Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I believe it is a malware infection .. would appreciate help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I believe it is a malware infection .. would appreciate help

Unread postby MrWhitefolks » December 4th, 2012, 2:58 am

Hello

I hope this post finds you in good health...


DESCRIPTION OF PROBLEM

Firefox is opening tabs with urls to adverts .... Always the same one so far ... this is the second day thus far
Firefox opens these tabs even when firefox is closed [it forces the browser open], and my pc is on standby ....
at times, one tab will open ... other times, three will open in one second ..... on waking up in the morning, many are open ...

the offending urls are Ib.adnxs.com/click? {and then random variables} AND seth.avazutracking.net/tracking/redirect/redirect.php {and then random variables}

I am assuming the seth.avazutracking is second in this chain [due to redirect] however, the tab opens too quickly and i cant be sure

I have downloaded OTL and TDSS killer, and ran them respectively ..... the logs are available at your request, and tdss found no threats.


REQUESTED LOGS


DDS.TXT

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
Run by Muj at 10:39:40 on 2012-12-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3039.1240 [GMT 4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\LG Software\LG Magnifier\MagnifyingGlass.exe
C:\Program Files\lg_swupdate\GiljabiStart.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\LG Software\LG OSD\HotKey.exe
C:\Program Files\CyberLink\InstantBurn\Win2K\IBurn.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\CyberLink\Shared files\brs.exe
C:\Program Files\LG Software\LG Magnifier\Maglev.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
C:\Users\Muj\Desktop\OTL.exe
C:\Windows\notepad.exe
C:\Windows\notepad.exe
C:\Windows\regedit.exe
C:\Windows\system32\rstrui.exe
C:\Windows\system32\wbengine.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.lge.com
uSearch Bar = Preserve
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files\hotspot shield\hssie\HssIE.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LG Magnifier] c:\program files\lg software\lg magnifier\MagnifyingGlass.exe
mRun: [LGSR_Menu] "c:\program files\lg software\lg smart recovery\muitransfer\muistartmenu.exe" "c:\program files\lg software\lg smart recovery" updatewithcreateonce software\cyberlink\PowerRecover
mRun: [LG Intelligent Update] "c:\program files\lg_swupdate\giljabistart.exe" Gilautouc
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [zOSD] c:\program files\lg software\lg osd\HotKey.exe
mRun: [KeybdUtility] c:\program files\lg software\lg osd\HotKey.exe
mRun: [InstantBurn] c:\progra~1\cyberl~1\instan~1\win2k\IBurn.exe
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\blu-ray disc suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\blu-ray disc suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - c:\users\muj\desktop\EmpirePoker.lnk
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{E37D90A9-8D1D-42C1-ACFC-1E229D83E89A} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{E37D90A9-8D1D-42C1-ACFC-1E229D83E89A}\24168656C67716E6 : DHCPNameServer = 24.201.245.77 24.200.0.1 24.53.0.2
TCP: Interfaces\{E37D90A9-8D1D-42C1-ACFC-1E229D83E89A}\D427758696475666F6C6B637 : DHCPNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\muj\appdata\roaming\mozilla\firefox\profiles\eb40qmqx.default\
FF - prefs.js: browser.startup.homepage - news.bbc.co.uk
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npwachk.dll
FF - ExtSQL: 2019-09-26 07:40; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\users\muj\appdata\roaming\mozilla\firefox\profiles\eb40qmqx.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-7-26 237408]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-8-24 301920]
R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [2010-5-22 15784]
R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\drivers\hssdrv6.sys [2012-11-15 35592]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/05/22 12:35:38];c:\program files\cyberlink\powerdvd8\000.fcl [2009-8-29 87536]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [2010-5-22 161576]
R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2012-11-15 527728]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe [2012-11-15 389488]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-10-21 29472]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-14 6755840]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2012-11-15 35592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-15 158856]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr28.sys [2009-6-11 530944]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-9-26 4231680]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-10-26 14848]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-26 171520]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-10-26 49664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-22 1343400]
S3 wsvd;wsvd;c:\windows\system32\drivers\wsvd.sys [2009-6-5 81704]
.
=============== Created Last 30 ================
.
2012-12-01 15:48:04 -------- d-----w- c:\users\muj\appdata\local\{5F00E561-1AE0-40DA-A9BD-7B8F576CE9C1}
2012-11-23 14:53:27 -------- d-----w- c:\users\muj\appdata\local\{AE020CC4-DF4A-4ADD-B8F6-6A9A5FB9732C}
2012-11-16 15:00:56 -------- d-----w- c:\users\muj\appdata\local\{14C0E998-659D-4C9E-8FBA-C4BB37DB2E7E}
2012-11-16 01:49:06 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 01:49:06 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 01:49:06 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 01:48:18 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 01:48:18 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 01:48:18 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 01:48:18 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 01:48:17 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 01:48:17 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 01:48:17 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-16 01:46:53 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-16 01:46:53 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-16 01:46:53 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-11-16 01:46:53 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-16 01:46:52 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-16 01:46:52 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-16 01:46:52 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-16 01:46:52 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-16 01:46:50 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-16 01:46:50 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-16 01:46:46 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-16 01:46:46 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-16 01:41:55 -------- d-----w- c:\users\muj\appdata\local\{C065D431-F4B5-4BBD-B4F2-C8E9761118C9}
2012-11-15 01:36:52 35592 ----a-w- c:\windows\system32\drivers\taphss6.sys
2012-11-15 01:29:54 35592 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
.
==================== Find3M ====================
.
2012-11-16 01:46:07 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-16 01:46:07 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-16 07:39:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-08 07:56:24 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-24 19:16:36 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-09 17:29:47 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-09 17:29:47 746984 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 10:39:56.15 ===============

ATTACH.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 05/05/2010 12:53:13 AM
System Uptime: 04/12/2012 5:55:15 AM (5 hours ago)
.
Motherboard: Quanta | | QL5
Processor: Intel(R) Core(TM)2 Duo CPU P8800 @ 2.66GHz | CPU | 2640/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 50 GiB total, 17.359 GiB free.
D: is FIXED (NTFS) - 404 GiB total, 385.217 GiB free.
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}_VID&00010001_PID&006E\7&32681813&0&002404AB98EE_C00000002
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}_VID&00010001_PID&006E\7&32681813&0&002404AB98EE_C00000002
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}_VID&00010001_PID&006E\7&32681813&0&002404AB98EE_C00000002
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}_VID&00010001_PID&006E\7&32681813&0&002404AB98EE_C00000002
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00005005-0000-1000-8000-0002EE000001}_VID&00010001_PID&006E\7&32681813&0&002404AB98EE_C00000002
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00005005-0000-1000-8000-0002EE000001}_VID&00010001_PID&006E\7&32681813&0&002404AB98EE_C00000002
Service:
.
==== System Restore Points ===================
.
RP204: 02/12/2012 6:29:21 PM - Windows Update
RP205: 04/12/2012 9:37:59 AM - Removed Java(TM) 6 Update 29
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.2
Adobe Shockwave Player 11.6
Alice Greenfingers
Apple Application Support
Apple Software Update
AVG 2012
BD Advisor 2.0
Canon MP250 series MP Drivers
CutePDF Writer 3.0
CyberLink Blu-ray Disc Suite
CyberLink InstantBurn
CyberLink Power2Go
CyberLink PowerDVD 8
CyberLink PowerProducer
CyberLink YouCam
D3DX10
Dairy Dash
DivX Setup
Dream Day Honeymoon
EmpirePoker
GameBox Console
Go-Go Gourmet
Granny In Paradise
Home Sweet Home
Hotspot Shield 2.78
Intel® Matrix Storage Manager
Island Wars 2
Java 7 Update 9
Java Auto Updater
Java(TM) SE Development Kit 7 Update 2
JavaFX 2.0.2 SDK
JavaFX 2.1.1
K-Lite Codec Pack 6.0.0 (Full)
LG Intelligent Update
LG Magnifier
LG OSD
LG Smart Care
LG Smart Indicator
LG Smart Recovery
LSI HDA Modem
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Firefox 4.0.1 (x86 en-US)
MSVCRT
NVIDIA Drivers
PowerPlayer II
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Skype Click to Call
Skype™ 5.8
swMSM
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
WIDCOMM Bluetooth Software
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Xvid 1.2.1 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
29/11/2012 12:00:27 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
04/12/2012 5:55:48 AM, Error: Service Control Manager [7000] - The Cyberlink RichVideo Service(CRVS) service failed to start due to the following error: The system cannot find the file specified.
02/12/2012 6:29:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f020b: SAMSUNG Electronics Co., Ltd. - Other hardware - SAMSUNG Mobile USB Composite Device.
.
==== End Of File ===========================


Thank you kindly for you time and consideration .... im looking forward to hearing back from you
MrWhitefolks
Regular Member
 
Posts: 21
Joined: December 4th, 2012, 2:35 am
Advertisement
Register to Remove

Re: I believe it is a malware infection .. would appreciate

Unread postby Cypher » December 4th, 2012, 12:35 pm

Hi,
Checking your logs now be right back.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: I believe it is a malware infection .. would appreciate

Unread postby Cypher » December 4th, 2012, 12:42 pm

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start

I have downloaded OTL and TDSS killer, and ran them respectively ..... the logs are available at your request, and tdss found no threats.

First please delete both OTL + the logs, and TDSSkiller from your computer, we will download fresh copies when needed.

Next.

Please download OTL by Old Timer and save it to your Desktop.

  • Right click on OTL.exe And select Run as administrator to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Next.

