca6373b71d5904ca) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
01:00:59.0757 2264 IAStorDataMgrSvc - ok
01:00:59.0835 2264 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
01:00:59.0835 2264 iaStorV - ok
01:01:00.0085 2264 IconMan_R (a335eb1cfa708581f1d6eff2fb3c3a27) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
01:01:00.0100 2264 IconMan_R - ok
01:01:00.0334 2264 IDMWFP (8dc6f8a868b06f7b21c5683053509c8f) C:\Windows\system32\DRIVERS\idmwfp.sys
01:01:00.0350 2264 IDMWFP - ok
01:01:00.0537 2264 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
01:01:00.0553 2264 idsvc - ok
01:01:00.0974 2264 igfx (ba41e1bba410212ce6d30e0dac47972b) C:\Windows\system32\DRIVERS\igdkmd32.sys
01:01:01.0114 2264 igfx - ok
01:01:01.0270 2264 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
01:01:01.0270 2264 iirsp - ok
01:01:01.0395 2264 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
01:01:01.0411 2264 IKEEXT - ok
01:01:01.0489 2264 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
01:01:01.0489 2264 intelide - ok
01:01:01.0551 2264 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
01:01:01.0567 2264 intelppm - ok
01:01:01.0645 2264 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
01:01:01.0660 2264 IPBusEnum - ok
01:01:01.0707 2264 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:01:01.0723 2264 IpFilterDriver - ok
01:01:01.0847 2264 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
01:01:01.0863 2264 iphlpsvc - ok
01:01:01.0925 2264 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
01:01:01.0925 2264 IPMIDRV - ok
01:01:02.0003 2264 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
01:01:02.0019 2264 IPNAT - ok
01:01:02.0050 2264 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
01:01:02.0050 2264 IRENUM - ok
01:01:02.0097 2264 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
01:01:02.0097 2264 isapnp - ok
01:01:02.0159 2264 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\DRIVERS\msiscsi.sys
01:01:02.0175 2264 iScsiPrt - ok
01:01:02.0222 2264 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
01:01:02.0222 2264 kbdclass - ok
01:01:02.0269 2264 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
01:01:02.0269 2264 kbdhid - ok
01:01:02.0331 2264 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
01:01:02.0331 2264 KeyIso - ok
01:01:02.0425 2264 kl1 (ce3958f58547454884e97bda78cd7040) C:\Windows\system32\DRIVERS\kl1.sys
01:01:02.0440 2264 kl1 - ok
01:01:02.0503 2264 KLMD (4dd5aeb8499af27872b07f845b492929) C:\Windows\system32\Drivers\KLMD.sys
01:01:02.0503 2264 KLMD - ok
01:01:02.0565 2264 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
01:01:02.0565 2264 KSecDD - ok
01:01:02.0643 2264 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
01:01:02.0643 2264 KSecPkg - ok
01:01:02.0737 2264 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
01:01:02.0752 2264 KtmRm - ok
01:01:02.0815 2264 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
01:01:02.0830 2264 LanmanServer - ok
01:01:02.0908 2264 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
01:01:02.0939 2264 LanmanWorkstation - ok
01:01:03.0158 2264 LBTServ (910344e2a984010435ae84783b25e5eb) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
01:01:03.0158 2264 LBTServ - ok
01:01:03.0236 2264 LHidFilt (01cc7fb6e790ef044b411377f3a1ff41) C:\Windows\system32\DRIVERS\LHidFilt.Sys
01:01:03.0251 2264 LHidFilt - ok
01:01:03.0298 2264 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
01:01:03.0314 2264 lltdio - ok
01:01:03.0376 2264 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
01:01:03.0392 2264 lltdsvc - ok
01:01:03.0439 2264 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
01:01:03.0454 2264 lmhosts - ok
01:01:03.0501 2264 LMouFilt (a2e7eae8898d7b4b8c302b8f4e836bb5) C:\Windows\system32\DRIVERS\LMouFilt.Sys
01:01:03.0517 2264 LMouFilt - ok
01:01:03.0579 2264 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
01:01:03.0595 2264 LSI_FC - ok
01:01:03.0657 2264 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
01:01:03.0657 2264 LSI_SAS - ok
01:01:03.0704 2264 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:01:03.0719 2264 LSI_SAS2 - ok
01:01:03.0782 2264 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:01:03.0782 2264 LSI_SCSI - ok
01:01:03.0829 2264 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
01:01:03.0844 2264 luafv - ok
01:01:03.0907 2264 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
01:01:03.0922 2264 Mcx2Svc - ok
01:01:03.0969 2264 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
01:01:03.0969 2264 megasas - ok
01:01:04.0047 2264 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
01:01:04.0063 2264 MegaSR - ok
01:01:04.0094 2264 minhfjmw - ok
01:01:04.0141 2264 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
01:01:04.0156 2264 MMCSS - ok
01:01:04.0187 2264 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
01:01:04.0203 2264 Modem - ok
01:01:04.0250 2264 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
01:01:04.0250 2264 monitor - ok
01:01:04.0328 2264 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
01:01:04.0328 2264 mouclass - ok
01:01:04.0375 2264 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
01:01:04.0375 2264 mouhid - ok
01:01:04.0437 2264 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
01:01:04.0437 2264 mountmgr - ok
01:01:04.0562 2264 MozillaMaintenance (faf39f88ec64160d901848ea08cf6eb1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
01:01:04.0562 2264 MozillaMaintenance - ok
01:01:04.0624 2264 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
01:01:04.0624 2264 mpio - ok
01:01:04.0671 2264 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
01:01:04.0671 2264 mpsdrv - ok
01:01:04.0780 2264 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
01:01:04.0796 2264 MpsSvc - ok
01:01:04.0858 2264 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
01:01:04.0874 2264 MRxDAV - ok
01:01:04.0952 2264 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:01:04.0952 2264 mrxsmb - ok
01:01:05.0045 2264 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:01:05.0061 2264 mrxsmb10 - ok
01:01:05.0123 2264 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:01:05.0139 2264 mrxsmb20 - ok
01:01:05.0186 2264 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
01:01:05.0201 2264 msahci - ok
01:01:05.0279 2264 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
01:01:05.0279 2264 msdsm - ok
01:01:05.0373 2264 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
01:01:05.0389 2264 MSDTC - ok
01:01:05.0482 2264 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
01:01:05.0482 2264 Msfs - ok
01:01:05.0560 2264 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
01:01:05.0560 2264 mshidkmdf - ok
01:01:05.0607 2264 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
01:01:05.0607 2264 msisadrv - ok
01:01:05.0701 2264 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
01:01:05.0701 2264 MSiSCSI - ok
01:01:05.0747 2264 msiserver - ok
01:01:05.0794 2264 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
01:01:05.0794 2264 MSKSSRV - ok
01:01:05.0841 2264 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
01:01:05.0841 2264 MSPCLOCK - ok
01:01:05.0888 2264 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
01:01:05.0888 2264 MSPQM - ok
01:01:05.0950 2264 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
01:01:05.0950 2264 MsRPC - ok
01:01:06.0028 2264 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
01:01:06.0028 2264 mssmbios - ok
01:01:06.0075 2264 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
01:01:06.0075 2264 MSTEE - ok
01:01:06.0122 2264 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
01:01:06.0122 2264 MTConfig - ok
01:01:06.0184 2264 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
01:01:06.0184 2264 Mup - ok
01:01:06.0262 2264 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
01:01:06.0309 2264 napagent - ok