Please download aswMBR and save it to your Desktop.
  • Right click aswMBR.exe & choose "Run as Administrator" to run it.
  • Click Yes to the prompt to download Avast! virus definitions.
    (Please be patient whilst the virus definitions download)
  • With the AVscan set to Quick Scan, click the Scan button.
    (Please be patient whilst your computer is scanned.)
  • After a while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK > Exit.
  • Note: Do not attempt to fix anything at this stage!
  • Two files will be created, aswMBR.txt & a file named MBR.dat.
  • MBR.dat is a backup of the MBR(master boot record), do not delete it..
  • I strongly suggest you keep a copy of this backup stored on an external device.
  • Copy & Paste the contents of aswMBR.txt into your next reply.

Logs/Information to Post in your Next Reply

  • OTL.txt and Extra.txt contents.
  • aswMBR.txt.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: I believe it is a malware infection .. would appreciate

Unread postby MrWhitefolks » December 4th, 2012, 3:23 pm

Hello Cypher

Thank you for your help

Kindly note as per your instructions, I have deleted OTL and TDSSkiller and the respective logs they have created.

I have downloaded the versions of OTL and aswMBR linked in your previous response.

Here are the logs as requested ....


OTL LOGS


OTL.txt

OTL logfile created on: 12/4/2012 10:46:07 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Muj\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.97 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 32.71% Memory free
5.93 Gb Paging File | 4.34 Gb Available in Paging File | 73.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50.00 Gb Total Space | 16.83 Gb Free Space | 33.65% Space Free | Partition Type: NTFS
Drive D: | 404.26 Gb Total Space | 385.22 Gb Free Space | 95.29% Space Free | Partition Type: NTFS
Drive E: | 7.84 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MUJ-PC | User Name: Muj | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Muj\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Hotspot Shield\HssWPR\HssSrv.exe (AnchorFree Inc.)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Hotspot Shield\bin\openvpntray.exe (AnchorFree Inc.)
PRC - C:\Program Files\Hotspot Shield\bin\openvpnas.exe (AnchorFree Inc.)
PRC - C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\LG Software\LG OSD\HotKey.exe (LG Electronics)
PRC - C:\Program Files\CyberLink\Shared files\brs.exe (cyberlink)
PRC - C:\Program Files\lg_swupdate\GiljabiStart.exe (BIT LEADER)
PRC - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
PRC - C:\Program Files\CyberLink\InstantBurn\Win2K\IBurn.exe (CyberLink Corporation.)
PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\LG Software\LG Magnifier\MagnifyingGlass.exe (LG Electronics Inc.)
PRC - C:\Program Files\LG Software\LG Magnifier\Maglev.exe (LG Electronics Inc.)


========== Modules (No Company Name) ==========

MOD - D:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\4a29fb5e489e57ccc97b19ca70db94a8\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c07aa49ffd41a39bffaf653289f44038\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll ()
MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - C:\Program Files\CyberLink\InstantBurn\Win2K\Res.dll ()
MOD - C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll ()


========== Services (SafeList) ==========

SRV - (RichVideo) -- C:\Program Files\CyberLink\Shared files\RichVideo.exe File not found
SRV - (HssSrv) -- C:\Program Files\Hotspot Shield\HssWPR\HssSrv.exe (AnchorFree Inc.)
SRV - (hshld) -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe (AnchorFree Inc.)
SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
SRV - (HssTrayService) -- C:\Program Files\Hotspot Shield\bin\HSSTrayService.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)


========== Driver Services (SafeList) ==========

DRV - (USBCCID) -- system32\DRIVERS\RtsUCcid.sys File not found
DRV - (RtsUIR) -- system32\DRIVERS\Rts516xIR.sys File not found
DRV - (mbr) -- C:\Users\Muj\AppData\Local\Temp\mbr.sys File not found
DRV - (taphss6) -- C:\Windows\System32\drivers\taphss6.sys (Anchorfree Inc.)
DRV - (HssDRV6) -- C:\Windows\System32\drivers\hssdrv6.sys (AnchorFree Inc.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (NETw5s32) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- C:\Program Files\CyberLink\PowerDVD8\000.fcl (CyberLink Corp.)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation)
DRV - (wsvd) -- C:\Windows\System32\drivers\wsvd.sys (CyberLink)
DRV - (netw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (CLBStor) -- C:\Windows\System32\drivers\CLBStor.sys (Cyberlink Co.,Ltd.)
DRV - (CLBUDF) -- C:\Windows\System32\drivers\CLBUDF.sys (CyberLink Corporation.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lge.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "news.bbc.co.uk"
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: afurladvisor%40anchorfree.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.5
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/09/10 18:51:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/02 03:57:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/24 13:15:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/08/19 04:03:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012/12/04 04:58:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012/12/04 04:58:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012/12/04 04:58:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012/12/04 04:58:17 | 000,000,000 | ---D | M]

[2010/05/22 03:40:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Muj\AppData\Roaming\Mozilla\Extensions
[2012/08/30 19:45:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Muj\AppData\Roaming\Mozilla\Firefox\Profiles\eb40qmqx.default\extensions
[2010/07/30 07:26:34 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Users\Muj\AppData\Roaming\Mozilla\Firefox\Profiles\eb40qmqx.default\extensions\YoutubeDownloader@PeterOlayev.com
[2012/08/30 19:45:24 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Muj\AppData\Roaming\Mozilla\Firefox\Profiles\eb40qmqx.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012/08/19 04:03:42 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/12/04 04:58:15 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\AFURLADVISOR@ANCHORFREE.COM

O1 HOSTS File: ([2009/06/11 01:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [InstantBurn] C:\Program Files\CyberLink\InstantBurn\Win2K\IBurn.exe (CyberLink Corporation.)
O4 - HKLM..\Run: [KeybdUtility] C:\Program Files\LG Software\LG OSD\HotKey.exe (LG Electronics)
O4 - HKLM..\Run: [LG Intelligent Update] C:\Program Files\lg_swupdate\giljabistart.exe (BIT LEADER)
O4 - HKLM..\Run: [LG Magnifier] C:\Program Files\LG Software\LG Magnifier\MagnifyingGlass.exe (LG Electronics Inc.)
O4 - HKLM..\Run: [LGSR_Menu] C:\Program Files\LG Software\LG Smart Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [zOSD] C:\Program Files\LG Software\LG OSD\HotKey.exe (LG Electronics)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Users\Muj\Desktop\EmpirePoker.lnk ()
O9 - Extra 'Tools' menuitem : EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Users\Muj\Desktop\EmpirePoker.lnk ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_09)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E37D90A9-8D1D-42C1-ACFC-1E229D83E89A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 01:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2002/03/01 22:35:37 | 000,000,094 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/04 22:36:21 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Muj\Desktop\aswMBR.exe
[2012/12/04 22:36:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Muj\Desktop\OTL.exe
[2012/12/04 05:56:25 | 000,000,000 | R--D | C] -- C:\Users\Muj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2012/12/01 19:48:04 | 000,000,000 | ---D | C] -- C:\Users\Muj\AppData\Local\{5F00E561-1AE0-40DA-A9BD-7B8F576CE9C1}
[2012/11/23 18:53:27 | 000,000,000 | ---D | C] -- C:\Users\Muj\AppData\Local\{AE020CC4-DF4A-4ADD-B8F6-6A9A5FB9732C}
[2012/11/16 19:00:56 | 000,000,000 | ---D | C] -- C:\Users\Muj\AppData\Local\{14C0E998-659D-4C9E-8FBA-C4BB37DB2E7E}
[2012/11/16 05:41:55 | 000,000,000 | ---D | C] -- C:\Users\Muj\AppData\Local\{C065D431-F4B5-4BBD-B4F2-C8E9761118C9}
[2012/11/15 05:36:52 | 000,035,592 | ---- | C] (Anchorfree Inc.) -- C:\Windows\System32\drivers\taphss6.sys
[2012/11/15 05:29:54 | 000,035,592 | ---- | C] (AnchorFree Inc.) -- C:\Windows\System32\drivers\hssdrv6.sys

========== Files - Modified Within 30 Days ==========

[2012/12/04 22:37:26 | 101,995,153 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/12/04 22:36:54 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Muj\Desktop\aswMBR.exe
[2012/12/04 22:36:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Muj\Desktop\OTL.exe
[2012/12/04 22:33:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/04 06:48:45 | 000,013,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/04 06:48:45 | 000,013,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/04 06:01:55 | 000,632,544 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/12/04 06:01:55 | 000,114,504 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/12/04 05:55:39 | 2390,114,304 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/04 04:58:38 | 000,000,855 | ---- | M] () -- C:\Users\Muj\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/12/02 18:30:03 | 000,313,035 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/11/23 18:59:49 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield Launch.lnk
[2012/11/16 18:56:31 | 000,435,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/15 05:36:52 | 000,035,592 | ---- | M] (Anchorfree Inc.) -- C:\Windows\System32\drivers\taphss6.sys
[2012/11/15 05:29:54 | 000,035,592 | ---- | M] (AnchorFree Inc.) -- C:\Windows\System32\drivers\hssdrv6.sys

========== Files Created - No Company Name ==========

[2012/11/16 05:49:14 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/16 05:48:17 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/07/08 14:17:13 | 000,088,656 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2012/01/29 22:13:56 | 000,007,599 | ---- | C] () -- C:\Users\Muj\AppData\Local\Resmon.ResmonCfg
[2011/09/15 10:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2011/06/10 14:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/02/14 08:05:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/26 04:47:04 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== ZeroAccess Check ==========