01:01:06.0371 2264 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
01:01:06.0387 2264 NativeWifiP - ok
01:01:06.0496 2264 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
01:01:06.0527 2264 NDIS - ok
01:01:06.0559 2264 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
01:01:06.0574 2264 NdisCap - ok
01:01:06.0621 2264 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
01:01:06.0621 2264 NdisTapi - ok
01:01:06.0683 2264 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
01:01:06.0699 2264 Ndisuio - ok
01:01:06.0761 2264 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
01:01:06.0793 2264 NdisWan - ok
01:01:06.0839 2264 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
01:01:06.0855 2264 NDProxy - ok
01:01:06.0917 2264 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
01:01:06.0917 2264 NetBIOS - ok
01:01:06.0980 2264 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
01:01:06.0980 2264 NetBT - ok
01:01:07.0058 2264 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
01:01:07.0058 2264 Netlogon - ok
01:01:07.0167 2264 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
01:01:07.0183 2264 Netman - ok
01:01:07.0307 2264 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
01:01:07.0323 2264 NetMsmqActivator - ok
01:01:07.0339 2264 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
01:01:07.0354 2264 NetPipeActivator - ok
01:01:07.0432 2264 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
01:01:07.0448 2264 netprofm - ok
01:01:07.0479 2264 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
01:01:07.0479 2264 NetTcpActivator - ok
01:01:07.0510 2264 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
01:01:07.0510 2264 NetTcpPortSharing - ok
01:01:07.0573 2264 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
01:01:07.0573 2264 nfrd960 - ok
01:01:07.0666 2264 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
01:01:07.0682 2264 NlaSvc - ok
01:01:07.0713 2264 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
01:01:07.0713 2264 Npfs - ok
01:01:07.0775 2264 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
01:01:07.0791 2264 nsi - ok
01:01:07.0838 2264 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
01:01:07.0838 2264 nsiproxy - ok
01:01:08.0025 2264 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
01:01:08.0056 2264 Ntfs - ok
01:01:08.0134 2264 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
01:01:08.0134 2264 Null - ok
01:01:08.0212 2264 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
01:01:08.0228 2264 nvraid - ok
01:01:08.0306 2264 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
01:01:08.0321 2264 nvstor - ok
01:01:08.0368 2264 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
01:01:08.0368 2264 nv_agp - ok
01:01:08.0431 2264 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
01:01:08.0431 2264 ohci1394 - ok
01:01:08.0555 2264 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:01:08.0571 2264 ose - ok
01:01:09.0008 2264 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:01:09.0070 2264 osppsvc - ok
01:01:09.0304 2264 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
01:01:09.0320 2264 p2pimsvc - ok
01:01:09.0413 2264 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
01:01:09.0429 2264 p2psvc - ok
01:01:09.0523 2264 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
01:01:09.0523 2264 Parport - ok
01:01:09.0601 2264 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
01:01:09.0601 2264 partmgr - ok
01:01:09.0679 2264 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
01:01:09.0679 2264 Parvdm - ok
01:01:09.0741 2264 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
01:01:09.0757 2264 PcaSvc - ok
01:01:09.0850 2264 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
01:01:09.0850 2264 pci - ok
01:01:09.0897 2264 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
01:01:09.0897 2264 pciide - ok
01:01:09.0975 2264 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
01:01:09.0975 2264 pcmcia - ok
01:01:10.0037 2264 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
01:01:10.0053 2264 pcw - ok
01:01:10.0147 2264 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
01:01:10.0147 2264 PEAUTH - ok
01:01:10.0318 2264 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
01:01:10.0349 2264 PeerDistSvc - ok
01:01:10.0646 2264 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
01:01:10.0708 2264 pla - ok
01:01:10.0927 2264 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
01:01:10.0942 2264 PlugPlay - ok
01:01:11.0005 2264 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
01:01:11.0020 2264 PNRPAutoReg - ok
01:01:11.0098 2264 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
01:01:11.0098 2264 PNRPsvc - ok
01:01:11.0192 2264 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
01:01:11.0207 2264 PolicyAgent - ok
01:01:11.0301 2264 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
01:01:11.0317 2264 Power - ok
01:01:11.0426 2264 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
01:01:11.0426 2264 PptpMiniport - ok
01:01:11.0488 2264 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
01:01:11.0488 2264 Processor - ok
01:01:11.0566 2264 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
01:01:11.0582 2264 ProfSvc - ok
01:01:11.0660 2264 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
01:01:11.0660 2264 ProtectedStorage - ok
01:01:11.0738 2264 Ps2 (bffdb363485501a38f0bca83aec810db) C:\Windows\system32\DRIVERS\PS2.sys
01:01:11.0738 2264 Ps2 - ok
01:01:11.0831 2264 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
01:01:11.0847 2264 Psched - ok
01:01:11.0878 2264 pukqzpus - ok
01:01:11.0972 2264 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
01:01:11.0972 2264 PxHelp20 - ok
01:01:12.0128 2264 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
01:01:12.0175 2264 ql2300 - ok
01:01:12.0393 2264 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
01:01:12.0393 2264 ql40xx - ok
01:01:12.0487 2264 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
01:01:12.0487 2264 QWAVE - ok
01:01:12.0565 2264 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
01:01:12.0565 2264 QWAVEdrv - ok
01:01:12.0627 2264 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
01:01:12.0627 2264 RasAcd - ok
01:01:12.0689 2264 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
01:01:12.0705 2264 RasAgileVpn - ok
01:01:12.0767 2264 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
01:01:12.0783 2264 RasAuto - ok
01:01:12.0861 2264 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:01:12.0861 2264 Rasl2tp - ok
01:01:12.0955 2264 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
01:01:12.0970 2264 RasMan - ok
01:01:13.0033 2264 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
01:01:13.0033 2264 RasPppoe - ok
01:01:13.0079 2264 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
01:01:13.0095 2264 RasSstp - ok
01:01:13.0157 2264 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
01:01:13.0173 2264 rdbss - ok
01:01:13.0282 2264 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
01:01:13.0298 2264 rdpbus - ok
01:01:13.0376 2264 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:01:13.0376 2264 RDPCDD - ok
01:01:13.0469 2264 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
01:01:13.0501 2264 RDPDR - ok
01:01:13.0547 2264 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
01:01:13.0547 2264 RDPENCDD - ok
01:01:13.0625 2264 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
01:01:13.0641 2264 RDPREFMP - ok
01:01:13.0703 2264 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
01:01:13.0719 2264 RdpVideoMiniport - ok
01:01:13.0797 2264 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
01:01:13.0813 2264 RDPWD - ok
01:01:13.0891 2264 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
01:01:13.0906 2264 rdyboost - ok
01:01:13.0984 2264 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
01:01:14.0015 2264 RemoteAccess - ok
01:01:14.0093 2264 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
01:01:14.0109 2264 RemoteRegistry - ok
01:01:14.0171 2264 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
01:01:14.0187 2264 RFCOMM - ok
01:01:14.0265 2264 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
01:01:14.0281 2264 RpcEptMapper - ok
01:01:14.0359 2264 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
01:01:14.0374 2264 RpcLocator - ok
01:01:14.0483 2264 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\System32\rpcss.dll
01:01:14.0499 2264 RpcSs - ok
01:01:14.0593 2264 RSPCIESTOR (f26c73c30e22db6996f04afbc8670312) C:\Windows\system32\DRIVERS\RtsPStor.sys
01:01:14.0608 2264 RSPCIESTOR - ok
01:01:14.0671 2264 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
01:01:14.0671 2264 rspndr - ok
01:01:14.0764 2264 RTL8167 (effd24b219c44f9044b8dbb95a54b7ab) C:\Windows\system32\DRIVERS\Rt86win7.sys
01:01:14.0780 2264 RTL8167 - ok
01:01:14.0905 2264 SafeBox (d5291db188e4423f3696ca550edeb876) C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
01:01:14.0905 2264 SafeBox - ok
01:01:14.0983 2264 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
01:01:14.0983 2264 SamSs - ok
01:01:15.0061 2264 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
01:01:15.0061 2264 sbp2port - ok
01:01:15.0154 2264 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
01:01:15.0170 2264 SCardSvr - ok
01:01:15.0232 2264 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
01:01:15.0232 2264 scfilter - ok
01:01:15.0373 2264 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
01:01:15.0388 2264 Schedule - ok
01:01:15.0466 2264 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
01:01:15.0466 2264 SCPolicySvc - ok
01:01:15.0544 2264 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
01:01:15.0560 2264 SDRSVC - ok
01:01:15.0622 2264 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
01:01:15.0622 2264 secdrv - ok
01:01:15.0685 2264 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
01:01:15.0700 2264 seclogon - ok
01:01:15.0763 2264 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
01:01:15.0778 2264 SENS - ok
01:01:15.0841 2264 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
01:01:15.0841 2264 SensrSvc - ok
01:01:15.0950 2264 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
01:01:15.0950 2264 Serenum - ok
01:01:16.0012 2264 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
01:01:16.0012 2264 Serial - ok
01:01:16.0075 2264 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
01:01:16.0075 2264 sermouse - ok
01:01:16.0246 2264 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
01:01:16.0246 2264 SessionEnv - ok
01:01:16.0309 2264 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
01:01:16.0309 2264 sffdisk - ok
01:01:16.0371 2264 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
01:01:16.0371 2264 sffp_mmc - ok
01:01:16.0418 2264 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
01:01:16.0433 2264 sffp_sd - ok
01:01:16.0496 2264 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
01:01:16.0496 2264 sfloppy - ok
01:01:16.0589 2264 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
01:01:16.0605 2264 SharedAccess - ok
01:01:16.0730 2264 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
01:01:16.0745 2264 ShellHWDetection - ok
01:01:16.0823 2264 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
01:01:16.0839 2264 sisagp - ok
01:01:16.0901 2264 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:01:16.0917 2264 SiSRaid2 - ok
01:01:16.0964 2264 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
01:01:16.0964 2264 SiSRaid4 - ok
01:01:17.0042 2264 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
01:01:17.0042 2264 Smb - ok
01:01:17.0151 2264 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
01:01:17.0167 2264 SNMPTRAP - ok
01:01:17.0213 2264 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
01:01:17.0229 2264 spldr - ok
01:01:17.0323 2264 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
01:01:17.0338 2264 Spooler - ok
01:01:17.0635 2264 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
01:01:17.0744 2264 sppsvc - ok
01:01:17.0900 2264 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
01:01:17.0915 2264 sppuinotify - ok
01:01:18.0009 2264 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
01:01:18.0025 2264 srv - ok
01:01:18.0103 2264 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
01:01:18.0118 2264 srv2 - ok
01:01:18.0165 2264 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
01:01:18.0165 2264 srvnet - ok
01:01:18.0274 2264 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
01:01:18.0274 2264 SSDPSRV - ok
01:01:18.0337 2264 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
01:01:18.0368 2264 SstpSvc - ok
01:01:18.0524 2264 STacSV (f076ffe8af8398fdf2028f6eac5f1778) C:\Program Files\IDT\WDM\STacSV.exe
01:01:18.0524 2264 STacSV - ok
01:01:18.0602 2264 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
01:01:18.0602 2264 stexstor - ok
01:01:18.0711 2264 STHDA (f71736dc79731c98698b93326e01a6bd) C:\Windows\system32\DRIVERS\stwrt.sys
01:01:18.0727 2264 STHDA - ok
01:01:18.0820 2264 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
01:01:18.0851 2264 StiSvc - ok
01:01:18.0898 2264 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
01:01:18.0914 2264 swenum - ok
01:01:18.0992 2264 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
01:01:19.0007 2264 swprv - ok
01:01:19.0039 2264 Synth3dVsc - ok
01:01:19.0148 2264 SynTP (6dd49e1a5fa0f01824652f1a0a8866fb) C:\Windows\system32\DRIVERS\SynTP.sys
01:01:19.0148 2264 SynTP - ok
01:01:19.0304 2264 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
01:01:19.0351 2264 SysMain - ok
01:01:19.0444 2264 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
01:01:19.0460 2264 TabletInputService - ok
01:01:19.0569 2264 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
01:01:19.0600 2264 TapiSrv - ok
01:01:19.0694 2264 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
01:01:19.0709 2264 TBS - ok
01:01:19.0912 2264 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
01:01:19.0959 2264 Tcpip - ok
01:01:20.0053 2264 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
01:01:20.0068 2264 TCPIP6 - ok
01:01:20.0255 2264 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
01:01:20.0255 2264 tcpipreg - ok
01:01:20.0380 2264 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
01:01:20.0396 2264 TDPIPE - ok
01:01:20.0458 2264 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
01:01:20.0474 2264 TDTCP - ok
01:01:20.0536 2264 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
01:01:20.0536 2264 tdx - ok
01:01:20.0599 2264 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
01:01:20.0614 2264 TermDD - ok
01:01:20.0723 2264 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
01:01:20.0755 2264 TermService - ok
01:01:20.0833 2264 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
01:01:20.0833 2264 Themes - ok
01:01:20.0911 2264 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
01:01:20.0926 2264 THREADORDER - ok
01:01:21.0020 2264 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
01:01:21.0035 2264 TrkWks - ok
01:01:21.0191 2264 trufos (9016639c71328e4667d06119937aa20a) C:\Windows\system32\DRIVERS\trufos.sys
01:01:21.0191 2264 trufos - ok
01:01:21.0363 2264 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
01:01:21.0379 2264 TrustedInstaller - ok
01:01:21.0488 2264 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:01:21.0503 2264 tssecsrv - ok
01:01:21.0597 2264 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
01:01:21.0597 2264 TsUsbFlt - ok
01:01:21.0644 2264 tsusbhub - ok
01:01:21.0737 2264 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
01:01:21.0737 2264 tunnel - ok
01:01:21.0831 2264 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
01:01:21.0847 2264 uagp35 - ok
01:01:21.092