[2009/07/14 08:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 08:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 16:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 05:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/05/23 01:32:52 | 000,000,000 | -HSD | M] -- C:\Users\Muj\AppData\Roaming\.#
[2012/01/21 03:25:38 | 000,000,000 | ---D | M] -- C:\Users\Muj\AppData\Roaming\AVG2012
[2010/05/22 06:11:40 | 000,000,000 | ---D | M] -- C:\Users\Muj\AppData\Roaming\AVG9
[2010/05/23 01:31:40 | 000,000,000 | ---D | M] -- C:\Users\Muj\AppData\Roaming\GameConsole
[2010/05/23 03:31:42 | 000,000,000 | ---D | M] -- C:\Users\Muj\AppData\Roaming\GetRightToGo

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:15024E60
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:814B9485

< End of report >

Extra.txt was not produced this time ...... I ran otl again just to make sure, and extras.txt was not produced ... minimized or otherwise...


aswMBR.txt

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-04 22:55:04
-----------------------------
22:55:04.829 OS Version: Windows 6.1.7601 Service Pack 1
22:55:04.829 Number of processors: 2 586 0x170A
22:55:04.839 ComputerName: MUJ-PC UserName: Muj
22:55:05.629 Initialize success
22:56:38.823 AVAST engine defs: 12120400
22:57:16.736 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:57:16.752 Disk 0 Vendor: FUJITSU_ 0000 Size: 476940MB BusType: 3
22:57:16.767 Disk 0 MBR read successfully
22:57:16.783 Disk 0 MBR scan
22:57:16.783 Disk 0 unknown MBR code
22:57:16.798 Disk 0 Partition 1 00 12 Compaq diag NTFS 1536 MB offset 2048
22:57:16.830 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 51200 MB offset 3147776
22:57:16.845 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 413961 MB offset 108005376
22:57:16.892 Disk 0 Partition 4 00 12 Compaq diag NTFS 10241 MB offset 955797504
22:57:16.923 Disk 0 scanning sectors +976771072
22:57:16.970 Disk 0 scanning C:\Windows\system32\drivers
22:57:28.463 Service scanning
22:58:09.393 Modules scanning
22:58:31.993 Disk 0 trace - called modules:
22:58:32.009 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
22:58:32.024 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86cde820]
22:58:32.024 3 CLASSPNP.SYS[8bae659e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85ec2028]
22:58:32.617 AVAST engine scan C:\Windows
22:58:34.252 AVAST engine scan C:\Windows\system32
23:02:14.600 AVAST engine scan C:\Windows\system32\drivers
23:02:30.563 AVAST engine scan C:\Users\Muj
23:19:13.707 AVAST engine scan C:\ProgramData
23:20:39.028 Scan finished successfully
23:20:51.678 Disk 0 MBR has been saved successfully to "C:\Users\Muj\Desktop\MBR.dat"
23:20:51.678 The log file has been saved successfully to "C:\Users\Muj\Desktop\aswMBR.txt"
MrWhitefolks
Regular Member
 
Posts: 21
Joined: December 4th, 2012, 2:35 am

Re: I believe it is a malware infection .. would appreciate

Unread postby Cypher » December 4th, 2012, 3:59 pm

Hi,
Thank you for your help

You're welcome.
Continue with the instructions below please, once done give me an update on your computers performance.

Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following if present.
Adobe Reader 9.5.2
Java(TM) SE Development Kit 7 Update 2

Next.

Update Adobe Reader

  • You should Download and Install the newest version of Adobe Reader for reading pdf files.
  • Older versions may have vulnerabilities that malware can use to infect your system.
  • Go Here to download and install Adobe Reader X (11.0).
  • Note: Uncheck install McAfee Security Scan Plus


Next.

Please download Malwarebytes' Anti-Malware and save to your desktop.
  • Right-click mbam-setup.exe and select " Run as administrator " to run it.
  • Follow the prompts and at the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you wish)
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Next.

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :commands
    [createrestorepoint]
    
    :otl
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lge.com
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    FF - prefs.js..extensions.enabledAddons: afurladvisor%40anchorfree.com:1.0
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
    FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.5
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    [2012/12/01 19:48:04 | 000,000,000 | ---D | C] -- C:\Users\Muj\AppData\Local\{5F00E561-1AE0-40DA-A9BD-7B8F576CE9C1}
    [2012/11/23 18:53:27 | 000,000,000 | ---D | C] -- C:\Users\Muj\AppData\Local\{AE020CC4-DF4A-4ADD-B8F6-6A9A5FB9732C}
    [2012/11/16 19:00:56 | 000,000,000 | ---D | C] -- C:\Users\Muj\AppData\Local\{14C0E998-659D-4C9E-8FBA-C4BB37DB2E7E}
    [2012/11/16 05:41:55 | 000,000,000 | ---D | C] -- C:\Users\Muj\AppData\Local\{C065D431-F4B5-4BBD-B4F2-C8E9761118C9}
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:4CF61E54
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:15024E60
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:814B9485
    
    :files
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    [resethosts]
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


Logs/Information to Post in your Next Reply

  • Malwarebytes log.
  • OTL Fix log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: I believe it is a malware infection .. would appreciate

Unread postby MrWhitefolks » December 4th, 2012, 4:53 pm

Cypher

Thank you again for your efforts ... I really appreciate it

I have performed all tasks as requested. I should note that for the last few hours I have not had any redirects ....
Normally they come in pretty heavily overnight, so I should be able to give you a better picture of my pc's performance then ...


As for the logs requested ....

Kindly note at the end of the malwarebytes scan, no option to ' Show Results ' was available ...... scan showed no threats and the log immediately presented itself


MBAM- LOG

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.04.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Muj :: MUJ-PC [administrator]

05/12/2012 12:21:58 AM
mbam-log-2012-12-05 (00-21-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227868
Time elapsed: 9 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

OTL FIX LOG

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Prefs.js: afurladvisor%40anchorfree.com:1.0 removed from extensions.enabledAddons
Prefs.js: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 removed from extensions.enabledAddons
Prefs.js: YoutubeDownloader@PeterOlayev.com:1.5 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
C:\Users\Muj\AppData\Local\{5F00E561-1AE0-40DA-A9BD-7B8F576CE9C1} folder moved successfully.
C:\Users\Muj\AppData\Local\{AE020CC4-DF4A-4ADD-B8F6-6A9A5FB9732C} folder moved successfully.
C:\Users\Muj\AppData\Local\{14C0E998-659D-4C9E-8FBA-C4BB37DB2E7E} folder moved successfully.
C:\Users\Muj\AppData\Local\{C065D431-F4B5-4BBD-B4F2-C8E9761118C9} folder moved successfully.
ADS C:\ProgramData\Temp:4CF61E54 deleted successfully.
ADS C:\ProgramData\Temp:15024E60 deleted successfully.
ADS C:\ProgramData\Temp:814B9485 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Muj\Desktop\cmd.bat deleted successfully.
C:\Users\Muj\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 185934 bytes
->Temporary Internet Files folder emptied: 41140650 bytes
->Flash cache emptied: 42270 bytes

User: Muj
->Temp folder emptied: 7110995493 bytes
->Temporary Internet Files folder emptied: 174412634 bytes
->Java cache emptied: 13730872 bytes
->FireFox cache emptied: 390630925 bytes
->Flash cache emptied: 47405 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 150849573 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 741 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7,517.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 12052012_003542

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
MrWhitefolks
Regular Member
 
Posts: 21
Joined: December 4th, 2012, 2:35 am

Re: I believe it is a malware infection .. would appreciate

Unread postby MrWhitefolks » December 4th, 2012, 5:53 pm

Hello Again

Unfortunately the problem persists ..... its the same two websites as previously mentioned

Ib.adnxs.com/click? [and then random variables} and seth.avazutracking.net/tracking/redirect/redirect.php {and then random variables} ....

this combination of websites then throws me onto an advertisement
MrWhitefolks
Regular Member
 
Posts: 21
Joined: December 4th, 2012, 2:35 am

Re: I believe it is a malware infection .. would appreciate

Unread postby Cypher » December 5th, 2012, 6:18 am

Hi,
Firefox is opening tabs with urls to adverts

Can you confirm that FireFox is the only browser that this happens with?
Do these adverts appear when using Internet Explorer?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: I believe it is a malware infection .. would appreciate

Unread postby MrWhitefolks » December 5th, 2012, 6:45 am

Hello Cypher

I just used IE for a short while and can confirm that it is also affecting IE.

I checked internet history, and found a cookie from adnxs ...... I did not allow this cookie, nor do I use IE ever ....
MrWhitefolks
Regular Member
 
Posts: 21
Joined: December 4th, 2012, 2:35 am

Re: I believe it is a malware infection .. would appreciate

Unread postby Cypher » December 5th, 2012, 7:05 am

Hi,
Ok run the below scan for me please.

Download and Run ComboFix

  • Please download ComboFix from one of the following links.

    Link 1.

    Link 2.

    **IMPORTANT !!! Save ComboFix.exe to your Desktop**
  • Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  • Double click on ComboFix.exe & follow the prompts
  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: I believe it is a malware infection .. would appreciate

Unread postby MrWhitefolks » December 5th, 2012, 8:06 am

Hello Cypher

As requested, here is the log from Combofix ....