#24 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 06 June 2012 - 12:10 PM

Looks clean. :)

For Service Center.
What do you mean by

pc cannot detect and failed to connect to window service centre

I don't know of any Window Service Center.
Are you getting an error message?
If so please attach a screen shot. See How to create and attach a screen shot
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#25 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 06 June 2012 - 12:44 PM

clean... tyvm but why my pc still slow... i am afraid it because the virus or malware... why because went i shutdown my pc take 15,20 minutes..when log on it take 10,15 minutes.. that not good for pc,right?? about window service centre,yes i got error message but not always... 4,5 time in one week... for your information cnm,my remote control,disk cleanup,disk defrag original with window in my pc cannot be use.... that why i thing it because malware or virus? now i use disk defrag from pirifom..

Edited by mat yie76, 06 June 2012 - 01:08 PM.


#26 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 06 June 2012 - 12:52 PM

Be sure to get a screen shot the next time you get a message about Service Center.

A frequent reason for slowness is running too many programs. Let's try to get a handle on that, and also look for anything amiss.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy the contents of these files, one at a time, and post with your next two replies.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#27 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 06 June 2012 - 05:33 PM

OTL logfile created on: 7/6/2012 3:52:15 AM - Run 2
OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\Hp\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy

1.99 Gb Total Physical Memory | 0.78 Gb Available Physical Memory | 39.45% Memory free
3.98 Gb Paging File | 2.61 Gb Available in Paging File | 65.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.01 Gb Total Space | 165.11 Gb Free Space | 75.74% Space Free | Partition Type: NTFS
Drive D: | 14.57 Gb Total Space | 1.67 Gb Free Space | 11.47% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 89.96 Mb Free Space | 90.71% Space Free | Partition Type: FAT32
Drive G: | 199.00 Mb Total Space | 158.42 Mb Free Space | 79.61% Space Free | Partition Type: NTFS

Computer Name: BGL9703 | User Name: Hp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Hp\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe (Bitdefender)
PRC - C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
PRC - C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe (Bitdefender)
PRC - C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe (Bitdefender)
PRC - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Logitech\SetPointP\LBTWiz.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
PRC - C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
PRC - C:\Users\Hp\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\acc563eb665e430df4375afb9697a5d9\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2d76e5f609280a873c775599b20d407f\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\1a690902e9a6293de228c16fab21e2f7\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files\Bitdefender\Bitdefender 2012\UI\popup.ui ()
MOD - C:\Program Files\Bitdefender\Bitdefender 2012\bdmetrics.dll ()
MOD - C:\Program Files\Bitdefender\Bitdefender 2012\popup.dll ()
MOD - C:\Program Files\Bitdefender\Bitdefender 2012\connector.dll ()
MOD - C:\Program Files\Bitdefender\Bitdefender 2012\framework.dll ()
MOD - C:\Program Files\Bitdefender\Bitdefender 2012\txmlutil.dll ()
MOD - C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()


========== Win32 Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (VSSERV) -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe (Bitdefender)
SRV - (UPDATESRV) -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe (Bitdefender)
SRV - (SafeBox) -- C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe (Bitdefender)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (Update Server) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe (BitDefender)
SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AdobeActiveFileMonitor10.0) -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (IconMan_R) -- C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (TabletInputService) -- C:\Windows\System32\TabSvc.dll (Microsoft Corporation)
SRV - (ShellHWDetection) -- C:\Windows\System32\shsvcs.dll (Microsoft Corporation)
SRV - (Schedule) -- C:\Windows\System32\schedsvc.dll (Microsoft Corporation)
SRV - (SCPolicySvc) -- C:\Windows\System32\certprop.dll (Microsoft Corporation)
SRV - (CertPropSvc) -- C:\Windows\System32\certprop.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (upnphost) -- C:\Windows\System32\upnphost.dll (Microsoft Corporation)
SRV - (TrkWks) -- C:\Windows\System32\trkwks.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (RpcLocator) -- C:\Windows\System32\Locator.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Program Files\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation)


========== Driver Services (SafeList) ==========

DRV - (VGPU) -- File not found
DRV - (tsusbhub) -- File not found
DRV - (Synth3dVsc) -- File not found
DRV - (pukqzpus) -- C:\Windows\system32\drivers\pukqzpus.sys File not found
DRV - (minhfjmw) -- C:\Windows\system32\drivers\minhfjmw.sys File not found
DRV - (catchme) -- C:\Users\Hp\AppData\Local\Temp\catchme.sys File not found
DRV - (btwrchid) -- File not found
DRV - (btwl2cap) -- File not found
DRV - (btwavdt) -- File not found
DRV - (btwaudio) -- File not found
DRV - (azwwljds) -- C:\Windows\system32\drivers\azwwljds.sys File not found
DRV - (IDMWFP) -- C:\Windows\System32\drivers\idmwfp.sys (Tonec Inc.)
DRV - (KLMD) -- C:\Windows\System32\drivers\KLMD.sys (Kaspersky Lab, Parshin Yury)
DRV - (avc3) -- C:\Windows\System32\drivers\avc3.sys (BitDefender)
DRV - (bdselfpr) -- C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender LLC)
DRV - (avckf) -- C:\Windows\System32\drivers\avckf.sys (BitDefender)
DRV - (RSPCIESTOR) -- C:\Windows\System32\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV - (avchv) -- C:\Windows\System32\drivers\avchv.sys (BitDefender)
DRV - (bdsandbox) -- C:\Windows\System32\drivers\bdsandbox.sys (BitDefender SRL)
DRV - (BdfNdisf) -- c:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys (BitDefender LLC)
DRV - (bdfwfpf) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys (BitDefender LLC)
DRV - (trufos) -- C:\Windows\System32\drivers\trufos.sys (BitDefender S.R.L.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (bdfsfltr) -- C:\Windows\System32\drivers\bdfsfltr.sys (BitDefender)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (CSC) -- C:\Windows\System32\drivers\csc.sys (Microsoft Corporation)
DRV - (udfs) -- C:\Windows\System32\drivers\udfs.sys (Microsoft Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (BDVEDISK) -- C:\Windows\System32\drivers\bdvedisk.sys (BitDefender)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (crcdisk) -- C:\Windows\System32\drivers\crcdisk.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (cdfs) -- C:\Windows\System32\drivers\cdfs.sys (Microsoft Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.c...sa&d=2012-06-01 12:57:34&v=11.1.0.7&sap=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-MY
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 D8 70 B8 6E 66 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://isearch.babyl...000e02a823cb1b7
IE - HKCU\..\SearchScopes\{5785B862-1723-4E49-8AE0-18E08926260B}: "URL" = http://websearch.ask...FE-B60A82294426
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-06-01 12:57:34&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{F813F595-1DA6-4476-915D-E3C2FDF0B758}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{FAAEB9AB-E0BC-49C4-BB46-9AF8FF8A7089}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://isearch.babyl...00e02a823cb1b7"
FF - prefs.js..keyword.URL: "http://www.google.co...1&sa=Search&q="
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "SearchMyWeb"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://www.google.co...1&sa=Search&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "SearchMyWeb"
FF - prefs.js..browser.startup.homepage: "http://isearch.avg.c...04-10 19:42:16"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://www.google.co...1&sa=Search&q="

FF - user.js..keyword.URL: "http://www.google.co...1&sa=Search&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_250.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Hp\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Hp\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/05/08 00:28:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/19 00:52:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/20 18:19:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2012/05/26 20:18:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Hp\AppData\Roaming\IDM\idmmzcc5 [2012/06/01 13:46:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Hp\AppData\Roaming\IDM\idmmzcc5 [2012/06/01 13:46:58 | 000,000,000 | ---D | M]

[2012/05/04 12:12:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hp\AppData\Roaming\mozilla\Extensions
[2012/05/04 12:14:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hp\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2012/05/06 02:22:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hp\AppData\Roaming\mozilla\Firefox\Profiles\w6am161h.default\extensions
[2012/01/03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\w6am161h.default\searchplugins\askcom.xml
[2012/04/10 23:41:55 | 000,003,916 | ---- | M] () -- C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\w6am161h.default\searchplugins\sweetim.xml
[2012/05/14 19:23:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/29 01:38:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/03/23 04:03:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com
[2012/04/11 21:35:05 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
[2012/04/11 21:34:58 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
[2012/04/29 01:38:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/04/20 22:48:21 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\HP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6AM161H.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/04/10 23:41:48 | 000,162,686 | ---- | M] () (No name found) -- C:\USERS\HP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6AM161H.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
[2012/04/10 23:40:25 | 000,102,481 | ---- | M] () (No name found) -- C:\USERS\HP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6AM161H.DEFAULT\EXTENSIONS\FBPHOTOZOOM@INSTALLDADDY.COM.XPI
[2012/04/26 06:59:55 | 000,085,432 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/12 16:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2012/05/19 00:52:49 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2012/05/19 00:52:50 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2012/05/19 00:52:52 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2012/05/19 00:52:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2012/05/19 00:52:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2012/05/19 00:52:56 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2012/05/19 00:52:57 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2012/04/26 06:58:48 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2012/06/01 12:57:22 | 000,003,749 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/04/12 02:37:44 | 000,002,298 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/04/26 06:58:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/26 06:58:48 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2012/04/26 06:58:48 | 000,003,422 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2012/04/26 06:58:48 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/04/26 06:58:48 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2012/04/26 06:58:48 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Hp\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_231.dll
CHR - plugin: HP Product Detection Plugin for Mozilla (Enabled) = C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\plugins/npProductDetectPlugin.dll
CHR - plugin: HP Active Check Plugin (Enabled) = C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\plugins/npAclmPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Hp\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Hp\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.20 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Hp\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Hedgehog in the fog = C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\haocganpkafanhkfldbbmhcpaelmkejg\3_0\
CHR - Extension: HP Product Detection Plugin = C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\
CHR - Extension: Gmail = C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [CAHeadless] C:\Program Files\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Hp\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInstrumentation = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CA0FAE8-B45D-4AF3-8FD4-487A12B01D2A}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5398B0D-41BE-4C96-89F6-B143C096AC3F}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (aswBoot.exe /A:* /L:1033 /heur:80 /RA:ask /pup /archives /IA:0 /KBD:2 /dir:C:\Program)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/07 03:48:55 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Hp\Desktop\OTL.exe
[2012/06/07 02:49:19 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Local\ElevatedDiagnostics
[2012/06/07 02:11:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012/06/07 00:40:22 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Hp\Desktop\TDSSKiller.exe
[2012/06/06 21:20:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/06 19:25:23 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/06/06 16:37:24 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Local\temp
[2012/06/04 18:35:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/03 21:26:32 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Roaming\f-secure
[2012/06/03 21:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012/06/03 15:15:22 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Hp\Desktop\dds.com
[2012/06/01 13:46:51 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Roaming\IDM
[2012/06/01 13:46:35 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2012/06/01 12:57:21 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2012/06/01 12:57:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2012/05/31 16:56:22 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Roaming\DMCache
[2012/05/30 00:16:33 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/05/30 00:16:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/05/30 00:07:50 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Roaming\addpcs
[2012/05/29 21:48:42 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Hp\Desktop\TFC.exe
[2012/05/27 23:20:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/27 23:20:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/27 23:20:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/27 23:19:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/26 20:18:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2012
[2012/05/26 20:18:27 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Roaming\Bitdefender
[2012/05/26 20:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender
[2012/05/26 19:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2012/05/26 19:41:24 | 000,360,976 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\bdfsfltr.sys
[2012/05/26 19:41:21 | 000,340,624 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys
[2012/05/26 19:36:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2012/05/26 13:06:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/05/26 13:04:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
[2012/05/26 10:25:02 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Your Product
[2012/05/23 23:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2012/05/20 18:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2012/05/19 00:52:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/05/14 19:22:27 | 000,088,632 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSCrySec.sys
[2012/05/14 19:22:27 | 000,039,352 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys
[2012/05/14 19:20:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/05/14 18:29:39 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Local\Western Digital
[2012/05/14 15:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2012/05/10 03:35:29 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/05/10 03:35:28 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/05/10 03:35:27 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/05/10 03:27:54 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

========== Files - Modified Within 30 Days ==========

[2012/06/07 03:48:56 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users&#

#28 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 06 June 2012 - 07:06 PM

OTL logfile created on: 7/6/2012 3:52:15 AM - Run 2
OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\Hp\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy

1.99 Gb Total Physical Memory | 0.78 Gb Available Physical Memory | 39.45% Memory free
3.98 Gb Paging File | 2.61 Gb Available in Paging File | 65.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.01 Gb Total Space | 165.11 Gb Free Space | 75.74% Space Free | Partition Type: NTFS
Drive D: | 14.57 Gb Total Space | 1.67 Gb Free Space | 11.47% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 89.96 Mb Free Space | 90.71% Space Free | Partition Type: FAT32
Drive G: | 199.00 Mb Total Space | 158.42 Mb Free Space | 79.61% Space Free | Partition Type: NTFS

Computer Name: BGL9703 | User Name: Hp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Hp\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe (Bitdefender)
PRC - C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
PRC - C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe (Bitdefender)
PRC - C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe (Bitdefender)
PRC - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Logitech\SetPointP\LBTWiz.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
PRC - C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
PRC - C:\Users\Hp\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\acc563eb665e430df4375afb9697a5d9\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2d76e5f609280a873c775599b20d407f\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\1a690902e9a6293de228c16fab21e2f7\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files\Bitdefender\Bitdefender 2012\UI\popup.ui ()
MOD - C:\Program Files\Bitdefender\Bitdefender 2012\bdmetrics.dll ()
MOD - C:\Program Files\Bitdefender\Bitdefender 2012\popup.dll ()
MOD - C:\Program Files\Bitdefender\Bitdefender 2012\connector.dll ()
MOD - C:\Program Files\Bitdefender\Bitdefender 2012\framework.dll ()
MOD - C:\Program Files\Bitdefender\Bitdefender 2012\txmlutil.dll ()
MOD - C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()