ComboFix 12-12-04.01 - Muj 05/12/2012 15:57:46.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3039.1836 [GMT 4:00]
Running from: c:\users\Muj\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Java\jre7\bin\ssv.dll
c:\programdata\FullRemove.exe
c:\users\Muj\AppData\Roaming\.#
c:\windows\lgcenter.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-11-05 to 2012-12-05 )))))))))))))))))))))))))))))))
.
.
2012-12-05 12:02 . 2012-12-05 12:02 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-12-05 12:02 . 2012-12-05 12:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-04 20:35 . 2012-12-04 20:35 -------- d-----w- C:\_OTL
2012-12-04 20:20 . 2012-12-04 20:20 -------- d-----w- c:\users\Muj\AppData\Roaming\Malwarebytes
2012-12-04 20:20 . 2012-12-04 20:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-04 20:20 . 2012-12-04 20:20 -------- d-----w- c:\programdata\Malwarebytes
2012-12-04 20:20 . 2012-09-29 15:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-16 01:49 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 01:49 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 01:49 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 01:48 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 01:48 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 01:48 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 01:48 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 01:48 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-16 01:48 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 01:48 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 01:46 . 2012-10-03 16:58 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-16 01:46 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-16 01:46 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-11-16 01:46 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-16 01:46 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-16 01:46 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-16 01:46 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-16 01:46 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-16 01:46 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-16 01:46 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-16 01:46 . 2012-10-18 17:59 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-16 01:46 . 2012-09-25 22:47 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 01:36 . 2012-11-15 01:36 35592 ----a-w- c:\windows\system32\drivers\taphss6.sys
2012-11-15 01:29 . 2012-11-15 01:29 35592 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-16 01:46 . 2012-07-08 10:18 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-16 01:46 . 2011-06-02 11:49 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-26 03:46 . 2012-10-26 03:46 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-16 07:39 . 2012-12-02 14:29 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-09-24 19:16 . 2012-10-24 09:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-14 18:28 . 2012-10-11 19:14 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-09 17:29 . 2012-01-20 00:25 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-09 17:29 . 2010-10-04 01:18 746984 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"LG Magnifier"="c:\program files\LG Software\LG Magnifier\MagnifyingGlass.exe" [2008-05-20 144688]
"LGSR_Menu"="c:\program files\LG Software\LG Smart Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"LG Intelligent Update"="c:\program files\lg_swupdate\giljabistart.exe" [2009-07-17 308528]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-18 7707168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-28 13797920]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"zOSD"="c:\program files\LG Software\LG OSD\HotKey.exe" [2009-10-19 3670016]
"KeybdUtility"="c:\program files\LG Software\LG OSD\HotKey.exe" [2009-10-19 3670016]
"InstantBurn"="c:\progra~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe" [2009-03-11 681256]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2009-03-19 210216]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-17 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-08-28 75048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-12-01 296056]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 CLBStor;InstantBurn Storage Helper Driver; [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [x]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/05/22 12:35];c:\program files\CyberLink\PowerDVD8\000.fcl [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x]
S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [x]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
GPSvcGroup REG_MULTI_SZ GPSvc
.
.
------- Supplementary Scan -------
.
uStart Page =
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Muj\AppData\Roaming\Mozilla\Firefox\Profiles\eb40qmqx.default\
FF - prefs.js: browser.startup.homepage - news.bbc.co.uk
FF - ExtSQL: 2019-09-26 07:40; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\users\Muj\AppData\Roaming\Mozilla\Firefox\Profiles\eb40qmqx.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-Winamp PowerPlayer - d:\program files\Winamp\uninst_pwrplay.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-05 16:03:09
ComboFix-quarantined-files.txt 2012-12-05 12:03
.
Pre-Run: 22,313,271,296 bytes free
Post-Run: 22,215,106,560 bytes free
.
- - End Of File - - 24F8238514944C566514326C5F0C95CC
MrWhitefolks
Regular Member
 
Posts: 21
Joined: December 4th, 2012, 2:35 am

Re: I believe it is a malware infection .. would appreciate

Unread postby Cypher » December 5th, 2012, 11:39 am

Hi,
How is your computer performing now, are your searches still redirected?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: I believe it is a malware infection .. would appreciate

Unread postby MrWhitefolks » December 5th, 2012, 12:50 pm

Hello Cypher

Unfortunately it still persists .... I just got a redirect not one minute ago using firefox

edit ... and two more since posting
MrWhitefolks
Regular Member
 
Posts: 21
Joined: December 4th, 2012, 2:35 am

Re: I believe it is a malware infection .. would appreciate

Unread postby Cypher » December 5th, 2012, 1:12 pm

Hi,
It's proving tricky to track down the cause of these redirects.
I realise you have run TDSSKiller already, but i need you to run it again.

Please download TDSSKiller and save it to your Desktop.

  • Right click TDSSKiller.exe and select " Run as administrator " to run it.
  • Under Additional Options check Verify file digital signatures
  • IMPORTANT: Ensure Detect TDLFS file system remains UNchecked.
  • Click Start scan and allow it to scan for Malicious objects.

    • If Malicious objects are detected, the default action will be Cure, ensure Cure is selected then click Continue
    • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue
    • If Unsigned files are detected, the default action will be Skip, ensure Skip is selected then click Continue

    DO NOT change the default actions.

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt.
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents in your next reply

Next.

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Uninstall.
  • Confirm with yes.

Logs/Information to Post in your Next Reply

  • TDSSKiller log.
  • AdwCleaner log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: I believe it is a malware infection .. would appreciate

Unread postby MrWhitefolks » December 5th, 2012, 1:25 pm

Hello Cypher

Here are the logs as per your instructions

TDSSKILLER (no threats detected)


21:17:46.0775 5216 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:17:47.0228 5216 ============================================================
21:17:47.0228 5216 Current date / time: 2012/12/05 21:17:47.0228
21:17:47.0228 5216 SystemInfo:
21:17:47.0228 5216
21:17:47.0228 5216 OS Version: 6.1.7601 ServicePack: 1.0
21:17:47.0228 5216 Product type: Workstation
21:17:47.0228 5216 ComputerName: MUJ-PC
21:17:47.0228 5216 UserName: Muj
21:17:47.0228 5216 Windows directory: C:\Windows
21:17:47.0228 5216 System windows directory: C:\Windows
21:17:47.0228 5216 Processor architecture: Intel x86
21:17:47.0228 5216 Number of processors: 2
21:17:47.0228 5216 Page size: 0x1000
21:17:47.0228 5216 Boot type: Normal boot
21:17:47.0228 5216 ============================================================
21:17:48.0008 5216 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:17:48.0008 5216 ============================================================
21:17:48.0008 5216 \Device\Harddisk0\DR0:
21:17:48.0008 5216 MBR partitions:
21:17:48.0008 5216 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x300800, BlocksNum 0x6400000
21:17:48.0008 5216 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x6700800, BlocksNum 0x32884800
21:17:48.0008 5216 ============================================================
21:17:48.0039 5216 C: <-> \Device\Harddisk0\DR0\Partition1
21:17:48.0055 5216 D: <-> \Device\Harddisk0\DR0\Partition2
21:17:48.0055 5216 ============================================================
21:17:48.0055 5216 Initialize success
21:17:48.0055 5216 ============================================================
21:18:38.0287 5148 ============================================================
21:18:38.0287 5148 Scan started
21:18:38.0287 5148 Mode: Manual; SigCheck;
21:18:38.0287 5148 ============================================================
21:18:38.0724 5148 ================ Scan system memory ========================
21:18:38.0724 5148 System memory - ok
21:18:38.0724 5148 ================ Scan services =============================
21:18:38.0973 5148 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:18:39.0082 5148 1394ohci - ok
21:18:39.0098 5148 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:18:39.0114 5148 ACPI - ok
21:18:39.0160 5148 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:18:39.0254 5148 AcpiPmi - ok
21:18:39.0316 5148 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:18:39.0348 5148 AdobeARMservice - ok
21:18:39.0410 5148 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:18:39.0441 5148 adp94xx - ok
21:18:39.0457 5148 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:18:39.0472 5148 adpahci - ok
21:18:39.0488 5148 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:18:39.0504 5148 adpu320 - ok
21:18:39.0519 5148 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:18:39.0566 5148 AeLookupSvc - ok
21:18:39.0613 5148 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
21:18:39.0675 5148 AFD - ok
21:18:39.0706 5148 [ 6416F9B6B220F0A890525C38235AFAD7 ] AgereModemAudio C:\Program Files\LSI SoftModem\agrsmsvc.exe
21:18:39.0722 5148 AgereModemAudio - ok
21:18:39.0769 5148 [ 7C4297D354445AD0A3435889A2E4CAC2 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
21:18:39.0847 5148 AgereSoftModem - ok
21:18:39.0878 5148 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
21:18:39.0894 5148 agp440 - ok
21:18:39.0940 5148 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
21:18:39.0972 5148 aic78xx - ok
21:18:40.0018 5148 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
21:18:40.0050 5148 ALG - ok
21:18:40.0096 5148 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
21:18:40.0112 5148 aliide - ok
21:18:40.0128 5148 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:18:40.0143 5148 amdagp - ok
21:18:40.0159 5148 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
21:18:40.0174 5148 amdide - ok
21:18:40.0190 5148 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:18:40.0221 5148 AmdK8 - ok
21:18:40.0237 5148 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:18:40.0252 5148 AmdPPM - ok
21:18:40.0284 5148 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:18:40.0299 5148 amdsata - ok
21:18:40.0315 5148 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:18:40.0330 5148 amdsbs - ok
21:18:40.0330 5148 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:18:40.0346 5148 amdxata - ok
21:18:40.0377 5148 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
21:18:40.0408 5148 AppID - ok
21:18:40.0440 5148 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:18:40.0471 5148 AppIDSvc - ok
21:18:40.0502 5148 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
21:18:40.0549 5148 Appinfo - ok
21:18:40.0596 5148 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
21:18:40.0611 5148 arc - ok
21:18:40.0611 5148 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:18:40.0627 5148 arcsas - ok
21:18:40.0658 5148 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:18:40.0752 5148 AsyncMac - ok
21:18:40.0783 5148 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
21:18:40.0798 5148 atapi - ok
21:18:40.0845 5148 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:18:40.0892 5148 AudioEndpointBuilder - ok
21:18:40.0939 5148 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:18:40.0986 5148 Audiosrv - ok
21:18:41.0173 5148 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
21:18:41.0251 5148 AVGIDSAgent - ok
21:18:41.0313 5148 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
21:18:41.0329 5148 AVGIDSDriver - ok
21:18:41.0344 5148 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfilterx.sys
21:18:41.0360 5148 AVGIDSFilter - ok
21:18:41.0376 5148 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
21:18:41.0391 5148 AVGIDSHX - ok
21:18:41.0407 5148 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
21:18:41.0422 5148 AVGIDSShim - ok
21:18:41.0469 5148 [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
21:18:41.0500 5148 Avgldx86 - ok
21:18:41.0532 5148 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
21:18:41.0547 5148 Avgmfx86 - ok
21:18:41.0594 5148 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
21:18:41.0625 5148 Avgrkx86 - ok
21:18:41.0641 5148 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
21:18:41.0656 5148 Avgtdix - ok
21:18:41.0703 5148 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
21:18:41.0703 5148 avgwd - ok
21:18:41.0750 5148 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:18:41.0781 5148 AxInstSV - ok
21:18:41.0828 5148 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
21:18:41.0859 5148 b06bdrv - ok
21:18:41.0890 5148 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
21:18:41.0890 5148 b57nd60x - ok
21:18:41.0937 5148 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
21:18:41.0984 5148 BDESVC - ok
21:18:42.0015 5148 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
21:18:42.0062 5148 Beep - ok
21:18:42.0109 5148 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
21:18:42.0171 5148 BFE - ok
21:18:42.0187 5148 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
21:18:42.0280 5148 BITS - ok
21:18:42.0327 5148 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:18:42.0358 5148 blbdrive - ok
21:18:42.0405 5148 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:18:42.0436 5148 bowser - ok
21:18:42.0452 5148 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:18:42.0514 5148 BrFiltLo - ok
21:18:42.0546 5148 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:18:42.0592 5148 BrFiltUp - ok
21:18:42.0608 5148 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
21:18:42.0655 5148 BridgeMP - ok
21:18:42.0686 5148 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
21:18:42.0702 5148 Browser - ok
21:18:42.0733 5148 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:18:42.0764 5148 Brserid - ok
21:18:42.0780 5148 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:18:42.0795 5148 BrSerWdm - ok
21:18:42.0811 5148 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:18:42.0826 5148 BrUsbMdm - ok
21:18:42.0842 5148 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:18:42.0873 5148 BrUsbSer - ok
21:18:42.0904 5148 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
21:18:42.0998 5148 BthEnum - ok
21:18:43.0029 5148 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:18:43.0076 5148 BTHMODEM - ok
21:18:43.0092 5148 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
21:18:43.0123 5148 BthPan - ok
21:18:43.0154 5148 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
21:18:43.0201 5148 BTHPORT - ok
21:18:43.0232 5148 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
21:18:43.0279 5148 bthserv - ok
21:18:43.0294 5148 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
21:18:43.0326 5148 BTHUSB - ok
21:18:43.0357 5148 [ F549C3FB145A4928E40BB1518B2034DC ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
21:18:43.0388 5148 btusbflt - ok
21:18:43.0435 5148 [ D57D29132EFE13A83133D9BD449E0CF1 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
21:18:43.0450 5148 btwaudio - ok
21:18:43.0466 5148 [ D282C14A69357D0E1BAFAECC2CA98C3A ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
21:18:43.0482 5148 btwavdt - ok
21:18:43.0560 5148 [ F7434401AE320BB97903A3C1865242FB ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
21:18:43.0591 5148 btwdins - ok
21:18:43.0606 5148 [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
21:18:43.0606 5148 btwl2cap - ok
21:18:43.0653 5148 [ 02EB4D2B05967DF2D32F29C84AB1FB17 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
21:18:43.0653 5148 btwrchid - ok
21:18:43.0700 5148 catchme - ok
21:18:43.0747 5148 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:18:43.0794 5148 cdfs - ok
21:18:43.0840 5148 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
21:18:43.0872 5148 cdrom - ok
21:18:43.0918 5148 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
21:18:43.0965 5148 CertPropSvc - ok
21:18:43.0996 5148 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:18:44.0028 5148 circlass - ok
21:18:44.0059 5148 [ E092C6C26BD0FB857003FD628E440518 ] CLBStor C:\Windows\system32\drivers\CLBStor.sys
21:18:44.0074 5148 CLBStor - ok
21:18:44.0106 5148 [ 58A224C83BCEAB22C5B0B5DEF92A2E1C ] CLBUDF C:\Windows\system32\drivers\CLBUDF.sys
21:18:44.0121 5148 CLBUDF - ok
21:18:44.0152 5148 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
21:18:44.0184 5148 CLFS - ok
21:18:44.0246 5148 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:18:44.0262 5148 clr_optimization_v2.0.50727_32 - ok
21:18:44.0308 5148 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:18:44.0340 5148 clr_optimization_v4.0.30319_32 - ok
21:18:44.0371 5148 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:18:44.0402 5148 CmBatt - ok
21:18:44.0418 5148 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:18:44.0433 5148 cmdide - ok
21:18:44.0464 5148 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
21:18:44.0480 5148 CNG - ok
21:18:44.0511 5148 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:18:44.0527 5148 Compbatt - ok
21:18:44.0558 5148 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:18:44.0589 5148 CompositeBus - ok
21:18:44.0605 5148 COMSysApp - ok
21:18:44.0620 5148 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:18:44.0620 5148 crcdisk - ok
21:18:44.0667 5148 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:18:44.0683 5148 CryptSvc - ok
21:18:44.0698 5148 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
21:18:44.0745 5148 DcomLaunch - ok
21:18:44.0776 5148 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
21:18:44.0808 5148 defragsvc - ok
21:18:44.0839 5148 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:18:44.0886 5148 DfsC - ok
21:18:44.0964 5148 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
21:18:44.0995 5148 Dhcp - ok
21:18:45.0026 5148 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
21:18:45.0073 5148 discache - ok
21:18:45.0088 5148 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:18:45.0104 5148 Disk - ok
21:18:45.0135 5148 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:18:45.0166 5148 Dnscache - ok
21:18:45.0182 5148 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
21:18:45.0229 5148 dot3svc - ok
21:18:45.0260 5148 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
21:18:45.0291 5148 DPS - ok
21:18:45.0322 5148 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:18:45.0369 5148 drmkaud - ok