========== Win32 Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (VSSERV) -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe (Bitdefender)
SRV - (UPDATESRV) -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe (Bitdefender)
SRV - (SafeBox) -- C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe (Bitdefender)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (Update Server) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe (BitDefender)
SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AdobeActiveFileMonitor10.0) -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (IconMan_R) -- C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (TabletInputService) -- C:\Windows\System32\TabSvc.dll (Microsoft Corporation)
SRV - (ShellHWDetection) -- C:\Windows\System32\shsvcs.dll (Microsoft Corporation)
SRV - (Schedule) -- C:\Windows\System32\schedsvc.dll (Microsoft Corporation)
SRV - (SCPolicySvc) -- C:\Windows\System32\certprop.dll (Microsoft Corporation)
SRV - (CertPropSvc) -- C:\Windows\System32\certprop.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (upnphost) -- C:\Windows\System32\upnphost.dll (Microsoft Corporation)
SRV - (TrkWks) -- C:\Windows\System32\trkwks.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (RpcLocator) -- C:\Windows\System32\Locator.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Program Files\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation)


========== Driver Services (SafeList) ==========

DRV - (VGPU) -- File not found
DRV - (tsusbhub) -- File not found
DRV - (Synth3dVsc) -- File not found
DRV - (pukqzpus) -- C:\Windows\system32\drivers\pukqzpus.sys File not found
DRV - (minhfjmw) -- C:\Windows\system32\drivers\minhfjmw.sys File not found
DRV - (catchme) -- C:\Users\Hp\AppData\Local\Temp\catchme.sys File not found
DRV - (btwrchid) -- File not found
DRV - (btwl2cap) -- File not found
DRV - (btwavdt) -- File not found
DRV - (btwaudio) -- File not found
DRV - (azwwljds) -- C:\Windows\system32\drivers\azwwljds.sys File not found
DRV - (IDMWFP) -- C:\Windows\System32\drivers\idmwfp.sys (Tonec Inc.)
DRV - (KLMD) -- C:\Windows\System32\drivers\KLMD.sys (Kaspersky Lab, Parshin Yury)
DRV - (avc3) -- C:\Windows\System32\drivers\avc3.sys (BitDefender)
DRV - (bdselfpr) -- C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender LLC)
DRV - (avckf) -- C:\Windows\System32\drivers\avckf.sys (BitDefender)
DRV - (RSPCIESTOR) -- C:\Windows\System32\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV - (avchv) -- C:\Windows\System32\drivers\avchv.sys (BitDefender)
DRV - (bdsandbox) -- C:\Windows\System32\drivers\bdsandbox.sys (BitDefender SRL)
DRV - (BdfNdisf) -- c:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys (BitDefender LLC)
DRV - (bdfwfpf) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys (BitDefender LLC)
DRV - (trufos) -- C:\Windows\System32\drivers\trufos.sys (BitDefender S.R.L.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (bdfsfltr) -- C:\Windows\System32\drivers\bdfsfltr.sys (BitDefender)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (CSC) -- C:\Windows\System32\drivers\csc.sys (Microsoft Corporation)
DRV - (udfs) -- C:\Windows\System32\drivers\udfs.sys (Microsoft Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (BDVEDISK) -- C:\Windows\System32\drivers\bdvedisk.sys (BitDefender)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (crcdisk) -- C:\Windows\System32\drivers\crcdisk.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (cdfs) -- C:\Windows\System32\drivers\cdfs.sys (Microsoft Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.c...sa&d=2012-06-01 12:57:34&v=11.1.0.7&sap=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-MY
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 D8 70 B8 6E 66 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://isearch.babyl...000e02a823cb1b7
IE - HKCU\..\SearchScopes\{5785B862-1723-4E49-8AE0-18E08926260B}: "URL" = http://websearch.ask...FE-B60A82294426
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-06-01 12:57:34&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{F813F595-1DA6-4476-915D-E3C2FDF0B758}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{FAAEB9AB-E0BC-49C4-BB46-9AF8FF8A7089}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://isearch.babyl...00e02a823cb1b7"
FF - prefs.js..keyword.URL: "http://www.google.co...1&sa=Search&q="
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "SearchMyWeb"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://www.google.co...1&sa=Search&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "SearchMyWeb"
FF - prefs.js..browser.startup.homepage: "http://isearch.avg.c...04-10 19:42:16"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://www.google.co...1&sa=Search&q="

FF - user.js..keyword.URL: "http://www.google.co...1&sa=Search&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_250.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Hp\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Hp\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/05/08 00:28:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/19 00:52:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/20 18:19:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2012/05/26 20:18:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Hp\AppData\Roaming\IDM\idmmzcc5 [2012/06/01 13:46:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Hp\AppData\Roaming\IDM\idmmzcc5 [2012/06/01 13:46:58 | 000,000,000 | ---D | M]