21:18:45.0416 5148 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:18:45.0463 5148 DXGKrnl - ok
21:18:45.0494 5148 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
21:18:45.0525 5148 EapHost - ok
21:18:45.0619 5148 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
21:18:45.0712 5148 ebdrv - ok
21:18:45.0744 5148 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
21:18:45.0759 5148 EFS - ok
21:18:45.0837 5148 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:18:45.0884 5148 ehRecvr - ok
21:18:45.0915 5148 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
21:18:45.0946 5148 ehSched - ok
21:18:45.0993 5148 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:18:46.0024 5148 elxstor - ok
21:18:46.0056 5148 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:18:46.0087 5148 ErrDev - ok
21:18:46.0134 5148 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
21:18:46.0180 5148 EventSystem - ok
21:18:46.0212 5148 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
21:18:46.0227 5148 exfat - ok
21:18:46.0258 5148 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:18:46.0305 5148 fastfat - ok
21:18:46.0352 5148 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
21:18:46.0399 5148 Fax - ok
21:18:46.0446 5148 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:18:46.0461 5148 fdc - ok
21:18:46.0477 5148 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
21:18:46.0508 5148 fdPHost - ok
21:18:46.0508 5148 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
21:18:46.0555 5148 FDResPub - ok
21:18:46.0570 5148 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:18:46.0570 5148 FileInfo - ok
21:18:46.0586 5148 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:18:46.0617 5148 Filetrace - ok
21:18:46.0648 5148 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:18:46.0695 5148 flpydisk - ok
21:18:46.0711 5148 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:18:46.0742 5148 FltMgr - ok
21:18:46.0773 5148 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
21:18:46.0804 5148 FontCache - ok
21:18:46.0867 5148 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:18:46.0898 5148 FontCache3.0.0.0 - ok
21:18:46.0914 5148 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:18:46.0945 5148 FsDepends - ok
21:18:46.0960 5148 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:18:46.0976 5148 Fs_Rec - ok
21:18:47.0023 5148 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:18:47.0054 5148 fvevol - ok
21:18:47.0101 5148 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:18:47.0116 5148 gagp30kx - ok
21:18:47.0148 5148 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
21:18:47.0194 5148 gpsvc - ok
21:18:47.0226 5148 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:18:47.0241 5148 hcw85cir - ok
21:18:47.0304 5148 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:18:47.0350 5148 HdAudAddService - ok
21:18:47.0382 5148 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:18:47.0413 5148 HDAudBus - ok
21:18:47.0444 5148 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:18:47.0460 5148 HidBatt - ok
21:18:47.0475 5148 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:18:47.0506 5148 HidBth - ok
21:18:47.0522 5148 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:18:47.0553 5148 HidIr - ok
21:18:47.0569 5148 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
21:18:47.0600 5148 hidserv - ok
21:18:47.0631 5148 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
21:18:47.0647 5148 HidUsb - ok
21:18:47.0678 5148 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:18:47.0694 5148 hkmsvc - ok
21:18:47.0725 5148 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:18:47.0740 5148 HomeGroupListener - ok
21:18:47.0787 5148 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:18:47.0818 5148 HomeGroupProvider - ok
21:18:47.0865 5148 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:18:47.0896 5148 HpSAMD - ok
21:18:47.0974 5148 [ 1664905CC1F7F176F8A592720D9629B9 ] hshld C:\Program Files\Hotspot Shield\bin\openvpnas.exe
21:18:48.0006 5148 hshld - ok
21:18:48.0052 5148 [ C08EC566056CCB470B2B98C0612BC0DB ] HssDRV6 C:\Windows\system32\DRIVERS\hssdrv6.sys
21:18:48.0052 5148 HssDRV6 - ok
21:18:48.0130 5148 [ 3EC456E454E7CF930B6B2FF3D1A9ED2F ] HssSrv C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
21:18:48.0146 5148 HssSrv - ok
21:18:48.0177 5148 [ 8B20915B82ACFE7108C3BFA45C0383AE ] HssTrayService C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
21:18:48.0208 5148 HssTrayService - ok
21:18:48.0255 5148 [ 35E91DF99B8CEAA477E0AB86052475D6 ] HssWd C:\Program Files\Hotspot Shield\bin\hsswd.exe
21:18:48.0286 5148 HssWd - ok
21:18:48.0333 5148 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:18:48.0380 5148 HTTP - ok
21:18:48.0396 5148 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:18:48.0411 5148 hwpolicy - ok
21:18:48.0458 5148 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:18:48.0489 5148 i8042prt - ok
21:18:48.0567 5148 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:18:48.0583 5148 IAANTMON - ok
21:18:48.0614 5148 [ D483687EACE0C065EE772481A96E05F5 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:18:48.0614 5148 iaStor - ok
21:18:48.0645 5148 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:18:48.0661 5148 iaStorV - ok
21:18:48.0723 5148 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:18:48.0770 5148 idsvc - ok
21:18:48.0926 5148 [ AD626F6964F4D364D226C39E06872DD3 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
21:18:49.0082 5148 igfx - ok
21:18:49.0098 5148 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:18:49.0113 5148 iirsp - ok
21:18:49.0160 5148 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
21:18:49.0222 5148 IKEEXT - ok
21:18:49.0332 5148 [ D3D2F68CF450BFCF780B0BA94E41E68B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
21:18:49.0456 5148 IntcAzAudAddService - ok
21:18:49.0503 5148 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
21:18:49.0519 5148 intelide - ok
21:18:49.0566 5148 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:18:49.0597 5148 intelppm - ok
21:18:49.0628 5148 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:18:49.0675 5148 IPBusEnum - ok
21:18:49.0690 5148 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:18:49.0753 5148 IpFilterDriver - ok
21:18:49.0815 5148 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:18:49.0893 5148 iphlpsvc - ok
21:18:49.0924 5148 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:18:49.0971 5148 IPMIDRV - ok
21:18:49.0987 5148 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:18:50.0034 5148 IPNAT - ok
21:18:50.0049 5148 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:18:50.0112 5148 IRENUM - ok
21:18:50.0127 5148 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:18:50.0127 5148 isapnp - ok
21:18:50.0174 5148 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:18:50.0205 5148 iScsiPrt - ok
21:18:50.0221 5148 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
21:18:50.0236 5148 kbdclass - ok
21:18:50.0252 5148 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:18:50.0268 5148 kbdhid - ok
21:18:50.0283 5148 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
21:18:50.0299 5148 KeyIso - ok
21:18:50.0330 5148 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:18:50.0346 5148 KSecDD - ok
21:18:50.0361 5148 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:18:50.0408 5148 KSecPkg - ok
21:18:50.0424 5148 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
21:18:50.0470 5148 KtmRm - ok
21:18:50.0486 5148 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
21:18:50.0517 5148 LanmanServer - ok
21:18:50.0548 5148 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:18:50.0580 5148 LanmanWorkstation - ok
21:18:50.0626 5148 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:18:50.0658 5148 lltdio - ok
21:18:50.0704 5148 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:18:50.0736 5148 lltdsvc - ok
21:18:50.0751 5148 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
21:18:50.0782 5148 lmhosts - ok
21:18:50.0814 5148 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:18:50.0829 5148 LSI_FC - ok
21:18:50.0845 5148 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:18:50.0860 5148 LSI_SAS - ok
21:18:50.0860 5148 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:18:50.0876 5148 LSI_SAS2 - ok
21:18:50.0892 5148 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:18:50.0892 5148 LSI_SCSI - ok
21:18:50.0923 5148 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
21:18:50.0954 5148 luafv - ok
21:18:50.0985 5148 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:18:51.0016 5148 Mcx2Svc - ok
21:18:51.0032 5148 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:18:51.0048 5148 megasas - ok
21:18:51.0079 5148 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:18:51.0094 5148 MegaSR - ok
21:18:51.0126 5148 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
21:18:51.0172 5148 MMCSS - ok
21:18:51.0188 5148 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
21:18:51.0219 5148 Modem - ok
21:18:51.0250 5148 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:18:51.0266 5148 monitor - ok
21:18:51.0313 5148 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:18:51.0344 5148 mouclass - ok
21:18:51.0375 5148 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:18:51.0391 5148 mouhid - ok
21:18:51.0422 5148 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:18:51.0438 5148 mountmgr - ok
21:18:51.0453 5148 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
21:18:51.0453 5148 mpio - ok
21:18:51.0469 5148 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:18:51.0500 5148 mpsdrv - ok
21:18:51.0547 5148 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:18:51.0609 5148 MpsSvc - ok
21:18:51.0625 5148 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:18:51.0656 5148 MRxDAV - ok
21:18:51.0703 5148 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:18:51.0734 5148 mrxsmb - ok
21:18:51.0765 5148 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:18:51.0781 5148 mrxsmb10 - ok
21:18:51.0796 5148 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:18:51.0843 5148 mrxsmb20 - ok
21:18:51.0859 5148 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
21:18:51.0874 5148 msahci - ok
21:18:51.0921 5148 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:18:51.0952 5148 msdsm - ok
21:18:51.0968 5148 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
21:18:51.0984 5148 MSDTC - ok
21:18:52.0015 5148 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:18:52.0062 5148 Msfs - ok
21:18:52.0077 5148 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:18:52.0108 5148 mshidkmdf - ok
21:18:52.0140 5148 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:18:52.0140 5148 msisadrv - ok
21:18:52.0171 5148 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:18:52.0218 5148 MSiSCSI - ok
21:18:52.0218 5148 msiserver - ok
21:18:52.0249 5148 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:18:52.0280 5148 MSKSSRV - ok
21:18:52.0280 5148 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:18:52.0311 5148 MSPCLOCK - ok
21:18:52.0327 5148 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:18:52.0358 5148 MSPQM - ok
21:18:52.0358 5148 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:18:52.0374 5148 MsRPC - ok
21:18:52.0405 5148 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:18:52.0420 5148 mssmbios - ok
21:18:52.0452 5148 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:18:52.0483 5148 MSTEE - ok
21:18:52.0498 5148 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:18:52.0498 5148 MTConfig - ok
21:18:52.0514 5148 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
21:18:52.0530 5148 Mup - ok
21:18:52.0561 5148 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
21:18:52.0623 5148 napagent - ok
21:18:52.0670 5148 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:18:52.0701 5148 NativeWifiP - ok
21:18:52.0732 5148 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:18:52.0779 5148 NDIS - ok
21:18:52.0810 5148 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:18:52.0888 5148 NdisCap - ok
21:18:52.0904 5148 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:18:52.0951 5148 NdisTapi - ok
21:18:52.0982 5148 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:18:52.0998 5148 Ndisuio - ok
21:18:53.0029 5148 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:18:53.0060 5148 NdisWan - ok
21:18:53.0091 5148 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:18:53.0107 5148 NDProxy - ok
21:18:53.0138 5148 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:18:53.0169 5148 NetBIOS - ok
21:18:53.0200 5148 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:18:53.0263 5148 NetBT - ok
21:18:53.0278 5148 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
21:18:53.0294 5148 Netlogon - ok
21:18:53.0341 5148 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
21:18:53.0356 5148 Netman - ok
21:18:53.0372 5148 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
21:18:53.0419 5148 netprofm - ok
21:18:53.0481 5148 [ 652881F65B35564575255A0E05E23C55 ] netr28 C:\Windows\system32\DRIVERS\netr28.sys
21:18:53.0544 5148 netr28 - ok
21:18:53.0575 5148 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:18:53.0590 5148 NetTcpPortSharing - ok
21:18:53.0746 5148 [ 5B2DFA9C5C02DDF2A113CC0F551B59DF ] NETw5s32 C:\Windows\system32\DRIVERS\NETw5s32.sys
21:18:53.0934 5148 NETw5s32 - ok
21:18:54.0043 5148 [ AF1AE2E42B03395560B1CDE03230205C ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
21:18:54.0183 5148 netw5v32 - ok
21:18:54.0199 5148 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:18:54.0214 5148 nfrd960 - ok
21:18:54.0246 5148 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
21:18:54.0261 5148 NlaSvc - ok
21:18:54.0292 5148 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:18:54.0308 5148 Npfs - ok
21:18:54.0339 5148 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
21:18:54.0370 5148 nsi - ok
21:18:54.0370 5148 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:18:54.0402 5148 nsiproxy - ok
21:18:54.0448 5148 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:18:54.0526 5148 Ntfs - ok
21:18:54.0558 5148 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
21:18:54.0589 5148 Null - ok
21:18:54.0651 5148 [ D2F4C4B22969236382CA853B8DAA2D4E ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
21:18:54.0667 5148 NVHDA - ok
21:18:54.0885 5148 [ 64C6BA9AF2C21EDD20A3DFF1F71EA80E ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:18:55.0166 5148 nvlddmkm - ok
21:18:55.0197 5148 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:18:55.0213 5148 nvraid - ok
21:18:55.0228 5148 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:18:55.0244 5148 nvstor - ok
21:18:55.0306 5148 [ 1DEF5288C1BAA22D2B2554B873CDD664 ] nvsvc C:\Windows\system32\nvvsvc.exe
21:18:55.0338 5148 nvsvc - ok
21:18:55.0353 5148 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:18:55.0369 5148 nv_agp - ok
21:18:55.0400 5148 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:18:55.0447 5148 odserv - ok
21:18:55.0478 5148 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:18:55.0494 5148 ohci1394 - ok
21:18:55.0525 5148 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:18:55.0540 5148 ose - ok
21:18:55.0572 5148 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:18:55.0587 5148 p2pimsvc - ok
21:18:55.0618 5148 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
21:18:55.0618 5148 p2psvc - ok
21:18:55.0650 5148 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:18:55.0665 5148 Parport - ok
21:18:55.0696 5148 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:18:55.0712 5148 partmgr - ok
21:18:55.0712 5148 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
21:18:55.0743 5148 Parvdm - ok
21:18:55.0774 5148 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:18:55.0806 5148 PcaSvc - ok
21:18:55.0821 5148 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
21:18:55.0837 5148 pci - ok
21:18:55.0868 5148 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
21:18:55.0868 5148 pciide - ok
21:18:55.0899 5148 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:18:55.0915 5148 pcmcia - ok
21:18:55.0930 5148 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
21:18:55.0946 5148 pcw - ok
21:18:55.0977 5148 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:18:56.0024 5148 PEAUTH - ok
21:18:56.0118 5148 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
21:18:56.0227 5148 pla - ok
21:18:56.0289 5148 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:18:56.0336 5148 PlugPlay - ok
21:18:56.0352 5148 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:18:56.0383 5148 PNRPAutoReg - ok
21:18:56.0414 5148 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:18:56.0445 5148 PNRPsvc - ok
21:18:56.0476 5148 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:18:56.0508 5148 PolicyAgent - ok
21:18:56.0539 5148 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
21:18:56.0570 5148 Power - ok
21:18:56.0601 5148 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:18:56.0632 5148 PptpMiniport - ok
21:18:56.0632 5148 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:18:56.0664 5148 Processor - ok
21:18:56.0695 5148 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
21:18:56.0726 5148 ProfSvc - ok
21:18:56.0726 5148 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:18:56.0757 5148 ProtectedStorage - ok
21:18:56.0788 5148 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:18:56.0851 5148 Psched - ok
21:18:56.0898 5148 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:18:56.0960 5148 ql2300 - ok
21:18:56.0976 5148 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:18:56.0991 5148 ql40xx - ok
21:18:57.0007 5148 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
21:18:57.0038 5148 QWAVE - ok
21:18:57.0069 5148 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:18:57.0100 5148 QWAVEdrv - ok
21:18:57.0100 5148 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:18:57.0147 5148 RasAcd - ok
21:18:57.0194 5148 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:18:57.0210 5148 RasAgileVpn - ok
21:18:57.0241 5148 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
21:18:57.0256 5148 RasAuto - ok
21:18:57.0272 5148 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:18:57.0319 5148 Rasl2tp - ok
21:18:57.0334 5148 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
21:18:57.0381 5148 RasMan - ok
21:18:57.0397 5148 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:18:57.0428 5148 RasPppoe - ok
21:18:57.0444 5148 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:18:57.0475 5148 RasSstp - ok
21:18:57.0506 5148 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:18:57.0568 5148 rdbss - ok
21:18:57.0584 5148 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:18:57.0600 5148 rdpbus - ok
21:18:57.0631 5148 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:18:57.0678 5148 RDPCDD - ok
21:18:57.0693 5148 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:18:57.0724 5148 RDPENCDD - ok
21:18:57.0756 5148 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:18:57.0787 5148 RDPREFMP - ok
21:18:57.0865 5148 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:18:57.0880 5148 RdpVideoMiniport - ok
21:18:57.0912 5148 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:18:57.0943 5148 RDPWD - ok
21:18:57.0990 5148 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:18:58.0005 5148 rdyboost - ok
21:18:58.0021 5148 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
21:18:58.0052 5148 RemoteAccess - ok
21:18:58.0083 5148 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:18:58.0099 5148 RemoteRegistry - ok
21:18:58.0130 5148 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
21:18:58.0146 5148 RFCOMM - ok
21:18:58.0192 5148 RichVideo - ok
21:18:58.0208 5148 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:18:58.0239 5148 RpcEptMapper - ok
21:18:58.0255 5148 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
21:18:58.0270 5148 RpcLocator - ok
21:18:58.0286 5148 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\System32\rpcss.dll
21:18:58.0317 5148 RpcSs - ok
21:18:58.0333 5148 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:18:58.0364 5148 rspndr - ok
21:18:58.0426 5148 [ EF8B2AFC3C0751C5E5A59983C8893260 ] RSUSBSTOR C:\Windows\System32\Drivers\RtsUStor.sys
21:18:58.0458 5148 RSUSBSTOR - ok
21:18:58.0489 5148 [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
21:18:58.0504 5148 RTL8167 - ok
21:18:58.0504 5148 RtsUIR - ok
21:18:58.0520 5148 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
21:18:58.0536 5148 SamSs - ok
21:18:58.0551 5148 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:18:58.0567 5148 sbp2port - ok
21:18:58.0582 5148 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:18:58.0614 5148 SCardSvr - ok
21:18:58.0629 5148 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:18:58.0645 5148 scfilter - ok
21:18:58.0692 5148 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
21:18:58.0738 5148 Schedule - ok
21:18:58.0738 5148 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:18:58.0770 5148 SCPolicySvc - ok
21:18:58.0801 5148 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:18:58.0832 5148 SDRSVC - ok
21:18:58.0863 5148 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:18:58.0894 5148 secdrv - ok
21:18:58.0910 5148 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
21:18:58.0957 5148 seclogon - ok
21:18:58.0957 5148 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
21:18:58.0988 5148 SENS - ok
21:18:59.0004 5148 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:18:59.0035 5148 SensrSvc - ok
21:18:59.0050 5148 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:18:59.0066 5148 Serenum - ok
21:18:59.0097 5148 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:18:59.0113 5148 Serial - ok
21:18:59.0128 5148 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:18:59.0160 5148 sermouse - ok
21:18:59.0191 5148 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
21:18:59.0238 5148 SessionEnv - ok
21:18:59.0269 5148 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:18:59.0284 5148 sffdisk - ok
21:18:59.0316 5148 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:18:59.0316 5148 sffp_mmc - ok
21:18:59.0331 5148 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:18:59.0347 5148 sffp_sd - ok
21:18:59.0378 5148 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:18:59.0394 5148 sfloppy - ok
21:18:59.0440 5148 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:18:59.0487 5148 SharedAccess - ok
21:18:59.0518 5148 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:18:59.0550 5148 ShellHWDetection - ok
21:18:59.0581 5148 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:18:59.0596 5148 sisagp - ok
21:18:59.0628 5148 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:18:59.0628 5148 SiSRaid2 - ok
21:18:59.0659 5148 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:18:59.0659 5148 SiSRaid4 - ok
21:18:59.0737 5148 [ DB0405D9AAD62F0762E0876AC142B7E1 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
21:18:59.0768 5148 SkypeUpdate - ok
21:18:59.0784 5148 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:18:59.0799 5148 Smb - ok
21:18:59.0846 5148 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:18:59.0846 5148 SNMPTRAP - ok
21:18:59.0862 5148 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
21:18:59.0877 5148 spldr - ok
21:18:59.0908 5148 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
21:18:59.0924 5148 Spooler - ok
21:19:00.0018 5148 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
21:19:00.0127 5148 sppsvc - ok
21:19:00.0158 5148 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:19:00.0189 5148 sppuinotify - ok
21:19:00.0220 5148 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:19:00.0252 5148 srv - ok
21:19:00.0267 5148 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:19:00.0283 5148 srv2 - ok
21:19:00.0314 5148 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:19:00.0330 5148 srvnet - ok
21:19:00.0361 5148 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:19:00.0376 5148 SSDPSRV - ok
21:19:00.0392 5148 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:19:00.0408 5148 SstpSvc - ok
21:19:00.0439 5148 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:19:00.0454 5148 stexstor - ok
21:19:00.0486 5148 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
21:19:00.0517 5148 StiSvc - ok
21:19:00.0532 5148 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
21:19:00.0548 5148 swenum - ok
21:19:00.0579 5148 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
21:19:00.0610 5148 swprv - ok