[2012/05/04 12:12:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hp\AppData\Roaming\mozilla\Extensions
[2012/05/04 12:14:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hp\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2012/05/06 02:22:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hp\AppData\Roaming\mozilla\Firefox\Profiles\w6am161h.default\extensions
[2012/01/03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\w6am161h.default\searchplugins\askcom.xml
[2012/04/10 23:41:55 | 000,003,916 | ---- | M] () -- C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\w6am161h.default\searchplugins\sweetim.xml
[2012/05/14 19:23:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/29 01:38:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/03/23 04:03:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com
[2012/04/11 21:35:05 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
[2012/04/11 21:34:58 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
[2012/04/29 01:38:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/04/20 22:48:21 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\HP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6AM161H.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/04/10 23:41:48 | 000,162,686 | ---- | M] () (No name found) -- C:\USERS\HP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6AM161H.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
[2012/04/10 23:40:25 | 000,102,481 | ---- | M] () (No name found) -- C:\USERS\HP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6AM161H.DEFAULT\EXTENSIONS\FBPHOTOZOOM@INSTALLDADDY.COM.XPI
[2012/04/26 06:59:55 | 000,085,432 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/12 16:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2012/05/19 00:52:49 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2012/05/19 00:52:50 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2012/05/19 00:52:52 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2012/05/19 00:52:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2012/05/19 00:52:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2012/05/19 00:52:56 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2012/05/19 00:52:57 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2012/04/26 06:58:48 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2012/06/01 12:57:22 | 000,003,749 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/04/12 02:37:44 | 000,002,298 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/04/26 06:58:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/26 06:58:48 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2012/04/26 06:58:48 | 000,003,422 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2012/04/26 06:58:48 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/04/26 06:58:48 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2012/04/26 06:58:48 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Hp\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_231.dll
CHR - plugin: HP Product Detection Plugin for Mozilla (Enabled) = C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\plugins/npProductDetectPlugin.dll
CHR - plugin: HP Active Check Plugin (Enabled) = C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\plugins/npAclmPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Hp\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Hp\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.20 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Hp\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Hedgehog in the fog = C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\haocganpkafanhkfldbbmhcpaelmkejg\3_0\
CHR - Extension: HP Product Detection Plugin = C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\
CHR - Extension: Gmail = C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [CAHeadless] C:\Program Files\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Hp\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInstrumentation = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CA0FAE8-B45D-4AF3-8FD4-487A12B01D2A}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5398B0D-41BE-4C96-89F6-B143C096AC3F}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (aswBoot.exe /A:* /L:1033 /heur:80 /RA:ask /pup /archives /IA:0 /KBD:2 /dir:C:\Program)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/07 03:48:55 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Hp\Desktop\OTL.exe
[2012/06/07 02:49:19 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Local\ElevatedDiagnostics
[2012/06/07 02:11:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012/06/07 00:40:22 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Hp\Desktop\TDSSKiller.exe
[2012/06/06 21:20:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/06 19:25:23 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/06/06 16:37:24 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Local\temp
[2012/06/04 18:35:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/03 21:26:32 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Roaming\f-secure
[2012/06/03 21:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012/06/03 15:15:22 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Hp\Desktop\dds.com
[2012/06/01 13:46:51 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Roaming\IDM
[2012/06/01 13:46:35 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2012/06/01 12:57:21 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2012/06/01 12:57:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2012/05/31 16:56:22 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Roaming\DMCache
[2012/05/30 00:16:33 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/05/30 00:16:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/05/30 00:07:50 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Roaming\addpcs
[2012/05/29 21:48:42 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Hp\Desktop\TFC.exe
[2012/05/27 23:20:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/27 23:20:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/27 23:20:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/27 23:19:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/26 20:18:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2012
[2012/05/26 20:18:27 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Roaming\Bitdefender
[2012/05/26 20:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender
[2012/05/26 19:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2012/05/26 19:41:24 | 000,360,976 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\bdfsfltr.sys
[2012/05/26 19:41:21 | 000,340,624 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys
[2012/05/26 19:36:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2012/05/26 13:06:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/05/26 13:04:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
[2012/05/26 10:25:02 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Your Product
[2012/05/23 23:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2012/05/20 18:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2012/05/19 00:52:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/05/14 19:22:27 | 000,088,632 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSCrySec.sys
[2012/05/14 19:22:27 | 000,039,352 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys
[2012/05/14 19:20:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/05/14 18:29:39 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Local\Western Digital
[2012/05/14 15:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2012/05/10 03:35:29 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/05/10 03:35:28 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/05/10 03:35:27 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/05/10 03:27:54 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

========== Files - Modified Within 30 Days ==========

[2012/06/07 03:48:56 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users&#

#29 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 06 June 2012 - 08:39 PM

One copy is all we need. :)
But please post the Extras.txt. You'll find it in the same location as OTL.txt.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#30 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 06 June 2012 - 09:08 PM

this pic is 1 of my problem...

Attached Files

  • Attached File  pic.jpg   78.89KB   32 downloads


#31 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 06 June 2012 - 09:30 PM

hi cnm.... dont have the Extras.txt... dont find it in the same location as OTL.txt... only have that text only...

Edited by mat yie76, 06 June 2012 - 09:32 PM.


#32 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 06 June 2012 - 09:58 PM

Would that be about your 'remote control'? Are you knowingly connected to another PC? You have a lot of things that are unfamiliar to me.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#33 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 06 June 2012 - 10:47 PM

yes.. that it remote control for my pc.... i dont know why my remote control be like that because i dont modified or setting.... so what u suggestion and solve my problem?? cant malware or virus doing that? to stop my remote control??? i am confius right now... help me plz..

#34 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 06 June 2012 - 10:51 PM

i only use my pc in my house only.. my connection is streaming telecomunication not broadband internet service..u know right? what about my OTL txt?? i do know where my OTL EXTRA txt gone... i look every where but dont see it...any solution for that problem?? that why i post my title ( pc so slow and sick ).. :think:

Edited by mat yie76, 06 June 2012 - 11:06 PM.


#35 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 07 June 2012 - 11:20 AM

I have no experience with streaming telecommunication - never heard of it before. (I'll ask others.) It seems possible that Internet Download Manager which you installed on June 1 is interfering with it. This will stop having Internet Download Manager start with Windows and clean out some debris. It will still be able to be run manually or via IE.

Bring up OTL (don't run it just yet).

In the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
DRV - (VGPU) -- File not found
DRV - (tsusbhub) -- File not found
DRV - (Synth3dVsc) -- File not found
DRV - (pukqzpus) -- C:\Windows\system32\drivers\pukqzpus.sys File not found
DRV - (minhfjmw) -- C:\Windows\system32\drivers\minhfjmw.sys File not found
DRV - (catchme) -- C:\Users\Hp\AppData\Local\Temp\catchme.sys File not found
DRV - (btwrchid) -- File not found
DRV - (btwl2cap) -- File not found
DRV - (btwavdt) -- File not found
DRV - (btwaudio) -- File not found
DRV - (azwwljds) -- C:\Windows\system32\drivers\azwwljds.sys File not found
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"
:Commands
[EMPTYTEMP]
[CREATERESTOREPOINT]

Close other windows.
Then click the red 'Run Fix' button (not the Run Scan).
After OTL does the fix, you will need to reboot.
Post the log OTL.TXT in your reply.

DId that help the slowness?
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#36 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 07 June 2012 - 12:02 PM

ok.. i do it now,wait for my result...

#37 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 07 June 2012 - 12:35 PM

still same for the slowness..this the log report after threat

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\IDMan deleted successfully.
C:\Program Files\Internet Download Manager\IDMan.exe moved successfully.
Service VGPU stopped successfully!
Service VGPU deleted successfully!
File File not found not found.
Service tsusbhub stopped successfully!
Service tsusbhub deleted successfully!
File File not found not found.
Service Synth3dVsc stopped successfully!
Service Synth3dVsc deleted successfully!
File File not found not found.
Service pukqzpus stopped successfully!
Service pukqzpus deleted successfully!
File C:\Windows\system32\drivers\pukqzpus.sys File not found not found.
Service minhfjmw stopped successfully!
Service minhfjmw deleted successfully!
File C:\Windows\system32\drivers\minhfjmw.sys File not found not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\Users\Hp\AppData\Local\Temp\catchme.sys File not found not found.
Service btwrchid stopped successfully!
Service btwrchid deleted successfully!
File File not found not found.
Service btwl2cap stopped successfully!
Service btwl2cap deleted successfully!
File File not found not found.
Service btwavdt stopped successfully!
Service btwavdt deleted successfully!
File File not found not found.
Service btwaudio stopped successfully!
Service btwaudio deleted successfully!
File File not found not found.
Service azwwljds stopped successfully!
Service azwwljds deleted successfully!
File C:\Windows\system32\drivers\azwwljds.sys File not found not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users
-> No Temporary Internet Files cache folder defined!

User: Default
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!
->Flash cache emptied: 0 bytes

User: Hp
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 11962582 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 343 bytes

User: Public
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 269 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 11.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.46.1 log created on 06082012_020458

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\~bd4039.tmp not found!

Registry entries deleted on Reboot...

#38 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 07 June 2012 - 01:09 PM

Please explain how you are able to use Octoshape Streaming Services as your internet service provider. It looks like just a media streamer to me.

Your DNS is at Malaysia Kuala Lumpur Tmnet and that is presumably your ISP. Please let me know if that is correct. If so, then our next move could be to disable Octoshape Streaming Services as a startup.

But first:
Please download Farbar Service Scanner and run it on the computer with the issue.
  • Check all the boxes.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#39 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 07 June 2012 - 07:52 PM

hi cnm,some missunderstanding here..Octoshape Streaming Services is not my internet service provider.it just a media streamer.yes u right,i am stay and live in malaysia.my ISP and DNS is at Malaysia Kuala Lumpur Tmnet ..TMnet mean Telekom Malaysia who supply services like tel and internet service..Monthly payment.. TMnet also have streaming service... that i mean for u cnm... here i post the log and result after finish the scan...

Farbar Service Scanner Version: 05-06-2012
Ran by Hp (administrator) on 08-06-2012 at 09:25:51
Running from "C:\Users\Hp\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Edited by mat yie76, 07 June 2012 - 08:35 PM.


#40 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 07 June 2012 - 08:27 PM

Can you tell me what this file is? lsvsdncd.hix

You confused me when you said

my connection is streaming telecomunication not broadband internet service

You do have a broadband internet service.

OK, let's make Octoshape not start with Windows. You can run it manually as needed.
Bring up OTL (don't run it just yet).

In the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Hp\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:DBC416F8
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:0D786AE3
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"

Close other windows.
Then click the red 'Run Fix' button (not the Run Scan).
When OTL finishes, please reboot.
Post the log OTL.TXT in your reply.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#41 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 07 June 2012 - 09:05 PM

i am so sorry about my statement (my connection is streaming telecomunication not broadband internet service) u confused to me.. i dont mean like that... i dont know what file it is (lsvsdncd.hix)...ok,i do it now then i post the result.. one again,sorry about u confused..


========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Octoshape Streaming Services deleted successfully.
C:\Users\Hp\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe moved successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
ADS C:\ProgramData\TEMP:DBC416F8 deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:0D786AE3 deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.46.1 log created on 06082012_110629

Edited by mat yie76, 07 June 2012 - 09:09 PM.


#42 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 07 June 2012 - 09:40 PM

after i reboot my pc,the problem still same...change a little,shutdown so slow...log on same to... take 8 minutes right now for shutdown and for log on 10 minutes...

#43 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 08 June 2012 - 12:34 AM

How long does it take to boot into Safe Mode? (hit F8 several times while booting to get the boot menu).
Try both

Safe Mode with Command prompt: how many minutes? and
Safe Mode with networking: how many minutes?


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#44 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 08 June 2012 - 09:53 AM

hi cnm,sorry for the late reply... it take to boot into Safe Mode about 2 half minutes for log on Safe Mode with networking and for shut down it take about 3 half minutes... for Safe Mode with Command prompt it take about 3 minutes for log on and i do know how to shut down... start menu i dont see with Safe Mode with Command prompt.i just switch off the pc..

#45 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 08 June 2012 - 11:29 AM

That means that the basic Windows loads in around 3 minutes and the other 7 minutes needs to be accounted for.
It seems clear that the 10 minutes to boot up in normal mode is because of the number of things done at Windows start. We have eliminated a few but you still have a lot happening.

BitDefender is synching with your online backup.
FileHippo is running and looking for available updates.
DivX is looking for updates.
HP Software Update is looking for updates.
Java is looking for updates.
QuickTime is started.
Adobe ElementsAutoAnalyzer.exe is started (for organizing your photos).
... and more ...

All those update checkers could be run manually every few days, but having them done automatically may be a convenience. If you like having it automatic then the simplest thing is just to go have a cup of coffee while your PC boots. Ten minutes isn't too bad, and I gather that once it has booted up the PC is not slow.

There is no sign that the boot slowness is caused by malware.
I do see a remnant of Avast that is programmed to start. Let's remove that.
Bring up OTL (don't run it just yet).

In the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
O34 - HKLM BootExecute: (aswBoot.exe /A:* /L:1033 /heur:80 /RA:ask /pup /archives /IA:0 /KBD:2 /dir:C:\Program)
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"
:Commands
[EMPTYTEMP]

Close other windows.
Then click the red 'Run Fix' button (not the Run Scan).

Post the log OTL.TXT in your reply.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#46 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 08 June 2012 - 10:04 PM

hello cnm,i be patient for 8 hour follow your intrusttion and paste what u want me to paste... finally i got not good result,my OTL is not responding.i follow step by step what u want me to do.after that,i just off my pc and log on again.i download a fresh OTL and delete old OTL in my destop pc and do it again what u want me to do.. same problem,OTL (not responding).any solution? right now my destop change to and got destop.ini? why destop.ini come back in my pc? in folder favorites 1,download folder 1,document folder 2,public music 1,pic library 2,video library 2... what i mean 1 or 2 is destop.ini ..

Edited by mat yie76, 08 June 2012 - 10:13 PM.


#47 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 08 June 2012 - 10:32 PM

OTL will not normally take longer than about 30 minutes.

OTL made a Restore Point yesterday which you can use. How To Use System Restore in Windows 7
Select the most recent Restore Point, and use it.

DO NOT TURN OFF THE PC until the PC has finished doing the restore and has rebooted. This can take quite a long time. Wait until you see the message "System Restore completed successfully".
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#48 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 08 June 2012 - 10:42 PM

ok,i do it now..

#49 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 08 June 2012 - 11:22 PM

System Restore did not complete successfully.Your computer's system files and settings were not changed.

Detail:

System Restore could not access a file.This is probably because an anti-virus program is running on the computer.Temporarily disable your anti virus program and retry system restore.
An unspecified error occurred during system restore. (0x80070005)

you cant try System Restore again and choose a different restore point.if you continue to see this error,you can try an advanced recovery method.For more information,see WHAT IS RECOVERY???

FOR YOUR INFORMATION CNM,MY ANTI VIRUS IS DISABLE FROM FIRST DAY YOUR TEACH ME TO SOLVE MY PROBLEM.... so what i want to do next??

#50 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 08 June 2012 - 11:31 PM

It's late and I would want to think about what could possibly have happened.

I don't really understand what you were saying here:

right now my destop change to and got destop.ini? why destop.ini come back in my pc? in folder favorites 1,download folder 1,document folder 2,public music 1,pic library 2,video library 2... what i mean 1 or 2 is destop.ini


However it seems your PC is working, so please run ComboFix again and post its log.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE




Member of UNITE
Support SpywareInfo Forum - click the button