21:19:00.0657 5148 [ 6DD49E1A5FA0F01824652F1A0A8866FB ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
21:19:00.0704 5148 SynTP - ok
21:19:00.0751 5148 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
21:19:00.0782 5148 SysMain - ok
21:19:00.0813 5148 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:19:00.0829 5148 TabletInputService - ok
21:19:00.0860 5148 [ FD90A16CEB10D4FDAA00AAF39B8FF58F ] taphss C:\Windows\system32\DRIVERS\taphss.sys
21:19:00.0876 5148 taphss - ok
21:19:00.0907 5148 [ A69C1848E37482C855D94AA05145086C ] taphss6 C:\Windows\system32\DRIVERS\taphss6.sys
21:19:00.0938 5148 taphss6 - ok
21:19:00.0954 5148 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
21:19:00.0985 5148 TapiSrv - ok
21:19:01.0016 5148 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
21:19:01.0047 5148 TBS - ok
21:19:01.0094 5148 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:19:01.0172 5148 Tcpip - ok
21:19:01.0219 5148 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:19:01.0234 5148 TCPIP6 - ok
21:19:01.0266 5148 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:19:01.0281 5148 tcpipreg - ok
21:19:01.0328 5148 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:19:01.0359 5148 TDPIPE - ok
21:19:01.0390 5148 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:19:01.0422 5148 TDTCP - ok
21:19:01.0453 5148 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:19:01.0468 5148 tdx - ok
21:19:01.0500 5148 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:19:01.0500 5148 TermDD - ok
21:19:01.0546 5148 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
21:19:01.0609 5148 TermService - ok
21:19:01.0640 5148 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
21:19:01.0656 5148 Themes - ok
21:19:01.0656 5148 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
21:19:01.0687 5148 THREADORDER - ok
21:19:01.0687 5148 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
21:19:01.0734 5148 TrkWks - ok
21:19:01.0780 5148 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:19:01.0843 5148 TrustedInstaller - ok
21:19:01.0858 5148 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:19:01.0890 5148 tssecsrv - ok
21:19:01.0936 5148 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:19:01.0952 5148 TsUsbFlt - ok
21:19:01.0968 5148 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:19:02.0014 5148 tunnel - ok
21:19:02.0030 5148 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:19:02.0030 5148 uagp35 - ok
21:19:02.0061 5148 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:19:02.0124 5148 udfs - ok
21:19:02.0170 5148 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:19:02.0186 5148 UI0Detect - ok
21:19:02.0217 5148 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:19:02.0233 5148 uliagpkx - ok
21:19:02.0280 5148 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
21:19:02.0326 5148 umbus - ok
21:19:02.0358 5148 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:19:02.0389 5148 UmPass - ok
21:19:02.0420 5148 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
21:19:02.0467 5148 upnphost - ok
21:19:02.0482 5148 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:19:02.0498 5148 usbccgp - ok
21:19:02.0498 5148 USBCCID - ok
21:19:02.0560 5148 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:19:02.0592 5148 usbcir - ok
21:19:02.0607 5148 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:19:02.0623 5148 usbehci - ok
21:19:02.0654 5148 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:19:02.0670 5148 usbhub - ok
21:19:02.0701 5148 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:19:02.0716 5148 usbohci - ok
21:19:02.0763 5148 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:19:02.0779 5148 usbprint - ok
21:19:02.0794 5148 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:19:02.0826 5148 usbscan - ok
21:19:02.0841 5148 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:19:02.0857 5148 USBSTOR - ok
21:19:02.0904 5148 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:19:02.0904 5148 usbuhci - ok
21:19:02.0950 5148 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
21:19:02.0997 5148 usbvideo - ok
21:19:03.0013 5148 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
21:19:03.0044 5148 UxSms - ok
21:19:03.0060 5148 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
21:19:03.0075 5148 VaultSvc - ok
21:19:03.0075 5148 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:19:03.0091 5148 vdrvroot - ok
21:19:03.0138 5148 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
21:19:03.0184 5148 vds - ok
21:19:03.0200 5148 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:19:03.0216 5148 vga - ok
21:19:03.0231 5148 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
21:19:03.0262 5148 VgaSave - ok
21:19:03.0294 5148 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:19:03.0309 5148 vhdmp - ok
21:19:03.0340 5148 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:19:03.0356 5148 viaagp - ok
21:19:03.0372 5148 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
21:19:03.0387 5148 ViaC7 - ok
21:19:03.0403 5148 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
21:19:03.0418 5148 viaide - ok
21:19:03.0434 5148 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:19:03.0465 5148 volmgr - ok
21:19:03.0496 5148 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:19:03.0512 5148 volmgrx - ok
21:19:03.0528 5148 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:19:03.0543 5148 volsnap - ok
21:19:03.0574 5148 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:19:03.0590 5148 vsmraid - ok
21:19:03.0652 5148 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
21:19:03.0762 5148 VSS - ok
21:19:03.0777 5148 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:19:03.0808 5148 vwifibus - ok
21:19:03.0824 5148 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:19:03.0840 5148 vwififlt - ok
21:19:03.0871 5148 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
21:19:03.0886 5148 vwifimp - ok
21:19:03.0918 5148 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
21:19:03.0949 5148 W32Time - ok
21:19:03.0980 5148 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:19:03.0980 5148 WacomPen - ok
21:19:04.0011 5148 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:19:04.0042 5148 WANARP - ok
21:19:04.0042 5148 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:19:04.0074 5148 Wanarpv6 - ok
21:19:04.0167 5148 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:19:04.0245 5148 WatAdminSvc - ok
21:19:04.0276 5148 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
21:19:04.0323 5148 wbengine - ok
21:19:04.0354 5148 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:19:04.0386 5148 WbioSrvc - ok
21:19:04.0401 5148 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:19:04.0448 5148 wcncsvc - ok
21:19:04.0464 5148 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:19:04.0479 5148 WcsPlugInService - ok
21:19:04.0495 5148 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:19:04.0510 5148 Wd - ok
21:19:04.0542 5148 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:19:04.0573 5148 Wdf01000 - ok
21:19:04.0588 5148 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:19:04.0604 5148 WdiServiceHost - ok
21:19:04.0604 5148 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:19:04.0635 5148 WdiSystemHost - ok
21:19:04.0666 5148 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
21:19:04.0698 5148 WebClient - ok
21:19:04.0729 5148 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:19:04.0760 5148 Wecsvc - ok
21:19:04.0776 5148 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:19:04.0791 5148 wercplsupport - ok
21:19:04.0807 5148 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
21:19:04.0838 5148 WerSvc - ok
21:19:04.0854 5148 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:19:04.0885 5148 WfpLwf - ok
21:19:04.0900 5148 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:19:04.0900 5148 WIMMount - ok
21:19:04.0963 5148 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:19:05.0025 5148 WinDefend - ok
21:19:05.0025 5148 WinHttpAutoProxySvc - ok
21:19:05.0056 5148 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:19:05.0088 5148 Winmgmt - ok
21:19:05.0134 5148 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
21:19:05.0197 5148 WinRM - ok
21:19:05.0244 5148 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:19:05.0275 5148 WinUsb - ok
21:19:05.0306 5148 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:19:05.0337 5148 Wlansvc - ok
21:19:05.0400 5148 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:19:05.0431 5148 wlidsvc - ok
21:19:05.0462 5148 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:19:05.0478 5148 WmiAcpi - ok
21:19:05.0509 5148 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:19:05.0524 5148 wmiApSrv - ok
21:19:05.0602 5148 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:19:05.0634 5148 WMPNetworkSvc - ok
21:19:05.0649 5148 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:19:05.0665 5148 WPCSvc - ok
21:19:05.0696 5148 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:19:05.0743 5148 WPDBusEnum - ok
21:19:05.0758 5148 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:19:05.0805 5148 ws2ifsl - ok
21:19:05.0836 5148 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
21:19:05.0852 5148 wscsvc - ok
21:19:05.0852 5148 WSearch - ok
21:19:05.0899 5148 [ BB3DA9274FF93A58FC24A530650B79C7 ] wsvd C:\Windows\system32\DRIVERS\wsvd.sys
21:19:05.0930 5148 wsvd - ok
21:19:05.0992 5148 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
21:19:06.0102 5148 wuauserv - ok
21:19:06.0148 5148 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:19:06.0195 5148 WudfPf - ok
21:19:06.0211 5148 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:19:06.0226 5148 WUDFRd - ok
21:19:06.0242 5148 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:19:06.0273 5148 wudfsvc - ok
21:19:06.0304 5148 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
21:19:06.0320 5148 WwanSvc - ok
21:19:06.0414 5148 [ 74EC37B9EAF9FCA015B933A526825C7A ] {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} C:\Program Files\CyberLink\PowerDVD8\000.fcl
21:19:06.0445 5148 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
21:19:06.0445 5148 ================ Scan global ===============================
21:19:06.0460 5148 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
21:19:06.0507 5148 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
21:19:06.0507 5148 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
21:19:06.0538 5148 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
21:19:06.0554 5148 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
21:19:06.0554 5148 [Global] - ok
21:19:06.0554 5148 ================ Scan MBR ==================================
21:19:06.0570 5148 [ C8C6DC722D4EF7CA320585D4BD90474E ] \Device\Harddisk0\DR0
21:19:08.0988 5148 \Device\Harddisk0\DR0 - ok
21:19:08.0988 5148 ================ Scan VBR ==================================
21:19:08.0988 5148 [ 9DF7D5EDEB4D334D22C5486B5D19C390 ] \Device\Harddisk0\DR0\Partition1
21:19:08.0988 5148 \Device\Harddisk0\DR0\Partition1 - ok
21:19:09.0019 5148 [ 9DBD520A8D1D085B7F7554DD2A84BE05 ] \Device\Harddisk0\DR0\Partition2
21:19:09.0019 5148 \Device\Harddisk0\DR0\Partition2 - ok
21:19:09.0019 5148 ============================================================
21:19:09.0019 5148 Scan finished
21:19:09.0019 5148 ============================================================
21:19:09.0034 4588 Detected object count: 0
21:19:09.0034 4588 Actual detected object count: 0
21:20:02.0633 1320 Deinitialize success


ADWCLEANER

# AdwCleaner v2.011 - Logfile created 12/05/2012 at 21:21:26
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Muj - MUJ-PC
# Boot Mode : Normal
# Running from : C:\Users\Muj\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Muj\AppData\LocalLow\boost_interprocess

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Mozilla Firefox v4.0.1 (en-US)

Profile name : default
File : C:\Users\Muj\AppData\Roaming\Mozilla\Firefox\Profiles\eb40qmqx.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [752 octets] - [05/12/2012 21:21:26]

########## EOF - C:\AdwCleaner[S1].txt - [811 octets] ##########
MrWhitefolks
Regular Member
 
Posts: 21
Joined: December 4th, 2012, 2:35 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 32 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware